READY-TO-ASSEMBLE-LEGO1-PATCH2 04 — C1 Value Manifest & Authority-Backed Resolver (B2) — 2026-06-22

Closes Codex 5.3 to AUTHORITY. Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations. Read-only projection; no rows invented/created.

---

1. Codex residual (reproduced)

PATCH1 file 04 enriched authority by joining apr_action_types to process_axis_action_vocabulary on action_code. Live: that join returns 0 rows (apr_active=14, pav_total=12, joined=0). The two are different namespaces — apr_action_types uses create_item, add_field, authorize_build_step; process_axis_action_vocabulary uses APPROVE_BIRTH_ADMISSION, CONFIRM_AS_PROCESS, EXECUTE_GUARDED_ACTION (verified by sampling all 12 rows). So process_axis_action_vocabulary is not the authority for canonical_operation. Also act_type was a Gate-B placeholder and no manifest_digest was supplied.

2. Corrected resolver R_C1 (deterministic, authority from the source's own columns)

R_C1(snapshot_ts) =
  FROM apr_action_types a
  WHERE a.status = 'active'
  PROJECT {
    operation_code          := a.action_code,
    governing_authority_ref := a._dot_origin,         -- provenance (governed origin)
    semantics_frozen        := {"description": a.description},
    act_type                := 'governance_operation',-- DETERMINISTIC constant for C1 carrier (not curated-later)
    authority_risk          := a.risk_level,          -- authority class from the SOURCE itself
    handler_backed          := (a.handler_ref IS NOT NULL AND a.handler_ref <> 'unimplemented')
  }
  ORDER BY a.action_code
  → cser-v1 serialize (file 09) → SHA-256 = manifest_digest

• Broken cross-table join dropped. Authority class is apr_action_types.risk_level (the registry's own governed column); process_axis_action_vocabulary is not referenced.
• act_type is now deterministic ('governance_operation' for the C1 carrier), removing the Gate-B placeholder that Codex flagged.

3. Acceptance rule (deterministic; no invention, no silent omission)

• Admitted set = all apr_action_types WHERE status='active' projected by R_C1 (currently 14). Expected diff is exactly + (R_C1 row count).
• Resolver returns 0 rows ⇒ MANIFEST_EMPTY_FAIL_CLOSED (build refuses). Returns rows whose governing_authority_ref is null/empty ⇒ UNGOVERNED_PROVENANCE. Stale snapshot (digest ≠ grant's manifest_digest) ⇒ verifier 0 rows (file 05).
• Values cannot be invented (projection of governed rows only) and cannot be silently omitted (the count + manifest_digest are bound into the authorization grant).

4. Manifest fields

manifest_id (= C1-CANOPVOCAB-MANIFEST), manifest_version (= snapshot SemVer), resolver (= R_C1 text above), input_source (apr_action_types), serialization (cser-v1), manifest_digest (SHA-256, recompute command in file 09), acceptance rule (§3), reject codes (§3), readback plan (file 10).

5. Honest status — residual is AUTHORITY, not preparation

R_C1 is a pure read-only function I can (and did) evaluate live; the value set is therefore determined, not deferred. The only residual is the governed Gate-B sign-off that the deterministic admitted set is the intended C1 vocabulary — a governance/authority act, not missing preparation. Classification: closed to AUTHORITY (Gate-B governed selection). (Execution of the admission still depends on the absent DOT_C1_VALUE_ADMIT handler, B1/file 02 — that dependency, not the manifest, is the prep gap.)

6. Boundary attestation

Read-only projection; no rows invented/created; no DOT executed. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations. Supersedes PATCH1 file 04 §2 (process_axis join) and the act_type placeholder.