RS5A-PATCH4-04 — G02 Partition Domain & No-Durable-Decision Caveat — 2026-06-21

Macro: RS5A-PATCH4 · Residual R5 (G02 partition overclaim) · Deliverable: 04 of 5. Class: scoped semantic-closure correction. Additive. Supersedes (narrow): PATCH3-04 §2 sentence "The three branches partition the 'same nonce' space — every same-nonce input matches exactly one" → replaced by the domain-restricted partition statement in §3 below. Does NOT reopen the accepted G02a/b/c mutual exclusion (Codex §7.7); the effect→envelope decision tree and the three predicates are unchanged. Gate carried: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations. Suite remains DEFINED_NOT_EXECUTED.

1. The defect (Codex §6 caveat, §9.4)

PATCH3-04 §2 claimed the three branches partition every same-nonce input. They do not. Consider:

same nonce as a prior attempt  ·  same effect_identity  ·  same authorization envelope/digest  ·  NO prior durable decision

This input matches none of G02a/b/c:

• not G02a — G02a requires a prior durable decision to retrieve; here there is none;
• not G02b — effect is the same, not different;
• not G02c — envelope is the same, not different.

This is the in-flight / concurrent-retry state: the nonce was seen (a prior attempt reserved it) but no durable decision was committed before this request arrived. Codex confirmed this does not reintroduce G02a/G02c overlap (so it is not a blocking defect), but the word "partition" is too broad and must be narrowed before implementation.

2. Why all three branches genuinely require a prior durable decision

Each branch compares the incoming request against a committed prior decision:

• G02a (IDEMPOTENT_PRIOR_DECISION_RETRIEVAL) retrieves and returns the prior durable decision — requires it to exist.
• G02b (NONCE_REUSE_DIFFERENT_EFFECT) detects that the new effect differs from the prior committed effect — requires the prior decision to know the prior effect.
• G02c (NONCE_REUSE_AUTHORIZATION_MISMATCH) detects that the new envelope differs from the prior committed envelope — requires the prior decision to know the prior envelope.

So "a prior durable decision exists for this nonce" is a shared precondition of all three branches, not an extra condition of G02a alone. The honest statement is therefore a domain-restricted partition.

3. Corrected statement — domain-restricted partition

Within the domain D = { same-nonce inputs for which a prior DURABLE DECISION exists for that nonce }, the effect→envelope decision tree partitions D exhaustively and exclusively into G02a / G02b / G02c. Every input in D matches exactly one branch; no input in D matches two (the accepted mutual exclusion, unchanged).

The decision tree (unchanged from PATCH3-04 §2), now explicitly rooted at the domain precondition:

nonce matches a prior attempt that reached a DURABLE DECISION?            <-- domain D gate
└── yes  (input ∈ D):
    ├── effect_identity DIFFERENT from prior decision?     → G02b  NONCE_REUSE_DIFFERENT_EFFECT
    └── effect_identity SAME:
        ├── authorization envelope/digest DIFFERENT?        → G02c  NONCE_REUSE_AUTHORIZATION_MISMATCH
        └── envelope SAME (exact retry/recovery)            → G02a  IDEMPOTENT_PRIOR_DECISION_RETRIEVAL
└── no   (input ∉ D): NOT claimed by this RS5A oracle — see §4.

Evaluation precedence inside D (guarantees exclusivity, unchanged): different-effect first (G02b), then different-envelope (G02c), then exact retry (G02a). The authorization-substitution case (same effect, swapped envelope) still lands on G02c, never G02a.

4. The out-of-domain case — NO_PRIOR_DURABLE_DECISION_STATE_UNSPECIFIED

The case same nonce · same effect · same envelope · NO prior durable decision lies outside domain D. It is the in-flight / concurrent-retry state (the first attempt has not yet committed a durable decision).

• It is marked NO_PRIOR_DURABLE_DECISION_STATE_UNSPECIFIED — a design-only out-of-domain label, explicitly not a reject code in the quorum/replay oracle, not an IDEMPOTENCY_BEHAVIOR_CASE, and not an executable scenario.
• This RS5A oracle makes no claim about its outcome. Resolving it (nonce reservation, in-flight de-dup, concurrency control, lost-write avoidance) belongs to the future replay-surface implementation under RS5B and later build phases, where it must be designed and proven before any real register_dot. Until then it is fail-closed by the absent surface (the replay surface is a hard pre-runtime prerequisite — RS5A-PATCH3-02 Axis A, carried).
• No code is added. Per Codex's recommendation ("do not add code unless necessary; mark as future-not-covered"), PATCH4 names the state but does not mint an oracle reject code for it.

5. Count is unchanged — 84 parent IDs / 86 executable scenarios

Narrowing the partition wording and naming an out-of-domain future state add no executable scenario. G02 still contributes its three executable subcases (G02a/b/c) and G08 remains the distinct recovery-fixture scenario. Count remains 84 parent IDs / 86 executable scenarios (84 − 1 + 3 = 86); suite DEFINED_NOT_EXECUTED. No new G02 scenario is introduced; no count recomputation is required.

6. What is NOT reopened

• G02a/b/c mutual exclusion for inputs in D — accepted (Codex §7.7), unchanged.
• The effect→envelope evaluation precedence — unchanged.
• G08 as a distinct client-observation fixture with the same canonical outcome — accepted, unchanged.
• The "same nonce + same effect + same envelope + prior durable decision = exact retry → G02a" predicate — unchanged.

PATCH4 changes only the scope of the partition claim (from "every same-nonce input" to "every same-nonce input in D") and names the out-of-domain state.

7. Status

R5 (G02 partition overclaim) residual CLOSED: the partition is restated as exhaustive-and-exclusive only within the domain D of same-nonce inputs that have a prior durable decision; the same nonce + same effect + same envelope + no prior durable decision in-flight case is named NO_PRIOR_DURABLE_DECISION_STATE_UNSPECIFIED, declared out of this oracle's domain (design-only, no reject code, no executable scenario), and left to the future replay-surface implementation under the carried hard pre-runtime prerequisite. Accepted G02a/b/c mutual exclusion not reopened; count unchanged 84 / 86; DEFINED_NOT_EXECUTED. …G02_DOMAIN_OVERCLAIM HOLD condition does not apply.