RS5A-PATCH1-05 — Governed Registrar Replacement Handler Clarification — 2026-06-21
RS5A-PATCH1-05 — Governed Registrar Replacement Handler Clarification — 2026-06-21
Macro: RS5A-PATCH1 · Mục tiêu D + R4 · Deliverable: 05 of 10.
Supersedes: RS5A-06 §1 handler_ref = dot-dot-register:governed (proposed) — the name is ambiguous (reads like a variant of the unsafe dot-dot-register).
Anchor: RS4A REPLACE_FOR_GOVERNED_REGISTRATION + REJECT_CURRENT_REAL_RUN_PATH (accepted) and SOURCE_CONFIRMS_UNSAFE_REGISTRAR_BEHAVIOR (RS3C).
1. Corrected handler identity
The future governed registrar handler is a REPLACEMENT artifact with a new identity. It MUST NOT wrap, relabel, invoke, shell out to, or reuse the unsafe source-recovered
dot-dot-registerreal-run path.
| field | corrected value |
|---|---|
placeholder handler_ref |
DOT_REGISTER_GOVERNED_REPLACEMENT / dot-register-governed-replacement:v1 |
| identity | new replacement identity, not dot-dot-register:governed |
| relationship to old registrar | replaces it; old real-run path is REJECTED (RS4A) |
The string dot-dot-register:governed is withdrawn unless explicitly annotated "new replacement identity, not old path" — and the corrected name above is preferred to remove all ambiguity.
2. Allowed reuse (advisory / read-only only)
| allowed | note |
|---|---|
--dry-run scan / report |
read-only, no write (the reusable RS4A scan) |
classification helper (classify_*) |
advisory only, not an admission decision |
| source evidence | the RS3C hash-verified mirror, as reference |
| warning map | derived warnings, non-authoritative |
3. Forbidden (the unsafe real-run path — all rejected)
mass scan (e.g. ls /opt/incomex/dot/bin/dot-* + loop POST) · mass loop registration · hardcoded status='active' registration · curl -k / unsafe TLS path · root SSH / hardcoded VPS IP / hardcoded path · "success-on-server-reject" (checking curl exit not HTTP status) · untransactional write (no txn/rollback) · defective dedup (abs-vs-normalized path, no DB UNIQUE).
The replacement handler must instead: single-artifact admission, effect-bound + authority-bound, atomic transaction with rollback, fail-closed logging, inert draft write, no activation side-effect.
4. Status
R4 CLOSED — handler is unambiguously a replacement, not a wrapper/relabel/reuse of the unsafe registrar. HANDLER_REPLACEMENT_AMBIGUOUS HOLD does not apply.