DOC80 S6 E0 RT Adj Card R2.md
Memory Rebuild Docs/Flattening/Reviews/Stage 6 Reviews/Stage 6 E0 Red Teaming/DOC80 S6 E0 RT Adj Card R2.md
## E0 / DOC80-Core — Red-Team Adjudication Card (v2)
**Artifact under review:** `Memory Rebuild Docs/Stage_6_Charters/E0_DOC80_Core/Charter_Draft.md` (DOC80 — Memory Control Plane Core, Stage 6 E0, Draft R1; §0–§17). **Adjudicator:** Claude Opus 4.8, repo-verified via GitHub (`wbrody/Elnor-Specs@main`). **Commission:** `…/E0_DOC80_Core/E0_Adjudication_Prompt.md`. **Status:** proposal (v2). Every fix is paste-ready and anchored to a `Charter_Draft.md` section. The adjudicator wrote nothing to the spec.
### v2 revision note (what changed from Card 1)
v2 folds in two rounds of card red-teaming (`…/Stage 6 E0 Red Teaming/S6 E0 Adj Card 1 RT reviews .md` — ChatGPT R1–R3 + Claude R1–R3, both **RATIFY_WITH_MINOR_FIXES**; neither reopened the architecture or any reject) plus the Stage-6 E0 design-discussion decisions now committed to the trackers (ADQ-406/407/408, OPA §6.Z). **~80 edits total** (was ≈50). No item from Card 1 is reversed. Folded in:
- **Correctness fixes to Card 1's own blocks** — UR-01 registry entry → ABC §9.3 typing (`allowed_roles`, `header_fields_na`, `header_fields_required: (keyof WarrantedItemHeader)[]`); UR-08/09 monotonicity law scoped to *supported* assertions (contradicted net warrant may rise on recompute); MFC `withheld_reason_codes` plural (N6); RenderMFC `render_target` (F5/A4).
- **Litigation proof layer (new MFC flows)** — `erasure`+ErasureMFC (N1), `policy_restamp`+RestampMFC (N5/N10), `restore`+RestoreMFC (N9 + ADQ-407/408); **destruction ledger** as one named append-only hash-chained seam (promotes N1+UR-42+UR-07); MFC flow set now nine kinds.
- **EC seam + control-plane invariants** — UR-17 ECSeamContract expanded to pin EC §1/§3/§7/§8 (ADQ-406/407/408); new §12.1 invariants: effective-state gating, collection-suppression gating (ADQ-406), portability/separation, export/delegation boundary-disclosure re-eval (N8).
- **Coverage orphans (NAMED-only)** — PromptShellLearningContract + PromptShellExposure (F11/N-Finding 3); DebugModeContract scoped to F30 text (Finding 4); `embedding_generation_id` + comparability invariant (F28/Finding 9).
- **Determinism/completeness** — ReproducibilityKey += registry-version inputs (N2); the 17-row ContextProduct registry table populated **ABC §9.3-only, owners ⚠confirm, never guessed** (A3/A10); §12.1 packet-proof learning row reconciled necessary-not-sufficient (N7); reason-code negative-outcome invariant family.
- **Consistency/scope guards** — §4 `LifecycleState`→`RegistryEntryLifecycleState` (A9/F7) + anti-junk-drawer rule + helper-type ownership; `E0DurableRecord` base (A6); §6 table audit-replay class (A11).
- **Traceability/closure** — ADQ normalization incl. ADQ-207/312 resolved-by-E0 + consumed-not-resolved note (A2); cross-artifact += Import Graph / Retired Names / Source Registry + the 14 invented kind-names logged do-not-reintroduce (A7); §8 OPA bullet updated for the 3 committed §6.Z obligations; ⚠verify roll-up → closed table; **post-patch regression gate added as §15.5**.
- **Deferral propagation** — §7 register + §15.4 gate table extended with ADQ-406/407/408, the destruction ledger, the orphans, UR-34 rows, the DOC81 privacy-layer gate, and the **N3 decided-manual clawback note** (5 cascade planes kept; no 6th; no promotion-time invariant).
Four architect-flagged modifications are **decided in-card** (veto-able): (1) **N3** — keep the 5-plane cascade, drop the proposed 6th plane *and* the promotion-time invariant; clawbacks (~twice in 23 yrs) are handled manually. (2) the 17-row registry table guesses **no** owners. (3) DebugModeContract is scoped to F30's actual text only. (4) the verdict token is retained and a post-patch regression gate is added as a numbered section.
### 0. Header
**Review inputs adjudicated:**
- **Charter red-team (Card 1 basis):** `…/Stage 6 E0 Red Teaming/ChatGPT E0_DOC80_Core_Final_A_Grade_Review.md` (F1–F40 + T1–T20 + 8-patch plan + 40-line checklist); `…/Claude Stage 6 EO RT Review 1.md` (UR-01–UR-48).
- **Card red-team (v2 basis):** `…/Stage 6 E0 Red Teaming/S6 E0 Adj Card 1 RT reviews .md` — ChatGPT R1–R3 (A1–A11, Tighten-A–D) + Claude R1–R3 (Findings 1–10, N1–N10). Both verdicts: RATIFY_WITH_MINOR_FIXES.
**Raw → deduped:** the UR-## spine (ChatGPT F## folded in) + SA-A/SA-B + 5 adjudicator additions (ADJ-1/2/3, UR-14b, UR-28b) → **52 Card-1 items**; v2 adds the card-review fold-ins and the three committed design-discussion obligations. UR-42–45 carried as a non-blocking BETTER_IDEA annex (UR-42 now partly promoted into the destruction ledger).
**Disposition vocabulary:** ACCEPT · ACCEPT-WITH-MODIFICATIONS (AWM) · ACCEPT-AS-FIX · REJECT · DEFER-TO-CHARTER(E#) · OPEN_FOR_ARCHITECT_REVIEW (OFAR) · ARCHITECT_STOP. Type tags: BUG / GAP / SUGGESTION / CONFIRMED / BETTER_IDEA / ARCHITECT_STOP.
**Conventions:**
- *Anchors* — each fix names `§X.Y` + a verbatim `REPLACE:`/`INSERT AFTER:` snippet; line numbers are hints only.
- *Global schema conventions (UR-26/27, ACCEPT)* — branded-string IDs with schema prefixes, `snake_case` JSON / `PascalCase` interfaces / `snake_case` enum members (unless source-canonical), RFC3339-UTC timestamps, `sha256` hashes, `schema_version` on durable records. Stated once; applies throughout.
- *Coined-lint rule (binding)* — lint names may be coined, but tokens that are not verbatim source are marked `proposed — Stage 9 confirms`. Canonical source tokens (`learning.utility_without_final_prompt_proof`, `erasure.retired_used_as_erased`, `projection.*`, `revocation.*`) are used **verbatim**. **(v2, Tighten-C/Finding 8)** each revocation lint below is now explicitly tagged `[canonical]` or `[proposed]`.
- *Compactness* — Tier-1 and E0-owned new bodies are written out in full; minor rows give disposition + anchor + the exact change.
**Severity highlights (CRITICAL):** UR-01, UR-02, UR-03/04, UR-05, UR-07, UR-08/09, UR-31, UR-35, UR-38, UR-46, **plus the v2 litigation proof layer (ErasureMFC/RestampMFC/RestoreMFC + destruction ledger), which is high but non-blocking for E0 ratification** (certificate shells, not engines).
**How to use:** apply **all accepted items** (Tiers 1–3 + the 5 additions + the v2 fold-ins ≈ **80 edits**) — the full revision, not a subset. Tier 4 = items that would be wrong to apply (REJECT) + items owned by a later charter/stage (DEFER), all enrolled in the Deferral Register (§7) so nothing is lost. Architect forks are **decided** in-card (UR-37, UR-38, and the four v2 modifications); veto at ratification.
**Closed ⚠verify roll-up (v2, A1/Finding-#11 — was an open list, now resolved/queued):**
| # | Item | Status |
| ---- | ----------------------------------------------- | ------------------------------------------------------------ |
| V1 | §3.4 trace current fields (UR-20) | **closed** — fields added |
| V2 | Skeletal §10.7 = DOC82↔DOC83 seam → §12 (UR-39) | **closed** — §17.2 row corrected |
| V3 | Skeletal §10.11/§11.9 wording (UR-08/47) | **closed** — §10.11 = 6 planes-of-effect lints + Synthesis §4 = 1 (`learning_signal_survives`); monotonicity scoped to supported assertions |
| V4 | DR-001/Skeletal §3.3 "ABC senior" (UR-01) | **closed** — ABC §9.2 = 17 verified directly |
| V5 | §18 as E0 exit criterion (UR-35) | **queued** — §18 skeleton in E0; bodies Stage 8 (gate §15.4) |
| V6 | SM-060 verbatim row | **queued** — §8 cross-artifact sweep (not edited from this card) |
| V7 | phantom DOC8 `importing_member` cell (UR-30/37) | **closed** — cell removed in §6 (N12) |
### 1. Section-map diff (outline vs Skeletal §2)
The baseline §2 defines DOC80's intended 21-section map; its own checklist marks §18/§19/§20 as "✓ (body at Stage 6)."
| Baseline §2 intended | Draft location | Status |
| ------------------------------------------------------------ | ------------------------------ | -------------------------------- |
| §1 purpose/scope · §2 family membership | §0–§1.5 | ✓ |
| §3 owner imports + ext-dep pinning | §7 + §15.2 | ✓ |
| **§4 Shared runtime vocabularies (B10)** | — | **✗ DROPPED (UR-38) → restored** |
| §5 ReasonCode · §6 ContextProduct · §7 PromptShell · §8 EffectiveMemoryPolicy ref | §2.1 · §3.1 · §2.3 · §3.2 | ✓ |
| §9 proof spine · §10 trace · §11 warrant-trigger · §12 domain-profile | §4 + §3.3 · §3.4 · §2.4 · §2.2 | ✓ |
| §13 ext-dep · §14 taxonomy · §15 compute-budget · §16 lint suite | §7.4 · §6 · §10.1 · §16.3 | ✓ |
| **§17 Family-wide acceptance standard** | §14 + §15.3 (partial) | **~ PARTIAL (ADJ-3)** |
| **§18 Golden scenario** | — | **✗ DROPPED (UR-35) → restored** |
| **§19 Amendment-magnitude** | — | **✗ DROPPED (UR-38) → restored** |
| **§20 Per-member obligations** | — | **✗ DROPPED (UR-38) → restored** |
| §21 retired-names pointer | §17.3 | ✓ |
**Verdict:** confirms the four silent drops (§4/§18/§19/§20) + one partial (§17); **no other drops.**
### 2. Master decision index
✓ = ACCEPT/AWM/ACCEPT-AS-FIX · ✗ = REJECT · ~ = DEFER/OFAR/CONFIRMED/ARCHITECT_STOP. **(v2 additions in bold-italic.)**
**§A Identity/lifecycle (§1):** UR-29 lifecycle lints (REJECT engine / ACCEPT lints) ~/✓ · UR-40 injection necessary-not-sufficient ✓ **§B Registries (§2):** UR-10 ReasonCode namespace ✓ · UR-37 DOC25 producer (DECIDED ACCEPT, *v2 scoped to parse/materialization/ingestion; source-revocation codes → DOC82*) ✓ · UR-11 DomainProfile vector ✓ · UR-13 derived cache-eligibility ✓ · UR-14 CONFIRMED ~ · UR-14b richer trigger entry ✓ · UR-22 warrant carveout ✓ · ***embedding_generation_id NAMED-only (F28) ✓*** **§C Consumption + MFC (§3):** UR-01 ContextProductKind 17 (P0) ✓ *+ §9.3 entry typing fix* · UR-02 FinalPromptTruthRef ✓ · UR-03/04 MFC union+ec_path ✓ ***+ render_target + withheld plural + effective_state_generation_id + 3 new flows (erasure/restamp/restore) + N8 disclosure refs*** · UR-15 plan grammar ✓ · ADJ-1 disposition enum (ABC §9.4) ✓ · UR-16 registry/assembly AWM ✓ · UR-19 ReproducibilityKey ✓ ***+ N2 registry-version inputs*** · UR-20 trace correlation ✓ · ADJ-2 instance-ID DOC8→DOC85 ✓ · ***17-row registry table (A3/A10) ✓*** · ***PromptShellLearningContract/Exposure NAMED-only (F11) ✓*** · ***DebugModeContract NAMED-only (F30) ✓*** **§D Proof spine (§4):** UR-05 edge-level membership ✓ · UR-06 outcome-derived ✓ · UR-07 retention classes ✓ ***+ erasure/restamp/restore = durable_audit_required*** · F13 RenderSafetyCheck vocab AWM ✓ · ***destruction ledger (named seam) ✓*** **§E NAMED-only (§5):** UR-18 bitemporal AWM ✓ · F19/F20 MME/MPG handoff ✓ · UR-41 embedding un-merge ✓ **§F Classification/ext-dep/ECSeam (§6–§7):** UR-12 ext-dep pins ✓ · UR-17 ECSeamContract ✓ ***+ EC §1/§3/§7/§8 pins + ext-dep rows*** · UR-30 classification table+N12 ✓ ***+ audit-replay class (A11)*** **§G Revocation/projection/monotonicity/ops/conventions (§8–§12):** UR-08 5-plane cascade ✓ ***(5 planes affirmed; no 6th — N3)*** · UR-09 contrary-edge polarity ✓ · UR-47 four laws AWM ✓ · UR-48 3-column table ✓ · UR-31 SemanticProjectionContract ✓ · UR-23 health ✓ · UR-24 quota ✓ · UR-25 background strategy ✓ · UR-26 schema_version ✓ · UR-27 branded IDs ✓ · ***§12.1 control-plane invariants: effective-state / collection-suppression / portability / boundary-disclosure ✓*** **§H ABC §21/AC/golden/preservation/drift (§13–§17):** UR-33 AC-004/005 ✓ · UR-34 placement ✓ ***+ §15.4 gate rows (Finding 7)*** · UR-35 §18 golden scenario ✓ · UR-46 named-lint inventory ✓ · UR-36 preservation matrix ✓ · UR-32 gate table ✓ · UR-38 restore §4/§19/§20 (DECIDED ACCEPT) ✓ · ADJ-3 §17 acceptance-standard ✓ · UR-21 citation collision ✓ · UR-39 §10.7 mislabel ✓ · F35 drift sweep ✓ · ***§4 RegistryEntryLifecycleState rename + E0DurableRecord base (A6/A9) ✓*** · ***§15.5 post-patch regression gate ✓*** · SA-B CONFIRMED-resolved ~ **§I Cross-cutting rejects:** UR-28 meta-schemas ✗ / UR-28b naming convention ✓ · GPT over-scope bodies ✗ · rename ContextProduct→ContextArtifact ✗ · ***full lifecycle/erasure state-machine ✗ (UR-29 affirmed — a per-event certificate is not an engine)*** **§J BETTER_IDEA annex:** UR-42 *(hash-chained proof log — partly promoted to destruction ledger)* · UR-43 as-of queries · UR-44 verifiable Inspector · UR-45 scoped co-counsel export — DEFER ~
### 3. Per-item rows
#### §C — Blocking core
**UR-01 — [§3.1] `ContextProductKind` 17-vs-14 (ACCEPT · BUG · P0).** *Verified:* ABC R0.2 §9.2 enumerates exactly **17**; ABC is senior (DR-001/Skeletal §3.3) and a target-freeze input; SM-060's "14" has no merge rationale; draft names match neither. `REPLACE` the `type ContextProductKind` block + its "illustrative" comment:
ts
```ts
/** Canonical 17-kind registry — ABC R0.2 §9.2 (senior per DR-001/Skeletal §3.3; target-freeze input).
* Supersedes SM-060's stale "14" (no 17→14 merge exists). */
type ContextProductKind =
| 'assertion_packet' | 'direct_memory_item' | 'topic_notice' | 'topic_slice'
| 'library_notice' | 'library_source_slice' | 'cu_source_bound_synthesis'
| 'recent_work_orientation' | 'issue_frame_orientation' | 'directive_block'
| 'procedure_block' | 'warning_constraint' | 'null_result_notice'
| 'conflict_notice' | 'search_affordance' | 'reference_only_notice' | 'blocked_scope_notice';
```
`REPLACE` `ContextProductDescriptor` with an ABC-§9.3-aligned entry **(v2, Finding 1 — corrected typing: `allowed_roles`, `header_fields_na`, keyof-typed `header_fields_required`; `learning_target` kept but aligned to ABC `LearningTarget` semantics)**:
ts
```ts
interface ContextProductRegistryEntry {
kind: ContextProductKind; registry_owner: 'DOC80'; payload_schema_owner: OwnerDocId;
assembly_contract_owner: 'DOC84'; packet_executor: 'DOC24';
role_band: 'constraint'|'assertion'|'source'|'orientation'|'affordance'; // ABC §9.3
allowed_roles: MemoryObjectRole[]; // ABC §9.3 (v2)
allowed_warrants: UseWarrant[]; allowed_support_roles: SupportRole[];
header_fields_required: (keyof WarrantedItemHeader)[]; // ABC §9.3 keyof typing (v2)
header_fields_na: (keyof WarrantedItemHeader)[]; // ABC §9.3 (v2)
default_budget_band: BudgetBand; evictable: boolean; degrades_to?: ContextProductKind;
learning_target: 'allowed'|'disallowed'|'manifest_only'; // == ABC LearningTarget
candidate_injectable: boolean; final_prompt_instance_spine_required: boolean; // ties UR-02 / ABC §9.5
audit_replay_class: 'canonical'|'durable_audit'|'derived'|'transient'|'external_ref'|'named_only'; // A11 (v2)
}
```
Update §3.1 prose 14→17; fixture `…registry_has_exactly_14_kinds` → `…_17_kinds`. **(v2, N4)** sweep every remaining ContextProductKind "14" in §3.1 comment / §6 / §14 / §15.3 / §17.2 + fixture tokens to 17 — *do not touch the "fold-in count" numerals.* *Traceability:* ABC §9.2/§9.3 (verified), ADQ-203, SM-060, Owner Map 125–126.
**17-row registry seed table (v2, A3/A10 — populate ABC §9.3-confirmed cells only; owners NOT guessed).** `INSERT` a `§3.1.1` table with columns `kind | role_band | payload_schema_owner | candidate_injectable | default_budget_band` and **one row per kind**; cells confirmable from ABC §9.3 are filled, all others marked `⚠owner-confirm@E3/E4/E7`. Name (NAMED-only) `ContextProductDecision` whose body is **DOC84** (ABC §9.4 disposition). Lint `registry.context_product_owner_guessed` (proposed) flags any non-`⚠`-marked owner lacking an ABC/Owner-Map citation.
**UR-02 — [new §3.5] `FinalPromptTruthRef` NAMED-only (ACCEPT name-only · BUG · blocking E9).** Name the hook; DOC11 owns the body (REJECT ChatGPT's full schema). `INSERT AFTER` §3.4:
md
```md
### §3.5 FinalPromptTruthRef — NAMED-only E0 hook (Skeletal §18; ADQ-207)
Runtime-truth body owner: DOC11/OpenClaw. E0 names the dependency + binds family invariants.
Carries (Stage7/DOC11 drafts): final_prompt_text_hash, injection-manifest ref, rendered/trimmed/suppressed span refs,
context_product_instance_id spine, prompt_shell_variant refs, DOC11 finalizer ref, runtime session/model-execution ref.
Final-prompt truth is required for executed-prompt render and ANY learning/utility credit; preview/export-only render
may use other proof targets but yields no learning credit.
```
`INSERT` §12.1 row: `| no learning/utility/prompt-shell credit without final-prompt survival | DOC85 eligibility; DOC11 FinalPromptTruthRef at handoff | learning.utility_without_final_prompt_proof [canonical] |`. Lints: `learning.utility_without_final_prompt_proof` [canonical] + proposed `learning.utility_credit_for_trimmed_span`, `…for_suppressed_span`, `render.context_product_instance_id_lost_before_final_prompt`. *Traceability:* Skeletal §18, ADQ-207, ABC §9.5.
**UR-03/04 — [§3.3] MFC discriminated union + EC attestation-path (ACCEPT · BUG · blocking, Class A).** `REPLACE` `interface MemoryFlowCertificate {…}` with the union below. **v2 changes:** + three flow kinds `erasure`/`policy_restamp`/`restore`; + `effective_state_generation_id` on BaseMFC (effective-state gating, ADQ-406 family); `withheld_reason_code`→`withheld_reason_codes` plural (N6); + `render_target` on RenderMFC (F5/A4); + `disclosure_scope_attestation_ref` on Export/Delegation (N8):
ts
```ts
type MemoryFlowKind =
'durable_write'|'render'|'export'|'carryover'|'delegation'|'learning_attribution'
|'erasure'|'policy_restamp'|'restore'; // v2: +3
interface BaseMFC { certificate_id: MemoryFlowCertificateId; schema_owner:'DOC80'; issued_by:'EC';
coordination_trace_ref: MemoryCoordinationTraceRef; policy_generation_id: PolicyGenerationId;
effective_policy_ref: EffectiveMemoryPolicyRef;
effective_state_generation_id: EffectiveStateGenerationId; // v2 — EC §1 effective-state gating
ec_path:'serialized_durable'|'anchored_attestation'; created_at: string; }
interface WithheldMFC extends BaseMFC { outcome:'withheld'; flow_kind: MemoryFlowKind;
withheld_reason_codes: ReasonCodeId[]; } // v2 — plural (N6)
interface DurableWriteMFC extends BaseMFC { outcome:'issued'; flow_kind:'durable_write'; ec_path:'serialized_durable'; mutation_envelope_ref: MemoryMutationEnvelopeRef; }
interface RenderMFC extends BaseMFC { outcome:'issued'; flow_kind:'render'; ec_path:'anchored_attestation';
render_target:'executed_prompt'|'preview'|'export_render'; // v2 (F5/A4)
context_packet_proof_ref: ContextPacketProofRef; render_safety_proof_ref: RenderSafetyProofRef;
final_prompt_truth_ref?: FinalPromptTruthRefId; } // required iff render_target==='executed_prompt'
interface ExportMFC extends BaseMFC { outcome:'issued'; flow_kind:'export'; ec_path:'anchored_attestation';
context_packet_proof_ref: ContextPacketProofRef; export_manifest_ref: ExportManifestRef;
disclosure_scope_attestation_ref: DisclosureScopeAttestationRef; // v2 (N8)
final_prompt_truth_ref?: FinalPromptTruthRefId; }
interface CarryoverMFC extends BaseMFC { outcome:'issued'; flow_kind:'carryover'; ec_path:'anchored_attestation'; context_packet_proof_ref: ContextPacketProofRef; carryover_capsule_ref: CarryoverCapsuleRef; }
interface DelegationMFC extends BaseMFC { outcome:'issued'; flow_kind:'delegation'; ec_path:'anchored_attestation';
context_packet_proof_ref: ContextPacketProofRef; delegation_payload_ref: DelegationPayloadRef;
disclosure_scope_attestation_ref: DisclosureScopeAttestationRef; } // v2 (N8)
interface LearningAttributionMFC extends BaseMFC { outcome:'issued'; flow_kind:'learning_attribution'; ec_path:'serialized_durable'; context_packet_proof_ref: ContextPacketProofRef; final_prompt_truth_ref: FinalPromptTruthRefId; learning_signal_ref: LearningSignalRef; }
// ---- v2 litigation proof layer (certificate shells; NOT lifecycle engines — UR-29 affirmed) ----
interface ErasureMFC extends BaseMFC { outcome:'issued'; flow_kind:'erasure'; ec_path:'serialized_durable';
erasure_kind:'soft_tombstone'|'hard_destruction'|'redaction'; mutation_envelope_ref: MemoryMutationEnvelopeRef;
legal_hold_clearance_ref?: LegalHoldClearanceRef; // required iff erasure_kind==='hard_destruction'
authorized_by: ActorRef; irreversibility_attested: boolean; reason_codes: ReasonCodeId[]; } // N1
interface RestampMFC extends BaseMFC { outcome:'issued'; flow_kind:'policy_restamp'; ec_path:'serialized_durable';
mutation_envelope_ref: MemoryMutationEnvelopeRef; prior_policy_generation_id: PolicyGenerationId;
original_ceiling_ref: PolicyCeilingRef; ceiling_compliance_attested: boolean;
authorized_by: ActorRef; reason_codes: ReasonCodeId[]; } // N10 (ADQ-316)
interface RestoreMFC extends BaseMFC { outcome:'issued'; flow_kind:'restore'; ec_path:'serialized_durable';
restored_from:'recycle_bin'|'backup'; prior_erasure_certificate_ref?: MemoryFlowCertificateId;
mutation_envelope_ref: MemoryMutationEnvelopeRef; executor: ProducerDocRef; // N9 — distinct from issued_by:'EC'
authorized_by: ActorRef; reason_codes: ReasonCodeId[]; } // ADQ-407/408
type MemoryFlowCertificate =
WithheldMFC|DurableWriteMFC|RenderMFC|ExportMFC|CarryoverMFC|DelegationMFC|LearningAttributionMFC
|ErasureMFC|RestampMFC|RestoreMFC;
```
`INSERT` §12.1 invariant: *delivery attestations are EC-signed against a read-consistent policy generation and MUST NOT take a write-queue lock.* Lints add: `proof.render_without_memory_flow_certificate`, `proof.learning_attribution_without_memory_flow_certificate`, `proof.withheld_certificate_missing_reason_code`, `proof.flow_kind_required_ref_missing`, `proof.executed_prompt_render_missing_final_prompt_truth` **(v2)**, `ec.delivery_attestation_on_serialized_write_path`, `mfc.effective_state_generation_missing` **(v2)**. **v2 erasure/restamp/restore lints:** `erasure.without_memory_flow_certificate`, `erasure.hard_destruction_without_legal_hold_clearance_ref`, `erasure.certificate_not_durable_audit_retained`; `restamp.without_memory_flow_certificate`, `restamp.exceeds_original_ceiling` (= N5/ADQ-316), `restamp.certificate_not_durable_audit_retained`; `restore.without_memory_flow_certificate`, `restore.executor_equals_ec`, `learning.credit_from_preview_render` (= F5). *Traceability:* ADQ-207/316/407/408, SM-050, Owner Map 150, Skeletal §10.9/§11.2.
**Destruction ledger (v2, ACCEPT · GAP · promotes N1+UR-42+UR-07).** `INSERT` a `§3.7` NAMED-only seam: a single **append-only, hash-chained `MemoryDestructionLedger`** that records every `ErasureMFC`/`RestampMFC`/`RestoreMFC` (chain-of-custody for litigation holds). E0 names it + binds invariants; **bodies/storage = DOC84 (delivery/audit surface) + DOC85 (learning eligibility effects) + DOC11 (runtime/durability)**. Invariant: *every erasure/restamp/restore certificate is appended to the ledger with a prior-hash link before its effect is acknowledged.* Lints `destruction_ledger.entry_missing_for_erasure_restamp_restore`, `destruction_ledger.hash_chain_broken` (both proposed). Enrolled in §7 (body) + §15.4 (gate). **Not a lifecycle engine — UR-29 affirmed.**
**UR-15 + ADJ-1 — [§3.2] per-product request/disposition grammar + ABC §9.4 enum (ACCEPT · GAP · substantive).** `INSERT AFTER` `MemoryContextPlan`:
ts
```ts
interface MemoryContextProductRequest { request_id: string; kind: ContextProductKind;
purpose:'answer'|'orientation'|'constraint'|'source_support'|'search_affordance'|'warning'|'carryover';
priority:'must_include'|'high'|'normal'|'low'; allowed_dispositions: ContextProductDecisionDisposition[];
max_budget_band: BudgetBand; fallback_kind?: ContextProductKind;
required_proofs:('context_packet_proof'|'render_safety_proof'|'memory_flow_certificate'|'final_prompt_truth_ref')[]; }
type ContextProductDecisionDisposition = // ABC §9.4 — canonical (ADJ-1); do NOT coin a parallel set
'inject_inline'|'inject_compact'|'reference_only'|'notice_only'|'search_affordance_only'|'blocked'|'suppressed_manifest_only';
// DOC84 records MemoryContextProductOutcome { request_id; decision_ref /* ABC §9.4 */; reason_codes }
```
`REPLACE` `requested_products: ContextProductKind[]` → `requested_products: MemoryContextProductRequest[]`. Lints: `context_plan.must_include_product_silently_dropped`, `…fallback_kind_not_in_registry`, `…required_proof_missing_for_product`, `…product_request_without_outcome`, `context_plan.disposition_not_in_abc_94_enum`. Three-plan model (ADQ-209) CONFIRMED. *Traceability:* ADQ-211/209, ABC §9.4.
**UR-16 — [§3.1] registry/assembly boundary (AWM · minor).** Add §3.1 note: *`required_inputs_by_kind` lists input object refs only; per-kind assembly bodies are DOC84.*
**UR-19 — [§3.1] determinism → ReproducibilityKey (ACCEPT · BUG · substantive).** `INSERT` a single `ReproducibilityKey` ranging over **content + selected-product set**, **v2 += three registry-version inputs (N2)**:
ts
```ts
interface ReproducibilityKey { request_input_hash: ContentHash; policy_generation_id: PolicyGenerationId;
context_product_registry_version: SchemaVersionRef; memory_context_plan_version: SchemaVersionRef;
prompt_shell_variant_id: PromptShellVariantId; shell_weight_generation_id: GenerationId;
utility_bundle_generation_id: GenerationId; source_generation_id: GenerationId; membership_generation_id: GenerationId;
budget_profile_id: BudgetProfileId; domain_profile_id: DomainProfileId;
warrant_degradation_trigger_registry_version: SchemaVersionRef; // v2 (N2)
reason_code_registry_version: SchemaVersionRef; // v2 (N2)
domain_profile_registry_version: SchemaVersionRef; } // v2 (N2)
```
Invariant: *identical key ⇒ identical content + selected set; any learned weight MUST be a named input.* Lints `determinism.learned_weight_not_named_input`, `determinism.degradation_or_reasoncode_registry_version_not_named_input` **(v2, N2)**.
**UR-20 — [§3.4] trace correlation (ACCEPT · GAP).** `INSERT`: `session_ref; turn_id; request_correlation_id; parent_trace_ref?`. Lint `memory_coordination_trace.missing_turn_correlation`.
**ADJ-2 — [§3.5/§3.1] instance-ID spine DOC8→DOC85 (ACCEPT · GAP).** Spine references **DOC85** (DOC8 phantom, ADQ-221). Lint `context_product.instance_id_missing_from_learning_attribution`.
**PromptShellLearningContract + PromptShellExposure — [new §3.8] NAMED-only (v2, ACCEPT · GAP · F11/Finding 3).** Coverage orphan: prompt-shell weights influence learning but had no named exposure contract. `INSERT` NAMED-only stubs (bodies **DOC85 / Stage 7**): `PromptShellLearningContract { shell_variant_id; learning_target:'allowed'|'disallowed'|'manifest_only'; weight_generation_id; final_prompt_truth_required: true }` and `PromptShellExposure { shell_variant_id; exposed_in_final_prompt: boolean; context_product_instance_ids: string[] }`. Lint `prompt_shell.learning_credit_without_exposure_in_final_prompt` (proposed). Enrolled §7 (body) + §15.4 (gate).
**DebugModeContract — [new §3.9] NAMED-only (v2, ACCEPT · GAP · F30/Finding 4 — scoped to F30's text only).** Names a debug/inspection mode that **must carry a non-learning guarantee** (debug reads never produce learning credit). NAMED-only; body deferred. Lint `debug_mode.flow_without_non_learning_guarantee` (proposed). **Scope: exactly F30's stated concern — no broader debug subsystem invented.**
#### §D — Proof spine
**UR-05 — [§4.1] edge-level membership proof (ACCEPT · BUG · substantive).** `REPLACE` `membership_eligibility_checked: boolean;` → `membership_eligibility_results: MembershipEligibilityProof[];` + add `included_set_hash; excluded_set_hash;`. `INSERT`:
ts
```ts
type MembershipLifecycleState = 'candidate'|'active'|'blocked'|'removed'|'stale'|'suppressed'|'archived';
interface MembershipEligibilityProof { membership_edge_ref: MemoryMembershipEdgeRef; lifecycle_state: MembershipLifecycleState;
injection_eligible: boolean; gate_owner:'DOC87'|'DOC84'; policy_generation_id: PolicyGenerationId; reason_codes: ReasonCodeId[]; }
```
Lints: `proof.membership_eligibility_boolean_only`, `…injected_membership_without_edge_level_result`, `…lifecycle_not_active`, `…missing_reason_codes`.
**UR-06 — [§4.2] outcome derived from checks_failed (ACCEPT · BUG).** Invariant: *`outcome==='fail'` iff `checks_failed` non-empty; not independently writable.* Lints `render_safety.outcome_not_derived_from_checks`, `…failed_check_did_not_block_render`, `…executed_body_defined_in_doc80`.
**UR-07 — [new §11.4] proof retention classes (ACCEPT · GAP · blocking).** `INSERT AFTER` §11.3:
ts
```ts
type ProofRetentionClass = 'durable_audit_required'|'durable_if_effect_committed'|'transient_allowed_only_if_effect_not_committed'|'derived_rebuildable';
interface ProofArtifactRetentionRule { artifact_type: string; retention_class: ProofRetentionClass; retained_by:'EC'|'DOC11'|'DOC84'|'DOC85'; replay_required: boolean; audit_required: boolean; }
```
Rule: *any proof gating a durable write / final-prompt render / export / carryover / delegation / learning attribution **/ erasure / policy_restamp / restore** is `durable_audit_required` (append-only) or referenced by its originating `MemoryMutationEnvelope`.* **(v2: erasure/restamp/restore explicitly `durable_audit_required`.)** Lints `proof.gated_effect_without_retained_proof`, `…retention_class_missing`, `…transient_proof_used_for_durable_effect`.
**F13 — [§4.2] RenderSafetyCheck vocabulary (AWM · BUG).** Relabel "proposed value set" → "closed E0 check vocabulary; per-check payload/registry Stage 7"; keep the 6 values; lint `render_safety.provisional_check_used_as_required_contract`.
#### §B — Registries
**UR-10 — [§2.1] ReasonCode namespace mechanics (ACCEPT · GAP · high, Class A).** `REPLACE` `type ReasonCodeNamespace = string;` + allocation with lifecycle-bearing versions: `pattern '^[A-Z][A-Z0-9_]{1,31}$'`; `state:'reserved'|'active'|'deprecated'|'retired'|'legacy_reserved'`; `allocated_in: SchemaVersionRef`; `replacement_namespace?`; `legacy_allowed_only?`. Lints `reason_code.namespace_collision`, `…namespace_state_legacy_emitted_runtime_code`, `…case_pattern_violation`. **(v2) reason-code negative-outcome invariant:** *every withheld/blocked/degraded outcome carries ≥1 reason code* → lint family `*.negative_outcome_without_reason_code` (proposed; spans policy/scope/render/learning/erasure).
**UR-37 — [§2.1] DOC25 ReasonCode producer (DECIDED ACCEPT · BUG-drift · v2 scoped).** Originating doc owns its codes; **v2 (Finding 6) narrows DOC25's grounding to parse / materialization / ingestion conditions, and routes source-revocation reason codes to DOC82.** `INSERT` rationale sentence + the scoping clause. The "ungrounded" flag → grounding obligation (preservation matrix + OP-A; amend Owner Map 86). Veto at ratification.
**UR-11 — [§2.2] DomainProfile per-axis vector (ACCEPT · GAP · high, Class C).** `REPLACE` `restrictiveness_rank: number;`:
ts
```ts
type RestrictivenessLevel = 'open'|'normal'|'restricted'|'highly_restricted'|'blocked';
interface DomainProfileRestrictivenessVector { extraction:RestrictivenessLevel; rendering:RestrictivenessLevel; disclosure:RestrictivenessLevel;
export:RestrictivenessLevel; carryover:RestrictivenessLevel; delegation:RestrictivenessLevel; learning:RestrictivenessLevel; retention:RestrictivenessLevel; source_authority:RestrictivenessLevel; }
// E0 rule: effective = per-axis most-restrictive meet; missing|unknown|incomparable ⇒ conservative; multi-axis action allowed only if EVERY touched axis allows. DOC81 owns axis vocabulary/semantics.
```
Lints `domain_profile.scalar_rank_used`, `…incomparable_axis_without_fail_closed`. (DOC81 axis *values* deferred — §7.)
**UR-13 — [§2.3] derived cache eligibility (ACCEPT · SUGGESTION).** `kv_cache_eligible` derived from `content_hash && policy_invariant && lifecycle_state==='active'`. Lints `prompt_shell.cache_eligible_without_content_hash`, `…cache_eligible_policy_variant`, `…retired_variant_used_for_new_packet`.
**UR-14 (CONFIRMED) + UR-14b (ACCEPT · SUGGESTION).** Registry E0-owned (ADQ-312). **UR-14b:** extend `WarrantDegradationTrigger` with `allowed_producers`, `allowed_consumers`, `payload_schema_ref`, `introduced_in/deprecated_in?/retired_in?`, `replacement_trigger_kind?`, `default_reason_code`. REJECT ChatGPT F12's full rewrite beyond this.
**UR-22 — [§2.4] warrant-degradation carveout (ACCEPT · GAP · high).** Exempt user-asserted durable facts, authority-fixed content, static facts, fixed citations/dates/named entities, user-locked memories, via `authority_class` (`user_asserted|authority_fixed|source_derived|inferred`) **owned by DOC82/DOC81**. Lints `warrant_degradation.authority_fixed_fact_degraded`, `…static_fact_degraded`, `…user_locked_memory_degraded`.
**embedding_generation_id — [§2.x/§8.1] NAMED-only (v2, ACCEPT · GAP · F28/Finding 9).** Coverage orphan: embedding-derived similarity lacked a versioned generation handle + comparability rule. `INSERT` a NAMED `embedding_generation_id: GenerationId` on the relevant embedding-bearing record + invariant *"similarity/merge comparisons are only valid within the same `embedding_generation_id`; cross-generation comparison requires re-embedding or explicit review."* Lint `embedding.cross_generation_comparison_without_reembed` (proposed). Ties UR-41.
#### §F — Classification / external-dependency / ECSeam
**UR-12 — [§7] ExternalDependencyRecord reproducible pins (ACCEPT · GAP · high, Class A).** Add `git_commit_sha; hash_algorithm:'sha256'; source_line_ranges: string[]; last_verified_at?`. Lints `external_dependency.hash_algorithm_missing`, `…commit_sha_missing`, `…line_pin_missing`, `…phantom_marked_runtime_import`, `…moving_dependency_without_drift_response`.
**UR-17 — [§7.1] structured ECSeamContract (ACCEPT · BUG · med-high, Class A) — v2 EXPANDED.** Convert §7.1 prose to an interface with `owns_read_model_refresh: true; non_ec_durable_writers_forbidden: true;`. **v2 (ADQ-406/407/408): pin the EC surfaces DOC80 depends on and reference (never redefine) them:**
md
```md
ECSeamContract pins (referenced-not-redefined; ExternalDependencyRecord row each):
- EC §1 — off-switch / incognito / collection gate (effective-state source; enforces TopicCollectionDirective suppression)
- EC §1.1 — global retention-window setting ("Empty now" / "Save N days") for the recycle bin (ADQ-407)
- EC §1.3 — incognito (composes most-restrictive with §1 toggles + topic suppression)
- EC §3 — compiled policy engine (single policy evaluator; policy_generation_id source)
- EC §4 — BackgroundJobOrchestrator (retention/expiry sweeps for the recycle bin)
- EC §7 — migration / import-merge (restore-into-fresh-install path, ADQ-408)
- EC §8 — export / full_raw_backup (restore/provision source, ADQ-407/408)
```
Lints `ec.non_ec_durable_writer_detected`, `…read_model_refresh_without_ec_receipt`, `learning.writeback_without_ec_execution` [canonical], + `external_dependency.ec_seam_pin_missing` (proposed). Add **ExternalDependencyRecord rows for EC §1, §3, §7, §8** (with the §1.1/§1.3/§4 sub-pins noted). OPA-031 + (v2) the three §6.Z obligations.
**UR-30 — [§6] classification table + N12 (ACCEPT · GAP · medium, Class A) — v2 += audit class.** Add rows for `ContextPacketProof`, `RenderSafetyProof`, `MemoryFlowCertificate` (+ the v2 Erasure/Restamp/Restore variants), `MemoryDestructionLedger` **(v2)**, `MemoryCoordinationTrace`, `MemoryMutationEnvelope`, `MemoryProvenanceGraph`, `PromptShellVariant`, `FinalPromptTruthRef`, `SemanticProjectionContract`+4 projections, `ExternalDependencyRecord`, `MemoryPlaneHealthReadModel`, `MemoryOperationQuota`; add column `audit_replay_class ∈ {canonical, durable_audit, derived, transient, external_ref, named_only}` **(A11)**. N12: (1) ContextProduct row `varies`→enumerate per kind; (2) normalize `ContentReference` vs `string` ref-types; (3) remove phantom DOC8 `importing_member`.
#### §G — Revocation / projection / monotonicity / ops / conventions
**UR-08 + UR-09 — [§12.1] 5-plane revocation cascade + contrary-edge polarity (ACCEPT · GAP+BUG · high).** **(v2, N3 — DECIDED: the cascade is the existing 5 planes of effect (DOC82/84/85/86/87); no 6th plane is added, and no promotion-time invariant is added. Clawbacks are rare (~twice in 23 years) and handled manually. Recorded so no later charter silently re-inherits a 6th plane.)** `INSERT AFTER` the §12.1 table:
ts
```ts
interface SourceRevocationCascade { // invariant in E0; per-plane execution in DOC82/84/85/86/87
source_ref: SourceRef; revocation_event_ref: MemoryMutationEnvelopeRef;
required_outcomes: { doc82_support_edges:'invalidated'|'verify_required'; doc87_memberships:'restamped'|'removed'|'hidden';
doc84_delivery_artifacts:'invalidated'; doc85_learning_signals:'ineligible_for_future_utility'; doc86_surfaces:'safe_labeled'|'suppressed'; };
ec_receipt_refs: ECReceiptRef[]; reason_codes: ReasonCodeId[]; }
```
`REPLACE` the §12.1 source-revocation row's invariant with *"source revocation triggers cross-plane recompute; net-warrant change is traced (polarity-aware — a contrary-source removal MAY raise net warrant)"* and fix §2.4 `warrant_trigger.raised_eligibility` similarly. **Revocation lint set (v2 tags):** `revocation.support_edge_survives_revoked_source` [canonical], `…membership_survives_revoked_source_without_restamp` [canonical], `…carryover_capsule_survives_revoked_source` [canonical], `…learning_credit_after_revocation` [canonical], `…learning_signal_survives_revoked_source` [canonical — Synthesis §4], `…inspector_leaks_revoked_source` [canonical], `…published_view_not_invalidated_after_revocation` [canonical] (Skeletal §10.11 = these planes-of-effect) + polarity lints `…supporting_source_removed_without_recompute` [proposed], `…contrary_source_removed_without_recompute` [proposed], `…net_warrant_changed_without_recompute_trace` [proposed]. **(v2, Finding 2)** the §11.9 monotonicity LAW applies to **supported** assertions only — *contradicted* assertions' net warrant MAY rise on recompute (tie to `revocation.net_warrant_changed_without_recompute_trace`).
**UR-31 — [new §3.6] define SemanticProjectionContract (ACCEPT · BUG · P1).** `INSERT`:
ts
```ts
interface SemanticProjectionContract { schema_owner:'DOC80'; projection_may_own_truth:false;
required_fields:['source_refs','generation_id','invalidation_policy_ref','projection_owner','proof_or_read_model_refs'];
allowed_axes:('delivery'|'ui'|'organization'|'knowledge')[]; }
interface SemanticProjectionAxisRegistration { axis:'delivery'|'ui'|'organization'|'knowledge';
concrete_projection_schema:'DeliveryProjection'|'UIProjection'|'OrganizationProjection'|'KnowledgeProjection';
schema_owner:'DOC82'|'DOC84'|'DOC86'|'DOC87'; canonical_truth_owner: OwnerDocId; invalidation_policy_owner: OwnerDocId; }
```
Update §6.3/§17.3 cross-refs. Lints `projection.used_as_canonical_truth` [canonical], `…owner_missing` [canonical], `…missing_invalidation_policy` [canonical], `…missing_source_refs` [canonical], `…generation_id_missing` [proposed].
**UR-47 (AWM) + UR-48 (ACCEPT).** §12.1 already carries all four monotonicity laws — tighten the learning row to "cannot increase warrant **beyond the non-learning ceiling**"; apply UR-09 polarity (and Finding 2 scoping). **UR-48:** add a `Stage 8 Negative Fixture` column to §12.1; minimum rows += UR-02/UR-08/UR-31/UR-26 + (v2) erasure/restamp/restore + collection-suppression.
**UR-23 — [§9.1] health fields (ACCEPT · GAP · high).** Add `measurement_window; generated_at; last_successful_refresh_at; freshness_status:'fresh'|'stale'|'failed'; severity:'info'|'warning'|'degraded'|'blocked'; source_trace_refs`. Lints `health.counter_window_missing`, `…counter_stale_without_status`, `…counter_missing_last_successful_refresh`.
**UR-24 — [§10.2] quota fields (ACCEPT · GAP · high).** Add per-bound `unit:'items'|'tokens'|'runs'|'seconds'|'bytes'; window; default_value; hard_max; enforcement_owner; on_exhaustion:'pause'|'degrade'|'queue_for_review'|'suppress_noncritical'|'block'; resume_policy_ref`. Lints `quota.unit_missing`, `…window_missing`, `…enforcement_owner_missing`, `…exhaustion_behavior_missing`, `…resume_policy_missing`.
**UR-25 — [§10.3] background strategy (ACCEPT · GAP · med-high, Class C).** `REPLACE` `background_yield_to_hot_path: boolean;` → `background_execution_strategy:'cooperative_chunking'|'worker_thread'|'child_process'|'deferred_queue_only'` + `max_chunk_ms; yield_checkpoint_required; hot_path_preemption_supported; cancellation_checkpoint_required` (DOC11/OpenClaw executes). Lint `quota.background_yield_boolean_without_runtime_strategy`.
**UR-26 (ACCEPT · P1) + UR-27 (ACCEPT).** §8: add `schema_version` convention + "breaking change requires a named migration plan (Stage 7 owns the plan schema)." Lints `schema.version_missing`, `…migration_plan_required_for_breaking_change`, `…timestamp_not_rfc3339_utc`, `…hash_algorithm_missing`. **REJECT** building `MemorySchemaMigrationPlan` in E0. §8.4: declare branded-IDs + naming/RFC3339/sha256 globally.
#### §A — Identity / lifecycle
**UR-29 — [§1.4] lifecycle: keep lints, reject engine (REJECT engine / ACCEPT lints — affirmed in v2).** `INSERT` §1.4 sentence: *"Retired, stale, suppressed, reference-only, archived, revoked, tombstoned, hard-deleted are not synonyms; downstream contracts must not treat non-erasure states as erased."* Lints `erasure.retired_used_as_erased` [canonical], `erasure.legal_hold_bypassed_without_adq_resolution` [canonical]; proposed `stale_is_not_erased`/`suppressed_is_not_erased`/`reference_only_is_not_erased`/`archived_is_not_erased`/`revoked_is_not_hard_deleted`. **(v2: the new ErasureMFC/RestampMFC/RestoreMFC certificates record events; they do NOT introduce a lifecycle state machine — UR-29 stands.)**
**UR-40 — [§4.1/§12] necessary-not-sufficient (ACCEPT · GAP).** `INSERT`: *"membership eligibility is necessary, not sufficient — policy and scope still gate independently."*
#### §E — NAMED-only
**UR-18 — [§8.2] bitemporal split (AWM).** Add: *"MME (mutation/replay time) and DOC82 assertion/evidence axes (valid/transaction time) are linkable, not collapsed."* Lints add `assertion.bitemporal_axes_missing_transaction_time`/`…valid_time`, `memory_mutation_envelope.valid_time_used_as_replay_order`.
**F19/F20 — [§5.1/§5.2] Stage-7 handoff vocabulary (ACCEPT; keep NAMED-only).** MME checklist: `event_type, aggregate_ref, idempotency_key, causation_id, correlation_id, actor_ref, transaction_time, valid_time, policy_generation_id, proof_refs, reason_codes, replay_order, migration_metadata`; MPG: node/edge kind registries, proof-attachment-for-gated-edges, redaction/retention policy, revoked-source cascade edges. No field bodies (Class D).
**UR-41 — [§8.1] embedding un-merge (ACCEPT · name).** *"Embedding-model migration may require un-merging previously-merged assertions; route through review, never a silent split."* (Ties the v2 `embedding_generation_id`.)
#### §H — ABC §21 / AC / golden / preservation / drift
**UR-38 — [restore §4/§19/§20] (DECIDED ACCEPT · GAP · high).** `INSERT` three sections. **§4 v2 changes: rename the generic `LifecycleState` → `RegistryEntryLifecycleState` (registry-only, A9/F7); add the anti-junk-drawer rule + helper-type ownership; add `E0DurableRecord` base (A6).**
md
```md
## §4. Shared runtime vocabularies (Skeletal §4 / B10)
Single home for runtime-only enums/value types used by ≥2 family members; NO process/non-runtime vocab (B10).
Anti-junk-drawer rule (v2): a type lands in §4 only if (a) runtime, AND (b) used by ≥2 members, AND (c) not owned by a
specific member's domain. Helper-type ownership (v2): UseWarrant, SupportRole, MemoryObjectRole are DOC82-owned —
referenced here, never redefined; OwnerDocId, ProducerDocRef, BudgetBand are §4-owned.
§4.1 Declared shared runtime value types: OwnerDocId; ProducerDocRef; BudgetBand='xs'|'s'|'m'|'l';
RegistryEntryLifecycleState='active'|'deprecated'|'retired' (v2 rename — registry entries only, NOT memory-object lifecycle);
MembershipLifecycleState (UR-05); EffectiveStateGenerationId (v2); branded-ID base + SchemaVersionRef + ContentHash('sha256') +
RFC3339-UTC rule (UR-26/27); ContextProductDecisionDisposition (ABC §9.4) declared here, referenced by §3.2.
§4.2 E0DurableRecord base (v2, A6): { schema_version: SchemaVersionRef; created_at: string /* RFC3339-UTC */ }.
Records that extend it: ContextProductRegistryEntry, every MFC variant, MemoryDestructionLedger entry, ExternalDependencyRecord,
ProofArtifactRetentionRule, ReasonCode, WarrantDegradationTrigger, DomainProfile, MemoryOperationQuota.
Lints: runtime_vocab.value_type_redefined_per_member; runtime_vocab.process_vocab_in_runtime_core (B10);
runtime_vocab.owner_missing; runtime_vocab.registry_lifecycle_used_as_memory_lifecycle (v2);
durable_record.missing_e0_durable_base (v2).
## §19. Per-external-doc amendment-magnitude assessment (Skeletal §19 / F-struct #3)
One-line magnitude per §7.4 external dependency (derived from dependency_status):
EC=major(moving); BDSM=moderate(partial, ADQ-221); DOC73=minor–moderate(partial); DOC8=none(phantom, ADQ-221);
DOC26=conditional(aspirational, ADQ-202/404); DOC72/DOC25/DOC24/KDA/DOC11/DOC15/DOC20/DOC23/DOC1/DOC3/PropA=minor(stable).
Lint: external_dependency.amendment_magnitude_missing.
## §20. Per-member obligations tables (Skeletal §20 / F-struct #4)
Each member declares (a) MemoryCoordinationTrace obligations and (b) degraded/blocked states it must handle:
DOC81 → policy/scope decision refs + policy_generation_id | policy_disambiguation_pending; scope_unresolved→conservative
DOC82 → assertion/evidence/resolution refs | contested_assertion; revocation recompute
DOC83 → extraction-plan + candidate refs | extraction re-gate on policy_generation change
DOC84 → packet/manifest/proof refs (+ destruction-ledger surface) | proof_artifact_missing; membership_unavailable; degraded_mode
DOC85 → learning_signal + final_prompt_truth refs | learning withheld (no proof / no final-prompt truth)
DOC86 → Inspector read-model refs backed by trace | read-model stale/failed; safe-label on blocked content
DOC87 → membership_mutation refs | membership removed/blocked → suppressed
Lints: member.coordination_trace_obligation_undeclared; member.degraded_states_undeclared.
[Per-member instances completed at E1–E10 — see §7 + gate table.]
```
Update §17.2 to add §4/§18/§19/§20 landing rows.
**UR-35 — [new §18] golden scenario (ACCEPT · BUG · high).** `INSERT` `## §18` with the 15-step phase order (request/observation → policy preflight → extraction admission → source materialization → candidate emission → canonical resolution → membership assignment → policy re-check → context-product planning → packet assembly → rendering → final-prompt proof → learning eligibility → UI/Inspector → replay/audit) + fixture taxonomy (`contract_fixture`, `negative_contract_fixture`, `cross_charter_integration_fixture`, `policy_change_fixture`, `source_revocation_fixture`, `replay_fixture`, `migration_fixture`, `final_prompt_truth_fixture`, `learning_attribution_fixture`, `golden_scenario_fixture` **+ v2: `erasure_restore_fixture`, `collection_suppression_fixture`**) + negative-fixture names (`fixture.golden.learning_credit_without_final_prompt_truth_fails`, `…revoked_source_invalidates_support_membership_delivery_learning_ui`, `…removed_membership_cannot_inject`, `…non_ec_write_detected`, `…context_product_kind_unknown_blocks_assembly`, `…learned_weight_missing_from_deterministic_input_fails`, `…policy_tighten_between_plan_and_render_blocks_or_restamps`, **`…hard_destruction_without_legal_hold_clearance_fails`**, **`…collection_suppressed_topic_admitted_fails`**, **`…restore_without_certificate_fails`**). E0 owns the skeleton; Stage 8 owns bodies.
**UR-46 — [§16.3] preserve synthesis named-lint inventory (ACCEPT · GAP · high).** Add §16.3 subsection split by owner — **(a) DOC80-substance (Stage-9 names)** incl. the canonical learning/erasure/assertion/versioned-claim/bitemporal/revocation tokens; **(b) flatten-governance lints** (`import_graph.*`/`owner_map.*`/`opa.*`) owned by the flatten-governance suite, acknowledged in the preservation matrix; **(c) provenance caveat** — coined tokens marked proposed. **(v2)** add the new proposed tokens (`erasure.*`, `restamp.*`, `restore.*`, `destruction_ledger.*`, `collection.*`, `ec.flow_issued_while_subsystem_disabled`, `portability.*`) to subsection (a)-proposed.
**UR-36 — [new §17.4] preservation matrix (ACCEPT · GAP→assurance · high).** Assurance matrix proving every Stage-5R/5R2/5R2b decision lands/defers/exits + **(v2) the consumed-not-resolved ADQ note (A2): ADQ-209 is \*consumed\* by E0 (three-plan model honored) but its resolution authority is recorded, not re-decided here.** Min rows = UR-01/02/08/09 lints, UR-31, UR-35, UR-46, UR-38 + (v2) the destruction ledger, ADQ-406/407/408, DOC25 grounding (UR-37).
**UR-32 — [new §15.4] cross-charter gate table (ACCEPT · GAP · high) — v2 EXPANDED.** Columns Gate | Source | Blocked charters | Required before | Owner | Blocking. Rows: UR-01→E7/E8; UR-02→E8/E9; UR-08→E3/E4/E7/E8/E9/E10; UR-31→E3/E7/E8/E10; ADQ-202→E4/E_org/E10; DOC15 / DOC26 / SourceBoundSynthesisAdapter / DOC85-two-phase / TopicIdentityContract. **v2 adds:** `IngestionCostBudget`→E3 + `WarrantConsequenceRegistry`→E4 (Finding 7); **ADQ-406** (DOC81 `collection_mode` suppression)→E1/E2; **ADQ-407** (EC global recycle bin + retention setting)→EC charter; **ADQ-408** (EC restore-from-backup)→EC charter; **DOC81 per-topic privacy-layer gate**→E1/E2; destruction-ledger body→DOC84/DOC85/DOC11; PromptShellLearningContract/DebugModeContract/embedding_generation_id bodies→DOC85/Stage 7.
**UR-33 — [§14] AC-004/005 hardening (ACCEPT · GAP · medium).** AC-004 completion = schema + owner + positive + negative fixture + Stage-9 lint. AC-005 gated on ADQ-202 **and** ECSeamContract **and** DOC25 materialization/source-binding **and** DOC82 source/evidence.
**UR-34 — [§13/§16.1] placement (ACCEPT · records draft) — v2 adds gate rows.** `IngestionCostBudget`=DOC25-primary; `WarrantConsequenceRegistry`=DOC82-primary; confirm at E3/E4 — **now also enrolled as §15.4 gate rows (Finding 7).**
**ADJ-3 — [§15.3 or §14.4] family-wide acceptance standard (ACCEPT · GAP · minor).** Short subsection restating the standard (= flatten-plan §19 + the §15.3 discharge sweep + the §12 invariant gates).
**UR-21 / UR-39 / F35 / SA-A / SA-B** — as Card 1: disambiguate `Skeletal-doc §N` vs `DOC80-target §N` (UR-21); correct §17.2 §10.7 row → DOC82↔DOC83 seam → §12 (UR-39); drift sweep → §8 (F35); SA-A folds into UR-01; SA-B CONFIRMED-resolved (§17.2 arithmetic already correct).
#### §I — Rejects (Considered-and-declined, inline)
- **UR-28 — meta-schemas in E0 (REJECT).** `LintRegistryEntry`/`FixtureManifest`/`MemorySchemaMigrationPlan` + JSON-Schema-per-contract → Stages 7/8/9. **UR-28b (ACCEPT):** naming convention lands in E0 — `<domain>.<failure_condition>`; `fixture.<domain>.<scenario>.<expected_result>`; "every error lint has ≥1 Stage-8 negative-fixture handoff."
- **GPT full bodies (REJECT):** full `FinalPromptTruthRef` schema (mis-owns DOC11); **full lifecycle/erasure state machine (reopens synthesis §6 / UR-29 — the v2 ErasureMFC is a per-event certificate, not the rejected engine)**; full `MemorySchemaMigrationPlan`; DOC81 policy-axis enum values; DOC84 executed `RenderSafetyProof` body.
- **Rename `ContextProduct`→`ContextArtifact` (REJECT).** ABC §9.2 senior, uses `ContextProduct`.
#### §J — BETTER_IDEA annex (non-blocking, DEFER, recorded §7)
**UR-42** tamper-evident hash-chained proof log — **partly promoted in v2 to the §3.7 destruction ledger; the broader as-of/verifiable layer remains deferred** · **UR-43** "as-of" time-travel queries · **UR-44** click-to-provenance verifiable-memory Inspector (DOC86/E10) · **UR-45** scoped/redacted co-counsel export (`ExportMFC` + per-axis redaction + the v2 `disclosure_scope_attestation_ref`).
### 4. Reviewer-by-reviewer coverage
**Charter red-team (Card 1):** ChatGPT 5 Pro (F1–F40) — ~26 accepted / ~6 modified / ~5 rejected (full bodies, rename) / ~3 deferred; best catch = the 17-kind ABC source (verified). Claude Opus 4.8 (UR-01–48) — ~34 accepted / ~5 modified / 2 rejected (lifecycle engine, meta-schemas); reference-grade, repo-verified, scope-disciplined.
**Card red-team (v2):** **ChatGPT R1–R3** — A1–A11 + Tighten-A–D, verdict RATIFY_WITH_MINOR_FIXES; all accepted as folded above; verified-correct items applied as written (17-kind enum == ABC §9.2; ADJ-1 == ABC §9.4; cascade 5 planes == Skeletal §10.11; projection ownership == §11.10; four monotonicity laws == §11.9; section-map diff complete). **Claude R1–R3** — Findings 1–10 + N1–N10, verdict RATIFY_WITH_MINOR_FIXES; all accepted, including the litigation proof-layer additions (N1/N5/N9/N10) and the four correctness fixes to Card 1's own blocks. **Neither card reviewer reopened the architecture or any Card-1 reject.**
### 5. Value-tier roll-up
**Tier 1 — Critical/blocking:** UR-01, UR-02, UR-03/04, UR-05, UR-07, UR-08/09, UR-31, UR-46, UR-35, UR-38, F35. **Tier 2 — Substantive:** UR-10, UR-11, UR-12, UR-15+ADJ-1, UR-17, UR-19, UR-20, UR-22, UR-23, UR-24, UR-25, UR-26, UR-30, UR-32, UR-33, UR-36, UR-48, F13, UR-14b, **+ v2: ErasureMFC/RestampMFC/RestoreMFC + destruction ledger, §12.1 control-plane invariants (effective-state / collection-suppression / portability / boundary-disclosure), 17-row registry table, ReproducibilityKey N2 inputs, ECSeamContract EC §1/§3/§7/§8 pins.** **Tier 3 — Minor:** UR-06, UR-13, UR-14, UR-16, UR-18, UR-21, UR-27, UR-28b, UR-29 (lints), UR-34, UR-37, UR-39, UR-40, UR-41, ADJ-2, ADJ-3, F19/F20, **+ v2: PromptShellLearningContract/Exposure, DebugModeContract, embedding_generation_id, §4 RegistryEntryLifecycleState rename + E0DurableRecord, §6 audit class, §15.5 regression gate.** Tiers 1–3 are **all applied**; tiering is edit-order, not do-some-skip-some.
### 6. *(verdict moved to §9)*
### 7. Deferral register — the spec tracks every deferral; the architect tracks nothing
| Deferred item | Why not in E0 | Owner / landing | Recorded in (pickup trigger) |
| ------------------------------------------------------------ | --------------------------------------------------------- | --------------------- | ------------------------------------------------------------ |
| MemoryMutationEnvelope field body | NAMED-only by plan | Stage 7 | §5.1 handoff + §15.4 + §17.4 |
| MemoryProvenanceGraph field body | NAMED-only by plan | Stage 7 | §5.2 handoff (F19/F20) + §15.4 |
| ResumeProjection/ResumeCard body | NAMED-only by plan | Stage 7 (DOC84/86) | §5.3 + §15.4 |
| DOC81 policy-axis enum values | DOC81 owns axis semantics | DOC81 / E1–E2 | §2.2 note + §15.4 (UR-11) |
| DOC84 RenderSafetyProof executed body | DOC84 owns execution | DOC84 / E7–E8 | §4.2 note + gate (UR-06) |
| FinalPromptTruthRef runtime body | DOC11/OpenClaw owns runtime truth | DOC11 / Stage 7 | §3.5 handoff + gate (UR-02) |
| Lint/fixture/migration meta-schemas | Stages 7/8/9 | Stage 7/8/9 | §16.3 (UR-28b) + gates |
| §20 per-member obligation instances | filled as each member charters | E1–E10 / E_org | §20 seed + §15.4 |
| DOC25 ReasonCode-producer grounding (scoped) | bookkeeping ratification (v2 scoped) | architect / Owner Map | OP-A + §17.4 (UR-37) |
| F-struct #3/#4 §19/§20 final bodies | first-draft now; refine | E0 ratification | §19/§20 + §17.4 (UR-38) |
| **Destruction ledger body/storage (v2)** | NAMED-only seam in E0 | DOC84 + DOC85 + DOC11 | §3.7 + §15.4 + §17.4 |
| **PromptShellLearningContract/Exposure (v2)** | NAMED-only orphan | DOC85 / Stage 7 | §3.8 + §15.4 (F11) |
| **DebugModeContract (v2)** | NAMED-only orphan (F30-scoped) | Stage 7 | §3.9 + §15.4 (F30) |
| **embedding_generation_id body (v2)** | NAMED-only orphan | DOC82/DOC85 / Stage 7 | §2.x + §15.4 (F28) |
| **ADQ-406 — DOC81 `collection_mode` suppression / "privacy topics" (v2)** | DOC81 owns governance; EC §1 enforces | DOC81 / E1–E2 | §3.2/§12.1 + §15.4 + OPA `OBL-D81-TOPIC-COLLECTION-SUPPRESSION-01` |
| **ADQ-407 — EC global recycle bin + retention setting (v2)** | EC owns deletion-&-recovery machinery | EC charter | §3.3 restore/erasure + §15.4 + OPA `OBL-EC-GLOBAL-RECYCLE-BIN-01` |
| **ADQ-408 — EC restore-from-backup into fresh install (v2)** | EC §7/§8 owns | EC charter | §3.3 RestoreMFC + §15.4 + OPA `OBL-EC-RESTORE-FROM-BACKUP-01` |
| **N3 clawback decision (v2)** | DECIDED: 5 planes, no 6th, no promotion invariant; manual | architect note | §G UR-08 note + §17.4 (so no later charter re-adds a 6th plane) |
| BETTER_IDEA UR-43/44/45 (UR-42 partly promoted) | forward capability | DOC84/86 + Stage 7+ | §17.4 + §16.2 |
| ADQ-222 (V5 networking) | does not block Stage 6 | architect / Stage 7 | §1.3 + §16.2 + ADQ ledger |
Mechanism: §15.4 gate table is the stop a future LLM hits; §17.4 preservation matrix proves nothing was silently lost; OP-A carries cross-doc obligations (incl. the three committed §6.Z rows); the ADQ ledger carries decisions (incl. ADQ-406/407/408). No manual tracking required.
### 8. Cross-artifact / discharge implications (do NOT edit these from this card)
- **`Supersession_Matrix.md` — SM-060:** "14 kinds" → "17 kinds; canonical = ABC R0.2 §9.2; no 17→14 merge."
- **`DOC80_Owner_Map.md`:** replace `CognitiveDiff + Resume card` row with `ResumeProjection`/`ResumeCard`; reconcile line 86 ReasonCode producers (DOC25 ratification per UR-37, **scoped to parse/materialization/ingestion**; DOC8 already dropped); confirm line 209 → defined §3.6 (UR-31). **(v2) add Owner-Map rows for the new MFC variants + MemoryDestructionLedger (schema_owner DOC80; storage DOC84/DOC85/DOC11).**
- **(v2) `DOC80_Import_Graph.md`:** confirm the EC §1/§3/§7/§8 ECSeamContract pins appear as import edges; no local redefinition of EC schemas. **(A7)**
- **(v2) `DOC80_Retired_Names.md`:** log the **14 invented ContextProductKind names** from the draft as do-not-reintroduce; affirm `ContextProduct` (not `ContextArtifact`) and `RegistryEntryLifecycleState` (not bare `LifecycleState` for registry entries). **(A7)**
- **(v2) Source Registry:** record ABC R0.2 §9.2/§9.3/§9.4 as the authoritative source for the 17 kinds / registry entry / disposition enum. **(A7)**
- **`STAGE_6_CHARTER_INPUT_INDEX.md`:** add ADQ-313 to the E0 section.
- **`E0_Red_Team_Review_Prompt.md`:** fix stale synthesis path `…/Red Team Ready/` → `…/Red Team Responses/`.
- **`Architect_Decision_Queue.md`:** after ratification mark ADQ-203/208/210/211/310/313/403/404 resolved-by-E0; **(v2, A2) also mark ADQ-207 and ADQ-312 resolved-by-E0**; DOC25 grounding (UR-37) + §19/§20 final bodies (UR-38) logged, not blocking. **ADQ-406/407/408 already resolved + committed.**
- **`OPA_V4.md`:** Card 1 said 0 rows target DOC80 core. **(v2 update) three obligations now committed as the §6.Z wave — `OBL-D81-TOPIC-COLLECTION-SUPPRESSION-01` (DOC81), `OBL-EC-GLOBAL-RECYCLE-BIN-01` (EC), `OBL-EC-RESTORE-FROM-BACKUP-01` (EC)** — to be folded into the §6 per-owner sub-tables + the 521/538 reconciliation at the next OPA patch round. Confirm DOC80's new contracts (MFC variants, destruction ledger, ECSeamContract pins) support those obligations. ChatGPT F40's OP-A/SPEC_STATE/ADDENDA_STATE closure runs as workflow housekeeping (A8).
### 9. Verdict
**`E0_NEEDS_REVISION_ROUND` → `STAGE_6_CAN_OPEN_AFTER_PATCH`.** (Token retained per the architect's instruction.) The DOC80-family decomposition and E0's direction are sound (A-/B+); the 12 Stage-5R synthesis must-fixes verifiably landed. Both card-review reviewers returned RATIFY_WITH_MINOR_FIXES and reopened nothing. E0 is not yet ratifiable only because of the surgical items above: the P0 source conflict (UR-01), the learning bug (UR-02), the defined-but-unenforceable proof spine (UR-03/04/05/07), the collapsed cross-plane cascade + polarity (UR-08/09), the named-but-undefined contract (UR-31), the dropped named-lint inventory (UR-46), the absent §18 (UR-35), and the four plan-divergences (UR-38 §4/§19/§20 + UR-35 §18) — plus the v2 correctness fixes to the card's own blocks. The v2 litigation proof layer (Erasure/Restamp/Restore MFCs + destruction ledger) is high-value but **non-blocking** for ratification: it is certificate shells + named seams, not engines, and does not reopen UR-29.
**Deliverable = the full revision = every accepted item** (all Tier 1–3 + the 5 additions + the v2 fold-ins ≈ **80 E0 edits**). No "minimum" subset. **Decided architect forks (veto-able at ratification):** UR-37 (DOC25 = producer, v2-scoped to parse/materialization/ingestion), UR-38 (restore §4/§19/§20), and the four v2 modifications (N3 five-plane cascade with no 6th plane and no promotion invariant; 17-row table guesses no owners; DebugModeContract scoped to F30; verdict token retained + §15.5 regression gate added). Tier 4 = rejects (would damage the spec) + deferrals (built in their owning stage, enrolled in §7).
**Recommended edit order (ordering only, not a scope cut):** (1) UR-01 + 17-row table + SM-060; (2) UR-02 FinalPromptTruthRef; (3) UR-03/04 MFC union **+ v2 erasure/restamp/restore + render_target + withheld plural + effective_state_generation_id + N8 refs**; (4) UR-08/09 cascade + polarity **(5 planes, N3)**; (5) UR-31 SemanticProjectionContract; (6) UR-46 named-lint inventory; (7) UR-07 retention classes **+ destruction ledger §3.7**; (8) UR-05 edge-level membership; (9) UR-35 §18 + UR-38 §4/§19/§20 **(+ §4 RegistryEntryLifecycleState/E0DurableRecord)**; (10) the §16.3/§17.4/§15.4 registers **+ §15.5 regression gate**; (11) registry + ops hardening (UR-10/11/12/17/23/24/25/26) **+ ECSeamContract EC pins + §12.1 control-plane invariants + ReproducibilityKey N2**; (12) the coverage orphans (§3.8/§3.9/embedding_generation_id) + minor rows; (13) the §8 cross-artifact sweep.
### 15.5 Post-patch regression gate (v2, A1/Finding-#11 — added as a numbered section)
After applying the ~80 edits, a single regression pass MUST confirm, before E0 is marked ratifiable: (a) `ContextProductKind` reads 17 everywhere (no stale "14" outside the fold-in-count numerals); (b) the MFC union compiles with all nine flow kinds and every `issued` variant carries its required refs; (c) every new lint name is either `[canonical]` (verbatim source) or `[proposed]` (Stage-9 confirm) — none silently promoted; (d) every §7 deferral has a matching §15.4 gate row and a §17.4 matrix row; (e) §3.6 SemanticProjectionContract is defined and §18 is present; (f) §4/§19/§20 restored; (g) no retired/invented name reintroduced (cross-checked against `DOC80_Retired_Names.md`); (h) the three committed OPA §6.Z obligations + ADQ-406/407/408 are referenced from the gate table and preservation matrix. Lint bundle `regression.e0_post_patch_*` (proposed) backs this gate.
**Ratification check:** every Tier-1 item applied; all four decided forks accepted or overridden; §15.4 gate table + §15.5 regression gate + §17.4 preservation matrix present so no deferral is lost; §3.6 defined; §18 present; §4/§19/§20 restored; SM-060/Owner-Map/Import-Graph/Retired-Names/Source-Registry/index/prompt-path drift swept; the v2 litigation proof layer named (not engine'd); UR-29 intact.
## 22. Egress enforcement binding — NEW SECTION FOR REVIEW (post-v2; egress-privilege audit)
*Added after the v2 verdict. Source: egress-privilege audit of EC Core Add A V3.3, PropA R6.3, DOC24 R3.1.1, and KDA R3 (this session). Additive to the §9 deliverable; does not reopen the existing verdict. Value-tier: **Substantive (high)** — privilege/confidentiality egress, partially mitigated today by PropA's fail-closed default. Architect call whether it blocks ratification; recommended: fold into the revision.*
**Audit result, one line:** the egress *model* is specified and strong — privilege is classified, every outbound destination (incl. email and agent-to-agent) is enumerated, and unclassified content fails closed — but **no lint binds every send-site to a destination-correct policy decision**, so a path that skips the matrix (a connector-sent email, an agent message, a raw-artifact export, a channel projection) can egress unchecked and nothing fails the build. DOC80's job is to make the existing "every outbound boundary runs through the policy engine" rule (PropA L94) *provable*.
**Grounding — what already exists (do NOT re-spec):**
- Classification: PropA **P1 privilege classifier** (L1622: `attorney_client_privileged | work_product | firm_gc_privileged | privilege_uncertain | not_privileged` + findings); **P3** personal/PII (≈L1660).
- Outbound taxonomy: PropA **§2 `SharingRuleSchema`** (L1080–1098): `same_machine_local_runtime | local_file_export | local_network_peer | firm_server | remote_peer | cloud_api | email_outbound | agent_messaging`; matrix principle #2 (all but `same_machine_local_runtime` are outbound); #4 (`warn` + `background_non_interactive` ⇒ `block`); #5 (redact/strip emit receipts, never silent).
- Fail-closed default: PropA **L783–784** — `provisional_source_only | unclassified | deferred_unavailable | quarantined_review` SHALL fail closed for all outbound except same-machine.
- Render-time enforcement: KDA **§3.2C** `enforceKdaRenderPolicy()` (block/strip/redact by destination class + visibility).
- Local export: EC **§8.1** (`full_raw_backup | firm_tenant_only | sanitized_anonymized`, encrypted).
- Unified-gate principle: PropA **L94** — EC PolicyDecisionEngine "at every outbound / injection / sync boundary."
**UR-49 — GAP → fix: egress binding is asserted, not enforced.** `bare_render` / `render_without` / "outbound-action-without-policy-decision" appear **0×** in EC, PropA, DOC24, or KDA. DOC24 **§21.1 SharedActionHandlerLayer** routes every action but its steps are validate-envelope → idempotency → persist-receipt → emit-events — **no policy-decision gate step.** Render contracts carry `policy_decision_id` (DOC24 11×, KDA 5×) but nothing fails if it is absent, permissive, mismatched to the actual destination, or if a non-render egress (raw-artifact attach, DOC11/DOC12 channel projection) skips the matrix. `enforceKdaRenderPolicy()` enforces whatever it is *handed*; it does not derive the decision from the privilege class. **Fix:** INV-E0-EGRESS-1 + the attestation contract (UR-50) + lints (UR-51) + fixtures (UR-52).
> **INV-E0-EGRESS-1 (DOC80-owned).** No egress without an attached, destination-correct `PolicyDecision` + receipt. Any outbound action envelope (at `SharedActionHandlerLayer`) whose destination is in PropA's outbound set MUST carry a `policy_decision_id` whose `destination` equals the action's actual destination and whose decision permits or scopes the payload; absent / mismatched / permissive-by-omission → **fail closed.** Generalizes the v2 **N8** export-boundary disclosure re-evaluation to *all* outbound destinations.
**UR-50 — contract: `E0EgressAttestation` (DOC80 schema_owner; enforcement bodies cross-doc).** Generalizes **N8** (export/delegation disclosure re-evaluation) to every outbound destination class.
```ts
// schema_owner: DOC80 (E0). Produced at the egress boundary; consumed by the
// SharedActionHandlerLayer gate (EC/DOC24) and recorded in the MemoryCoordinationTrace.
export type E0OutboundDestinationClass =
| "same_machine_local_runtime" | "local_file_export" | "local_network_peer"
| "firm_server" | "remote_peer" | "cloud_api" | "email_outbound" | "agent_messaging";
export type E0EgressDecisionOutcome = "allow" | "scope" | "redact" | "strip" | "block";
export type E0EgressAttestation = {
outbound_destination_class: E0OutboundDestinationClass;
policy_decision_id: string; // MUST resolve (no bare/omitted decision)
policy_decision_destination: E0OutboundDestinationClass; // MUST === outbound_destination_class
decision_outcome: E0EgressDecisionOutcome;
receipt_ref: string; // scope/redact/strip/block emit receipts; not silent
disclosure_reevaluated_at_boundary: true; // the N8 attestation, generalized
redaction_map_ref?: string; // required when decision_outcome === "redact"
schema_version: 1;
};
```
Rule: `same_machine_local_runtime` is the only class that may carry `decision_outcome: "allow"` without a destination-policy lookup; every other class requires a resolved, destination-matched decision or fails closed.
**UR-51 — lints (mark `[proposed]`; Stage-9 confirm, per the card's lint-status convention):**
- `policy.bare_render_action` *(already named in Flatten plan §17.4)*
- `policy.export_stamp_without_destination` *(already named in Flatten plan §17.4)*
- `egress.outbound_action_without_destination_policy_decision` *(proposed)*
- `egress.destination_mismatch_between_action_and_policy` *(proposed)*
**UR-52 — golden fixtures (gate_level `final_switchover`; one per egress shape):**
- `egress.privileged_to_email_outbound_blocks` — privileged source → `email_outbound` ⇒ `block`.
- `egress.privileged_to_agent_messaging_blocks_or_scopes` — privileged source → `agent_messaging` ⇒ `block` (or `scope` w/ receipt).
- `egress.sensitive_to_cloud_api_redacts` — sensitive source → `cloud_api` render ⇒ KDA `redact` w/ `redaction_map_ref`.
- `egress.raw_artifact_export_to_non_local_blocks_or_sanitizes` — privileged artifact → non-local export ⇒ `block` or `sanitized`.
- `egress.channel_projection_applies_policy` — projected room/forum content (DOC11/DOC12) ⇒ destination policy applied before dispatch.
**UR-53 — cross-artifact / OPA implications + convergence (discharge separately, like §8 — NOT edited from this card):**
- **EC / DOC24 §21.1:** add the missing **policy-decision gate step** to `SharedActionHandlerLayer` (validate → **destination policy decision** → execute). → OPA row.
- **DOC24:** emit the per-turn **delivered/truncated/dropped source ledger** during packet assembly. → OPA row.
- **KDA:** require **every** egress path (not only card render) to route through `enforceKdaRenderPolicy`. → OPA row.
- **PropA:** bind the §2 outbound matrix to a mechanical check; confirm `email_outbound` + `agent_messaging` coverage. → OPA row.
- **DOC11 / OpenClaw:** verbatim as-sent capture + cache-trace + post-handoff-trim note — *extend existing* `OBL-D11-NEW-FINAL-PROMPT-SPAN-01` / `OBL-OPENCLAW-NEW-FINAL-PROMPT-SPAN-01` (DOC24 §22). → OPA rows.
- **DOC12:** channel projection applies egress policy before dispatch. → OPA row.
- **DOC84 / DOC85:** consume the source ledger for learning attribution. → OPA rows.
- **Convergence (BETTER_IDEA):** the per-turn, per-source **delivered/truncated/dropped ledger** the egress binding needs is the *same* primitive the learning feature needs (final-prompt source attribution — confirmed possible by the CODEX runtime probe this session). Build it **once** as the MemoryCoordinationTrace per-source record; do not build two ledgers.
**Tracking.** UR-49/50/51/52 are active DOC80 additions to fold into the §9 revision (Substantive tier). UR-53 cross-doc items are new **OPA** obligations (discharge like §8, not from this card). The one *deferred/empirical* piece — verifying that DOC11/DOC12 dispatch + connector send-actions actually call the gate at runtime — is a Claude Code probe (sibling to the final-prompt probe), enrollable in §7 + §15.4 when scheduled.
*End of E0 / DOC80-Core Adjudication Card (v2).*