Incomex AI Portal
KB-3DC6

RS5B-PATCH2-03 — BI-E1/BI-E6 Domain Separation and Oracle Totality (R2) — 2026-06-21

8 min read Revision 1
rs5b-patch2g2bi-e1bi-e6domain-separationevaluation-orderoracle-totalityfail-closed2026-06-21

RS5B-PATCH2-03 — BI-E1/BI-E6 Domain Separation and Oracle Totality (R2) — 2026-06-21

Macro: RS5B-PATCH2 · Deliverable 03 of 6 · design-only · scoped correction. Closes: Codex residual R2 — BI-E1 and BI-E6 overlap at the input-predicate level and return different codes with no mutual exclusion / no evaluation order (Codex §7, §10.2). Supersedes: the BI-E1 and BI-E6 input definitions in RS5B-PATCH1-04 (and the corresponding adversarial-table rows). Does not change BI-E2/E3/E4/E5/E7.

1. The defect, precisely

In RS5B-PATCH1-04:

  • BI-E1 input = "an authorization binding carrying owner scope + approval evidence, but no effect_identity" → APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY.
  • BI-E6 input = "a binding digest that does not include effect_identity" → AUTHORIZATION_BINDING_MISSING_EFFECT.

Both inputs assert "the binding lacks effect_identity". A single malformed packet (owner+approval present, effect_identity absent) satisfies both descriptions and is contract-compliant under two different reject codes. The only separator was prose ("AUTHORIZATION_BINDING_MISSING_EFFECT is reserved for the digest-shape fixture BI-E6"), not the inputs. That is not a deterministic oracle.

2. The fix — structural domain separation by evaluation layer

Replace the prose reservation with a two-layer evaluation order, where the layers are checked in a fixed sequence and each fixture lives in exactly one layer.

Layer 1 — digest-shape / binding-schema (BI-E6)

Question: does the declared/computed authorization_binding_digest input schema/list include effect_identity as an input?

  • If effect_identity is omitted from the digest input schema → AUTHORIZATION_BINDING_MISSING_EFFECT. STOP (fail-closed).
  • This is a shape check on the digest's input contract, performed before any approval evidence is examined.

Layer 2 — approval/evidence binding (BI-E1)

Reached only if Layer 1 passed (i.e. the digest input schema includes effect_identity = E). Question: is approval_evidence_ref / approval_ref bound to that exact effect_identity E?

  • If approval evidence has no effect-bound link, or is bound to a different effect E′ ≠ E → APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY.
  • This is an evidence-binding check, only meaningful once the digest shape is known to carry an effect to bind to.

The discriminator

Define the single binary predicate:

P  ≡  ( effect_identity ∈ authorization_binding_digest input schema )
  • ¬P (effect omitted from the digest schema) → only BI-E6 is reachable. BI-E1 is not evaluated, because there is no in-schema effect_identity for approval to bind to. Outcome: AUTHORIZATION_BINDING_MISSING_EFFECT.
  • P (effect present in the digest schema) → BI-E6 cannot fire (its precondition ¬P is false). Only BI-E1's domain is live: approval either binds to E (valid) or does not (BI-E1). Outcome: APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY or pass-this-check.

P and ¬P partition the entire input universe; they are exhaustive and mutually exclusive. Therefore no input can match both BI-E1 and BI-E6. R2 is closed by construction.

3. Disjointness proof (one paragraph)

Let X be any malformed packet. Compute P(X). If P(X)=false, the evaluation halts at Layer 1 with AUTHORIZATION_BINDING_MISSING_EFFECT; BI-E1's predicate is never tested, so X cannot be classified as BI-E1. If P(X)=true, Layer 1's reject predicate (effect omitted) is false, so BI-E6 cannot classify X; only Layer 2 (BI-E1) can. In neither case does X receive two codes. Since P is a total function on inputs (a digest schema either lists effect_identity or it does not), every X lands in exactly one domain. ∎

4. Defensive total precedence (secondary safeguard)

The domain separation above is the primary mechanism. As an additional safeguard — in case any future implementation treats the predicates as overlapping rather than layered — define the authoritative precedence:

AUTHORIZATION_BINDING_MISSING_EFFECT  <  APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY

i.e. the digest-shape code strictly precedes the approval-binding code (lowest/earliest layer wins). If both predicates were ever simultaneously "matched", the lower code is the single canonical outcome. With the layered model this case cannot arise; the precedence exists only so the oracle remains total under a weaker (overlapping-predicate) reading.

5. Oracle totality statement

The effect/authorization-binding oracle now maps each input to exactly one outcome from the closed set:

{ AUTHORIZATION_BINDING_MISSING_EFFECT,        # Layer 1 reject (BI-E6)
  APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY,       # Layer 2 reject (BI-E1, BI-E4)
  ARTIFACT_HASH_MISMATCH,                       # BI-E2
  AUTHORIZATION_SCOPE_MISMATCH,                 # BI-E3
  EFFECT_IDENTITY_IMPURE,                       # BI-E5
  AUTHORITY_OVERCLAIM,                          # BI-E7
  BINDING_CHECK_PASS }                          # necessary-not-sufficient; never authority/runtime/registration PASS

Notes:

  • BINDING_CHECK_PASS is necessary-not-sufficient. Passing the binding shape/evidence check does NOT authorize a write; REGISTRATION_HOLD and all carried blockers remain. No invalid input reaches BINDING_CHECK_PASS.
  • BI-E1 and BI-E4 share APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY and this is intentional and safe: the disjointness requirement is that no single input yields two different codes. BI-E1 (approval not bound to the in-schema effect) and BI-E4 (approval bound to effect X reused for effect Y) are both Layer-2 approval-binding failures producing the same code; they never compete to assign different codes, so there is no ambiguity. Both require Layer 1 to have passed.

6. Evaluation-order pseudocode (design-only, not executable test)

function classify(packet):
    # Layer 1 — digest-shape (BI-E6)
    if "effect_identity" not in packet.authorization_binding_digest.input_schema:
        return AUTHORIZATION_BINDING_MISSING_EFFECT          # STOP

    E = packet.authorization_binding_digest.effect_identity

    # purity guard (BI-E5) — orthogonal shape check on the effect itself
    if effect_identity_contains_authority_fields(E):
        return EFFECT_IDENTITY_IMPURE

    # Layer 2 — approval/evidence binding (BI-E1, BI-E4)
    if not approval_bound_to_exact_effect(packet.approval_evidence_ref, E):
        return APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY

    # business-target / scope checks (BI-E2, BI-E3)
    if packet.admitted_artifact_hash != effect_artifact_hash(E):
        return ARTIFACT_HASH_MISMATCH
    if packet.claimed_owner_scope != binding_committed_owner_scope(packet):
        return AUTHORIZATION_SCOPE_MISMATCH

    return BINDING_CHECK_PASS   # necessary-not-sufficient; HOLD remains

The ordering Layer1(shape) → purity → Layer2(approval) → business-target makes the BI-E6/BI-E1 separation explicit: effect_identity presence in the digest schema is tested first and gates everything below it.

7. R2 self-attestation

  1. BI-E6 covers digest-schema/input omission of effect_identity (Layer 1). ✓
  2. BI-E1 covers approval evidence not bound to an existing (in-schema) effect_identity (Layer 2). ✓
  3. No input matches both — the predicate P partitions inputs; BI-E1 is unreachable when ¬P, BI-E6 unfireable when P (§2–§3). ✓
  4. Authoritative precedence defined as a secondary safeguard (§4). ✓
  5. Oracle is total; every input → exactly one outcome; no invalid input → PASS/seal/digest (§5). ✓

R2 status: CLOSED_DESIGN_ONLY. REGISTRATION_HOLD retained · CAN_PROCEED = NO · 0 mutations.

Back to Knowledge Hub knowledge/dev/laws-new/reports/rs5b-patch2/03-bi-e1-bi-e6-domain-separation-and-oracle-totality-2026-06-21.md