KB-136B

RS5B-PATCH2 Index — Canonical Operation and BI-E1/BI-E6 Domain Separation — 2026-06-21

6 min read Revision 1

rs5b-patch2g2indexreadbackcanonical-operationbi-domain-separationregistration-hold2026-06-21

RS5B-PATCH2 Index — Canonical Operation and BI-E1/BI-E6 Domain Separation — 2026-06-21

Macro: RS5B-PATCH2 · scoped, additive correction addendum on top of RS5B-PATCH1. Trigger: Codex review of RS5B-PATCH1 returned NEED_RS5B_PATCH2 (HOLD), stop state RS5B_PATCH1_EFFECT_BINDING_CORRECTION_INCOMPLETE. Verdict: RS5B_PATCH2_READY_FOR_GPT_REVIEW (not forced). PASS level: design-review-ready / engineering-design only — NOT authority / implementation / runtime / registration PASS. Gate: REGISTRATION_HOLD retained · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations (KB-only, design-only).

1. Why this patch exists

Codex did not reject the RS5B design. Codex accepted the binding-direction fix from RS5B-PATCH1 (effect inside the binding, authority outside the effect) and flagged exactly two residual defects that must be closed before the corrected contract can be the controlling one:

R1 — operation hardcoded. RS5B-PATCH1-02 §2 still pins operation = "register_dot" inside effect_identity. RS5B-05 is a founding-act authorization packet covering scope creation and first-owner designation, which are distinct governed operations → distinct effect identities. A single hardcoded register_dot can bind a founding authorization to the wrong business act (Codex §4, §10.1).
R2 — BI-E1/BI-E6 overlap. Both fixtures describe a binding/digest missing effect_identity but return different reject codes, distinguished only by prose reservation, with no mutually-exclusive inputs and no evaluation order. One malformed packet can satisfy both → two contract-compliant outcomes (Codex §7, §10.2).

This patch is narrow. It does not reopen RS5A-PATCH4 (quorum / G02 / total Q-order), RS5B core design, the accepted authorization_binding_digest field set, owner/bootstrap/handler posture, U1/U2/U3, or registration prerequisites.

2. Package contents (additive — no existing file overwritten)

#	file	purpose
—	`rs5b-patch2-index-canonical-operation-and-bi-domain-separation-2026-06-21.md`	this index / readback
01	`01-codex-patch1-hold-closure-map-2026-06-21.md`	maps Codex R1/R2 verbatim → deterministic closure
02	`02-canonical-operation-effect-identity-correction-2026-06-21.md`	R1 closure — general `canonical_operation` effect-identity formula + OP-domain bad inputs
03	`03-bi-e1-bi-e6-domain-separation-and-oracle-totality-2026-06-21.md`	R2 closure — two-layer disjoint domains + total precedence + oracle totality
04	`04-impact-map-and-superseded-wording-2026-06-21.md`	phrase scan + OK / SUPERSEDED / NEEDS_PATCH classification
05	`05-codex-style-self-check-and-bad-inputs-2026-06-21.md`	updated BI-E1..BI-E7 + Codex-style self-test
06	`06-rs5b-patch2-decision-packet-2026-06-21.md`	decision packet / verdict / carried blockers
—	`codex-review-packet-rs5b-patch2-canonical-operation-and-bi-domain-separation-2026-06-21.md`	GPT→Codex review request
—	`../macro-rs5b-patch2-canonical-operation-and-bi-domain-separation-2026-06-21.md`	macro rollup (one-screen)

3. The two closures in one screen

R1 — corrected general effect_identity (supersedes the hardcoded operation="register_dot" in RS5B-PATCH1-02 §2):

effect_identity = H(
    protocol_version,
    canonical_operation,           # governed action/effect type for THIS act; NOT hardcoded
    canonical_target_object_type,  # generalized target type
    canonical_target_object_ref,   # governed object reference within that type
    canonical_artifact_identity,   # canonical_path @ origin (symlink/.. resolved)
    canonical_artifact_hash        # trusted attested artifact hash (NEVER request_proposed)
)

register_dot is one value of canonical_operation — used only as the example for register_dot admission. Founding owner-designation, scope creation, and activation are distinct canonical_operation values → distinct effect identities. Authority changes do not create a new effect. The canonical-operation vocabulary does not yet exist as runtime rows: CANONICAL_OPERATION_VOCABULARY_REQUIRED_NOT_PRESENT (design examples only, no invented rows).

R2 — disjoint BI-E1/BI-E6 by two-layer evaluation (digest-shape before approval-binding):

BI-E6 (Layer 1 — digest-shape): the declared/computed authorization_binding_digest input schema omits effect_identity → AUTHORIZATION_BINDING_MISSING_EFFECT. Evaluated first.
BI-E1 (Layer 2 — approval/evidence binding): evaluated only if the digest schema includes effect_identity; then approval_evidence_ref/approval_ref is not bound to that exact effect_identity → APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY.
Discriminator = single binary predicate P = (effect_identity ∈ digest input schema). ¬P → only BI-E6 reachable; P → BI-E6 cannot fire, only BI-E1's domain is live. No input matches both. Defensive total precedence: AUTHORIZATION_BINDING_MISSING_EFFECT < APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY.

4. What this patch explicitly is NOT

No runtime mutation; no DDL/DML; no Owner/scope/principal/APR/approval/register_dot/handler created; no registrar/validator patch; no RS-VALIDATOR; no implementation; no registration; no activation; no P2/Chairman authorization; no canonical-operation vocabulary rows; no change to effect_identity purity; authorization_binding_digest still REQUIRES effect_identity. Design PASS is never promoted to authority/runtime/registration PASS.

5. Single next step

GPT review of RS5B-PATCH2 only → if accepted, Codex review. No P2, no runtime write, no registration. Residual ⇒ RS5B-PATCH3.

Builds on / corrects: RS5B-PATCH1-02 §2 (operation hardcode) and RS5B-PATCH1-04 BI-E1/BI-E6 (overlap). Does not reopen RS5A-PATCH4 or RS5B core.