KB-23F3
RS5B-CLOSEOUT-PATCH1 01 — Source Register & Codex HOLD Reconstruction — 2026-06-21
14 min read Revision 1
rs5b-closeout-patch1source-registercodex-hold-reconstructiondependency-safe-rollbackgate-splitregistration-hold2026-06-21
RS5B-CLOSEOUT-PATCH1 01 — Source Register & Codex HOLD Reconstruction — 2026-06-21
Evidence tier: AgentData KB direct read. No chat summary, local prose, memory, or unread report was used as proof. The controlling Codex HOLD report and every closeout package file were read in full (truncated=false) in the main process via mcp__agent-data__get_document_for_rewrite / mcp__agent-data__batch_read (full=true); per-file metadata is recorded verbatim from the AgentData JSON.
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations (KB-only, design-only, no live runtime read).
Scope: Job B patch only. Job A (consolidated RS5B contract) is not reopened — Codex §3 accepted it.
0. Codex-mode reconstruction (mandatory posture)
Recorded before any patch file was authored, per the controlling instruction. If this section were missing, the only allowed stop state would be RS5B_CLOSEOUT_PATCH1_HOLD_CODEX_STYLE_RECONSTRUCTION_MISSING.
- I do not trust the old report.
- I do not trust the harness.
- I reconstruct from governed KB files.
- I identify actual dependency edges.
- I attack rollback plans with bad inputs.
- I check whether invalid rollback can still be called PASS.
- I distinguish: rollback plan present vs rollback plan dependency-safe vs rollback preserves historical evidence vs rollback preserves authority semantics.
- I distinguish: baseline design acceptance vs plan-specific P2-open acceptance vs Chairman authorization vs runtime write authorization.
- Engineering PASS is not authority PASS.
- Contract PASS is not runtime PASS.
Operational consequence carried into every PATCH1 file: the contract must reject a destructive-but-present rollback plan before it can emit any PASS. Writing the word "rollback" is not proof; rejecting a malicious rollback before a PASS is the proof obligation.
1. Controlling source — the official Codex HOLD report
| Path | Revision | content_length | truncated | What it proves (controlling) |
|---|---|---|---|---|
knowledge/dev/laws-new/reports/codex/codex-review-rs5b-closeout-p2-entry-2026-06-21.md |
1 | 13156 | false | STATUS: HOLD · VERDICT: REJECT_LEGO_BOUNDARY_INSUFFICIENT · stop RS5B_CLOSEOUT_P2_ENTRY_HOLD_DEPENDENCY_SAFE_ROLLBACK_AND_GATE_SPLIT_REQUIRED · REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · P2 NOT_OPENED · NOT_AUTHORIZED. Job A PASS (§3); Job B FAIL/NEEDS_PATCH (§4, §5, §6, §7). |
Reconstructed controlling states from that report (verbatim anchors):
- §3 Job A = PASS: "the consolidated RS5B contract closeout, is technically acceptable" — ten controlling points carried; PATCH1/PATCH2 supersessions carried; five caveats propagated.
- §5 LEGO carrier boundary = FAIL — blocking: C1 "drop/disable the vocabulary contract", C3 "revoke/drop a single ownership row independently", C4 "drop a hash record", C5 "disabling a referenced policy without a compatibility/supersession rule", C7 "disable approval-as-a-check" are destructive; "deletion is not rollback"; R6 and XBI-7 "only test whether a rollback plan is present."
- §4 P2 entry-gate = NEEDS_PATCH: R12 mixes entry-gate-design review with plan-specific build-plan review; the all-pass output
P2_ENTRY_DESIGN_READY_FOR_INDEPENDENT_REVIEWis circular; "the contract must split two distinct gates" (Baseline gate, P2-open gate). - §6 C7 conditionality = NEEDS_PATCH: C7 "required only when approval is used" conflicts with file-06 §4 "all seven carriers … must exist and PASS before P3." "Both cannot control simultaneously."
- §7 XBI = PASS for ten declared, INCOMPLETE for gate acceptance: missing destructive-rollback / orphan / history-erasure / C7-conflict / baseline-vs-plan-specific fixtures.
- §11 Required patch (seven asks): (1) replace destructive "drop" with versioned supersession / compensating transition / fail-closed disable preserving IDs+references+metadata+history; (2) dependency impact + post-rollback invariants per C1–C7; (3) rollback validity, not presence; (4) XBI for orphan / history-erasure / authority-weakening / dependent-reference breakage; (5) resolve C7 consistently; (6) split baseline-design from plan-specific P2-open and rename outputs; (7) retain
REGISTRATION_HOLD, authorize no P2/runtime. - §12 Single next step: "produce a narrow RS5B-CLOSEOUT patch limited to dependency-safe rollback semantics, rollback adversarial coverage, C7 conditionality, and the two-stage review/P2-open gate. Do not reopen the accepted RS5B consolidated contract."
Read-unblock digest (…/rs5b-closeout-p2-entry/read-unblock-audit-digest-2026-06-21.md) was not used: the governed source read was unblocked. On any discrepancy, the governed source files above control; the digest is a secondary audit aid only.
2. Source register — closeout package under review (all read full, truncated=false)
| Path | Revision | content_length | truncated | What it proves / what PATCH1 touches |
|---|---|---|---|---|
…/rs5b-closeout-p2-entry/01-source-register-and-codex-acceptance-reconstruction-2026-06-21.md |
1 | 9631 | false | 18-source direct-read register; three Codex controlling states. Not touched (audit baseline). |
…/rs5b-closeout-p2-entry/02-rs5b-consolidated-contract-as-corrected-2026-06-21.md |
1 | 12714 | false | Job A consolidated contract (D-on-E, packet item 5/9/13, pure effect_identity, authorization_binding_digest incl. effect, canonical_operation, BI oracle). Not reopened; PATCH1 only adds a conditionality note for item-9 rollback wording referenced from file 05/06 (impact map file 07). |
…/rs5b-closeout-p2-entry/03-supersession-map-rs5b-patch1-patch2-2026-06-21.md |
1 | 6936 | false | S1–S4 supersessions. Not reopened. |
…/rs5b-closeout-p2-entry/04-caveat-ledger-and-non-overclaim-boundaries-2026-06-21.md |
1 | 6635 | false | Caveats C1–C5 propagated. PATCH1 carries them forward and adds dependency-safe-rollback + gate-split constraints. |
…/rs5b-closeout-p2-entry/05-p2-entry-gate-requirements-non-mutating-2026-06-21.md |
1 | 7279 | false | R1–R12 entry gate; R6 = rollback presence only; gate output P2_ENTRY_DESIGN_READY_FOR_INDEPENDENT_REVIEW. PATCH1 supersedes R6 (→ rollback validity), R12/output (→ Gate A/Gate B split). |
…/rs5b-closeout-p2-entry/06-minimal-p2-carrier-scope-and-lego-boundaries-2026-06-21.md |
1 | 8952 | false | C1–C7 carriers; destructive rollback lines (C1 drop/disable, C3 revoke/drop row, C4 drop hash, C5 disable ref, C6 disable surface, C7 disable approval-as-check); §4 "all seven … must exist and PASS before P3." PATCH1 supersedes the rollback lines and the C7 unconditionality. |
…/rs5b-closeout-p2-entry/07-p2-entry-bad-inputs-and-fail-closed-oracles-2026-06-21.md |
1 | 9161 | false | XBI-1..XBI-10; XBI-7 = rollback presence only. PATCH1 supersedes XBI-7 and adds XBI-11..XBI-25. |
…/rs5b-closeout-p2-entry/08-decision-packet-2026-06-21.md |
1 | 5650 | false | Closeout verdict RS5B_CLOSEOUT_P2_ENTRY_READY_FOR_GPT_REVIEW. Superseded by Codex HOLD; PATCH1 is the response. |
…/rs5b-closeout-p2-entry/codex-review-packet-rs5b-closeout-p2-entry-2026-06-21.md |
1 | 4571 | false | Review packet for prior package. Superseded by PATCH1 review packet. |
…/reports/macro-rs5b-closeout-p2-entry-scope-2026-06-21.md |
1 | 7821 | false | Closeout rollup. PATCH1 rollup is additive; does not overwrite it. |
3. Upstream accepted contract references (carried, not reopened)
| Path | What it anchors for PATCH1 |
|---|---|
…/reports/rs5b-patch2/02-canonical-operation-effect-identity-correction-2026-06-21.md |
canonical_operation general formula; register_dot = one specialization (consumed by C1→C2 dependency edge). Reconstructed via closeout file 02 §4/§6 (which quotes the formula verbatim). Not reopened. |
…/reports/rs5b-patch2/03-bi-e1-bi-e6-domain-separation-and-oracle-totality-2026-06-21.md |
Discriminator P; layered BI-E6→BI-E1; BINDING_CHECK_PASS necessary-not-sufficient (analogue for ROLLBACK_CONTRACT_VALID_FOR_REVIEW). Reconstructed via closeout file 02 §7. Not reopened. |
These two were not independently re-fetched in this pass because closeout file 02 (read full above) reproduces their controlling formulas and the Codex HOLD §3 already accepted Job A; PATCH1 makes no change to either and cites them only as the contract the rollback-dependency edges must preserve.
4. Codex residual reconstruction (the eight Job-B residuals PATCH1 must close)
| # | Codex issue | Exact source section | What was wrong | What PATCH1 must prove |
|---|---|---|---|---|
| R1 | C1 vocabulary rollback can orphan C2 references | Codex §5.1; closeout 06 §1 P2-C1 "drop/disable the vocabulary contract" | Dropping a canonical_operation value/contract referenced by C2 makes existing effect/digest identities uninterpretable. |
C1 rollback = versioned retire/supersede with historical resolution; old effects still resolve; new use of retired value fail-closed unless successor mapping. (File 02 C1; file 03 E1; XBI-11.) |
| R2 | C3 owner/scope rollback orphans bindings/audit/prior decisions | Codex §5.2; closeout 06 §1 P2-C3 "revoke/drop a single ownership row independently" | A referenced owner/scope row cannot be dropped without resolving dependent bindings, audit history, prior decisions; revocation ≠ deletion. | C3 rollback = revoke/supersede preserving row identity + audit; historical bindings still identify prior owner/scope; future authority fail-closed if revoked. (File 02 C3; file 03 E2/E8; XBI-12.) |
| R3 | C4 artifact-hash rollback breaks reproducibility/durable evidence | Codex §5.3; closeout 06 §1 P2-C4 "drop a hash record without touching the digest schema" | C2/effect_identity/audit reference the hash; destructive removal invalidates reproducibility and audit. | C4 rollback = mark superseded/invalid-for-new-use, preserve hash evidence; old artifact proof reproducible. (File 02 C4; file 03 E3/E8; XBI-13.) |
| R4 | C5 policy-ref rollback leaves C2 references unresolved / changes semantics | Codex §5.4; closeout 06 §1 P2-C5 "disable one policy reference without affecting the others" | Disabling a referenced U3/status/audit policy without a compatibility/supersession rule orphans old C2 references or silently reinterprets them. | C5 rollback = policy version supersession + compatibility; preserve prior policy text/ref; new use requires successor. (File 02 C5; file 03 E4; XBI-14.) |
| R5 | C7 approval-carrier rollback erases evidence / weakens prior approval-required envelopes | Codex §5.5; closeout 06 §1 P2-C7 "disable approval-as-a-check without affecting owner/registration carriers" | Disabling approval-as-check can erase approval evidence and retroactively weaken envelopes authorized under approval-required mode. | C7 rollback = versioned policy transition preserving prior approval-required envelopes + evidence; new policy mode explicit. (File 02 C7; file 03 E6/E8; XBI-15, XBI-16.) |
| R6 | XBI-7 checks rollback presence, not safety | Codex §5 (final ¶), §7; closeout 07 XBI-7; closeout 05 R6 | R6 / XBI-7 accept any text labelled "rollback"; a destructive plan passes merely by existing. | A rollback-validity oracle (RBP-0..RBP-9 / RBP-PASS) that rejects destructive-but-present plans before any PASS; precedence proof. (File 04; XBI-11..XBI-19.) |
| R7 | C7 is both optional and mandatory | Codex §6; closeout 06 §1 P2-C7 ("only if approval is used") vs 06 §4 ("all seven … must exist and PASS before P3") | Two rules control simultaneously; non-deterministic. | One deterministic approval_mode rule: APPROVAL_USED ⇒ C7 mandatory; APPROVAL_NOT_USED_BY_POLICY ⇒ C7 not required but policy must prove it. (File 05; XBI-20, XBI-21.) |
| R8 | R12 / gate sequencing mixes baseline-design review and plan-specific P2-open review | Codex §4; closeout 05 R12 + output P2_ENTRY_DESIGN_READY_FOR_INDEPENDENT_REVIEW |
One gate both requires independent review and outputs "ready for independent review" — circular; no carrier-specific build plan exists in the package. | Gate A (baseline design acceptance → P2_BASELINE_ENTRY_DESIGN_ACCEPTED, only permits preparing a carrier-specific plan) vs Gate B (plan-specific P2-open → P2_OPEN_AUTHORIZED_FOR_NAMED_CARRIER_PLAN_ONLY, requires plan + rollback proof + preflight + scoped Chairman token + independent review). (File 06; XBI-22..XBI-25.) |
5. Additivity proof
Before this package, direct list_documents on knowledge/dev/laws-new/reports/rs5b-closeout-patch1/ returned count=0, and …/reports/macro-rs5b-closeout-patch1-rollback-gate-split-2026-06-21.md returned count=0. PATCH1 is therefore strictly additive: it overwrites no RS5B, PATCH1, PATCH2, closeout, or Codex file. Supersessions recorded here (file 07 impact map) are wording/pointer corrections carried additively; the original rev-1 closeout files are not mutated. Job A is not reopened.