RS4A-PATCH1-07 — Acceptance Suite Reconciliation (97 cases) — 2026-06-21
RS4A-PATCH1-07 — Acceptance Suite Reconciliation (97 cases) — 2026-06-21
Macro: RS4A-PATCH1 · Mục tiêu H (closes Codex C11 malformed tests, C12 suite count)
Deliverable: 07 of 10 · design-only · criteria, NOT executed (no test run, no validator PASS claimed)
Builds on / corrects: RS4A-11 (claimed 42 new / 92 total) and its tests T-P5-1, T-P6-3.
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO
Status: SUITE_RECONCILED_97_BASELINE_PLUS_8_AUGMENT — the count is corrected to 50 carried + 47 new = 97; T-P5-1 and T-P6-3 are repaired; 8 PATCH1 identity/inert/carrier cases are added (augmented total 105, explained, no silent truncation).
1. C12 — Count reconciliation (closes Codex §13 / §16.1 / §17)
Defect: RS4A-11, the index, and the rollup claimed 42 new and 92 total. Codex independently counted the listed unique T-series IDs and found 47 new / 97 total; the coverage-map repeats are references, not additional cases.
PATCH1 independent recount of the RS4A-11 listed T-series (by block):
| Block | Listed IDs | Unique cases |
|---|---|---|
| P0 | T-P0-1 … T-P0-9 | 9 |
| P1 | T-P1-1 … T-P1-6 | 6 |
| P2 | T-P2-1 … T-P2-8 | 8 |
| P3 | T-P3-1 … T-P3-8 | 8 |
| P4 | T-P4-1 … T-P4-5 | 5 |
| P5 | T-P5-1 … T-P5-4 | 4 |
| P6 | T-P6-1 … T-P6-4 | 4 |
| SRC | T-SRC-1 … T-SRC-3 | 3 |
| New T-series total | 47 | |
| Carried (RS3C-10 / RS3B-09, IDs 1–50) | 50 | |
| Reconciled suite total | 97 |
Confirmed: the listed cases are 47 new / 97 total, not 42 / 92. RS4A-11's header arithmetic ("42 new") undercounted the cases it actually listed (it listed 9+6+8+8+5+4+4+3 = 47). The error was in the summary number, not in the case list.
Correction applied "everywhere" (per the brief). Since PATCH1 must not overwrite the RS4A files, the corrected count is published here and the prior 42/92 figures in RS4A-11 §header/§4, the RS4A index, the RS4A rollup, and the RS4A Codex packet are SUPERSEDED by this PATCH1 §1. The closure map (PATCH1-01) and decision packet (PATCH1-08) carry the corrected 97 figure; the PATCH1 index and rollup state it as the controlling count.
2. C11 — Repaired tests (closes Codex §6 / §11 / §17)
2.1 T-P5-1 (was malformed — "audit-from-rolled-back-txn survives")
Original (RS4A-11 P5): "audit written from rolled-back txn → record survives outside the txn." Impossible: an audit written inside a rolled-back transaction is rolled back with it.
Repaired T-P5-1:
Input/state: a registration failure occurs inside the Phase-3 transaction, which rolls back (consume + inert write both vanish); the registrar then writes the failure-audit in a separate transaction afterward. Expected: the failure-audit record is durably present after the Phase-3 rollback (because it was written in a separate txn, not inside the rolled-back one). Layer: SN · Forbidden fail-open: the audit was written inside the rolled-back txn and is lost with the rollback. (Cross-ref PATCH1-05 §4 / C8.)
2.2 T-P6-3 (was malformed — "inert insert emits notify whose consumer is tested")
Original (RS4A-11 P6): "inert insert but consumer auto-activates on notify → FAIL_CLOSED." Malformed: an inert (draft) insert does NOT satisfy the producer condition (status='active'), so no context_pack_event is emitted — there is no notification for the consumer to act on. The test as written cannot occur.
Repaired T-P6-3 (choose either valid form; both kept):
T-P6-3a (consumer test, independently injected): an
context_pack_eventis independently injected/observed (not produced by a registration insert) and thecontext_packconsumer body is exercised. Expected: consumer effect isFAIL_CLOSED/unproven until the consumer body is read (G7-consumer). Layer: R · Forbidden fail-open: assuming the consumer is inert without reading it. T-P6-3b (active-update outside registration): a watch-tier row is setstatus='active'via an activation UPDATE that is explicitly outside the registration path (Phase 6). Expected: the notify does fire (correctly, onAFTER … UPDATE OF status), and registration remains fail-closed/inert. Layer: R · Forbidden fail-open: treating the UPDATE path as exempt from the activation fence.
Both forms keep registration fail-closed and do not assume a notification from an inert insert.
3. Added PATCH1 tests (the explicit cases Codex §13 required)
Codex required explicit tests for: canonical inert status; stable logical-effect derivation across run/APR changes; exact identity-axis uniqueness; and absence/presence of required persistence carriers. These are 8 new cases (T-PX-1…8), added beyond the reconciled 97 (sources: PATCH1-02/03/04):
| id | Input/state | Expected | Layer | Closes |
|---|---|---|---|---|
T-PX-1 |
registrar writes status='draft' for a watch-tier row |
ACCEPT inert; no context_pack_event; readback confirms draft |
R/SN | C2 |
T-PX-2 |
registrar attempts status='active' (source D05) |
ACTIVATION_AT_REGISTRATION reject |
R | C2 |
T-PX-3 |
non-vocabulary status written at registration (no DB CHECK exists) | HOLD STATUS_DOMAIN_NOT_DB_ENFORCED until governed status CHECK |
R/SCHEMA | C2 |
T-PX-4 |
same effect, different run_id |
same effect_identity ⇒ exact-retry returns prior decision (run_id is non-keying) |
R | C1 |
T-PX-5 |
same effect, fresh approval instance, unchanged authority policy | same effect_identity ⇒ REPLAY_DUPLICATE (fresh approval does not buy a new effect) |
R | C1 |
T-PX-6 |
duplicate effect presented with a fresh authorization_nonce |
REPLAY_DUPLICATE (nonce is non-identity) |
R | C1/C5 |
T-PX-7 |
exercise each uniqueness axis: U1 effect, U2 nonce, U3 code-head, U4 artifact | each enforced separately; U1≠U2≠U3≠U4 (no conflation); all REQUIRED_NOT_PRESENT today ⇒ fail-closed |
R/SCHEMA | C3 |
T-PX-8 |
contract tries to persist deployed_artifact_hash/owner_envelope_ref/approval_envelope_ref as dot_tools columns, or stuff an envelope into extra_metadata |
REJECT CARRIER_REQUIRED_NOT_PRESENT / REQUEST_PROPOSED_AS_TRUSTED (no such columns; jsonb ≠ carrier) |
R/SCHEMA | C4 |
4. Final counts (transparent, no silent truncation)
| Bucket | Count |
|---|---|
| Carried (RS3C-10 / RS3B-09, IDs 1–50) | 50 |
| New RS4A-11 T-series (corrected) | 47 |
| Reconciled RS4A-11 baseline (the C12 fix: was wrongly 92) | 97 |
| PATCH1 additions (T-PX-1…8, the C13 §13 explicit tests) | 8 |
| Augmented suite total | 105 |
Per the brief's §5 ("If suite count differs again: recalculate manually and explain"): the controlling reconciliation figure is 97 (this is the number that corrects RS4A-11's 92); the 8 PATCH1 additions raise the augmented suite to 105. Both numbers are stated; nothing is dropped or hidden.
All 13 mandatory categories remain covered (RS4A-11 §3 coverage map stands, with T-PX-1…8 adding inert-value, effect-stability, axis, and carrier coverage). No execution, no PASS claimed.
5. Status
- Count: 97 reconciled baseline (50 + 47), 105 augmented (+8 PATCH1) — RS4A-11's 42/92 superseded.
- Repaired: T-P5-1 (audit after rollback in a separate txn) and T-P6-3 (consumer-injected OR active-update-outside-registration). Added: T-PX-1…8.
ACCEPTANCE_SUITE_DESIGNED_NOT_EXECUTED. GateREGISTRATION_HOLD·CAN_PROCEED = NO.