RS4A-PATCH2-01 — Codex Re-Review Defect Closure Map (R1–R5) — 2026-06-21
RS4A-PATCH2-01 — Codex Re-Review Defect Closure Map (R1–R5) — 2026-06-21
Macro: RS4A-PATCH2 · closure spine
Deliverable: 01 of 6 (under rs4a-patch2/) · design-only · scoped correction addendum
Input: Codex RS4A-PATCH1 re-review NEED_RS4A_PATCH2 (HOLD), read in full from AgentData KB.
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO
Status: CLOSURE_MAP_COMPLETE — every residual defect R1–R5 (= the PARTIAL closures C1/C3/C8/C11/C12 from the re-review) is mapped to a correction, evidence, and a precise status. Codex should review only PATCH2, not re-review RS4A or PATCH1.
Status vocabulary: CLOSED (resolved with a concrete value/decision) · CLOSED_FAIL_CLOSED (resolved by a precise fail-closed disposition) · STILL_OPEN_BY_DESIGN (intentionally unresolved, Owner/future-surface gated).
1. Residual-defect closure map (R1–R5)
| # | Codex residual defect (re-review) | Re-review closure tag | PATCH2 correction | Evidence (LIVE = read-only query_pg 2026-06-21) |
Status |
|---|---|---|---|---|---|
| R1 | authority scope/policy still hashed into U1 effect_identity; same effect acquires a new U1 key after authority/policy change ⇒ could bypass U1 for a second registration (C1 PARTIAL) |
C1 → full | effect_identity = business effect only (operation, canonical_target_dot_code, canonical_artifact_identity, canonical_artifact_hash); canonical_owner_scope+canonical_authority_policy_ref+approval/owner/APR ids excluded; new authorization_binding_digest binds authority to the attempt/consume record (required for admission, not U1); changed authority ⇒ same effect ⇒ AUTHORIZATION_CHANGED_SAME_EFFECT_DUPLICATE; re-registration needs an explicit different operation |
PATCH2-02; governance_object_ownership=0, apr_action_types=14 no register_dot (LIVE) |
CLOSED |
| R2 | U3 = WHERE status='active' does not protect the draft state registration writes; duplicate draft heads not excluded; contradicts Phase-4 "exactly one row" (C3 PARTIAL) |
C3 → full | Option 1: U3 = UNIQUE(canonical_target_dot_code) WHERE lifecycle_role='current_head' = one current head across {draft, active}; {deprecated, retired} terminal/non-head; registration writes draft only if no draft/active head; activation in-place; replacement must retire/deprecate or use explicit operation; surface absent ⇒ fail closed before draft write |
PATCH2-03; directus_fields choices {draft,active,deprecated,retired}; dot_tools no UNIQUE on code; status data active 291/published 16/null 2/draft 0 (LIVE) |
CLOSED (policy decided; surface REQUIRED_NOT_PRESENT ⇒ fail-closed) |
| R3 | Phase-4 success verifier still required "audit durably written ⇒ success," contradicting Phase-5 "success audit not required" (C8 PARTIAL) | C8 → full | Phase-4 success verifier checks row + status='draft' + metadata-match + no-notify + resolved postcondition_verifier_ref + write/readback match; audit clause deleted; failure_audit_envelope = failure-only (separate txn, append-only sink fail-closed); success_decision_log_envelope = optional future, never gates success |
PATCH2-04 (corrects PATCH1-05 §3 vs §4) | CLOSED |
| R4 | T-PX-4/5/6 mean different things across PATCH1 docs; T-PX-8 merges two carriers; T-P6-3a/b "both kept" with no count rule ⇒ augmented total non-deterministic (C11/C12 AUGMENTED) |
C11/C12 → full | one authoritative PX2-001..015 registry, globally unique IDs, one semantic per ID; all T-PX-* superseded; collisions split (8 ambiguous → 10 distinct); T-P6-3a/b = two cases re-homed to PX2-013/014 (baseline T-P6-3 slot superseded, −1); augmented total = 111 (deterministic, explained) |
PATCH2-05 | CLOSED |
| R5 | add explicit tests: (a) changed owner/policy ⇒ same U1 effect (revalidated, no new registration); (b) two draft registrations same code rejected before commit | new | PX2-011 (changed-authority/same-effect ⇒ AUTHORIZATION_CHANGED_SAME_EFFECT_DUPLICATE); PX2-012 (duplicate draft head rejected by U3/head before commit, or HEAD_POLICY_UNRESOLVED fail-closed); plus PX2-005/006/007 (run_id/approval/nonce) and PX2-015 (success-no-audit) |
PATCH2-05 §2 | CLOSED |
Tally: all five residual defects CLOSED. R2 is CLOSED at the policy level (Option 1 decided) with its enforcing surface REQUIRED_NOT_PRESENT ⇒ fail-closed — the same class as U1/U2 and the RS4A G2–G7 blockers; it does not block PATCH2 readiness.
2. Accepted areas NOT reopened (Codex re-review §11)
Per the re-review's accepted points, these stand unchanged and are not reopened by PATCH2:
- PATCH1 package complete, read-only, rev1; does not overwrite RS4A.
- Canonical
draftresolves the inert state at design level (C2 PASS_WITH_CAVEAT —STATUS_DOMAIN_NOT_DB_ENFORCEDcarried). - Carrier boundary fixed (C4 PASS).
- Nonce classification + Phase 2/3 semantics fixed (C5/C6 PASS).
- Independent verifier cardinality no longer regresses RS3C-C2 (C7 PASS).
- Interface F + audit overclaim narrowed (C9/C10 PASS).
- Baseline suite count = 97; no execution/PASS.
- Registration, implementation, Owner/APR, RS-VALIDATOR remain closed.
Codex re-review §12 explicitly forbids reopening source fidelity, replace-not-wrap, C4–C7, C9–C10, D13 — none reopened here (referenced only for local consistency).
3. C-level mapping (re-review §10 PARTIALs → PATCH2)
| Re-review closure | Re-review result | PATCH2 file | New status |
|---|---|---|---|
| C1 stable effect identity | PARTIAL (authority keyed effect) | PATCH2-02 | CLOSED |
| C3 uniqueness axes | PARTIAL (U3 active-only) | PATCH2-03 | CLOSED |
| C8 audit semantics | PARTIAL (Phase-4 success contradiction) | PATCH2-04 | CLOSED |
| C11 test repair | PARTIAL (T-P6-3 count) | PATCH2-05 | CLOSED |
| C12 count reconciliation | AUGMENTED HOLD | PATCH2-05 | CLOSED (111) |
| C2, C4, C5, C6, C7, C9, C10, C13 | PASS / PASS_WITH_CAVEAT | — | unchanged (not reopened) |
4. Status
CLOSURE_MAP_COMPLETE— R1–R5 each mapped, evidenced (live where checkable), statused CLOSED.- No accepted area reopened; no mutation; RS4A and PATCH1 files not overwritten.
- Gate
REGISTRATION_HOLD·CAN_PROCEED = NO.