Incomex AI Portal
KB-51AA

RS4A-PATCH1-01 — Codex Defect Closure Map (C1–C13) — 2026-06-21

10 min read Revision 1
rs4a-patch1closure-mapcodex-defectsc1-c13d13-evidence-tierdesign-only2026-06-21

RS4A-PATCH1-01 — Codex Defect Closure Map (C1–C13) — 2026-06-21

Macro: RS4A-PATCH1 · Mục tiêu J + I (the closure spine; closes Codex C13 D13 evidence tier) Deliverable: 01 of 10 · design-only · correction addendum Input: Codex RS4A review NEED_RS4A_PATCH (HOLD), read in full from AgentData KB. Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO Status: CLOSURE_MAP_COMPLETE — every Codex defect C1–C13 is mapped to a correction, evidence, and a precise status; Codex should review only PATCH1, not re-review all of RS4A.

Status vocabulary: CLOSED (resolved with a concrete value/decision) · CLOSED_FAIL_CLOSED (resolved by a precise fail-closed disposition) · STILL_OPEN_BY_DESIGN (intentionally unresolved, design-only) · NEEDS_OWNER_DECISION (Owner-gated) · NEEDS_FUTURE_SURFACE (requires a governed surface not present today).

1. Closure map (C1–C13)

# Codex defect (HOLD) PATCH1 correction Evidence / source (LIVE = Claude read-only query_pg 2026-06-21) Status Caveat carried
C1 replay/effect identity unstable — contains run_id; approval-binding identity undefined One canonical effect_identity = logical_request_key; run_id/attempt_id/attempt_no/nonce/timestamps/replaceable-approval-instance-id excluded; authority canonicalized to canonical_owner_scope + canonical_authority_policy_ref; fresh-approval ⇒ REPLAY_DUPLICATE; un-canonicalizable authority ⇒ AUTHORITY_BINDING_IDENTITY_UNSTABLE fail-closed PATCH1-02 §1/§3; iu_route_attempt UNIQUE(idempotency_key,attempt_no) re-read LIVE CLOSED authority terms unresolvable today (owner=0, no register_dot) ⇒ effect_identity fail-closed in practice
C2 no canonical inert status (placeholder <inert/non-active>) Canonical inert status = draft — a governed directus_fields choice, draft≠'active' ⇒ activation trigger never fires PATCH1-03; directus_fields.dot_tools.status.options.choices={draft,active,deprecated,retired} LIVE; fn_context_pack_on_dot_register body LIVE CLOSED STATUS_DOMAIN_NOT_DB_ENFORCED (no PG CHECK; add status enum backstop); G7-consumer (activation-UPDATE path)
C3 DB uniqueness axis undefined ("identity axis") Four named axes: U1 UNIQUE(effect_identity) (mandatory), U2 UNIQUE(authorization_nonce) (mandatory, separate), U3 code-head (policy), U4 artifact (policy); code→U3, path/hash→U4, whole-effect→U1 PATCH1-02 §2; dot_tools constraints = only PRIMARY KEY (id) + tier/coverage/trigger CHECK + domain FK LIVE CLOSED_FAIL_CLOSED U1–U4 all REQUIRED_NOT_PRESENT on live surfaces; U3/U4 NEEDS_OWNER_DECISION
C4 intent names unavailable dot_tools columns (hash/owner/approval refs) Separate logical_envelope_fields vs current_persistence_carrier vs carrier_status; envelopes are bound_envelopes references, NOT columns; all REQUIRED_NOT_PRESENT PATCH1-04; dot_tools 28 columns LIVE — none is hash/owner_envelope/approval_envelope CLOSED_FAIL_CLOSED carriers NEEDS_FUTURE_SURFACE
C5 nonce placement inconsistent (classified request_proposed) authorization_nonce reclassified AUTHORITY_CREDENTIAL (separate authority input, opaque bearer, envelope-reread + one-time consume); reject caller-generated/unbound/reused/as-identity PATCH1-05 §1 CLOSED consume surface (U2) REQUIRED_NOT_PRESENT
C6 Phase 2/3 consume semantics Phase 2 = validation/reservation (no durable consume); Phase 3 = the only atomic durable consume + inert write + attempt record PATCH1-05 §2 CLOSED
C7 Phase 4 verifier-pair ambiguity Independent verifier postcondition_verifier_ref; no per-target verifier row created/assumed; carry RS3C-C2 (one primary row; control-pair ≠ per-target) PATCH1-05 §3; RS4A-01 D24 / §3 C2 note CLOSED a bound, governed verifier reference NEEDS_FUTURE_SURFACE
C8 Phase 5 audit semantics (impossible T-P5-1) Failure occurs in Phase-3 txn (rolls back); audit written after, in a separate transaction ⇒ survives; success-audit NOT required (failure-audit only); audit_envelope nullable/scoped PATCH1-05 §4 CLOSED append-only sink NEEDS_FUTURE_SURFACE (G6)
C9 Interface F overclaim (aggregate columns ⇒ checksum semantics) Narrowed to "no proven carrier among reviewed candidates" — no UNIQUE on either checksum, no immutability, per-artifact scope unproven ⇒ unfit ⇒ emit nothing PATCH1-06 §1; context_pack_manifest constraints LIVE (no UNIQUE on checksum, no immutability trigger) CLOSED_FAIL_CLOSED a proven per-artifact carrier NEEDS_FUTURE_SURFACE (G4)
C10 audit immutability overclaim (trigger absence ⇒ mutable) Narrowed to "immutability not proven" (grants/rules/policies not enumerated) ⇒ fail-closed; event_type/delivery_lane/dedup_key relabeled contract requirements, not proven fields PATCH1-06 §2; event_outbox only trg_event_outbox_type_validate BEFORE INSERT LIVE CLOSED_FAIL_CLOSED append-only enforcement NEEDS_FUTURE_SURFACE (G6)
C11 malformed tests T-P6-3 (and T-P5-1) T-P5-1 repaired (audit after rollback, separate txn); T-P6-3 repaired (consumer-injected OR active-update-outside-registration) PATCH1-07 §2 CLOSED
C12 suite count wrong (claimed 42/92) Recounted 50 carried + 47 new = 97; +8 PATCH1 cases ⇒ augmented 105 (explained) PATCH1-07 §1/§4 CLOSED RS4A-11/index/rollup/codex-packet 42-92 figures SUPERSEDED (not overwritten)
C13 D13 mislabeled as line-cited source defect D13 relabeled SRC+SCHEMA environment/contract blocker (source has no reliable dedup [SRC L128/L135] + schema has no DB UNIQUE backstop [SCHEMA only PK(id)]); not a pure line-cited source defect §2 below; dot_tools constraints LIVE CLOSED identity UNIQUE (U1) NEEDS_FUTURE_SURFACE

Tally: CLOSED = C1, C2, C5, C6, C7, C8, C11, C12, C13 (9). CLOSED_FAIL_CLOSED = C3, C4, C9, C10 (4). No defect left UNADDRESSED. All residual items are STILL_OPEN_BY_DESIGN / NEEDS_OWNER_DECISION / NEEDS_FUTURE_SURFACE — the same class as RS4A's pre-existing G2–G7 blockers; none blocks PATCH1 from being ready for Codex review.

2. C13 — D13 evidence-tier correction (detail)

Codex §3 / §16.5: "D13 (no DB UNIQUE) is schema evidence, not a source-line defect. The ledger may retain it as an environment/contract blocker, but must not claim that all 24 defects are line-cited source defects. D13 should be relabeled or tied explicitly to a source behavior plus separate schema evidence."

Correction — D13 is relabeled:

D13  no DB UNIQUE backstop on the identity axis
  defect_class   = ENVIRONMENT / CONTRACT blocker   (NOT a pure line-cited source defect)
  source_leg     = SRC: the registrar's ONLY dedup guard is a fragile grep -qF
                        (L128 SELECT file_path WHERE file_path IS NOT NULL; L135 grep -qF),
                        i.e. the source provides no reliable dedup  (this is the source-behavior tie)
  schema_leg     = SCHEMA (LIVE): dot_tools has no DB UNIQUE backstop — constraints are only
                        dot_tools_pkey PRIMARY KEY (id) + chk_dot_tier + chk_dot_coverage
                        + chk_dot_trigger + fk_dot_tools_domain  (no UNIQUE on code/file_path/effect)
  evidence_tier  = SRC + SCHEMA   (NOT pure line-cited source)
  disposition    = CONTRACT_BACKSTOP (the replacement must add U1 UNIQUE(effect_identity); PATCH1-02)

Ledger-wide correction: the RS4A-01 headline ("each defect cites a source line") and §6 ("24 line-cited defects") are corrected to: 23 defects are line-cited source/source+live defects (D01–D12, D14–D24); D13 is the one SCHEMA+SRC environment/contract blocker. The "≥20 line-cited" requirement is still met (23 ≥ 20). No source line is fabricated for D13; its source leg is the absence of reliable dedup, and its schema leg is the absence of a DB UNIQUE, evidenced separately.

(Note: RS4A-01's D13 row already tagged its evidence tier as "SCHEMA"; the overclaim being corrected is the blanket statement that all 24 are line-cited source defects, not the D13 row's own tier tag.)

3. What PATCH1 deliberately did NOT change (kept Codex-accepted)

Per Codex §15 (Accepted Points), these stand unchanged and are not reopened: package inventory completeness; the source-derived unsafe-registrar finding; REPLACE_FOR_GOVERNED_REGISTRATION + REJECT_CURRENT_REAL_RUN_PATH; dry-run/helper reuse as advisory only; the fail-closed posture of Owner/APR, Interface F, replay, and audit envelopes; P1–P3/P5 honored; G2–G7 open + registration HOLD; no test execution / no registrar PASS.

4. Status

  • Closure map: CLOSURE_MAP_COMPLETE — C1–C13 each mapped, evidenced (live where checkable), and statused.
  • D13 relabeled SRC+SCHEMA; blanket "all-line-cited" claim corrected.
  • Gate REGISTRATION_HOLD · CAN_PROCEED = NO. No mutation, no overwrite of RS4A files.