RS5A-12 — G2 Owner-of-record Decision Packet — 2026-06-21

Macro: RS5A · Deliverable: 12 of 15 · consolidated decision packet. Verdict: G2_OWNER_DECISION_READY_FOR_CODEX_REVIEW Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations

1. One-screen decision summary

dimension	result
Verdict	G2_OWNER_DECISION_READY_FOR_CODEX_REVIEW
Authority state (LIVE)	governance_object_ownership = 0; head-uniqueness index present; no registration scope; register_dot absent; quorum readable but effect-binding insufficient
Owner candidate result	OWNER_CANDIDATE_SURFACE_PROVEN (governance_registry: GOV-DOT/GOV-SIV/GOV-COUNCIL) · NO_ACCOUNTABLE_HEAD_BOUND
register_dot action status	REGISTER_DOT_ACTION_REQUIRED_NOT_PRESENT — contract v1 defined, action not created
Authority envelope status	AUTHORITY_ENVELOPE_V1_DEFINED — binds PATCH2 authorization_binding_digest; authority kept out of U1; evaluates fail-closed
Quorum status	QUORUM_SEMANTICS_READ + QUORUM_PROVEN_BUT_BINDING_INSUFFICIENT (no effect/artifact/identity binding)
Negative tests	84 cases, DEFINED_NOT_EXECUTED, all mandatory fail-opens covered
Recommended option	Option B (split Owner by scope cluster)
Registration gate	REGISTRATION_HOLD retained
Single next step	Codex reviews RS5A → on accept, the Owner makes the G2 designation (author scope + head + register_dot); per-block hardening + RS-VALIDATOR sequenced after

2. Controlling facts (fresh, live, [[rs5a-02]])

1. governance_object_ownership = 0 ⇒ no Owner-of-record ⇒ no owner ⇒ no register_dot write.
2. governance_responsibility_scope has no registration-authority scope (REQUIRED_NOT_PRESENT).
3. apr_action_types (14) has no register_dot; assign_governance_owner is handler_ref='unimplemented' ⇒ the owner-mint path is itself fail-closed.
4. quorum_passed / fn_apr_quorum_check bodies read: verify vote tiers only; president = ILIKE '%president%' text match; no effect/artifact/freshness/supersession binding.
5. APR/vote schema has no effect_identity/artifact_hash column; approval binds a target row ref, not the artifact.
6. dot_tools.owner is free-text (null/system/claude_ai); dot_tools.status includes out-of-vocab published with no CHECK.

3. Why NOT a stronger or weaker verdict

• Not G2_HOLD_NO_OWNER_CANDIDATE_SURFACE — a surface is proven (governance_registry).
• Not G2_HOLD_QUORUM_SEMANTICS_UNPROVEN — both bodies were read this macro.
• Not G2_HOLD_REGISTER_DOT_ACTION_MODEL_INSUFFICIENT — action contract v1 + reject codes + family separation authored.
• Not G2_HOLD_AUTHORITY_ENVELOPE_INSUFFICIENT — envelope v1 binds to PATCH2, authority kept out of U1.
• Not G2_HOLD_NEGATIVE_TESTS_INSUFFICIENT — 84 ≥ 80, all mandatory cases present.
• Not G2_REJECT_OWNER_EXECUTION_DRIFT / SCOPE_DRIFT / FAIL_OPEN — no owner/APR/action created; scope unchanged; every gap fails closed.
• Therefore READY_FOR_CODEX_REVIEW with the controlling sub-state remaining fail-closed.

4. Blockers carried (none cleared)

G2 (deciding authority — owner=0) · G3 (no register_dot) · G4 (no artifact-hash carrier) · G5 (no replay surface) · G6 (no immutable audit sink) · G7 (activation side-effect) · STATUS_DOMAIN_NOT_DB_ENFORCED · U3_PARTIAL_UNIQUE_SURFACE_ABSENT · OWNER_MINT_PATH_FAIL_CLOSED (new, this macro) · QUORUM_EFFECT_BINDING_INSUFFICIENT (new) · QUORUM_APPROVER_IDENTITY_UNVERIFIED (new).

5. Must-not-do held (all 31)

No runtime mutation / DDL / DML; no Owner row; no APR; no register_dot; no approve; no schema/column/constraint; no gate flip; no registrar/validator patch; no RS-VALIDATOR; no implementation; no registration; no activation; no Directus run payload; no migration SQL; caller/free-text/Directus-role/quorum-alone never treated as Owner; no authority into U1; no reopening accepted RS4A/PATCH parts; no mega-registry/graph/birth; no bundling of per-block hardening / registrar impl / validator; no "PASS registration"; REGISTRATION_HOLD not cleared.

6. Single next step

Codex reviews RS5A (this package only). On ACCEPT, the Owner-of-record executes the G2 designation (Option B recommended) — author the registration-authority scope, bind an accountable head, author the register_dot action — after which per-block hardening and RS-VALIDATOR are sequenced (not bundled). If Codex finds residual defects ⇒ RS5A-PATCH1.