RS5A-PATCH1-07 — Decision Packet — 2026-06-21
RS5A-PATCH1-07 — Decision Packet — 2026-06-21
Macro: RS5A-PATCH1 · Deliverable: 07 of 10 · consolidated.
Verdict: RS5A_PATCH1_READY_FOR_CODEX_REVIEW (not forced)
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations
1. One-screen summary
| dimension | result |
|---|---|
| Verdict | RS5A_PATCH1_READY_FOR_CODEX_REVIEW |
| Scope | repair G2 prerequisite & sequencing contract only; does NOT overwrite RS5A; does NOT reopen RS4A/PATCH1/PATCH2 identity semantics |
| R1 replay/audit "after registration" | CLOSED_FAIL_CLOSED — hard runtime prerequisites; design-after-decision only ([[rs5a-patch1-02]]) |
| R2 Owner-executes-on-accept | CLOSED — next step is RS5B execution-design + separate authorization; bootstrap unresolved acknowledged ([[rs5a-patch1-03]]) |
| R3 GOV-COUNCIL edge | CLOSED — explicit 10th scope DOT_APPROVAL_QUORUM_AUTHORITY + identity-binding, no broad inheritance ([[rs5a-patch1-04]]) |
| R4 handler ambiguity | CLOSED — DOT_REGISTER_GOVERNED_REPLACEMENT, replace-not-wrap ([[rs5a-patch1-05]]) |
| R5 test oracles | CLOSED — D07/H03/H07/I03/G02/G08 corrected; replay vs idempotency split ([[rs5a-patch1-06]]) |
| R6 implicit coupling | CLOSED — carrier dependency edges explicit ([[rs5a-patch1-02]] §4) |
| Registration gate | REGISTRATION_HOLD retained |
| Single next step | Codex reviews RS5A-PATCH1 → on accept, RS5B (G2 execution-design/authorization-design), non-mutating |
2. Prerequisite-graph correction (R1)
Four phases P0→P3; P3 (real register_dot) never begins while any of the 11 hard runtime prerequisites is absent/failing. Replay surface and failure-audit sink may be designed after the G2 decision but must exist and pass before runtime registration; no wording permits them after runtime registration.
3. Bootstrap correction (R2)
BOOTSTRAP_AUTHORITY_UNRESOLVED + OWNER_MINT_PATH_FAIL_CLOSED + G2_EXECUTION_REQUIRES_SEPARATE_AUTHORIZATION. No bound Owner today; assign_governance_owner unimplemented; no entity may execute on accept. Next = RS5B design only.
4. GOV-COUNCIL edge (R3)
10th scope DOT_APPROVAL_QUORUM_AUTHORITY (GOV-COUNCIL candidate head, approval authority only, owns no registration/admission/activation); identity-binding replaces ILIKE '%president%'; justified as narrow LEGO, not mega-scope.
5. Handler (R4) & oracles (R5)
Handler = new replacement identity DOT_REGISTER_GOVERNED_REPLACEMENT (no wrap/relabel/reuse). Oracles corrected: D07→REGISTER_DOT_RISK_TIER_MISMATCH; H03→STATUS_VALUE_OUT_OF_VOCABULARY; H07→SUCCESS_AUDIT_FORBIDDEN_BY_PHASE4_CONTRACT; I03→DRAFT_WRITE_EMITTED_ACTIVATION_NOTIFY; G02→idempotency (a) + NONCE_REUSE_DIFFERENT_EFFECT (b) + NONCE_REUSE_AUTHORIZATION_MISMATCH (c); G08→IDEMPOTENCY_BEHAVIOR_CASE.
6. Blockers & must-not-do
Carried: G2–G7, STATUS_DOMAIN_NOT_DB_ENFORCED, U3_PARTIAL_UNIQUE_SURFACE_ABSENT, OWNER_MINT_PATH_FAIL_CLOSED, QUORUM_EFFECT_BINDING_INSUFFICIENT, QUORUM_APPROVER_IDENTITY_UNVERIFIED, BOOTSTRAP_AUTHORITY_UNRESOLVED. All 27 must-not-do held; REGISTRATION_HOLD not cleared; no Owner/scope/APR/register_dot/approval/handler created.
7. Single next step
Codex reviews RS5A-PATCH1 (this package only). On ACCEPT_RS5A_PATCH1 → proceed to RS5B (G2 Owner-of-record execution-design / authorization-design), non-mutating, which must solve bootstrap authority and itself receive authorization before any write. Residual ⇒ RS5A-PATCH2.