KB-243C
RS5B-CLOSEOUT-PATCH2 09 — Codex-Style Adversarial Self-Review (A1–A20) — 2026-06-21
11 min read Revision 1
rs5b-closeout-patch2adversarial-self-reviewcodex-stylesingle-codedfail-closedregistration-hold2026-06-21
RS5B-CLOSEOUT-PATCH2 09 — Codex-Style Adversarial Self-Review (A1–A20) — 2026-06-21
Purpose: before emitting a verdict, attack PATCH2 the way Codex would. The bar is not "did I write the oracle" — it is "can any invalid input reach PASS / a seal / a digest?" Every attack runs against the PATCH2 contract (files 02–07). If any attack can PASS, the package does not report ready.
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations. Attacks are design fixtures (DEFINED_NOT_EXECUTED).
1. Source posture
I read the controlling Codex HOLD (content_length 14085, truncated=false) and all PATCH1 package files in full (file 01 records path/revision/length/truncated). I did not trust the PATCH1 READY verdict — Codex superseded it with REJECT_ROLLBACK_VALIDITY_ORACLE_INCOMPLETE. I reconstructed B1–B9 from Codex §4/§6/§7/§9/§12/§13 (file 01 §2), then ran A1–A20 below.
2. What I tried to break
I tried to make PATCH2 emit a PASS (ROLLBACK_CONTRACT_VALID_FOR_REVIEW, LEGO1_ASSEMBLY_READY_FOR_GATE_A_BASELINE, P2_BASELINE_ENTRY_DESIGN_ACCEPTED, P2_OPEN_AUTHORIZED_FOR_NAMED_CARRIER_PLAN_ONLY) for an input that should be rejected: absent plan, destructive deletion, payload erasure, orphan, semantic change, unsafe successor, C2 authority weakening, multi-coding, early-P2, Chairman-token abuse, runtime/rollback execution, and a cleared hold.
3. Attacks A1–A20
A1 — plan absent
- Input: no rollback plan at all. Expected:
ROLLBACK_PLAN_ABSENT(RBP-1). Actual:¬RBP1false ⇒ PASS impossible (file 02 P-B1); RBP-1 emitted. Single-coded? Yes. Can PASS? No.
A2 — referenced vocabulary deleted
- Input: C1 rollback deletes a
canonical_operationvalue referenced by C2. Expected:ROLLBACK_DELETES_REFERENCED_IDENTITY(RBP-2). Actual: identity no longer resolves → RBP-2 (rank 2), precedes orphan/erasure (XBI-11). Single-coded? Yes. Can PASS? No.
A3 — hash identity deleted
- Input: C4 rollback deletes the hash record/identity referenced by
effect_identity/audit. Expected:ROLLBACK_DELETES_REFERENCED_IDENTITY(RBP-2). Actual: identity does not resolve → RBP-2 (file 03 §4; XBI-13A). Supersedes PATCH1-08 A3's RBP-4 result (file 08 M18). Single-coded? Yes. Can PASS? No.
A4 — hash payload erased
- Input: C4 rollback keeps the hash identity resolvable but erases the payload. Expected:
ROLLBACK_ERASES_HISTORY(RBP-4). Actual: identity+edge resolve, payload unreadable → RBP-4 (XBI-13B). Single-coded? Yes. Can PASS? No. (A3 ≠ A4: distinct codes — closes B3.)
A5 — policy ref orphaned
- Input: C5 disables a policy so old C2
*_policy_refcannot resolve. Expected:ROLLBACK_ORPHANS_DEPENDENCY(RBP-3). Actual: dangling edge, identity not deleted → RBP-3 (XBI-14A). Single-coded? Yes. Can PASS? No.
A6 — policy meaning changed
- Input: old C2
*_policy_refresolves but to a re-meant policy. Expected:ROLLBACK_CHANGES_HISTORICAL_SEMANTICS(RBP-5). Actual: resolves + readable + re-meant → RBP-5 (XBI-14B). Single-coded? Yes. Can PASS? No. (A5 ≠ A6: distinct codes — closes B4.)
A7 — successor exists but retired value still accepted
- Input: retire v, define successor v′, but still accept v for a new act. Expected:
ROLLBACK_FORWARD_FAIL_CLOSED_VIOLATED(RBP-8). Actual: Q holds (successor present) ⇒ ¬RBP7; retired value admissible ⇒ RBP-8;¬RBP8false ⇒ PASS impossible (file 02 P-B2; XBI-26). Single-coded? Yes. Can PASS? No. (closes B2/B6.)
A8 — C2 successor schema drops founding_authority_ref
- Input: successor C2 schema drops
founding_authority_reffrom required inputs. Expected:ROLLBACK_WEAKENS_AUTHORITY(RBP-6). Actual: forward I5 violation, successor exists (¬RBP7), old packets readable (¬RBP2/3/4/5) → RBP-6 (XBI-27-a; file 05 §2.4). Single-coded? Yes. Can PASS? No.
A9 — C2 successor schema makes approval_mode optional
- Input: successor C2 schema makes
approval_modeoptional. Expected:ROLLBACK_WEAKENS_AUTHORITY(RBP-6). Actual: forward I5 violation → RBP-6 (XBI-27-b; file 05 §2.5). Single-coded? Yes. Can PASS? No.
A10 — C2 successor schema omits approval refs under APPROVAL_USED
- Input: successor C2 schema omits approval/quorum/principal refs while
approval_mode = APPROVAL_USED. Expected:ROLLBACK_WEAKENS_AUTHORITY(RBP-6). Actual: forward I5 violation → RBP-6 (XBI-27-c; file 05 §2.6). Single-coded? Yes. Can PASS? No. (A8/A9/A10 close B7/B8.)
A11 — XBI-13A/B produce distinct codes
- Input: run both 13A (identity deleted) and 13B (payload erased). Expected: RBP-2 and RBP-4 respectively. Actual: discriminator "does the identity resolve?" partitions them (file 03 §2) → two distinct codes. Single-coded? Yes (each). Can PASS? No. Distinct? Yes.
A12 — XBI-14A/B produce distinct codes
- Input: run both 14A (cannot resolve) and 14B (resolves, re-meant). Expected: RBP-3 and RBP-5. Actual: discriminator "does the reference resolve?" → two distinct codes (file 04 §2). Single-coded? Yes. Can PASS? No. Distinct? Yes.
A13 — XBI-19A/B produce distinct codes
- Input: run both 19A (silent rewrite, meaning preserved) and 19B (silent rewrite, meaning changed). Expected: RBP-10 and RBP-5. Actual: discriminator "does the rewrite change prior meaning?"; RBP-5 precedes RBP-10 so 19B emits RBP-5 (file 04 §3). Single-coded? Yes. Can PASS? No. Distinct? Yes.
A14 — Gate A used to open P2
- Input: treat a Gate A pass as a P2-open authorization. Expected:
BASELINE_ACCEPTANCE_NOT_P2_OPEN_AUTHORIZATION(XBI-22). Actual: no "Gate A → P2 open" transition; Gate B unreachable from Gate A alone (file 06 §3/§4). Single-coded? Yes. Can PASS? No.
A15 — "future Gate B satisfied" opens a named lane only (no registration/runtime)
- Input: read a satisfied Gate B as authorizing registration/activation/
register_dot/P3/runtime. Expected: scoped outputP2_OPEN_AUTHORIZED_FOR_NAMED_CARRIER_PLAN_ONLY— named lane only, nothing downstream. Actual: sealed wording (file 06 §2 statement 4 / §3 table) confines it to the named lane; registration/runtime remain separately gated. Single-coded? Yes (positive control: the legitimate output does not over-authorize). Can PASS into registration/runtime? No.
A16 — generic Chairman token
- Input: present a Chairman token not scoped to the exact named plan. Expected:
CHAIRMAN_AUTHORIZATION_SCOPE_MISMATCH(XBI-24). Actual: Gate B input 6 requires exact-scoped token; generic rejected (file 06 §4). Single-coded? Yes. Can PASS? No.
A17 — no Chairman token
- Input: plan reviewed and accepted, but no Chairman token. Expected:
G2_EXECUTION_REQUIRES_SEPARATE_AUTHORIZATION(XBI-23). Actual: independent review ≠ item 13; Gate B fails closed (file 06 §4). Single-coded? Yes. Can PASS? No.
A18 — runtime mutation
- Input: any DDL/DML/PG/Directus/handler write during design/review. Expected:
RUNTIME_MUTATION_REJECTED(RBP-0). Actual: RBP-0 short-circuits at rank 1 (file 02 §1; file 03 §1). Single-coded? Yes. Can PASS? No.
A19 — rollback execution attempted
- Input: "PATCH2/oracle PASS ⇒ execute the rollback." Expected:
RUNTIME_MUTATION_REJECTED(RBP-0) / I10. Actual:ROLLBACK_CONTRACT_VALID_FOR_REVIEWis necessary-not-sufficient (file 02 §5); execution is a separate item-13 act; any write ⇒ RBP-0. Single-coded? Yes. Can PASS into execution? No.
A20 — REGISTRATION_HOLD cleared
- Input: "rollback is now safe ⇒ clear the hold / assert
REGISTRATION_CAN_PROCEED." Expected: no code clears it; hold retained. Actual: no file clears the hold; oracle/readiness validity does not touch the registration gate; carried blockers unchanged (file 01 §5). Single-coded? Yes (no PASS path). Can PASS? No.
4. Result table
| Attack | Input | Expected code | Actual response | Single-coded? | Can PASS? |
|---|---|---|---|---|---|
| A1 | plan absent | ROLLBACK_PLAN_ABSENT |
RBP-1; ¬RBP1 false |
Yes | No |
| A2 | vocabulary value deleted | ROLLBACK_DELETES_REFERENCED_IDENTITY |
RBP-2 | Yes | No |
| A3 | hash identity deleted | ROLLBACK_DELETES_REFERENCED_IDENTITY |
RBP-2 (supersedes PATCH1 A3) | Yes | No |
| A4 | hash payload erased | ROLLBACK_ERASES_HISTORY |
RBP-4 | Yes | No |
| A5 | policy ref orphaned | ROLLBACK_ORPHANS_DEPENDENCY |
RBP-3 | Yes | No |
| A6 | policy meaning changed | ROLLBACK_CHANGES_HISTORICAL_SEMANTICS |
RBP-5 | Yes | No |
| A7 | successor exists, retired value admissible | ROLLBACK_FORWARD_FAIL_CLOSED_VIOLATED |
RBP-8; ¬RBP8 false |
Yes | No |
| A8 | C2 drops founding_authority_ref |
ROLLBACK_WEAKENS_AUTHORITY |
RBP-6 | Yes | No |
| A9 | C2 makes approval_mode optional |
ROLLBACK_WEAKENS_AUTHORITY |
RBP-6 | Yes | No |
| A10 | C2 omits approval refs under APPROVAL_USED |
ROLLBACK_WEAKENS_AUTHORITY |
RBP-6 | Yes | No |
| A11 | XBI-13A vs 13B | RBP-2 vs RBP-4 | distinct | Yes | No |
| A12 | XBI-14A vs 14B | RBP-3 vs RBP-5 | distinct | Yes | No |
| A13 | XBI-19A vs 19B | RBP-10 vs RBP-5 | distinct | Yes | No |
| A14 | Gate A → open P2 | BASELINE_ACCEPTANCE_NOT_P2_OPEN_AUTHORIZATION |
Gate B unreachable | Yes | No |
| A15 | satisfied Gate B → registration/runtime | P2_OPEN_AUTHORIZED_FOR_NAMED_CARRIER_PLAN_ONLY (named lane only) |
downstream still gated | Yes | No |
| A16 | generic Chairman token | CHAIRMAN_AUTHORIZATION_SCOPE_MISMATCH |
Gate B rejects | Yes | No |
| A17 | no Chairman token | G2_EXECUTION_REQUIRES_SEPARATE_AUTHORIZATION |
Gate B rejects | Yes | No |
| A18 | runtime mutation | RUNTIME_MUTATION_REJECTED |
RBP-0 short-circuit | Yes | No |
| A19 | rollback execution | RUNTIME_MUTATION_REJECTED / I10 |
necessary-not-sufficient | Yes | No |
| A20 | clear REGISTRATION_HOLD |
(no code clears it) | hold retained | Yes | No |
5. Self-result
Every attack A1–A20 is rejected before any PASS/seal/digest/authority-token/registration-ready output, and each maps to exactly one controlling code under the file-02/03 precedence and the file-05/06 rules. No invalid input produces PASS. The B1–B9 closures are each exercised: B1 (A1), B2/B6 (A7), B3 (A3/A4/A11), B4 (A5/A6/A12), B5 (A13), B7/B8 (A8–A10), B9 (A14/A15). Therefore this package does not stop at RS5B_CLOSEOUT_PATCH2_HOLD_ADVERSARIAL_SELF_REVIEW_FAILED. CLOSEOUT_PATCH2_ADVERSARIAL_SELF_CHECK_PASSED_NO_FAIL_OPEN. REGISTRATION_HOLD retained.