RS-TKT-0A-PATCH2 · 03 P7 Status Propagation & Aggregate Truth Table
RS-TKT-0A-PATCH2 · 03 — P7 Status Propagation & Aggregate Truth Table
Lane: RS-TKT-0A-PATCH2 · Date: 2026-06-21
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations (KB writes only)
Authority: NON_AUTHORITY · may_gate=false · decision_effect=NONE · design-doc-only
Supersedes: PATCH1 07 §3 cumulative cap (which defined only FAIL-based N/A propagation), the review_readiness token READY in PATCH1 07 §4, and the §7 phrase "four orthogonal status fields." PATCH1's dependency chain and "HOLD ≠ N/A, HOLD ≠ soft PASS" rules are kept.
1. The defect (Codex P7)
PATCH1 fixed the PASS dependency chain and FAIL→N/A propagation, but left three gaps:
- No explicit rule for higher levels when L0/L1/L2 = HOLD.
- No total aggregate truth table for how PASS/FAIL/HOLD/N/A combine.
- review_readiness=BLOCKED for HOLD was implied, not specified.
- The conclusion said "four orthogonal status fields" while five are declared.
PATCH2 specifies HOLD propagation, the aggregate precedence, and a complete truth table, and fixes the field count.
2. Status definitions (exact)
PASS = this exact check was assessed and passed.
FAIL = this exact check was assessed and failed.
HOLD = required context is missing, ambiguous, unsafe, or unauthorized to assess.
N/A = a prerequisite failed/held, or the check is genuinely out of scope.
N/A is NOT PASS.
HOLD is NOT PASS.
HOLD is NOT N/A. (HOLD = could-not-safely-assess; N/A = prerequisite failed/held or out of scope)
3. Five status fields (count corrected)
Every result carries five independent fields (not four):
level_status : PASS | FAIL | HOLD | N/A # per level/brick
aggregate_status : PASS | FAIL | HOLD | N/A # combiner over levels (advisory)
review_readiness : REVIEW_READY | NOT_READY | BLOCKED
authority_effect : NONE # ALWAYS NONE
registration_effect : NONE # ALWAYS NONE
review_readiness uses the token REVIEW_READY (this standardizes PATCH1's READY).
4. Level dependencies (binding)
L0 has no prior dependency.
L1 depends on L0 = PASS.
L2 depends on L0 = PASS and L1 = PASS.
L3 depends on L0 = PASS, L1 = PASS, and L2 = PASS.
L3 sub-bricks (AUTHORITY-FIREWALL, CLAIM-AUDIT, IDENTITY, NVSZ) each depend on L0+L1+L2 = PASS;
they are independent of each other (no cross-brick dependency; see patch1/02).
5. Propagation rules (FAIL and HOLD)
If L0 = FAIL → L1/L2/L3 = N/A; aggregate = FAIL; review_readiness = NOT_READY.
If L0 = HOLD → L1/L2/L3 = N/A; aggregate = HOLD; review_readiness = BLOCKED.
If L1 = FAIL → L2/L3 = N/A; aggregate = FAIL; review_readiness = NOT_READY.
If L1 = HOLD → L2/L3 = N/A; aggregate = HOLD; review_readiness = BLOCKED.
If L2 = FAIL → L3 = N/A; aggregate = FAIL; review_readiness = NOT_READY.
If L2 = HOLD → L3 = N/A; aggregate = HOLD; review_readiness = BLOCKED.
If any L3 sub-brick = FAIL → L3 = FAIL; aggregate = FAIL; review_readiness = NOT_READY.
If any L3 sub-brick = HOLD → L3 = HOLD; aggregate = HOLD; review_readiness = BLOCKED.
If L0/L1/L2/L3 all PASS → aggregate = PASS; review_readiness = REVIEW_READY.
A level that is N/A because a lower level failed or held is not evidence of anything — it is never PASS.
6. Aggregate priority
FAIL > HOLD > PASS
N/A participates only as a propagated downstream state. It never upgrades an aggregate and never appears as the top-level aggregate unless no level was assessable at all (which is itself a HOLD condition, not an N/A aggregate).
Within L3, the four sub-bricks combine by the same priority: any sub-brick FAIL ⇒ L3 = FAIL; otherwise any sub-brick HOLD ⇒ L3 = HOLD; only all-PASS ⇒ L3 = PASS.
7. Aggregate truth table
For every row: authority_effect = NONE and registration_effect = NONE.
| # | L0 | L1 | L2 | L3 | aggregate_status | review_readiness | authority_effect | registration_effect |
|---|---|---|---|---|---|---|---|---|
| 1 | FAIL | N/A | N/A | N/A | FAIL | NOT_READY | NONE | NONE |
| 2 | HOLD | N/A | N/A | N/A | HOLD | BLOCKED | NONE | NONE |
| 3 | PASS | FAIL | N/A | N/A | FAIL | NOT_READY | NONE | NONE |
| 4 | PASS | HOLD | N/A | N/A | HOLD | BLOCKED | NONE | NONE |
| 5 | PASS | PASS | FAIL | N/A | FAIL | NOT_READY | NONE | NONE |
| 6 | PASS | PASS | HOLD | N/A | HOLD | BLOCKED | NONE | NONE |
| 7 | PASS | PASS | PASS | FAIL (any sub-brick FAIL) | FAIL | NOT_READY | NONE | NONE |
| 8 | PASS | PASS | PASS | HOLD (any sub-brick HOLD, none FAIL) | HOLD | BLOCKED | NONE | NONE |
| 9 | PASS | PASS | PASS | PASS | PASS | REVIEW_READY | NONE | NONE |
| 10 | PASS | PASS | PASS | PASS (+ out-of-scope optional checker = N/A) | PASS | REVIEW_READY | NONE | NONE |
Row 10: a genuinely out-of-scope optional checker reporting N/A does not downgrade the aggregate; the required levels all PASS, so the aggregate is PASS and review is ready. N/A from out-of-scope ≠ N/A from a failed/held prerequisite.
8. Aggregate ≠ authority / gating
aggregate_status is ADVISORY ONLY.
aggregate_status = PASS does NOT imply: authority granted, gate opened, registration moved,
CAN_PROCEED=YES, HOLD cleared, or any
semantic / implementation / runtime / production PASS.
authority_effect and registration_effect are ALWAYS NONE, independent of aggregate_status.
No aggregate status — PASS, FAIL, HOLD, or N/A — may imply authority, registration, implementation, runtime, or production permission. The combiner emits no authority/registration field other than the constant NONE.
9. Net effect
The level model is now a single deterministic state machine: explicit dependencies, both FAIL and HOLD propagation to N/A, a total aggregate precedence (FAIL > HOLD > PASS), five named orthogonal status fields, a complete truth table, and a hard wall between the engineering aggregate and any authority/registration meaning. Every level-state combination maps mechanically to exactly one aggregate and one review-readiness value with no reviewer interpretation.