Codex Review Packet — RS3B Registrar Hardening Design — 2026-06-21

For: Codex independent read-only review Macro: RS3B-REGISTRAR-HARDENING-DESIGN · read-only / KB-design · 0 mutations Submitted verdict: RS3B_HOLD_REGISTRAR_SOURCE_NOT_READ Registration gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO Prior gate: Codex ACCEPT_RS3_PATCH2_AND_PROCEED_TO_RS3B (READY_FOR_RS3B), C1–C4 mandatory

---

1. What to review

Whether RS3B correctly (a) stopped at HOLD_REGISTRAR_SOURCE_NOT_READ instead of forcing PASS, given the registrar source is unreadable; (b) produced a rigorous source-recovery proof; (c) consumed Codex C1–C4 in the replay/attempt state machine; (d) kept every unproven carrier/surface/sink fail-closed; (e) derived pair cardinality from the contract (not five rows); (f) inventoried trigger side-effects and the one activation signal; (g) selected a durable failure-audit sink by reuse, no new ledger; (h) produced ≥35 adversarial cases.

2. Files to review (AgentData KB)

• Index: …/reports/rs3b/rs3b-index-registrar-hardening-design-2026-06-21.md
• 01–10: …/reports/rs3b/0[1-9]-*-2026-06-21.md, …/reports/rs3b/10-registrar-hardening-decision-packet-2026-06-21.md
• Executive rollup: …/reports/macro-rs3b-registrar-hardening-design-package-2026-06-21.md
• This packet: …/reports/rs3b/codex-review-packet-rs3b-registrar-hardening-design-2026-06-21.md

3. Key claims and their evidence tier

Claim	Tier	Evidence
Registrar source unreadable	source-fact	read_file allowlist /opt/incomex/{docs,dot/specs},/var/log/nginx; bin/dot/... denied; DOT-REGISTER.file_path=bin/dot/dot-dot-register.ts
No KB source copy	search-fact	4 search variants + list = prose/metadata only (RP-03, RS2-PATCH1, CAT-006)
iu_route_attempt not fit	source-fact	UNIQUE(idempotency_key,attempt_no), CHECK attempt_no≥1, no nonce/replay_key/run_id, IU-routing domain, 68 rows, no triggers
No artifact-hash carrier	source-fact	dot_tools no hash col; snapshot hash nullable; context_pack_manifest sha256 not-null but no UNIQUE/immutability/observer
No immutable audit sink	source-fact (pg_trigger)	zero UPDATE/DELETE-block triggers on event_outbox/registry_changelog/governance_audit_log; registry_changelog mutable resolve cols
Activation side-effect	source-fact	trg_context_pack_dot_register→pg_notify('context_pack_event') on watch-tier {A,B,C} + status='active'
Owner=0 / no register_dot	source-fact	governance_object_ownership=0; apr_action_types=14 none register_dot; register-shaped codes unimplemented
Behavior reconstruction	HELD	not derived from source; prose column carried as UNVERIFIED scope only

4. Known caveats

• NO_CODEX_LIVE_READ: Claude's runtime reads are packet evidence; Codex should treat them as such (consistent with the RS3-PATCH2 review's own posture).
• Dual-writer boundary is PARTIAL (catalog-sync source also unreadable) — write/clobber/lock semantics are criteria, not proven.
• Interface F, replay surface, and audit sink are selected/criteria + fail-closed; none is promoted to proven.
• One self-noted method correction is propagated: information_schema.triggers is privilege-blind for the read-only role; all trigger facts use pg_catalog.pg_trigger.

5. Recommended next step (Codex to confirm)

1. If Codex accepts the HOLD: the single next action is registrar source recovery (extend read_file allowlist to the bin/dot/ directory, or admit a faithful KB source mirror, or provide a read-only git/code channel), then re-run RS3B-01/02/03 to reconcile contract + dual-writer boundary against real code.
2. Sequencing: RS-VALIDATOR-HARDENING stays after RS3B (registrar/interface ownership must be fixed before the validator consumes the final contract). RS2B-RISK-RESIDUE-AND-Đ35-HEALTH-CLOSURE remains separate. Owner-of-record (governance_object_ownership=0) remains the deciding authority blocker.
3. Do not request a PATCH3 to force the replay/carrier/sink surfaces "ready" — they are correctly fail-closed pending source + Owner.

6. Status block

• Submitted verdict: RS3B_HOLD_REGISTRAR_SOURCE_NOT_READ
• Registration gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations
• Allowed verdict set: READY_FOR_CODEX_REVIEW / HOLD_REGISTRAR_SOURCE_NOT_READ / HOLD_DUAL_WRITER / HOLD_SINGLE_ARTIFACT / HOLD_INTERFACE_F / HOLD_REPLAY / HOLD_FAILURE_AUDIT / HOLD_TRIGGER / REJECT_SCOPE_DRIFT / REJECT_FAIL_OPEN → selected: HOLD_REGISTRAR_SOURCE_NOT_READ