KB-3E53
RS-TKT-0A · 01 Old Tool-Kiem-Thu Reuse / Gap Map
11 min read Revision 1
tool-kiem-thulegolaws-newrs-tkt-0areuse-gap-mapread-onlynon-authorizing2026-06-21
RS-TKT-0A · 01 — Old Tool-Kiem-Thu Reuse / Gap Map
Lane: RS-TKT-0A · Date: 2026-06-21
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations (KB writes only)
Authority: NON_AUTHORITY · may_gate=false · decision_effect=NONE
Status legend: REUSE (lift as-is) · REUSE_WITH_CHANGE (carry the concept, re-target/re-word) · RETIRE (do not port; archive) · DEFER (real but later, L4–L6 / post-Call-Contract) · NEW_NEEDED (no old asset; design fresh). Conflict tags from the macro: REUSE_WITH_CHANGE / RETIRE / DEFER / NEEDS_OWNER_DECISION.
1. Headline finding
The old Tool-Kiem-Thu corpus is 433 documents, but the conversion value is concentrated. The single reusable prize is the self-described reusable base layer …/base/tkt-base-structural-evidence-governance-pack-2026-06-11/. It is already decoupled from the old DOT runtime — it operates on "technical packets — directories of files plus the commands that reproduce a result" — and it already verifies itself at L3. Everything tagged v0.1-DOT, B4′/Phase-2/B7 sandbox-MVP, and FIX7 N-node seal is old-runtime machinery to retire or defer.
2. Reuse / gap table (special-attention assets)
| Old asset / concept | What it does | Reuse status | Why | Required change for laws-new LEGO | Risk if reused unchanged | Recommended action |
|---|---|---|---|---|---|---|
manifest / hash (manifest_file_presence_policy, HASH_MANIFEST.txt) |
Three-way check: tree-pin, forward-hash recompute, forward-existence (a hash that matches an absent file is undetectable if you only hash the manifest text) + no-unlisted-governed-file | REUSE | Closes the real "6 load-bearing files went missing" blind spot; domain-agnostic | Reconcile ledger filename (HASH_MANIFEST.txt vs run-packet HASH_MANIFEST.sha256, MCB-3) |
Filename mismatch → false FAIL on a correct packet | Lift as TKT-L0-FILE; accept either ledger name, warn on mismatch |
packet_tree pin (packet_tree.sha256) |
One pin = sha256(HASH_MANIFEST.txt); any byte change breaks it; requires deterministic manifest (lexical sort, no volatile paths) |
REUSE | Cheapest tamper/identity check; reconstruction whose pin ≠ published is "not the same packet" | None | — | Lift as TKT-L1-PACKET core |
| commands.sh / RERUN.sh | Gate runner (G0–G3) + clean-room re-run in mktemp -d proving verdict is dir-independent |
REUSE_WITH_CHANGE | Self-verifying packet pattern is exactly what laws-new "candidate packet" needs | Re-target from old pack paths to a laws-new candidate packet; keep "emits exit codes + logs only, no seal/registry/PG write" | Operator runs old paths | Adopt as packet skeleton; out-of-scope to run in this lane (design only) |
| exit_codes.json | Byte-stable verdict anchor; {name, expected, actual, ok} per gate; authority: NON_AUTHORITY |
REUSE | Machine-readable verdict the review lane can diff | None | — | Lift verbatim shape |
report-vs-file audit (report_vs_file_audit_policy) |
Every load-bearing claim → real governed file/command/exit, recomputed against reality, not prose | REUSE | This is the anti-"prose PASS" engine; directly maps to Codex "report-says-PASS-but-evidence-insufficient" | Generalize "report" to any RS decision/rollup doc | — | Lift into TKT-L3-GOVERNANCE + TKT-RS-PACKAGE |
fail-closed probe suite (fail_closed_probe_policy, P1–P10) |
Bad input → no PASS/cert/seal; detector-correctness rule: a token counts as emitted only if exit==0; fresh mktemp -d; ≥1 positive control |
REUSE | Prevents fake-green; the detector-correctness rule is a hard-won lesson | Re-express probe classes for laws-new packets (add "semantic-PASS-without-IU", "HOLD-cleared-by-wording") | Losing the exit==0 rule reintroduces substring false-positives | Lift as TKT-L2-FAIL-CLOSED |
| bad-input probes (the 10 classes + laws-new BAD-1..15) | Adversarial inputs that must fail closed | REUSE_WITH_CHANGE | laws-new pilot already defines BAD-1..15 for staging | Merge old P1–P10 with pilot BAD-1..15 into one catalog | Coverage gaps | New_needed merge table in 04/06 |
NVSZ evidence escrow (nvsz_no_vector_evidence_policy, R0–R8) |
Recipe-in-KB / raw-artifact-out-of-vector; root designated only by owner/operator; hash+pointer+regen; byte-exact vs functional declared | REUSE | Exactly the "raw evidence ≠ vector KB" separation laws-new requires | Pin one exit taxonomy (MCB-2); reconcile run-packet layout | Two taxonomies → ambiguous codes | Lift into 05; pin escrow taxonomy |
object registry (governance/ TKT-OBJ-* up to ~507) + collision policy |
Reserved-range discipline; addendum-vs-canonical-fold; born object must have registry entry | REUSE_WITH_CHANGE (policy) / RETIRE (the specific reserved-range table) | The policy (no orphan, reserved ≠ committed, fold gated) is reusable; the old ID table is stale and risks becoming a mega-registry (forbidden) | Replace with laws-new one-roof IDs; must not create a new TKT registry | Re-creating a per-tool registry violates anti-island rule | Keep collision policy as TKT-L3; route IDs to one-roof |
| approval lane macro (FIX7 executable approval lane) | Materialize missing .py SSOT, runnable seal path, stops at Codex/owner authority boundary |
DEFER | Tied to FIX7 canonicalizer + Codex detached-seal handoff; runtime/seal machinery | Re-scope to laws-new promote-checker lane after Call Contract | Smuggles a runtime seal path into Base | Archive FIX7 N-node; reuse only the pattern (rehearsal ≠ seal) |
authority firewall (authority_firewall_policy, F1–F9) |
NON_AUTHORITY self-description; refuses any seal/promotion/gate claim; F8 filename-only seal refused (exit 6); no seal token under any input | REUSE | This is the laws-new "no authority overclaim / engineering ≠ authority PASS" discipline, already executable | Add laws-new tokens (no clearing REGISTRATION_HOLD; no register_dot) |
— | Lift as TKT-L3-GOVERNANCE authority firewall |
| Article-14 executable evidence gate (5-lens detector) | Prose naming an executable must be runnable; lenses: missing-artifact / fake-selftest / non-runnable-command / duplicate-authority / forbidden-scope; non-gating, advises approver; anti-self-defeat clause | REUSE_WITH_CHANGE | Directly maps to Codex "report-says-PASS" + "duplicate authority" (one-roof) + "forbidden scope" | Make it a support lens producing findings, not a gate; keep decision_effect=NONE |
Becoming a hidden gate | Lift as an optional TKT-RS lens; keep advisory |
| checker/DOT contract (P6 v0.2) | Per-checker row id·goal·law/source·applies_to·event·severity·action·input·output·phase·dep; severity BLOCK/ERROR/WARN/INFO; status pass/fail/warn/skip; detect-only (Đ35) |
REUSE_WITH_CHANGE (contract) / RETIRE (DOT runtime) | The declarative, law-traceable checker row is the reusable LEGO; the daily-scan cron/healer/PG-trigger runtime is not | Drop runtime; keep the row schema + severity + detect-only + coverage-matrix discipline | Carrying the cron/healer reintroduces a runtime DOT | Use the row schema in 04 block catalog |
3. Other assets (rolled up)
| Asset family | Status | Note |
|---|---|---|
contracts/authority-contract-v0-1 + "Implementation Package DOT v0.1" (denominators 309/214/186/163/54, dot_tools/PIV-007, Directus flows, system_issues/fn_tac_log_checker_issue) |
RETIRE (surfaces) / REUSE (discipline) | Stale counts/surfaces bound to old DOT estate; keep only the discipline "denominators never collapsed; presence ≠ runnability; read-only" |
B4′ deny-by-default sandbox / Phase-2 offline MVP (ip_dot_inspector) / B7 governed export packet / offline-MVP consumption contract |
DEFER | Whole execution substrate (seccomp, /in·/out, CI runners). Belongs to Phase 4 "Controlled Execution Verifier after Call Contract" |
| FIX7 authority-seal machinery (N6/N7/N8/P7, recheck-9 V2/V3, ~120 files) | RETIRE (artifacts) / REUSE (pattern) | Concrete N-node seal artifacts are FIX7-specific; keep only "acyclic authority DAG; rehearsal ≠ seal; seal is Codex/owner only" |
| Dated checkpoint/blocker-ledger revisions (rev1→rev4 spec churn, Codex re-seal rounds) | RETIRE | Historical process bookkeeping; archive, do not port |
| P6 DOT daily-scan engine, healer paired-DOT, BLOCK-as-PG-gate, pg_catalog/DDL surveillance, vector/KG projection checkers, runtime registry table | RETIRE | Pure runtime/registry/execution coupling |
harness/tkt_base_harness.py |
DEFER (as runtime) / REUSE (as spec) | Reuse the probe spec (P1–P10 + controls) in 04/06; do not port the Python in this design-only lane |
4. Conflict classification (where old TKT vs laws-new LEGO collide)
- NEEDS_OWNER_DECISION — (a) which NVSZ exit taxonomy is canonical (MCB-2); (b) designation of
NON_VECTOR_ROOT(MCB-5, owner/operator only); (c) whether the FIX7 approval-lane pattern is revived at Phase 4. - REUSE_WITH_CHANGE — object-registry policy (must route to one-roof, not a new TKT registry); P6 checker row schema (drop runtime); Article-14 detector (keep advisory).
- RETIRE — v0.1 DOT surfaces/counts; FIX7 N-node artifacts; DOT daily-scan/healer/PG-gate runtime; dated process checkpoints.
- DEFER — sandbox/Phase-2/B7 execution substrate; semantic/IU L4–L6; runtime execution verifier.
5. NOT_LEGO_READY flags
The following old components cannot be cleanly split into independent born/test/change/rollback bricks and are therefore NOT_LEGO_READY until re-scoped:
- FIX7 authority-seal closure — couples extraction, sealing, Codex handoff, and red-team in one packet; authority boundary is external. → defer, re-scope at Phase 4.
- B4′/Phase-2 sandbox MVP — couples container runtime + CI runner + inspector; operator-gated host. → defer.
- DOT daily-scan engine — runtime cron + live PG + healer in one model. → retire; keep only the declarative checker rows.
6. Bottom line
Lift the base pack (level model + 7 checker policies + authority firewall + NVSZ model + packet skeleton + Article-14 5-lens) as the foundation. Carry the P6 checker-row schema and severity vocabulary as the declarative form. Retire all v0.1-DOT / FIX7-N-node / DOT-runtime machinery. Defer the sandbox execution substrate and all semantic/IU L4–L6 work. Create no new registry — route identity to one-roof.