KB-5563
Codex Seal — Authority Matrix B/C/D/G/H — 2026-06-09
10 min read Revision 1
codexsealauthority-matrixbcdghtool-kiem-thuread-only2026-06-09
Codex Seal — Authority Matrix B/C/D/G/H
Date: 2026-06-09
Nature: narrow adversarial authority seal
Production mutation: NO
Final verdict: BCDGH_SEALED
1. Final verdict
BCDGH_SEALED
The fresh-read closure supplies sufficient evidence to seal all five remaining domains, with mandatory modifications to B/C/D wording. No whole-baseline rerun is required.
The seal is conservative and fail-closed:
- B: filesystem-DOT “can run” is not available to v0.1; presence and historical run evidence remain separate facts.
- C: v0.1 makes no calls until a separate call contract exists.
- D: the fresh code-keyed reliability view is the canonical current registry→filesystem diff base; stale name-keyed output remains a separate dated diagnostic.
- G: existing graph/duplicate/orphan authorities must be reused; new resolver prohibited until a concrete miss is proven.
- H: no TAC↔IU bridge exists in the fresh-read evidence; tool dual-reports only and cannot choose, merge, or build a bridge.
This seal does not authorize implementation, tool/schema/runner creation, production mutation, Directus mutation, filesystem execution, or detector execution.
2. Decision table
| Domain | Proposed decision | Codex verdict | Evidence basis | Risk controlled | Final Authority Contract wording |
|---|---|---|---|---|---|
| B — “Can run” authority | Define can-run from filesystem presence plus proof-of-run | MODIFY → SEALED |
Fresh PG mirror shows 214 operational filesystem objects; 186 registry-mapped. dot_iu_command_run contains 55 historical ledger rows. Registry has no usable executable flag. CAT-006 actual_count=163 filter is unverifiable. Presence and historical run evidence do not prove a currently safe invocation contract for each filesystem DOT. |
Prevents presence, executable bit, or old run history being misrepresented as current safe runnability; prevents creation of a new runner authority. | For v0.1, filesystem-DOT “can run” is NOT AVAILABLE and filesystem DOTs MUST NOT be invoked. Report presence, mapping, and proof-of-run history as separate runtime-discovered facts. No item is callable until a separate per-command call contract proves identity, permitted mode, inputs, exit-code semantics, timeout, lease/gate, audit ledger, and non-mutation boundary. Registry presence, local checkout, CAT-006 actual_count, executable bit, and historical run rows alone never prove “can run.” |
| C — Safe-call/call-layer authority | Use one governed call layer; IU read-only set exists | MODIFY → SEALED |
The proposed 186 ∩ command-catalog joins to 0 on name and code; spaces are disjoint. IU catalog has 15 mutating=false commands, but fresh closure itself states calls are deferred in read-only v0.1. Existing operator-runtime evidence confirms a governed IU execution substrate exists, but that does not authorize this tool to invoke it. |
Prevents static whitelist, cross-space false intersection, accidental execution, and a new dispatcher/call authority. | v0.1 is read/report only and MUST make no calls. Neither filesystem DOTs nor IU commands may be invoked until a separate call contract is sealed. The 15 IU mutating=false commands are a candidate governed set for that future contract, not an authorized v0.1 call set. The filesystem-186 set is not directly callable. No static whitelist and no new dispatcher. |
| D — Registry↔filesystem reconciliation | Choose canonical diff base and retain other view separately | MODIFY → SEALED |
v_dot_registry_no_file=41 uses stale 2026-06-03 _recon data, name key, and restricted population. v_dot_reconciliation_reliability.MISSING_FILE=4 uses fresh 2026-06-09 snapshot, code key, and all 309 registry rows. Divergence is fully explained. |
Prevents denominator collapse, stale-base authority, unsafe calls to unmatched items, and rebuilding an existing reconciler. | The canonical current registry→filesystem diff base is the latest available code-keyed v_dot_reconciliation_reliability result over wf_fs_dot_bin_snapshot. v_dot_registry_no_file remains a separately named, dated, name-keyed diagnostic and MUST NOT override the canonical current diff. Every report must expose source, observation timestamp, match key, population, and both-direction diffs. Unmatched entries are NON-CALLABLE. Reuse existing reconciliation surfaces; no reconciliation mutation or new registry authority. |
| G — Duplicate/graph/orphan authority | Reuse existing Đ19/Đ23/Đ39 surfaces; prohibit new resolver until miss proven | SEALED |
Fresh-read evidence finds populated universal_edges (2199), v_kg_edges_all (2259), entity_dependencies (142), orphan functions/views/digest/queue, duplicate/idempotency guard views, and reconciliation functions. Detector functions were not executed. Doc-level canonical-id gap remains unproven. |
Prevents parallel graph, duplicate, orphan, or canonical-id authority. | For v0.1 read/report scope, existing Đ19/Đ23/Đ39 graph, duplicate, orphan, dependency, and reconciliation surfaces are the only permitted authorities. A new resolver is prohibited unless a separately authorized, read-only gap proof demonstrates a concrete miss against existing authorities. Presence of a view/function does not authorize executing a detector or writing findings. Doc-level canonical-id coverage remains UNPROVEN, not a true-new gap. |
| H — TAC↔IU corpus authority | No bridge; dual-report only; corpus authority unresolved | SEALED |
Fresh search found 0 views and 0 functions joining tac_logical_unit and information_unit, no bridge table, IU=219, TAC=102, and tac_change_set=0. Counts are dated observations, not invariants. |
Prevents silent corpus selection, merge, bridge creation, and a new corpus authority. | No TAC↔IU bridge exists in the sealed fresh-read snapshot. v0.1 MUST discover and dual-report both corpora separately and MUST NOT choose, merge, reconcile, consume either as canonical, or create a bridge. Corpus authority remains unresolved until a separate bridge/resolver contract is owner-authorized and sealed. No counts or “no bridge” result may be hardcoded; all are runtime-read evidence. |
3. Answers to the prompt choices
- B: option 5 — not available for filesystem DOT in v0.1, so v0.1 must not invoke.
- C: option 5 — no calls until a separate call contract exists. Operationally, v0.1 is option 1, read/report only.
- D: option 1 — fresh 2026-06-09 code-keyed reliability view is canonical for current diff. The stale name-keyed view is retained only as a separately labelled historical diagnostic, not as co-equal authority.
- G: SEALED — reuse existing authorities; prohibit new resolver until an existing-engine miss is demonstrated.
- H: SEALED — no bridge in fresh-read evidence; dual-report only; no choose/merge/build; authority unresolved pending separate contract.
4. Parallel-authority risk
| Authority risk | Result | Seal boundary |
|---|---|---|
| New runner authority | NO | B/C prohibit all v0.1 calls and prohibit a new dispatcher/runner. |
| New registry authority | NO | D selects an existing fresh reconciliation view only for current diff; dot_tools catalog authority is not replaced. |
| New logger authority | NO | This seal neither changes nor creates logger authority; v0.1 remains file-report-only under previously adopted boundaries. |
| New graph/duplicate authority | NO | G explicitly prohibits a new resolver until gap proof and separate authorization. |
| New TAC/IU corpus authority | NO | H prohibits selection, merge, consumption as canonical, and bridge creation. |
5. Hardcode / PG-first-native-driven seal check
- No denominator is collapsed into a single DOT count.
- No literal count is an Authority Contract invariant; all counts are dated evidence.
- B/C use fail-closed contracts, not hand lists or source-code whitelists.
- D is PG-driven through existing reconciliation views and snapshots; reports must preserve timestamps, keys, populations, and both-direction diffs.
- G consumes existing PG-native graph/orphan/duplicate authorities and forbids parallel engines.
- H requires runtime discovery and dual reporting; it forbids hardcoded corpus selection and bridge assumptions.
- No Directus, PG, registry, runtime, filesystem, or
system_issuesmutation is authorized.
6. Three declarations
- Vĩnh viễn: contracts define authority by named live surfaces and evidence semantics, not by today’s counts.
- Nhầm được không: fail-closed boundaries make filesystem calls, cross-space intersections, unmatched calls, new resolvers, and corpus selection unauthorized by default.
- 100% tự động: future reporting must query PG-native authority surfaces and emit provenance/diffs automatically; this seal introduces no manual whitelist or manual reconciliation step.
7. Minimal next step
Write Authority Contract v0.1 using the exact sealed B/C/D/G/H wording above together with already-adopted A/E/F/I/J. Do not implement, invoke, install, mutate, or create a tool/schema/runner while writing the contract.
Evidence read
reports/dot-registry-directus-text-as-code-baseline-reconciliation-2026-06-09.{md,json}reports/authority-decision-matrix-draft-after-baseline-2026-06-09.{md,json}reports/authority-matrix-fresh-read-closure-bcdgh-2026-06-09.{md,json}checkpoints/checkpoint-authority-matrix-fresh-read-closure-bcdgh-2026-06-09.md- Constitution v4.6.3 and relevant Đ19/Đ23/Đ39/PG-first evidence via direct main-process KB reads
Final disposition
BCDGH_SEALED