RS-TKT-1 (Phase 1) · 07 TKT Base NVSZ No-Vector Evidence Contract
RS-TKT-1 (Phase 1) · 07 — TKT Base NVSZ No-Vector Evidence Contract
Lane: RS-TKT-1 — Phase 1 TKT Base Design Package (design-only)
Date: 2026-06-22
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations (KB design-doc writes only)
Authority: NON_AUTHORITY · may_gate=false · decision_effect=NONE · design-only
Inherits: RS-TKT-0A 05 (NVSZ assessment) + RS-TKT-0A-PATCH1 05 (P5 taxonomy/ledger, Codex-CLOSED). NVSZ = No-Vector Zone: raw evidence is kept out of the vector KB. No root is designated here.
1. The four required statements (macro §4.7)
Raw logs do NOT go into the vector KB.
KB summary is pointer + hash + regeneration command only.
Summary prose does NOT replace raw evidence.
NON_VECTOR_ROOT must NOT be invented by the agent (owner/operator only).
NON_VECTOR_ROOT undesignated blocks Phase 3, NOT Phase 1.
Verbatim core rules (base pack, non-negotiable): Vector KB stores the recipe (commands, checker/probe scripts, committed oracles, summaries, exit codes, and pointers) — summary + hash + pointer + regeneration command, never raw transcripts. The no-vector root stores the artifact (raw stdout/stderr/*.log, run packets, the hash ledger) outside the vector embedding pipeline. R0.1 raw logs MUST NOT live in vector KB (a Postgres vector_excluded=true row is a row store, not a file root, and does not satisfy this). R0.2 the root MUST NOT be invented by an agent. R0.3 the root is NON_AUTHORITY.
2. Namespaced exit codes (PATCH1 P5 — no bare numbers in final design)
Escrow validator (canonical for run-evidence record validation):
ESCROW_E2 absent · ESCROW_E3 pointer/schema missing field · ESCROW_E4 no regeneration command ·
ESCROW_E5 raw-log-in-vector-KB · ESCROW_E6 local-claims-authority · ESCROW_E7 byte-exact mismatch ·
ESCROW_E8 secret token → quarantine · ESCROW_E9 invented root.
Root-provisioning validator (separate namespace; root acceptance only — Phase 3):
ROOT_E4 invented root · ROOT_E6 pointer field missing · ROOT_E10 path traversal ·
ROOT_E11 symlink escape · ROOT_E12 prod/permission violation · ROOT_E13 fold-apply-while-T1-active.
The two namespaces are named, distinct, never conflated. TKT-L3-NVSZ (05) emits the ESCROW_E* code; root acceptance (Phase 3) emits the ROOT_E* code. This closes MCB-2.
3. Canonical ledger filename (PATCH1 P5 — closes MCB-3)
Canonical for ALL new packets: hash_manifest.sha256
packet_tree.sha256 = sha256(hash_manifest.sha256)
Legacy HASH_MANIFEST.txt is accepted ONLY as migration INPUT and MUST be normalized to
hash_manifest.sha256 BEFORE packet_tree.sha256 is computed.
"Accept-either-and-warn" is NOT a final canonical identity — there is exactly ONE identity per packet.
4. Escrow record schema (required fields)
{ "evidence_class": "...", "claims_raw_log": "...",
"authority": "NON_AUTHORITY / NOT_PROMOTED", "may_gate": false, "decision_effect": "NONE",
"pointer": { "target": "...", "local_path": "(optional)", "hash": "sha256:<64hex>", "size": "...",
"produced_by": "...", "timestamp_policy": "none|recorded|policy-ref" },
"storage_location": "local_workbench | nvsz_file_root | nvsz_object_store | content_addressed_store",
"regeneration_command": "bash commands.sh",
"determinism": "byte-exact | functional",
"nvsz_root": { "designated": false, "designated_by": null } }
A summary missing {hash, pointer, regeneration_command} → FAIL (ESCROW_E2/E3/E4). A raw log in a vector-KB path → FAIL (ESCROW_E5). An agent-designated root → FAIL (ESCROW_E9 / ROOT_E4).
5. KB-summary vs no-vector-root split
Vector KB (this workspace) holds ONLY: knowledge/dev/laws-new/tool-kiem-thu-lego/reports/<run_id>-summary.md
→ summary + hash + pointer + regeneration command. NEVER raw logs.
No-vector root holds the artifact: <NON_VECTOR_ROOT>/tool-kiem-thu/runs/<run_id>/... (future-only; see 14)
/tmp is not sufficient evidence storage. Until a root is designated, the store of record is a local + hashed + regenerable workbench copy — never /tmp alone, never the vector KB.
6. Root-designation status (MCB-5)
nvsz_root.designated = false ; designated_by = null (in every record).
Who may designate: owner OR operator only (R0.2 / R7). An agent doing so = invented root (ESCROW_E9 / ROOT_E4).
This package designates NO root. Phase 1 is NOT blocked by this; Phase 3 and real escrow acceptance ARE blocked.
When a root is later designated, only the single NON_VECTOR_ROOT constant is repointed (no code rewrite) and storage_location transitions from local_workbench to a real root class. Phase 1 invents nothing.
7. What this contract does not do
Designates no root; writes no run packet; writes no raw log; performs no escrow validation run. It is the NVSZ design on paper. The future run-packet layout is 14 and is future-only.