Incomex AI Portal
KB-91DD

RS5B-PATCH2-01 — Codex PATCH1 HOLD Closure Map — 2026-06-21

7 min read Revision 1
rs5b-patch2g2closure-mapcodex-holdr1-r2design-only2026-06-21

RS5B-PATCH2-01 — Codex PATCH1 HOLD Closure Map — 2026-06-21

Macro: RS5B-PATCH2 · Deliverable 01 of 6 · design-only · scoped correction. Closes: the two residuals in Codex review NEED_RS5B_PATCH2 (HOLD). Source of record: knowledge/dev/laws-new/reports/codex/codex-review-rs5b-patch1-effect-authorization-binding-correction-2026-06-21.md (read complete from AgentData KB; not from chat summary or local prose).

1. Codex verdict reconstructed (verbatim anchors)

  • STATUS: HOLD · REVIEW VERDICT: NEED_RS5B_PATCH2
  • Stop state: RS5B_PATCH1_EFFECT_BINDING_CORRECTION_INCOMPLETE
  • Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO
  • Single next step (Codex §11): "RS5B-PATCH2 limited to the operation-domain correction and BI-E1/BI-E6 predicate separation. Do not reopen the accepted digest field set or upstream contracts."

Codex accepted (must not be reopened): package completeness (§2), defect map / binding-direction fix (§3), authorization_binding_digest field set (§5 PASS_WITH_CAVEAT), impact scan coverage (§6), BI-E2–BI-E7 canonical outcomes (§7), KB-only/design-only scope (§8), and all ten §9 accepted points. Codex left two NEEDS_PATCH items (§4, §7) — these are the entire mandate of PATCH2.

2. Residual R1 — effect_identity hardcodes operation = "register_dot"

Codex §4 (verbatim anchor): "PATCH1-02 still defines operation = "register_dot". RS5B-05 is an authorization packet before founding-act writes, including scope and first-owner designation. Hardcoding the effect operation to register_dot makes the supposedly corrected contract registration-specific … and can bind a founding authorization to the wrong business act. PATCH2 must use a canonical governed operation appropriate to the requested effect. register_dot, owner designation, scope creation, and any other act are distinct operation values and therefore distinct effect identities. It must not infer a new effect from authority changes."

Codex §10 (rejected point 1): "Rejected: one fixed operation="register_dot" correctly identifies every RS5B founding/owner-designation effect."

Defect, stated mechanically:

  • The general RS5B-05 founding packet must compute effect_identity for an act whose business operation is NOT necessarily register_dot.
  • RS5B-PATCH1-02 §2 pins operation = "register_dot" (inherited from the accepted-but-register_dot-specific RS4A-PATCH2-02 §1). RS5B-PATCH1-02 §5's replacement prose already uses a bare generic operation, so the package is internally inconsistent: §5 generic, §2 hardcoded.

Deterministic contract rule (closure → see 02):

  1. Replace the hardcoded formula with a general one whose operation field is canonical_operation = the governed action/effect type for the specific act.
  2. register_dot is retained ONLY as the example value for register_dot admission.
  3. Founding owner-designation, scope creation, activation are distinct canonical_operation values → distinct effect identities.
  4. Authority changes (founding_authority_ref / approval / policy) do NOT create a new effect: a new effect requires a change to canonical_operation or the business target.
  5. The canonical-operation vocabulary is not yet present as runtime rows → CANONICAL_OPERATION_VOCABULARY_REQUIRED_NOT_PRESENT; design examples only; invent no rows.
  6. effect_identity purity is unchanged: authority/credential/execution fields (including founding_authority_ref) stay OUT of effect_identity and remain in authorization_binding_digest.

R1 status: CLOSED_DESIGN_ONLY (see 02). Fail-closed; no PASS path created.

3. Residual R2 — BI-E1 / BI-E6 input domains overlap

Codex §7 (verbatim anchor): "BI-E1 and BI-E6 still overlap at the input-predicate level: BI-E1 describes an authorization binding carrying owner/approval evidence but no effect_identity; BI-E6 describes an authorization_binding_digest that omits effect_identity. The prose reserves APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY for BI-E1 and AUTHORIZATION_BINDING_MISSING_EFFECT for BI-E6, but it does not make the inputs mutually exclusive or define an evaluation order. One malformed packet can satisfy both descriptions … PATCH2 must distinguish the fixtures structurally … Alternatively define an authoritative precedence. Until then the self-check is not a deterministic executable oracle."

Codex §10 (rejected point 2): "Rejected: BI-E1 and BI-E6 are deterministic solely because prose assigns different codes; their current input domains overlap."

Defect, stated mechanically: both fixtures share the input predicate "the binding does not carry effect_identity", so a single input is contract-compliant under two different reject codes. That violates the one-input-one-canonical-rejection requirement.

Deterministic contract rule (closure → see 03):

  1. Make the two fixtures structurally disjoint by layering the evaluation:
    • Layer 1 — digest-shape: BI-E6 fires iff the authorization_binding_digest input schema omits effect_identity. Evaluated first.
    • Layer 2 — approval/evidence binding: BI-E1 is evaluated only if the digest schema includes effect_identity, then fires iff approval evidence is not bound to that exact effect_identity.
  2. Discriminator is a single binary predicate P = (effect_identity ∈ digest input schema). The two domains partition the universe by P vs ¬P — exhaustive and exclusive. No input matches both.
  3. Defensive total precedence (in case predicates are ever treated as overlapping): AUTHORIZATION_BINDING_MISSING_EFFECT < APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY.

R2 status: CLOSED_DESIGN_ONLY (see 03). Both branches fail-closed; no input → PASS/seal/digest.

4. Scope guard — what PATCH2 must NOT touch (carried from Codex §11)

  • Do not reopen the accepted authorization_binding_digest field set (Codex §5) — only the effect_identity it carries changes shape (operation → canonical_operation).
  • Do not reopen RS5A-PATCH4 (total quorum Q-order), G02 domain, bootstrap posture, handler, U1/U2/U3, or registration prerequisites.
  • Do not change effect_identity purity (R1 generalizes operation/target, it does not admit authority into the hash).
  • Do not make authorization_binding_digest omit effect_identity (that omission is precisely BI-E6's fail-closed input).

5. Closure ledger

residual Codex section closure doc mechanism status
R1 operation hardcode §4, §10.1 02 operation="register_dot" → general canonical_operation; register_dot = example only; vocabulary REQUIRED_NOT_PRESENT CLOSED_DESIGN_ONLY
R2 BI-E1/BI-E6 overlap §7, §10.2 03 two-layer disjoint domains (digest-shape before approval-binding) + total precedence CLOSED_DESIGN_ONLY

No unrelated residual added. REGISTRATION_HOLD retained · REGISTRATION_CAN_PROCEED = NO · 0 mutations.