RS4A — Index: Registrar-Hardening Design (Source-Aware) — 2026-06-21
RS4A — Index: Registrar-Hardening Design (Source-Aware) — 2026-06-21
Macro: RS4A — REGISTRAR-HARDENING-DESIGN-SOURCE-AWARE GOVERNANCE CONTRACT PACKAGE
Opened after: Codex ACCEPT_RS3C_AND_PROCEED_TO_REGISTRAR_HARDENING_DESIGN (package stop state RS3C_ACCEPTED).
Mode: read-only · 0 mutations · DESIGN-ONLY (no implementation, no patch, no registration, no validator hardening).
Package verdict: RS4A_READY_FOR_CODEX_REVIEW (NOT a registrar PASS; PASS not forced).
Controlling finding (carried): SOURCE_CONFIRMS_UNSAFE_REGISTRAR_BEHAVIOR.
Replacement decision: REPLACE_FOR_GOVERNED_REGISTRATION + REJECT_CURRENT_REAL_RUN_PATH.
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO.
1. Package inventory (14 files in reports/rs4a/ + 1 rollup in reports/)
| # | File | Sub-status | Readback |
|---|---|---|---|
| — | rs4a-index-… (this file) |
INDEX |
✅ |
| 01 | 01-source-defect-ledger-line-level-… |
SOURCE_DEFECT_LEDGER_COMPLETE (24 defects, ≥20) |
✅ created rev1 |
| 02 | 02-registrar-hardening-target-contract-v0-2-… |
CONTRACT_V0_2_DEFINED_SOURCE_AWARE |
✅ created rev1 |
| 03 | 03-contract-vs-source-delta-matrix-… |
DELTA_MATRIX_COMPLETE (24 rows, ≥20) |
✅ created rev1 |
| 04 | 04-phase-model-and-proof-obligations-… |
PHASE_MODEL_AND_PROOF_OBLIGATIONS_DEFINED (Phases 0–6) |
✅ created rev1 |
| 05 | 05-owner-apr-authority-contract-… |
AUTHORITY_CONTRACT_FAIL_CLOSED |
✅ created rev1 |
| 06 | 06-interface-f-artifact-resolver-v0-2-… |
INTERFACE_F_FAIL_CLOSED (sharpened: no per-artifact carrier) |
✅ created rev1 |
| 07 | 07-replay-nonce-attempt-contract-v0-2-… |
REPLAY_DOMAIN_FAIL_CLOSED + REPLAY_SURFACE_REQUIRED_NOT_PRESENT |
✅ created rev1 |
| 08 | 08-durable-failure-audit-sink-contract-v0-2-… |
SINK_CANDIDATE_SELECTED_FAIL_CLOSED (event_outbox lead) |
✅ created rev1 |
| 09 | 09-trigger-gate-side-effect-closure-… |
TRIGGER_CLOSURE_DEFINED_P4_CONDITION_READ (G7-consumer open) |
✅ created rev1 |
| 10 | 10-replacement-vs-wrapper-decision-… |
REPLACE_FOR_GOVERNED_REGISTRATION |
✅ created rev1 |
| 11 | 11-acceptance-test-suite-design-80-cases-… |
ACCEPTANCE_SUITE_DESIGNED_NOT_EXECUTED (92 cases) |
✅ created rev1 |
| 12 | 12-remaining-blockers-and-sequencing-… |
blockers G2–G7 OPEN; RS-VALIDATOR gated on acceptance | ✅ created rev1 |
| — | codex-review-packet-rs4a-… |
requested verdict RS4A_READY_FOR_CODEX_REVIEW |
✅ created rev1 |
| — | ../macro-rs4a-… (rollup, reports/ level) |
executive rollup | ✅ created rev1 |
2. Mục tiêu (A–L) → deliverable map
| Objective | Deliverable | Outcome |
|---|---|---|
| A — source-defect ledger | 01 | 24 line-cited defects (D01–D24) |
| B — target contract v0.2 | 02 | contract schema + reject codes + invariants |
| C — contract-vs-source delta | 03 | 24-row matrix; 17 MUST_REPLACE |
| D — phase model + proofs | 04 | Phases 0–6, per-phase fail-closed/rollback/audit/proof/tests |
| E — Owner/APR authority | 05 | fail-closed (owner=0, no register_dot) |
| F — Interface F v0.2 | 06 | fail-closed; 5-hash taxonomy; no per-artifact carrier |
| G — replay/nonce/attempt v0.2 | 07 | C1 three identities; iu_route_attempt rejected; surface required-not-present |
| H — durable audit sink v0.2 | 08 | event_outbox lead, fail-closed (no immutability) |
| I — trigger/gate closure | 09 | P4 closed at producer (live body); closed-at-registration invariant |
| J — replacement vs wrapper | 10 | REPLACE + REJECT_REAL_RUN; dry-run/helpers only safe reuse |
| K — acceptance suite | 11 | 92 cases, not executed |
| L — Codex packet + sequencing | 12 + codex packet | blockers + sequencing; RS-VALIDATOR after acceptance |
3. Live reads performed (Claude read-only query_pg, db directus, 2026-06-21)
fn_context_pack_on_dot_register body (P4 closed) · dot_tools counts/constraints/columns · governance_object_ownership=0 · apr_action_types (no register_dot) · event_outbox triggers (no immutability) · context_pack_manifest columns/constraints (per-pack aggregate) · wf_fs_dot_bin_snapshot rows + constraints · dot_config watch tiers + gates · quorum_passed/fn_apr_quorum_check existence. No mutation performed.
4. Carried caveats
P1 mirror-hash = recorded-snapshot-hash (not Codex-live attestation) · P2 writer-set scoped to the two scripts · P3 dedup fragile/fail-open-prone · P4 notify conditional (producer body read live; consumer body open) · P5 design-only. Hash ≠ signature; caller ≠ authority; existence/parse ≠ trust; KB admission ≠ runtime registration.
5. Verdict
RS4A_READY_FOR_CODEX_REVIEW — package complete, design-only, registration HOLD retained, PASS not forced.