RS5A-PATCH2-02 — Scope Taxonomy Final Classification — 2026-06-21

Macro: RS5A-PATCH2 · Residual R1-taxonomy · Deliverable: 02 of 6. Supersedes: RS5A-04 §4 ("Mandatory vs deferrable vs never-implicit") and RS5A-PATCH1-04 §4's taxonomy line that reused a generic post-registration bucket grouping activation, replay, and audit together. That bucket framing is deleted in full; no successor classification may place replay or audit in any post-registration / "may follow registration" group. Controlling correction: Nothing in RS5A may be read to mean replay or failure-audit can exist after real runtime register_dot. The only scope that is post-registration-capable is activation.

1. Why the prior taxonomy line was unsafe (Codex §4)

PATCH1-02 already established (and Codex accepted) that artifact-hash, nonce/replay, failure-audit, U3, status-domain, effect-bound approval, and authority-binding are hard runtime prerequisites. But PATCH1-04 §4 still summarized the scope count using the old three-member post-registration bucket that lumped activation + replay + audit into one "may follow" group. Activation may legitimately follow an inert draft registration; replay and failure-audit may not. Carrying that bucket label inside the correction package preserved the exact unsafe interpretation R1 was opened to remove. PATCH2 therefore removes the bucket and classifies each scope by its true sequencing class.

2. Final classification (replaces all prior gate/deferrable framing)

The taxonomy is 10 scopes in three classes by sequencing:

A. Hard pre-runtime prerequisite scopes — 8 (all MUST exist and pass before any real register_dot admission)

#	scope_code	governs	RS5A-09 test group
1	DOT_REGISTRAR_CONTRACT	what the registrar is allowed to do at all (replace-not-wrap, no mass-scan)	(registrar contract)
2	DOT_REGISTRATION_AUTHORITY	who may admit a register_dot effect	A / B / C
3	DOT_ARTIFACT_ADMISSION	which artifact bytes/hash may enter	E
4	DOT_HASH_CARRIER	where the authoritative artifact hash lives	H08
5	DOT_HEAD_UNIQUENESS	U3 current-head policy	H04/H05
6	DOT_STATUS_DOMAIN	legal status vocabulary + enforcement	H01–H03
7	DOT_REPLAY_SURFACE	single-use / idempotency of an effect (nonce + U1/U2)	G
8	DOT_AUDIT_SINK	failure-only audit ledger	H06/H07

B. Hard pre-runtime approval/quorum authority scope — 1 (MUST exist and pass before any real register_dot admission)

#	scope_code	governs	RS5A-09 test group
9	DOT_APPROVAL_QUORUM_AUTHORITY	who may approve high-risk DOT actions and what quorum means (GOV-COUNCIL candidate head; approval authority only)	F + new identity cases ([[rs5a-patch2-03]])

C. Post-registration-capable activation scope — 1 (the only scope that may be designed/owned to act after an inert draft registration)

#	scope_code	governs	RS5A-09 test group
10	DOT_ACTIVATION_AUTHORITY	who may move draft → active (notify)	I

8 + 1 + 1 = 10 scopes. Classes A and B (nine scopes) are conjunctive hard pre-runtime prerequisites. Class C (one scope) is the sole post-registration-capable scope.

3. Critical sequencing statements (machine-unambiguous)

1. DOT_REPLAY_SURFACE = hard pre-runtime prerequisite. It MUST exist and pass before any real register_dot admission. It MUST NOT be read as a post-registration enhancement that "degrades to duplicate-detect" later. (This explicitly supersedes RS5A-04 §1's "can be after (degrades to duplicate-detect)" note for replay.)
2. DOT_AUDIT_SINK = hard pre-runtime prerequisite. The failure-audit sink/policy MUST exist and pass before any real register_dot admission. (Supersedes RS5A-04 §1's "can be after" note for audit.)
3. DOT_ACTIVATION_AUTHORITY = the only post-registration-capable scope. Registration writes inert draft; activation (draft → active / notify) may be owned and acted upon after registration, under its own separate scope and head, with MUST_NOT_IMPLICIT_INHERIT from DOT_REGISTRATION_AUTHORITY.
4. No phrase anywhere may imply replay or audit can follow runtime registration. The words "deferred", "deferrable", "post-registration", or "may follow registration" MUST NOT be applied to replay or audit. They apply only to activation.

4. Sequencing-class table (closes the R1 contradiction)

scope	class	may be DESIGNED after the G2 decision?	must EXIST and PASS before real register_dot?	may act/exist AFTER runtime registration?
DOT_REGISTRAR_CONTRACT	A pre-runtime	yes (P1/P2)	YES	no
DOT_REGISTRATION_AUTHORITY	A pre-runtime	yes (P1/P2)	YES	no
DOT_ARTIFACT_ADMISSION	A pre-runtime	yes (P1/P2)	YES	no
DOT_HASH_CARRIER	A pre-runtime	yes (P1/P2)	YES	no
DOT_HEAD_UNIQUENESS	A pre-runtime	yes (P1/P2)	YES	no
DOT_STATUS_DOMAIN	A pre-runtime	yes (P1/P2)	YES	no
DOT_REPLAY_SURFACE	A pre-runtime	yes (P1/P2)	YES	NO — forbidden wording
DOT_AUDIT_SINK	A pre-runtime	yes (P1/P2)	YES	NO — forbidden wording
DOT_APPROVAL_QUORUM_AUTHORITY	B pre-runtime approval	yes (P1/P2)	YES	no
DOT_ACTIVATION_AUTHORITY	C post-registration-capable	yes (P1/P2)	not required for the inert draft write	YES — the only scope that may

This table is fully consistent with the accepted PATCH1-02 §2/§3 prerequisite graph (eleven conjunctive runtime prerequisites). It only removes the misleading taxonomy bucket label; it does not reopen the prerequisite graph.

5. Present-state and LEGO boundary (unchanged, carried)

All ten scopes are REQUIRED_NOT_PRESENT (the live governance_responsibility_scope vocabulary is {approval, audit, execution, health, policy, render} — none registration-specific; governance_object_ownership = 0). Each scope remains a separate LEGO block: born / tested / changed / rolled back independently, joined only by explicit admission edges, with MUST_NOT_IMPLICIT_INHERIT (especially DOT_REGISTRATION_AUTHORITY ↛ DOT_ACTIVATION_AUTHORITY). No scope row is created by this patch.

6. Status

SCOPE_TAXONOMY_FINALIZED — the post-registration "deferrable" bucket is removed; replay and audit are hard pre-runtime prerequisites; activation is the sole post-registration-capable scope. R1-taxonomy residual CLOSED. …SCOPE_DRIFT HOLD condition does not apply.