KB-3A52
READY-TO-ASSEMBLE-LEGO1-PATCH1 — Codex Review Packet — 2026-06-22
3 min read Revision 1
ready-to-assemble-lego1-patch1codex-review-packetblocker-closureregistration-hold2026-06-22
READY-TO-ASSEMBLE-LEGO1-PATCH1 — Codex Review Packet — 2026-06-22
For: independent (GPT → Codex) re-review of PATCH1 against the prior HOLD's nine-item closure set.
Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations.
Claimed verdict: READY_TO_ASSEMBLE_LEGO1_PATCH1_READY_FOR_GPT_REVIEW.
1. Closure set → file map (verify each)
| Codex item | Closed in | Verify |
|---|---|---|
| 1 raw DDL/DML → DOT/Directus | file 02 | no raw SQL; dot_iu_create_collection+staging+dispatcher dual-trigger; cite SSOT v1.2 + dot_config.block_after_guard |
| 2 C1 versioned identity | file 03 | PK (operation_code,protocol_version)+vocab_id; versioned successor; write-once semantics; constraints |
| 3 value manifest/resolver | file 04 | deterministic R_C1 over apr_action_types provenance + 14-row hashed snapshot; not invented |
| 4 verifier + atomic consume | file 05 | exact jsonb verifier (exactly 1 row); lease+CAS before writes |
| 5 atomic failure model | file 06 | S0–S7 state machine; compensations; enforced rollback invariants |
| 6 PF5/PF7/PF8 | file 07 | PF5 exact; PF7 run (v_dotkg_realrun_preflight=NO_GO); PF8 truthful |
| 7 executable tests | file 08 | T1–T20 exact commands + deterministic assertions incl. concurrency/partial-failure/forged-auth/serialization/audit-failure |
| 8 canonical serialization | file 09 | cser-v1 + binding chain |
| 9 overclaim phrases | file 10 | four phrases SUPERSEDED/QUALIFIED |
2. Adversarial checks to run
- Find any raw SQL in the future plan (expected: none — file 02).
- Confirm the resolver yields exact values + provenance deterministically; confirm none invented (file 04 vs live
apr_action_types). - Confirm consume cannot occur after writes and cannot double-execute (file 05 lease+CAS; file 06 S1).
- Confirm rollback cannot delete, hit the wrong version, skip the successor, or skip the atomic audit (file 03/06).
- Confirm PF7 reflects the live governed gates and that REAL_RUN is governed-blocked today (file 07).
- Confirm no claim asserts authority or "blast radius zero / structurally complete / only authority remains" unscoped (file 10).
- Confirm no subagents were used (file 01 §1).
3. Allowed verdicts
READY_TO_ASSEMBLE_LEGO1_PATCH1_READY_FOR_GPT_REVIEW · or any …_PATCH1_HOLD_* / …_PATCH1_REJECT_* from the controlling instruction §5.
4. What acceptance does / does NOT authorize
- Does: record that the C1 preparation defects are closed and the plan may enter Gate B.
- Does NOT: open P2/named lane, authorize any DOT execution / Directus write / DDL/DML, create the collection or any value, flip
dot_config, assert a Chairman grant exists, clearREGISTRATION_HOLD, or authorize registration/activation/register_dot/P3.
5. Boundary attestation
Review packet only. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations.