RS4A-PATCH2 Index — Effect Identity, Head Uniqueness, Success-Audit, and Suite-ID Reconciliation — 2026-06-21

Macro: RS4A-PATCH2 — scoped correction addendum opened after Codex re-review NEED_RS4A_PATCH2 (HOLD on RS4A-PATCH1). Class: read-only / KB-design · 0 mutations (read-only query_pg directus + AgentData KB) · design-only (no implementation, no DDL/DML, no schema/column/constraint, no Owner/APR, no gate flip, no registrar/validator patch, no registration, no RS-VALIDATOR). Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO Verdict: RS4A_PATCH2_READY_FOR_CODEX_REVIEW Does NOT overwrite RS4A or PATCH1. PATCH2 is a scoped addendum; those files remain rev1.

---

1. Why this macro exists

Codex re-reviewed RS4A-PATCH1 and returned NEED_RS4A_PATCH2 (HOLD). PATCH1 fixed most defects, but four residual inconsistencies remained inside the corrected contract, plus two missing tests. RS4A-PATCH2 makes exactly those five corrections (R1–R5) and nothing more — it does not re-do RS4A/PATCH1, and does not reopen the Codex-accepted areas (source fidelity, replace-not-wrap, C4–C7, C9–C10, D13).

The five residual defects (= the PARTIAL closures C1/C3/C8/C11/C12 in the re-review):

1. R1 — authority scope/policy still keyed U1 effect identity (a policy change could mint a duplicate registration);
2. R2 — U3 was WHERE status='active', but registration writes draft ⇒ duplicate draft heads not excluded;
3. R3 — Phase-4 success still required durable audit, contradicting "success audit not required";
4. R4 — T-PX-4/5/6 collided across PATCH1 docs; T-P6-3a/b count ambiguous ⇒ non-deterministic augmented total;
5. R5 — missing tests for changed-authority/same-effect and duplicate-draft-head.

---

2. Package files

File	Closes	Subject
rs4a-patch2-index-… (this)	—	inventory, verdict, sequencing
01-codex-rereview-defect-closure-map-…	R1–R5	closure spine: residual defect → correction → evidence → status
02-effect-identity-with-authorization-binding-separated-…	R1	effect_identity = business effect only; authorization_binding_digest separated
03-u3-current-head-uniqueness-policy-…	R2	U3 current-head across {draft, active} (Option 1)
04-phase4-success-verifier-and-audit-semantics-…	R3	success verifier needs no audit; failure-audit failure-only
05-authoritative-test-registry-and-count-…	R4, R5	PX2-001..015 registry; augmented total 111
06-rs4a-patch2-decision-packet-…	—	verdict, formulas, counts, next step
codex-review-packet-rs4a-patch2-…	—	review request (PATCH2 only)
…/reports/macro-rs4a-patch2-… (rollup)	—	executive rollup

9 files total (this index + 6 under rs4a-patch2/ + 1 codex packet under rs4a-patch2/ + 1 rollup under reports/).

---

3. Headline results

• R1 → CLOSED. effect_identity = H(protocol_version, operation="register_dot", canonical_target_dot_code, canonical_artifact_identity, canonical_artifact_hash). Owner scope, authority policy, approval/owner/APR ids removed. New authorization_binding_digest carries authority, bound to the attempt record, required for admission, not U1. Changed authority ⇒ same effect ⇒ AUTHORIZATION_CHANGED_SAME_EFFECT_DUPLICATE; re-registration ⇒ explicit different operation.
• R2 → CLOSED. U3 = current head across {draft, active}; {deprecated, retired} terminal/non-head. Registration writes draft only if no draft/active head. Surface absent ⇒ fail closed before draft write. (Option 1, not a HOLD.)
• R3 → CLOSED. Phase-4 success verifier deletes the "audit durably written ⇒ success" clause; success requires no audit; failure-audit is failure-only; success-decision log optional/future.
• R4 → CLOSED. One authoritative PX2-001..015 registry; T-PX-* superseded; T-P6-3a/b = two cases; augmented total 111 (deterministic, explained).
• R5 → CLOSED. PX2-011 (changed-authority/same-effect), PX2-012 (duplicate draft head) + PX2-005/006/007/015.

---

4. Live facts used (Claude read-only query_pg, db directus, 2026-06-21)

directus_fields.dot_tools.status choices {draft, active, deprecated, retired} (validation=null, required=false, note "draft/active/deprecated/retired") · dot_tools constraints = only PRIMARY KEY (id) + chk_dot_tier + chk_dot_coverage + chk_dot_trigger + fk_dot_tools_domain (no UNIQUE, no status CHECK) · status data active 291 / published 16 (out-of-vocab) / null 2 / draft 0 · governance_object_ownership 0 · apr_action_types 14 (no register_dot).

---

5. Blockers carried (unchanged class; not resolved by PATCH2)

• G2 owner-of-record = 0 (deciding authority) — NEEDS_OWNER_DECISION (now surfaced as AUTHORITY_BINDING_UNRESOLVED at admission).
• G3 no register_dot APR action — NEEDS_OWNER_DECISION.
• G4 no per-artifact hash carrier (Interface F) — NEEDS_FUTURE_SURFACE.
• G5 no replay/consume surface (U1/U2) — NEEDS_FUTURE_SURFACE.
• G6 no append-only audit sink — NEEDS_FUTURE_SURFACE.
• G7 activation side-effect (fenced by inert draft); G7-consumer body unread.
• STATUS_DOMAIN_NOT_DB_ENFORCED — add a governed status CHECK (prerequisite for the U3 lifecycle_role partition to be trustworthy).
• U3 surface — UNIQUE(code) WHERE lifecycle_role='current_head' partial index is REQUIRED_NOT_PRESENT ⇒ fail-closed (new carry, decided policy/absent surface).

None blocks PATCH2 readiness for Codex review (same posture as RS4A's own open blockers).

---

6. Next step

Codex reviews RS4A-PATCH2 only. On ACCEPT_RS4A_PATCH2 ⇒ single next step = G2 Owner-of-record decision; RS-VALIDATOR-HARDENING, per-block hardening (replay surface, U3 partial-unique, status CHECK, hash carrier, audit sink), and registrar-replacement implementation are sequenced after acceptance + Owner decision, not bundled.

Builds on / corrects [[project_laws_new_macro_rs4a_patch1_contract_identity_inert_state_suite_reconciliation_2026_06_21]]. Default HOLD; engineering PASS ≠ authority PASS; authority ≠ effect identity; hash ≠ signature; caller ≠ authority; KB admission ≠ runtime registration.