RS5B-02 — G2 Owner-of-record Bootstrap Problem Statement — 2026-06-21
RS5B-02 — G2 Owner-of-record Bootstrap Problem Statement — 2026-06-21
Macro: RS5B · Deliverable: 02 of 9 · design-only.
Premise: from [[01-source-register-and-current-state-reconstruction]] — governance_object_ownership = 0 (F1), assign_governance_owner unimplemented + DB-gate-blocked (F3/F9), no registration scope/action/principal surface (F2/F4/F6/F7).
Purpose: state the bootstrap problem exactly and explicitly (Codex/PATCH1-03 obligation: acknowledged-not-hidden), so RS5B-03/04/05 design a legitimate non-mutating path rather than a workaround.
1. The design question RS5B must answer
How can the system legitimately designate or bind the first Owner-of-record / G2 authority path for future DOT registration governance — without performing the write now?
This is a bootstrap question: how is the first accountable head created when (a) the table that records authority is empty and (b) the action that would mint an owner is itself blocked.
2. The circularity (precise form)
To admit a real register_dot, the registrar needs an active accountable head bound to DOT_REGISTRATION_AUTHORITY (RS5A-03 §4). To create that ownership row, the sanctioned path is an applied assign_governance_owner APR (RS5A-03 §4.3). But:
create first accountable head ──requires──▶ applied assign_governance_owner APR
applied assign_governance_owner APR ──requires──▶ quorum + a wired (implemented) handler
wired handler ──blocked by──▶ assign_governance_owner.handler_ref = 'unimplemented' (LIVE L3)
fn_apr_block_unimplemented_handler blocks at →applied (GOVERNED S3 §7)
Điều 32 §7: unimplemented ⇒ DB-gate + runtime block (LAW S19)
quorum (high) ──requires──▶ ≥1 president + ≥2 ai_council, identity-bound (Điều 32 §4.2)
identity-bound approver ──requires──▶ canonical-principal surface (REQUIRED_NOT_PRESENT, F7)
any accountable head to authorize the above ──requires──▶ an existing owner (ownership = 0, F1)
The loop closes on itself: minting the first owner requires an authority that only an already-minted owner (or an implemented, owner-authorized mint path) could provide. No node in the substrate breaks the loop, because every node either is empty (ownership), is blocked (the mint action), or depends on a surface that is REQUIRED_NOT_PRESENT (quorum identity / canonical principal).
3. Why each "obvious" substrate exit is closed
| candidate exit | why it does NOT break the loop | marker |
|---|---|---|
"Just apply an assign_governance_owner APR" |
handler is unimplemented; blocked at DB gate by fn_apr_block_unimplemented_handler and required by Điều 32 §7 |
OWNER_MINT_PATH_FAIL_CLOSED |
| "Let an existing owner authorize it" | there is no existing owner (ownership = 0) |
BOOTSTRAP_AUTHORITY_UNRESOLVED |
| "Let the council approve it into being" | approval authority ≠ registration ownership; DOT_APPROVAL_QUORUM_AUTHORITY is REQUIRED_NOT_PRESENT; and quorum identity is unverifiable (no canonical principal) |
MUST_NOT_IMPLICIT_INHERIT + F6/F7 |
| "Let the operator/caller insert the row" | operator/caller is never an authority (RS5A-03 §2); Điều 32 §2.1 forbids manual SQL/curl | OPERATOR_NOT_OWNER / CALLER_SELF_ASSERTED_OWNER_REJECTED |
| "Acceptance of RS5A/PATCH·/RS5B authorizes it" | Codex/GPT acceptance of a design is not authorization to execute it | G2_EXECUTION_REQUIRES_SEPARATE_AUTHORIZATION |
4. The only non-circular source of first authority (grounded, not invented)
A bootstrap loop of this shape can only be broken by an authority that sits outside and above the substrate that is empty/blocked. In this system that authority is promulgated law, not runtime state:
- The Constitution v4.6.3 is the supreme document ([[01-source-register-and-current-state-reconstruction]] S18); it was promulgated (BAN HÀNH) by the Chairman (Chủ tịch), a human principal-of-record.
- The golden principle "AI proposes, does not self-promulgate" (Điều 39, cited in the constitution) means no agent/operator/validator may originate the founding authority; a human promulgating act is required.
- Điều 32 is the promulgated approval law that governs how high-risk actions become executable, and §7 is the very gate that blocks the unimplemented mint — so the legitimate way out is to first make the mint path lawful (implemented + owner-authorized) under that law, by a founding act whose authority derives from the Constitution + Chairman, not from the empty ownership table.
So the first owner's authority must derive from a founding/constitutional act by the Chairman, executed out-of-band under explicit human authorization, audit, and rollback. RS5B designs this path; it does not assert the path already exists and does not execute it.
Honesty flag — NOT claimed: RS5B does not claim a concrete owner-minting mechanism (a "founding migration" DOT, an implemented
assign_governance_ownerhandler, or a constitutional bootstrap clause naming this exact step) already exists. No such mechanism was found in the read sources; whether one should be a new implemented action vs a one-time governed migration is a design choice for RS5B-03/04 and an execution decision reserved to the Chairman, gated by the RS5B-05 authorization packet. Any claim that such a mechanism exists today is marked NEEDS_SOURCE_CONFIRMATION and is not relied upon.
5. What "solving" the bootstrap means for RS5B (two layers, kept separate)
| layer | meaning | RS5B status |
|---|---|---|
| design-solved | a legitimate, non-mutating, fail-closed path to the first owner is specified, with its authority source named and its execution gated | achievable now (RS5B-03/04/05) — this is RS5B's job |
| runtime-resolved | the first accountable head actually exists in governance_object_ownership |
NOT achievable in RS5B; remains BOOTSTRAP_AUTHORITY_UNRESOLVED until a separately-authorized later lane executes the founding act under Chairman authorization |
RS5B can and does reach design-solved. It deliberately does not reach runtime-resolved. The carried marker BOOTSTRAP_AUTHORITY_UNRESOLVED therefore describes the runtime state, not the RS5B verdict; it is acknowledged, not hidden (so the HOLD condition …UNRESOLVED_BUT_UNACKNOWLEDGED does not apply).
6. Status
BOOTSTRAP_PROBLEM_STATED_EXPLICITLY — the circularity is named precisely; every substrate exit is shown closed and fail-closed; the only legitimate source of first authority (Constitution + Chairman, "AI proposes, does not promulgate") is grounded in promulgated law, not invented; the design-solved vs runtime-resolved layers are kept separate so that RS5B can complete a design without minting any owner. Carried fail-closed: BOOTSTRAP_AUTHORITY_UNRESOLVED, OWNER_MINT_PATH_FAIL_CLOSED, G2_EXECUTION_REQUIRES_SEPARATE_AUTHORIZATION.