DOC23_SUBSUMBED ADD B ADJ Card.md
Active Working and Red Team/DOC23 Working/DOC23 Red Teaming/Archived DOC23 Red Teaming/DOC23_SUBSUMBED ADD B ADJ Card.md
# DOC23 Addenda B — Red Team Adjudication Card (Staged Application Build)
**Status:** Draft, pending architect review + multi-LLM red-team. **Layers 0–5 complete (+ new rows)** — front matter + Step 0 + Layer 1 (seven shared primitives) + Layer 2 (four flips, anchor-confirmed) + Layer 3 core (criticals/collisions/re-anchors/re-grades) + Layer 3 C-cluster math + standard rows. **Remaining:** Layer 4 (§G as read-models + DOC20 OP-A), Layer 5 (fixtures), the new rows, then final pass. This is the assembled staged card; it supersedes `DOC23_ADDENDA_B_RT_ADJUDICATION_CARD_CONSOLIDATED.md` for application order (the consolidated card stays as the row-detail source).
**What this is.** The application-ready restructure of the 126-item, four-reviewer consolidated card, reorganized per the three reviews **of that card** (Claude + ChatGPT + Gemini). It supersedes the consolidated card for application order and for every item whose disposition or fix changed; unchanged CONFIRMED rows are carried by reference.
**Why staged (the central finding of all three card-reviews).** Do **not** apply the card as 126 flat rows. Apply a structural **Layer 1 first, defined once**, then the disposition flips, then the critical row fixes, then §G, then fixtures. Defining shared primitives once removes the per-row redefinition that inflated the consolidated card and caused cross-row collisions.
```
Step 0 Strip / type-owner pass on the fix package itself (run BEFORE applying anything)
Layer 1 Shared structural primitives, defined once
Layer 2 Disposition flips (reverse/redirect prior rows) — anchor-confirmed
Layer 3 Critical row fixes + cross-row collisions + re-grades + C-cluster math + standard rows
Layer 4 §G Professional-Reliance / UX layer, as derived read-models (no new truth store)
Layer 5 Fixtures (golden scenarios + chaos/concurrency)
```
**Owner-first rule (binding; root cause of three reversed rows).** Before accepting any finding of the form "*X is missing / referenced but never defined*," resolve **whether X is already owned or defined elsewhere** (its owner doc, an existing enum, an existing field). A grep-level absence in one doc is not proof of absence in the system. Three consolidated-card rows (A-11, B-25, B-15) asserted a missing element that already exists or is owned elsewhere; they flip in Layer 2. Enforced mechanically in Step 0.
**Severity reframe (propagated everywhere).** A finding's severity is **importance** — it drives revision priority and human-review surfacing — and **never halts** the run. Only mechanical/system errors halt execution (`StepExecutionFailureKind`). An output is not auto-"passed" while serious findings are unresolved; if unresolvable, termination logic (V3.3.1 §6.7.3, see B-24) **escalates** (Gate-4 review or "rely with limitations"), it does not halt. Irreversible external actions (filing/sending) remain gated by an action permission — an action gate, not a finding block. This retires the "blocking-authority guard" debate (A-05) and adjusts A-06 and B-24.
**Disposition vocabulary:** `ACCEPT` · `ACCEPT WITH MODIFICATIONS` · `ACCEPT-AS-FIX` · `DECLINE` (reverse a prior ACCEPT) · `REDIRECT-OP-A` (owned by another doc → OP-A row) · `DEFER-PhaseB` (§E) · `DECLINED` (§F) · `ELEVATE` · `OPEN_FOR_ARCHITECT_REVIEW`.
**Coverage crosswalk.** Every one of the 126 consolidated-card items is accounted for in exactly one layer (the Layer Map). No item is dropped; flips and re-grades are explicit; §E/§F carry forward unchanged.
---
## Layer Map — where each consolidated-card item lands
**Layer 2 — Disposition flips / redirects** (all four anchor-confirmed — see Layer 2)
- `A-11` → **DECLINE** (`LearningMode` already enumerated, V3.3.1 §6.16.1); the *use* stays DEFER-PhaseB.
- `B-25` → **DECLINE** (`depends_on_step_ids` + cycle detection §6.11.1 both exist); de-CRITICAL.
- `B-15` → **REDIRECT-OP-A** (`RoomKind.plan_review` owned by DOC12, `OBL-DOC12-FORUM-01`).
- `D-04` → **SPLIT**: keep Tier 0 (`lookup_receipt`), bar it from trust claims; retain the other three sub-fixes.
- `A-05` → **subsumed by the severity reframe**; `A-06` verdict-mapping adjusts (standard row).
**Layer 3 — Critical fixes, cross-row collisions, re-grades** (rendered in full):
`A-01` (→Layer 1) · `A-02` HIGH (elevation declined) · `A-04` (route-resolution) · `A-07` (one `NoVerdictReason` + aliases) · `A-12` (`OutcomeVerdict`) · `A-16` CRITICAL (`revision_in` chokepoint) · `A-23` (re-anchor to Source Workspace) · `A-26` (`FindingMatchKey`) · `B-02↔B-27` (`attempt_seq`+`prior_output_hash`) · `B-08` (dual `FailureKind` + `StepExecutionFailureKind`) · `B-24` CRITICAL (sufficiency predicate → §6.7.3 loop breaker) · `B-26` (§6.11↔§6.7.3) · `C-03` (remove predicted hashes) · `D-01` (transitive taint) · `D-13` HIGH/injection.
**Layer 3 — Math/scoring hardening** (C-cluster): `C-01`,`C-02`,`C-04`,`C-05`,`C-06`,`C-07`,`C-08`,`C-09`,`C-10` on the L1.5 shapes (`C-03` is in Layer 3 core). **`B-16` is a concurrency row, not a C-cluster item.**
**Layer 4 — §G Professional-Reliance / UX** (`G-01`…`G-21`): KEEP entire layer; build as **derived read-models** (`DerivedReadModelRecord`, Layer 1). UI surfaces (`G-07`, `G-12`…`G-16`, `G-20`) → OP-A row to DOC20.
**Layer 5 — Fixtures**: `G-21` (chaos/concurrency) + golden scenarios.
**Layer 3 — Standard fixes (carried by reference):** all remaining §A/§B/§C/§D ACCEPT rows not named above — ID + final disposition + consolidated-card anchor (full schema in the consolidated card).
**§E (held, Phase-B)** `E-01…E-13` and **§F (declined)** `F` — carry forward unchanged; no per-row action.
**New rows added this restructure:** the Layer-1 primitives as first-class rows; reliance-decay; delegation; `D-19`/`D-20` completions; Grok §3.3 / §5.7 / §5.9. Citation fix: **B-24 is Grok §4.9**.
---
## Step 0 — Strip / type-owner pass on the fix package (run before applying anything)
The **subtractive stroke applied to the fix package itself** — removes adds that are redundant (already owned) or unspecifiable, and surfaces the Layer-2 flips. Runs once over the whole set before any row is applied.
1. **Admission gate (one-time, pre-write).** Every proposed type/enum/field/schema is checked against the `TypeOwnerRegistry` (§L1.2). The gate is a **check, not a standing object**: passes only if the symbol is (a) new + assigned an owner doc, or (b) an extension of an owned symbol. New canonical object families trip `ARCHITECT_STOP`.
2. **Phantom-reference lint** (`SchemaReferenceValidationRule`, §L1.2). Any reference to a field/type not in the registry fails. Catches "phantom schema refs" (A-09) at the package level. *This pass also caught two phantom fields in an early draft of this card — `confidence_merge_strategy` and `tiebreaker_epsilon` — both removed.*
3. **Owner-first resolution.** For every "X missing / referenced-never-defined" finding, confirm X's owner first. Output: the Layer-2 flips (A-11, B-25, B-15) + the D-04 hold.
4. **Collision scan.** Detect name collisions (e.g., `EvaluationVerdict` reused for an outcome concept; `FailureKind` defined twice). Output: Layer-3 renames (A-12→`OutcomeVerdict`, B-08→`StepExecutionFailureKind` + dual-`FailureKind` consolidation).
5. **Dedup-of-truth scan.** Detect rows inventing the same primitive under different names (termination counter, finding match key, read-model). Output: the Layer-1 consolidations (one `RevisorTerminationLedger`, one `FindingMatchKey`, the `DerivedReadModelRecord` family).
Step-0 lints:
```
step0.symbol_without_owner
step0.phantom_field_reference
step0.missing_claim_unresolved_owner // owner-first rule
step0.name_collision_across_package
step0.duplicate_primitive_across_rows
```
---
## Layer 1 — Shared structural primitives (defined once)
Seven primitives defined **once** and referenced by ID from every later row. All three card-reviews built variants independently; consolidating them removes the per-row redefinition and the cross-row collisions. Each carries the rows it subsumes.
### L1.1 `GovernanceEnvelope` — universal governance mixin
```ts
interface GovernanceEnvelope {
policy_decision_ref: PolicyDecisionRef // the EC decision that authorized this object's disposition
policy_generation_id: string // ties to the compiled policy version (B-12 freshness)
privilege_class: PrivilegeClass // attorney_client | work_product | confidential | none
access_tier: AccessTier // matter_team_access | supervising_attorney | firm_admin
taint_class: TaintClass // rides the object; consumers treat content as data, not instruction
matter_ref: MatterRef | null // scopes cross-matter visibility (D-24)
schema_version: 1
}
```
*Subsumes:* A-20, D-02, D-07/D-08, D-24. The Review Studio `LifecycleActorEnvelope` (DOC23_ADDB_Review_Studio.md §9.1) **extends** this mixin.
### L1.2 `TypeOwnerRegistry` + admission gate + phantom-reference lint
```ts
interface TypeOwnerRegistryEntry {
symbol: string; owner_doc: string; defined_at: string
status: "operative" | "proposed_this_pass" | "extension_of"
extends_symbol: string | null
schema_version: 1
}
// One-time admission check (Step 0, NOT a runtime object): pass iff symbol is (a) new + owner_doc, OR (b) extension_of an owned symbol. New canonical family -> ARCHITECT_STOP.
interface SchemaReferenceValidationRule { rule_id: "schema_reference_validation"; severity: "blocker" }
// FAIL: any field/type reference not present in TypeOwnerRegistry.
```
*Subsumes:* A-09, A-13 (dual learning envelope forbidden), A-25 (one owned name), D-22.
### L1.3 `EvaluationFinding` — event / record / view (A-01, canonical)
Single finding model, shared with the Review Studio unit (DOC23_ADDB_Review_Studio.md §2). Replaces the two incompatible schemas; keeps **both** bases; the view is a read-only copy.
```ts
interface EvaluationFindingEvent { // immutable per-round audit record
finding_event_id: string; outcome_id: string; target_artifact_ref: string
target_version_ref: string // version-pinned (V3.3.1 §5.7)
target_scope_ref: TargetScopeRef | null // anchor; maps to a DOC20 CommentAnchor
detected_at: string; severity: FindingSeverity // IMPORTANCE, never a halt
assurance_basis: AssuranceBasis[] // user_instruction | saved_criteria | human_label | multi_reviewer_consensus | model_judgment_only
authority_basis: EvaluationAuthorityBasis[] // 9-value FD enum (FD §3.4) — kept distinct from assurance_basis
match_key: FindingMatchKey // L1.4
body: string; governance: GovernanceEnvelope; schema_version: 1
}
interface EvaluationFindingRecord { // mutable lifecycle row
finding_id: string; origin_event_id: string
state: FindingState // active | resolved | human_resolved | superseded_by_revision | superseded_by_source_change | dismissed | contested
target_version_ref: string
resolved_by_receipt_ref: string | null // only a Revisor RevisionExecutionReceipt sets `resolved` (§5.7.2)
superseded_by_finding_id: string | null; governance: GovernanceEnvelope; schema_version: 1
}
interface FeedbackFindingView { // read-only projection the UI renders
finding_id: string; display_state: FindingState; anchor: TargetScopeRef | null
severity: FindingSeverity; body: string
history: FindingStateTransition[] // per-round snapshots -> cross-round drift view
schema_version: 1
}
```
*Subsumes:* A-01, A-05 (basis reconciliation; blocking part retired by the reframe), A-19 (`FindingState` negative exits), A-26 (`match_key`). `human_resolved` per DOC23_ADDB_Review_Studio.md §8.3.
### L1.4 `FindingMatchKey` + `RevisorTerminationLedger`
```ts
interface FindingMatchKey { // stable identity across revision rounds
artifact_root_id: string // stable root, NOT a version ref (A-26)
outcome_id: string; criterion_id: string | null
failure_signature: FailureKind // reuse the §6.2 FailureKind taxonomy (no new enum)
schema_version: 1
}
interface RevisorTerminationLedger { // ONE per revision run; all termination accounting here
run_id: string; rounds: RevisionRoundRecord[]
per_finding_attempts: { match_key: FindingMatchKey; attempt_seq: number; prior_output_hash: string }[] // B-02 ↔ B-27
repeated_insufficiency_count: number; loop_breaker_limit: 3 // N = 3 (B-24)
sufficiency_predicate_results: SufficiencyPredicateResult[] // B-24 predicate feeding the §6.7.3 loop breaker
no_progress_detected: boolean
termination_reason: "converged" | "loop_breaker" | "escalated_gate4" | "rely_with_limitations" | null
schema_version: 1
}
```
*Subsumes:* A-26, B-24, B-02 ↔ B-27, B-18/B-19, B-26 (one source of truth), D-18.
### L1.5 `FormulaEvaluationReceipt` + `MetricObservation` + `MetricRollup`
Makes every score a receipted formula evaluation, and gives the math-audit guards one home. Per-formula patches in Layer 3.
```ts
interface FormulaEvaluationReceipt { // one per score computation (C-01: Formula Registry)
formula_id: string // registered formula (versioned)
inputs: Record<string, number>
denominator_basis: string // e.g. "total_advice_rendered_count" not "accepted_count" (C-04)
sample_size: number
guards_applied: ("zero_denominator_fallback" | "underflow_clamp" | "percentile_bounded" | "censored_to_terminal")[]
output: number; schema_version: 1
}
interface MetricObservation {
metric_id: string; value: number
terminal_state_only: boolean // C-02: count only terminal-state cycles
observed_at: string; context_ref: string; schema_version: 1
}
interface MetricRollup {
metric_id: string; method: "mean" | "p50" | "p90" | "weighted_mean"
zero_denominator_fallback: "null" | "0" | "undefined_reported" // C-06
underflow_clamp: boolean // C-09: Math.max(0.0, weighted_mean - penalty)
percentile_impl: "rolling_window" | "t_digest" | "exact_bounded" // C-05: no unbounded array
missing_dimension_penalty_value: number // C-01
schema_version: 1
}
```
*Subsumes (shape for):* C-01 (Formula Registry — keystone), C-02 (terminal-state censoring), C-04 (severity-weighted rate), C-05 (bounded percentile), C-06 (zero-denominator/insufficient-sample). C-07 (`CostEstimate`), C-08 (`NoveltyMetricSpec`), C-09 (task-mode/template-match) carry their own Layer-3 schemas but resolve `formula_id`s here. **(Corrections: `confidence_merge_strategy` and `tiebreaker_epsilon` removed — both mis-anchored. A-04 is route-resolution (rendered in Layer 3); B-16 is a concurrency tiebreaker §11.9 (standard row), not a metric epsilon.)**
### L1.6 `DerivedReadModelRecord` + `ReadModelInvalidationSpec`
"No new truth store" primitive for §G and cross-cutting surfaces (matches V3.3.1 §11.1.1 "derived, not invented").
```ts
interface DerivedReadModelRecord {
read_model_id: string
derived_from: string[] // source-of-truth refs; NEVER authoritative
projection_kind: string // task_health | findings_inbox | budget_narrative | run_diff | ...
invalidation: ReadModelInvalidationSpec
governance: GovernanceEnvelope // privilege/tier-filtered on read
schema_version: 1
}
interface ReadModelInvalidationSpec {
declared_dependencies: string[] // changing any invalidates the read-model (auditable, not predicted)
refresh: "on_dependency_change" | "on_read" | "scheduled"; schema_version: 1
}
```
*Subsumes:* §G (G-01…G-21, Layer 4), the Review Studio read contract (§9.2), D-12.
### L1.7 `LintRegistry`
```ts
interface LintRegistryEntry {
lint_id: string; owner_doc: string; checks: string
severity: "advisory" | "warning" | "blocker"
waiver: { allowed: boolean; approver: "architect"; expires_at: string | null }
schema_version: 1
}
```
*Subsumes:* every scattered lint across §A–§D and §G, plus the Step-0 and Review Studio lints.
---
## Layer 1 — acceptance
Accepted when: (1) all seven primitives have an owner in the `TypeOwnerRegistry`; (2) no later row redefines them (referenced by ID only); (3) the Step-0 admission gate + phantom lint pass over the whole package; (4) the finding model matches the Review Studio unit; (5) `RevisorTerminationLedger` is the sole termination accumulator and the `FormulaEvaluationReceipt`/`MetricRollup` pair the sole score-computation shape.
---
## Layer 2 — Disposition flips (anchor-confirmed)
Each flip was confirmed against **live spec text (section + line)** before being written, per the owner-first rule. These reverse or narrow prior ACCEPTs; the consolidated-card claim is quoted, then rebutted.
### L2.1 `A-11` → **DECLINE** (enumeration redundant; the *use* remains DEFER-PhaseB)
- **Card claim (ACCEPT):** "`LearningMode` is referenced across §15 but never enumerated"; proposed `production | signal_generation | cross_calibration`.
- **Verified:** enumerated at **V3.3.1 §6.16.1** (3098–3108) as `"production" | "signal_generation" | "calibration"`; field `learning_mode: LearningMode` (3072); §0.4 inventory (45). The card looked in §15 and missed §6.16.1.
- **Disposition:** **DECLINE** the add — it would create a divergent duplicate (`cross_calibration` ≠ the real `calibration`). The behaviors (§6.16.2) remain **DEFER-PhaseB** (E-07).
- **Owner:** V3.3.1 §6.16.1.
### L2.2 `B-25` → **DECLINE** (field *and* cycle-lint both exist; proposed remedy regresses the schema) — was CRITICAL
- **Card claim (CRITICAL):** "§11.3's plan-lint references 'DAG acyclic' but `RevisionPlan` steps carry no dependency field." Proposed replacing `RevisionPlanStepBase`.
- **Verified:** `RevisionPlanStepBase.depends_on_step_ids: string[]` exists (3493); the check exists — `RULE dag_acyclic` (4774–4775), §6.11.1 topological-sort-with-cycle-detection (2949), §11.22.1 (5833), `validation.dag_cyclic` (8175), deterministic plan linting includes DAG (1312).
- **Disposition:** **DECLINE**; de-escalate from CRITICAL. Both halves false. The proposed rewrite is **rejected** — it would delete ~6 real fields (`step_order`, `affected_artifact_refs`, `affected_outcome_ids`, `source_repair_depth`, `idempotency_key`, `preconditions`). (B-26's `revalidation_policy` is handled on its own in Layer 3.)
- **Owner:** V3.3.1 §6.11.1 / §11.22.1.
### L2.3 `B-15` → **REDIRECT-OP-A** (already owned by DOC12; the obligation already exists)
- **Card claim (ACCEPT, ⚠verify):** "`RoomKind.plan_review` used but not registered."
- **Verified:** the Forum sub-addendum **itself** says DOC12 owns canonical room registrations incl. `RoomKind.plan_review` (45), the plan-review forum uses the DOC12-registered kind (754), config carries `room_kind?` resolving to DOC12 (179), and **`OBL-DOC12-FORUM-01`** already requires DOC12 to register it (874, 906–907).
- **Disposition:** **REDIRECT-OP-A.** Addenda B must not register it (would duplicate DOC12 ownership / violate the Step-0 admission gate). Already captured as `OBL-DOC12-FORUM-01`; carry on the OP-A list.
- **Owner:** DOC12 (`OBL-DOC12-FORUM-01`).
### L2.4 `D-04` → **SPLIT**: keep Tier 0 (de-escalation hold) + retain the other three sub-fixes
- **Tier-0 sub-claim ("remove `0`") → FLIP.** **Verified:** tier 0 = `lookup_receipt` is an intentional, load-bearing "receipt records only" tier for ephemeral lookups (SrcWS 103–106; "Check today's stock price → tier 0", 239).
- **Disposition:** **KEEP Tier 0.** Reconcile the type to **include** 0 (`SourceRecord.tier ∈ {0,1,2,3}`, 0 = `lookup_receipt`) rather than delete it. Add the safeguard: a Tier-0 `lookup_receipt` **must not** back a downstream reliance/trust claim → `validation.tier0_receipt_used_as_trust_basis` (error).
- **Other three sub-fixes → KEEP as ACCEPT** (standard rows): persist every `SourceTierTransition` (§3.3); align verification-state vocab (§2.3 / §4.1); gate demotion (`from_tier > to_tier`) by `cleared_by_access_tier >= "matter_team_access"` + reason (`validation.source_tier_demotion_without_authority`).
- **Owner:** Source Workspace §3 / §3.3.
### L2.5 `A-05` → subsumed by the severity reframe (no separate fix)
The "blocking-authority guard" debate is retired by the reframe (findings carry importance, never halt; unresolvable serious findings escalate; irreversible external actions gated by an action permission). A-05's `assurance_basis` vs `authority_basis` content is captured in L1.3 (both bases retained).
### L2.6 New finding (surfaced by this verification): loop-breaker section citation is inconsistent
V3.3.1 cites the `D16` loop breaker as **both** §6.11 (1318, 1982, 9560) **and** §6.7.3 (2894, 3069, 3232) — a concrete instance of **B-26**. Folded into B-26 (Layer 3).
### Layer 2 — disposition delta & lints
Three items leave the ACCEPT-and-build set (`A-11` enum, `B-25`, `B-15`); `D-04` narrows; one CRITICAL retired (`B-25`).
```
layer2.declined_add_reintroduced
layer2.tier0_removed_from_domain
validation.tier0_receipt_used_as_trust_basis
```
---
## Layer 3 — Critical fixes, collisions, and re-grades
These rows **change content**. Each verified against live spec before writing.
### L3.1 Critical / safety / compliance
**`A-16` — Direct repair can bypass the central `revision_in` safety contract — CRITICAL (confirmed).**
- **Verified:** `DirectFixStep` (V3.3.1 3560) is itself locked — `target_port:"none_direct_fix"`, `direct_fix_class: DirectFixAllowedClass` (whitelist 601–608), `target_module_id`/`typed_instruction` FORBIDDEN, allow/forbid classes (601–617). The risk is the **FD wiring**: Feedback Delivery routes repair to `instruction_in`/`data_in`/`context_in` (FD 34), and the Revisor's safety chain runs through `revision_in` (FD 431). Those direct paths skip capability validation, preconditions, candidate versions, policy gates, preservation, and receipts.
- **Fix (FD §7.2):** repair may **execute** only through (a) a `revision_in` port, or (b) `revision_compatible = true` **and** `ModuleRevisionCapability` coverage; all other wiring is **advisory context only**.
```ts
interface PortRevisionEligibility { port_id: string; module_id: string;
revision_compatible: boolean; // default false
module_revision_capability_ref?: StorageRef; } // REQUIRED when revision_compatible = true
// validation.repair_routed_to_non_revision_port (error)
```
- **Cross-ref:** same chokepoint the Review Studio unit relies on (§1.2, §5.4). Pairs with A-17.
**`D-01` — Transitive taint laundering — compliance blocker (confirmed).**
- **Verified:** `SourceWorkspace.current_taint_class` exists (SrcWS 145), retrieval lineage exists (296–299), but there is **no `source_kind → taint_class` map** and **taint is not transitive** — a tainted artifact summarized by a sub-agent/forum re-enters "clean." Privilege/firewall-grade for a litigator.
- **Fix (SrcWS §4.1A + cross-addenda rule + `TaintAggregationPolicy`):** ship the default map (`web_source → external_untrusted`; `case_law|statute|regulation|api_result|database_record → external_authority_trusted`; `document|email|file|prior_task_output → user_trusted_bounded`; `library_entry → internal_corpus_trusted`); **transitive rule** — any module/sub-agent output inherits the **max** taint of its inputs unless it passes a declared `SanitizationNode`; privileged input → privileged workspace.
```ts
interface SanitizationNode { node_id: string; input_taint: TaintClass; output_taint: TaintClass;
method: "human_review" | "structural_strip" | "policy_filter"; evidence_ref: StorageRef; }
// validation.taint_not_inherited_through_summary (error); validation.source_kind_taint_unmapped (error)
```
- The `SanitizationNode` is the only sanctioned taint-downgrade. All taint rides `GovernanceEnvelope` (L1.1).
**`B-24` — Revisor sufficiency protocol detection — CRITICAL (confirmed; mechanism exists, detection underspecified).**
- **Verified:** the loop breaker exists — `D16`, default **N=3** consecutive `still_failing_same_reason`, then BLOCK + escalate to Task Agent (§6.9) or human (§6.6) (1982, 2894, test F-LOOP-01 at 9080); `repeated_insufficiency_count` (3232). `still_failing_same_reason` = "same FailureKind + same primary finding" (1942). Underspecified: the **"same reason" detection**.
- **Fix:** the predicate is `FindingMatchKey` equality (L1.4); all accounting lives on the single `RevisorTerminationLedger` (L1.4). Hard Call surfaces only on a real user choice (missing source/verification/capability). The §6.11-vs-§6.7.3 split is fixed under B-26.
**`D-13` — Cross-run `RunGuidance` persistence + contested-check — ELEVATE to HIGH / injection-class (confirmed).**
- **Verified:** `RunGuidanceCandidate` (FD 296) / `RunGuidanceItem` (FD 311) exist with `guidance_kind ∈ source_warning|do_not_use|must_include|style_rule` + `lifecycle_state`, but FD never says where guidance persists or how Run-A reaches Run B, `contested` is never checked, no lifecycle receipt.
- **Why elevated:** `must_include`/`do_not_use` is **injected** into later runs — a cross-run injection vector; with D-01, tainted-derived guidance crossing runs is an injection path.
- **Fix:** persist `RunGuidanceItem` to `TaskBlueprint.persistent_guidance[]` (one authoritative store; EC durable write); `lifecycle_state: proposed|active|contested|superseded`, consumers MUST skip `contested`; emit `RunGuidanceLifecycleReceipt`; guidance carries `GovernanceEnvelope`. `validation.run_guidance_consumed_while_contested` (error). (Cross-run *learning* vs DOC72 precedence is §E / E-02.)
### L3.2 Collisions / dedup
**`A-01`** — finding model → Layer 1 (L1.3). No separate fix.
**`A-26`** — `ProgressSignal` keys on `(failure_kind, target_artifact_section_ref, finding_summary_hash)` (1948) — version-sensitive. **Fix:** replace with `FindingMatchKey` (L1.4, stable `artifact_root_id`); `matched_findings` computed by key equality.
**`B-02 ↔ B-27`** — `regenerate` = "rerun from scratch with new instructions" (2739); B-02 under-specified idempotency, B-27 identical-output loop invisible. **Fix:** `RevisorTerminationLedger.per_finding_attempts` carries `attempt_seq` + `prior_output_hash` (L1.4); a regenerate matching `prior_output_hash` for the same `FindingMatchKey` counts as `still_failing_same_reason`.
**`B-08`** — `FailureKind` is declared **twice** (§0.4.9 / 493 and §6.2 / 2715, same 12 values); `WorkspaceWriteFailureKind` (657) is separate. **Fix:** §6.2 canonical; §0.4.9 references it; step-execution failures → `StepExecutionFailureKind` (distinct from evaluation `FailureKind` and `WorkspaceWriteFailureKind`). `supersession.dual_running_type_family`.
**`A-12`** — §5.13 `EvaluationVerdict` is **per-lane** (`lane_*`, 2292 "Lane results aggregate into the OutcomeEvaluationResult"); no outcome-level type. **Fix:** add `OutcomeVerdict` (`passed|failed|indeterminate|not_applicable|blocked`); `EvaluationVerdict` stays per-lane; lane→outcome is the canonical mapping (CC §3.2).
**`A-07`** — `evaluation_verdict` includes `indeterminate` (CC 204); `indeterminate_reasons: IndeterminateCause[]` cites a "V4 R203 taxonomy" (CC 214). **Fix:** one canonical `NoVerdictReason` + an **alias registry** mapping the variants; needs **no R203 knowledge**; full Addenda-A consolidation is an **OP-A row**.
### L3.3 Re-anchors / corrections
**`A-02`** — Pattern C envelope field-location (ACCEPT/HIGH; **NOT elevated**). **Verified:** §3.3 requires `EvaluationResultEnvelope` be wrapped in `EvaluationArtifactEnvelope` (CC 289–295); the Judge needs `evaluated_target`/`evaluation_basis` but they live on `EvaluationFeedbackBundle`, so Pattern C breaks at read time. **Fix:** add both fields to `EvaluationResultEnvelope` (CC §3); bundle copy → projection. **Re-grade:** high-importance correctness fix, no safety/compliance/data-loss dimension → stays HIGH, not CRITICAL (correcting the early layer-map placeholder).
**`A-04`** — Pattern C route-resolution policy (ACCEPT; corrected anchor). **Verified:** CC §3.7 resolution is "by consumer policy" with no schema. **Fix:** `EvaluationChainResolutionPolicy` + `DEFAULT_PATTERN_C_RESOLUTION_POLICY` (`qualitative_blockers_survive_numeric_pass: true`, `judge_can_override_evaluator: false`, `override_allowed_only_for_finding_states: ["contested","dismissed","rejected_by_user"]`, `route_precedence: "blocking_qualitative_first"`, `disagreement_route: "human_review"`). **Correction:** route-resolution, not confidence-merge — the `confidence_merge_strategy` field mistakenly attached in L1.5 was removed.
**`A-23`** — re-anchor `authority_level` to Source Workspace (corrected anchor). **Verified:** the card's `[FD §3/§5]` anchor is **wrong** — `authority_level` lives in Source Workspace: `ApplicabilityScope.authority_level` (`binding|persuasive|advisory|unknown`, SrcWS 338) and `LegalSourcePayload.authority_level` (`binding|persuasive|distinguishable|adverse`, 359). **Fix:** reconcile the two: scope-level governs applicability; the domain payload (`distinguishable|adverse` = legal-specific extensions of `persuasive`) is descriptive. No FD change.
**`B-26`** — standardize revalidation/termination naming. **Verified:** loop breaker cited as both §6.11 (1318, 1982, 9560) and §6.7.3 (2894, 3069, 3232). **Fix:** pick one anchor (recommend **§6.7.3**, where `repeated_insufficiency_count` lives, 3232); update the §6.11 cites. Do **not** introduce the invented `RevisionStepRevalidationPolicy` name; the policy is named on `RevisorTerminationLedger` (L1.4).
### L3.4 Re-grade summary
- `A-16` CRITICAL · `D-01` compliance blocker · `B-24` CRITICAL (mechanism exists, detection specified).
- `D-13` → **HIGH / injection-class** (elevated).
- `A-02` → **stays HIGH, not CRITICAL** (elevation declined on review).
- `B-25` → **DECLINE, de-CRITICAL** (Layer 2).
- **Layer 1 corrections:** `confidence_merge_strategy` and `tiebreaker_epsilon` removed from L1.5 — mis-anchored to A-04 (route-resolution) and B-16 (a concurrency row, §11.9) respectively.
### Layer 3 lints (registered in `LintRegistry`, L1.7)
```
validation.repair_routed_to_non_revision_port // A-16
validation.taint_not_inherited_through_summary // D-01
validation.source_kind_taint_unmapped // D-01
validation.run_guidance_consumed_while_contested // D-13
supersession.dual_running_type_family // B-08
progress_signal.match_on_version_sensitive_ref // A-26
```
---
## Layer 3 (continued) — C-cluster math patches
All attach to the L1.5 primitives (`FormulaEvaluationReceipt` / `MetricObservation` / `MetricRollup`). `C-01` is the keystone — the `FormulaRegistry` that L1.5 receipts reference; the rest are accepted reviewer patches (Gemini BUG-0x / ChatGPT CG-Mx), each verified against live spec before adoption.
**`C-01` — Formula Registry (ACCEPT; keystone).** **Verified:** `QualityIndex` (V3.3.1 1600), `compiler_confidence_score` (1771, "0.0–1.0"), reputation/novelty/template-match/cost are all bare numbers with no formula; `unanchored_llm_judgment` is already excluded from `QualityIndex` aggregation (1600). **Fix:** the `FormulaRegistry` / `FormulaSpec` (typed inputs, output type/range/units, `missing_input_policy`, `zero_denominator_policy`, `normalization_policy`, `version`, `test_vectors`) + `CalibratedScore` + `QualityIndex` (aggregation_method, missing_dimension_policy) + `normalizeCriterionWeights()` (weights from criterion_weight | priority | uniform; `unanchored_llm_judgment` excluded). Owner: Common Contracts §9A (registry home, A-09). Every L1.5 `FormulaEvaluationReceipt.formula_id` resolves here. Lints: `validation.criterion_weight_sum_zero`, `validation.no_aggregation_eligible_criteria`. *Subsumes ~15 "this number has no formula" findings incl. D13 `compiler_confidence_score`.*
**`C-02` — Survivorship bias in convergence metric (ACCEPT-AS-FIX).** **Verified:** `avg_revision_cycles_to_convergence` exists (V3.3.1 §15.1, line 7133); its denominator counts only outcomes reaching `satisfied`, erasing aborts/escalations. **Fix (Gemini BUG-01, verbatim):** bifurcate — `avg_cycles_to_success` (denominator = outcomes transitioning to `satisfied`) and `wasted_cycle_burn_rate` (denominator = total cycles; numerator = cycles on outcomes that aborted/escalated/`unrecoverable`). Both are `MetricRollup`s with `terminal_state_only` observations (L1.5).
**`C-03` — Hash-hallucination paradox (ACCEPT-AS-FIX).** **Already rendered in Layer 3 core** (predicted hashes verified at V3.3.1 3238–3239; remove `predicted_pre_hash`/`predicted_post_hash`; lock on stable section anchors; Dispatcher computes hashes at runtime). Listed here for cluster completeness.
**`C-04` — Flat-ratio "weighted" reputation score (ACCEPT-AS-FIX; *use* → §E).** **Verified:** `advice_regression_rate` exists (V3.3.1 §15.8.2, line 7450); documented as 2×-weighted but computed flat; Phase-2 reputation-routing use is already deferred per §26.1 (7463). **Fix (Gemini BUG-03):** carry `severity_breakdown {minor,major,critical}`, `unweighted_regression_rate`, and `severity_weighted_penalty_score = ((minor*1)+(major*2)+(critical*5))/accepted_count`. The *consumer* (reputation gating routing) stays **DEFER-PhaseB** (E-06).
**`C-05` — Latency mean skewed by thermal/cold-start outliers (ACCEPT-AS-FIX).** **Verified:** sub-agent/cost metrics live at §15.8 and Core §16.2; arithmetic latency mean is bimodal-unsafe on local Apple Silicon. **Fix (Gemini BUG-05):** `CostLatencyFinding` drops `avg_duration_ms`, carries `latency_distribution {p50_duration_ms, p90_duration_ms, sample_size}`. `MetricRollup.percentile_impl` (L1.5) supplies the bounded percentile computation. *(Note: the exact prior field name for the mean differs across §12.5/§16.2; the fix replaces any latency-mean with p50/p90 regardless of the field name.)*
**`C-06` — Zero-denominator / insufficient-sample / cost tail-risk (ACCEPT).** **Fix:** every ratio metric declares `zero_denominator_policy: "undefined_insufficient_data"` (from C-01's `FormulaSpec`) and emits `CalibratedScore.sample_size`; below `min_sample_size` it returns `indeterminate`, not 0; `CostEstimate` (C-07) gains `p90_cost` beside `expected_cost`. Rides `MetricRollup.zero_denominator_fallback` (L1.5).
**`C-07` — Shared `CostEstimate` / `TaskCostRecord` + metric-kind tag (ACCEPT WITH MODIFICATIONS).** **Fix:** canonical `CostEstimate {expected_cost, p90_cost, currency_or_token_unit, basis, sample_size}` + `TaskCostRecord` in Common Contracts §9A (never redefined per-doc); add `BudgetFailureKind` (`estimate_exceeded|hard_cap_hit|insufficient_budget_to_start`) and a `MetricKind` tag (`rate|count|calibrated_score|duration_distribution`) so every metric declares its kind.
**`C-08` — Novelty metric space undefined (ACCEPT).** **Fix (Appx L):** `NoveltyMetricSpec` (feature-vector ref, distance metric ∈ cosine/euclidean/jaccard/hybrid, range [0,1], `no_pattern_fallback`, calibration dataset, threshold) + `NoveltyAssessment` (closest pattern, distances, novelty_score, `forces_fresh_reasoning`, `triggers_task_agent`). A discriminated metric with an explicit no-pattern fallback — no undefined space.
**`C-09` — Task-mode / template-match calibration + magic 0.7 (ACCEPT).** **Fix (Appx K):** `TaskModeScoringFunction` (feature_weights, veto_precedence hard/soft, thresholds surfaced as config not a literal, `explicit_rule`) + `TemplateMatchFormula` (component_weights, `hard_veto_cap`, `soft_penalty_max_total`) + `computeTemplateOverallScore()` (weighted mean − soft penalties, capped on hard veto). Protects the direct-first default with a calibrated score, not a bare `0.7`. Lint: `validation.template_match_component_out_of_range`.
**`C-10` — `criterion_semantics_hash` is lexical (ACCEPT).** **Fix:** rename to `criterion_text_hash` (lexical); add a separate `criterion_semantics_version` bumped only on a reviewed meaning change. Lint: `validation.criterion_semantics_version_unbumped_on_meaning_change` (advisory, human-reviewed).
### C-cluster lints (registered in `LintRegistry`, L1.7)
```
validation.criterion_weight_sum_zero // C-01
validation.no_aggregation_eligible_criteria // C-01
validation.template_match_component_out_of_range // C-09
validation.criterion_semantics_version_unbumped_on_meaning_change // C-10 (advisory)
```
---
## Layer 3 (continued) — Standard ACCEPT rows (carried by reference)
These rows keep their consolidated-card disposition and fix verbatim — the staged card carries them by **ID + disposition + consolidated-card anchor + one-line landing**, not re-rendered (the full schema lives in `DOC23_ADDENDA_B_RT_ADJUDICATION_CARD_CONSOLIDATED.md` at the cited section). Many land on a Layer-1 primitive (noted). None changed disposition.
**One row pulled up for emphasis — `D-24` (privilege firewall, HIGH).** Cross-matter forum-post visibility (Run Board §5.4 / Source Workspace §9.4). **Lands on `GovernanceEnvelope.matter_ref` (L1.1):** a forum post / board event is visible only within its `matter_ref` unless an explicit cross-matter grant exists; `validation.cross_matter_forum_leak` (error). For a litigator this is privilege-grade — high importance, though not a code-halt.
**§A — standard (17):**
| ID | Disp. | Anchor | Landing |
|---|---|---|---|
| A-03 | ACCEPT | CC §3.7 | Pattern C chain-ID lifecycle + chain registry (pairs A-25) |
| A-06 | ACCEPT | V3.3.1 §0.4.1 / CC §3.1–3.2 | `OutcomeEvaluationState` count & mapping; canonical mapping CC §3.2 (severity reframe note) |
| A-08 | ACCEPT | FD §6.2 | Full state→routing matrix; missing branches |
| A-09 | ACCEPT | CC §4.2 / V3.3.1 §5.17.7 | Phantom/misplaced refs → handled by `TypeOwnerRegistry` (L1.2) |
| A-10 | ACCEPT-MOD | CC §3 / §11 | `EvaluationArtifactEnvelope` wrapper home; `overall_state` de-B-specced |
| A-13 | ACCEPT | Core §9 vs Common §5 | Core's duplicate learning envelope removed (registry forbids dual def, L1.2) |
| A-14 | ACCEPT | CC §4.2 | Qualitative-slice owner map; slice-required → error not warning |
| A-15 | ACCEPT-MOD | CC §11.5 | "Build-ready" softened; command registry not mandatory |
| A-17 | ACCEPT | FD §5.3 / V3.3.1 §9 | Revisor is planner, not a revision target (pairs A-16) |
| A-18 | ACCEPT | FD §1.2 / §2.3 | Feedback-bundle emission discipline reconciled |
| A-19 | ACCEPT | V3.3.1 §0.4.4 / §5.7.1 | `FindingState` negative exits → in L1.3 |
| A-20 | ACCEPT | CC §6.4 / §9.4 | `unanchored_llm_judgment` ack field → `GovernanceEnvelope` (L1.1) |
| A-21 | ACCEPT | FD §2.2 / §3.3 | Optional-but-invariant-required fields (largely satisfied by A-01/L1.3) |
| A-22 | ACCEPT | CC §12 | Pending-consumer degraded-mode behavior |
| A-24 | ACCEPT | CC §3.4 vs V3.3.1 §5.18.8 | Parallel Judge+Evaluator example aligned to topology |
| A-25 | ACCEPT | CC §3.1 vs V3.3.1 §5.1 | `evaluation_chain_id` naming → one owned name (fold A-03) |
| A-27 | ACCEPT | V3.3.1 §5.16 | `EvaluationSnapshot` source-workspace hashes typed correctly |
**§B — standard (20):**
| ID | Disp. | Anchor | Landing |
|---|---|---|---|
| B-01 | ACCEPT | V3.3.1 §11 | Unified `RevisionExecutionLifecycle` dispatcher↔receipts state machine |
| B-03 | ACCEPT ⚠v | SrcWS / V3.3.1 §11.20 | Concurrent-write safety on Source Workspace |
| B-04 | ACCEPT | V3.3.1 §11.20.2 / §11.22 | Rolling hash under DAG/parallel (graph exists — depends_on_step_ids, see B-25) |
| B-05 | ACCEPT | V3.3.1 §11.21 | Revalidation cascade convergence bound; de-dup upstream-failure rule |
| B-06 | ACCEPT | V3.3.1 §dependency | Outcome-dependency cycle + `pending_dependency` deadlock |
| B-07 | ACCEPT | V3.3.1 §11.22 | Parallel sibling orphans after batch failure; parallelism first-class |
| B-09 | ACCEPT | V3.3.1 §candidate | Candidate external side-effects; lifecycle vs head-pointer |
| B-10 | ACCEPT | V3.3.1 §11 / FD | `TaskCancelProtocol` + Hard Call blocking scope |
| B-11 | ACCEPT | V3.3.1 §skip / FD | `TaskSkipProtocol` + skip receipts |
| B-12 | ACCEPT | CC §policy | Policy-freshness field → `GovernanceEnvelope.policy_generation_id` (L1.1) |
| B-13 | ACCEPT | SrcWS §6 | `ResearchNeed` lease |
| B-14 | ACCEPT | Task Forum | Forum deadlock breaker (+ remove `task_agent_decides` per ChatGPT) |
| B-16 | ACCEPT-AS-FIX | V3.3.1 §11.9 | **Concurrency** tiebreaker: replace wall-clock `created_at` with deterministic ordering (NOT a metric epsilon) |
| B-17 | ACCEPT | FD §8.4 / §10.3 | `instruction_in` overload → DOC23/DOC15/DOC24 boundary |
| B-18 | ACCEPT | V3.3.1 §6.5.2 / §7.9 | `HardRevisionCall.options` bounded-nonempty → on `RevisorTerminationLedger` (L1.4) |
| B-19 | ACCEPT | V3.3.1 §11.6 / §0.4.7 | `hard_call_resolved` producer → L1.4 |
| B-20 | ACCEPT | V3.3.1 §6.7.2 / §11.21 | Success-condition 5 races cascade |
| B-21 | ACCEPT | Core §9.0.6 | Signal-emission ordering vs receipt persistence |
| B-22 | ACCEPT | V3.3.1 §5.18 / §11.15 | Pattern C latency/cost budget |
| B-23 | ACCEPT | FD §6.3 | Multiple delivery branches idempotency |
**§D — standard (20; D-24 pulled up above):**
| ID | Disp. | Anchor | Landing |
|---|---|---|---|
| D-02 | ACCEPT | SrcWS §2 | Workspace taint aggregation → `GovernanceEnvelope` + max-taint (D-01) |
| D-03 | ACCEPT | SrcWS §0.3 / V3.3.1 §12 | `TaskSourceWorkspace` vs `SourceWorkspace` identity |
| D-05 | ACCEPT | SrcWS §6.2 / §7.4 | `ResearchNeed` scoping, ref types, `human_needed` exit |
| D-06 | ACCEPT | SrcWS §4 / §5 / §6.3 | Evidence anchors, payload registry, tool-receipts, extractor-vs-source |
| D-07 | ACCEPT | Task Forum §5.2 / §5.3 | Forum post visibility/supersession/governance → `GovernanceEnvelope` (L1.1) |
| D-08 | ACCEPT | Task Forum §6.3 / §6.4 | Context-packet ownership, omission manifest, audience enum, budget |
| D-09 | ACCEPT | Task Forum §1 / §5 | Passive-board auto-publish privacy/volume controls |
| D-10 | ACCEPT | Task Forum §7.2 etc. | `ModuleAssistanceRequest`, participant/moderator model, moderator-failure |
| D-11 | ACCEPT | Run Board §3.1 / §6.2 | `BoardDigest` filter rule |
| D-12 | ACCEPT | Run Board §retention | Retention/compaction/event-class → `DerivedReadModelRecord` (L1.6) |
| D-14 | ACCEPT | Core §3D / §4B / §5A | `InjectionSlotRegistry`, compact cards, command registry, token_budget, DOC24 ownership |
| D-15 | ACCEPT | V3.3.1 §8.4 / §17.1 | Sub-agent output-contract plurality, no-sub-agent fallback |
| D-16 | ACCEPT ⚠v | SrcWS / Forum | Workspace API operations defined |
| D-17 | ACCEPT | CC §7 / V3.3.1 §7.9.3 | Anchor/hash hygiene: empty `StructuredAnchor`, uncomputed `context_hash` |
| D-18 | ACCEPT | V3.3.1 §repeated-failure | Repeated-failure keyed on versioned refs → `FindingMatchKey` (L1.4) |
| D-19 | ACCEPT | SrcWS §SourceRecord | Per-module cost attribution field → `CostEstimate`/`TaskCostRecord` (C-07) |
| D-20 | ACCEPT | SrcWS §library | Library-promotion gate EC policy defined |
| D-21 | ACCEPT | V3.3.1 / Core | `requires_background_progress` overload split |
| D-22 | ACCEPT-MOD | CC §11.5 | Backward-compat softened; section-anchor hygiene |
| D-23 | ACCEPT | FD §9.4 | "Silent ignoring fires validation" made enforceable |
**§E (held, Phase-B) E-01…E-13** and **§F (declined) ×4** — carry forward unchanged; no per-row action. **§G (G-01…G-21)** → Layer 4 (next).
---
## Layer 4 — §G Professional-Reliance / UX layer
§G is the differentiator (pre-flight, reviewable diffs, evidence binder, plain-English cost, a single "can I rely on this" memo). All 21 rows KEEP their ACCEPT disposition. The staged-card value-add is to **classify** them correctly against the "no new truth store" rule — because the reviews' "build §G as read-models" is true for the *surfaces* but wrong for a handful of items that carry genuine new state or are operations. Three kinds:
### L4.1 Reliance artifacts (persisted; mostly derived, a few new-truth fields)
Schemas already written in the consolidated card (`[Appx O]`/`[Appx M]`); carried by reference here with classification + governance. All carry `GovernanceEnvelope` (L1.1) and are matter-scoped (D-24).
- **`G-06` `TaskReliancePacket` — capstone (ACCEPT).** [CC/Core, Appx O] Assembled from existing truth (evaluation_chain_ids, evidence package, hard-call resolutions, policy decisions, budget narrative, known-good states) → **derived**; the only computed new value is `reliance_status ∈ safe_to_rely_within_scope | rely_with_limitations | not_safe_to_rely | human_review_required` + `reliance_scope`. `unresolved_limitations` uses the A-07 limitation taxonomy. Everything else in §G feeds it.
- **`G-01` `EvaluationContractReview` (ACCEPT).** [Appx O] Pre-execution; interpreted goal/criteria/thresholds are **derived** from the compiled plan, but `approval_status` (`pending|approved|rejected|edited|waived_by_policy`) is **genuine new truth** (the user's decision) → persisted artifact, not a pure read-model. Gate optional per task autonomy.
- **`G-02` `RevisionReviewPacket` (ACCEPT).** [Appx O] before→candidate semantic diff + `finding_to_change_map` + preservation/revalidation results are **derived**; `reviewer_action` (`accept|reject|fork|request_changes|restore_known_good_state|no_user_review_required`) is **new truth**. Pairs with A-16 (revision flows through `revision_in`) and G-04 (restore).
- **`G-03` `EvidencePackage` (ACCEPT).** [Appx O] **Derived** export (snapshot + `claim_support_map` over D-06 evidence anchors); persisted as the binder. No new truth beyond the snapshot boundary.
- **`G-05` `BudgetNarrative` (ACCEPT).** [Appx O] **Derived** from `TaskCostRecord`s (C-07); separates logical LLM calls from infrastructure retries. Feeds G-09.
- **`G-07` `AttentionLedger` / `DecisionQueue` (ACCEPT — author minimal).** Cross-run queue of pending hard calls / blocked / contested / approvals. **Derived** projection over those items, but each `AttentionLedgerItem` carries a mutable `resolved_at` → persisted queue. UI surface → DOC20 (L4.4).
### L4.2 Operations / state primitives (NOT read-models)
These are state or actions, not projections — they need real schemas/commands.
- **`G-04` `KnownGoodState` (ACCEPT).** [Appx M] Named restorable checkpoint (artifact_version_refs[] + workspace_snapshot_ref + label). A saved **pointer set**, plus a `restore` **command** in the registry (D-14) with an idempotency key. Backs B-10 cancel, G-17 fork, G-02 restore.
- **`G-17` `TaskRunFork` (ACCEPT).** Fork a run from a `KnownGoodState`; the honest form of the declined ShadowWorkspace (§F-01) — carries `irrevocable_side_effects_at_fork[]` (an already-sent email stays sent). An **operation** + record.
- **`G-18` `ExplanationTrace` (ACCEPT).** Short human-readable causal trace emitted by every `CompiledRevisionStrategy`/`RevisionPlan` ("changed X because finding Y, preserving Z") → a small **new artifact**, `explanation_trace_ref` on the plan. Feeds G-15.
- **`G-19` `TaskReplay` (ACCEPT).** Deterministic replay primitive keyed to a run snapshot + `KnownGoodState`. An **operation**; underpins G-14/G-16.
### L4.3 DOC20 read-model surfaces (`DerivedReadModelRecord`, L1.6 — no new truth)
Each is a projection over existing truth; none is authoritative. Rendered as `DerivedReadModelRecord` with the noted `projection_kind` / `derived_from`. All matter-scoped (D-24); contestable items carry the G-11 contest affordance.
| Row | `projection_kind` | `derived_from` |
|---|---|---|
| `G-12` `WorkProductCertification` (highest-leverage) | `work_product_certification` | `TaskReliancePacket` (G-06) |
| `G-13` `FindingsInbox` | `findings_inbox` | canonical `EvaluationFinding`s (A-01/L1.3); matter-scoped (D-24) |
| `G-14` `RunDiff` | `run_diff` | run records + `BudgetNarrative` (G-05) |
| `G-15` `DecisionAuditView` | `decision_audit` | Pattern C chain (A-03) + routing (A-08) + the coordination trace |
| `G-16` `RunReplayPreview` | `run_replay_preview` | `TaskReplay` (G-19) + `KnownGoodState` (G-04) |
| `G-20` Unified Evaluation-Chain view | `evaluation_chain` | the chain registry (A-03); qualitative + quantitative side by side |
| `G-08` `TaskHealthCard` | `task_health` | run state + `BudgetNarrative` (G-05) + last `OutcomeEvaluationState` |
| `G-09` cost forecast (pre-run) | `cost_forecast` | shared `CostEstimate` (C-07) summed over packets/research/LLM (D-18 sub-totals); surfaced in G-01, reconciled by G-05 |
| `G-10` unified review entry | `review_home` | composes G-13 (triage) + G-02 (changes) + G-15 (why) |
| `G-11` contestability surfacing | `contestable_marker` | defeasible findings (FD §3.4); marks contestable findings/verdicts inline |
`G-08`/`G-10`/`G-11` are pure surfaces; `G-12`–`G-16`/`G-20` are user-facing surfaces over the artifacts above.
### L4.4 OP-A row — DOC20 UI surfaces
The contracts above are defined here (MOCKUP-READY: contracts tight, UI light); the **UI rendering is owned by DOC20**. One OP-A row:
```
OP-A → DOC20: render the §G surfaces — WorkProductCertification (G-12), FindingsInbox (G-13), RunDiff (G-14),
DecisionAuditView (G-15), RunReplayPreview (G-16), Unified Evaluation-Chain view (G-20), TaskHealthCard (G-08),
AttentionLedger/DecisionQueue (G-07), unified review home (G-10), contestability markers (G-11).
All as DerivedReadModelRecord-backed surfaces (no new truth); matter-scoped per D-24; privilege/tier-filtered on read.
```
### G-21 → Layer 5
Chaos/concurrency fixtures (storage-full, malformed LLM output, mid-run privilege change, clock skew, parallel writes) back B-03/B-04/B-05/B-16 and D-01/D-24 — rendered in **Layer 5** (fixtures), where the runtime fixes gate on them passing.
### Layer 4 lints (registered in `LintRegistry`, L1.7)
```
reliance.packet_status_without_evidence_or_limitations // G-06: reliance_status set with neither evidence refs nor a limitation list
read_model.authoritative_write_attempt // L1.6: any §G surface attempting a write to source-of-truth
ui.contestable_finding_without_affordance // G-11: a defeasible finding rendered without the contest control
attention_ledger.item_without_command_or_resolution // G-07: a pending item with no command_ref and no resolved_at path
```
---
## Layer 5 — Fixtures (golden scenarios + chaos/concurrency)
Golden scenarios are **executable assertions**, not names. Each backs a specific row and states setup → expected outcome → the lint/gate it exercises. Fixture shape:
```ts
interface FixtureRecord {
fixture_id: string; backs_rows: string[]; setup: string; expected: string;
asserts_lint?: string; gate: "slice_local" | "cross_layer" | "final_switchover";
blocking_severity: "advisory" | "warning" | "blocker"; schema_version: 1;
}
```
### L5.1 Golden scenarios (correctness fixes)
| ID | Backs | Setup → Expected | Lint |
|---|---|---|---|
| GS-01 | A-16 | A repair `OutcomeRepairInstruction` is wired to `instruction_in`/`data_in`/`context_in` → it executes **no** mutation; carried as advisory context; only a `revision_in` (or `revision_compatible=true` + capability) port mutates | `validation.repair_routed_to_non_revision_port` |
| GS-02 | D-01 | A `web_source` (`external_untrusted`) artifact is summarized by a sub-agent and consumed by the Revisor → the summary inherits `external_untrusted`; unless it passed a `SanitizationNode`, the Revisor treats it as data, not instruction | `validation.taint_not_inherited_through_summary`, `validation.source_kind_taint_unmapped` |
| GS-03 | B-24 | Revisor produces 3 consecutive outputs with the **same `FindingMatchKey`** unresolved → the 4th attempt is BLOCKED; `RevisorTerminationLedger.termination_reason = "loop_breaker"`; escalates per §6.7.3 | (extends F-LOOP-01) |
| GS-04 | D-13 | A `RunGuidanceItem` in `lifecycle_state: contested` is present at run start → every consumer skips it; a `RunGuidanceLifecycleReceipt` records the skip | `validation.run_guidance_consumed_while_contested` |
| GS-05 | D-04 | A Tier-0 `lookup_receipt` is cited as support for a reliance/trust claim → error; Tier 0 remains valid as a "lookup occurred" record | `validation.tier0_receipt_used_as_trust_basis` |
| GS-06 | D-24 | A forum post with `matter_ref = M1` is requested by a reader scoped to `M2` with no cross-matter grant → blocked | `validation.cross_matter_forum_leak` |
| GS-07 | A-02 | Pattern C: the Judge reads `evaluated_target`/`evaluation_basis` → present on `EvaluationResultEnvelope` (post-fix); chain resolves at read time | (read-time resolution) |
| GS-08 | B-08 | Build-time scan of V3.3.1 → exactly **one** `FailureKind` definition (§6.2 canonical; §0.4.9 references it); step-execution failures use `StepExecutionFailureKind` | `supersession.dual_running_type_family` |
| GS-09 | C-03 | A multi-step `rolling_hash_in_place` plan is compiled → the LLM emits **no** `predicted_post_hash`; the Dispatcher locks on `target_section_anchor_hash` and computes hashes at runtime; the plan does not crash | (no predicted hash in output contract) |
| GS-10 | C-01/C-06 | A ratio metric runs with a zero denominator → returns `indeterminate` (not 0/NaN), `CalibratedScore.sample_size` set; every score resolves a `FormulaSpec.formula_id` | `validation.criterion_weight_sum_zero` |
| GS-11 | G-06 | A `TaskReliancePacket` sets `reliance_status` → it carries either evidence refs or a non-empty `unresolved_limitations`; a packet with neither fails | `reliance.packet_status_without_evidence_or_limitations` |
| GS-12 | A-12 | A lane returns `lane_failed` while the outcome is otherwise satisfied → `OutcomeVerdict` is computed by the canonical lane→outcome mapping, not read off a single `EvaluationVerdict` | (verdict-level separation) |
### L5.2 Chaos / concurrency fixtures (`G-21` — the §B harness)
The runtime fixes **gate** on these passing (blocking).
| ID | Backs | Setup → Expected |
|---|---|---|
| CH-01 | B-03/B-09 | Storage fills mid-write → `WorkspaceWriteFailureKind` (`partial_artifact_written`); the head pointer is not advanced to a non-existent artifact; no orphan |
| CH-02 | B-08 | The Revision Compiler emits malformed/invalid plan JSON → classified as a `StepExecutionFailureKind` and **halts mechanically** (not surfaced as a low-severity finding) |
| CH-03 | D-01/D-24 | Privilege downgrades mid-run (matter access revoked) → `GovernanceEnvelope` re-evaluated against the new `policy_generation_id`; in-flight reads fail-closed |
| CH-04 | B-16 | Two events carry equal/inverted wall-clock `created_at` → a deterministic tiebreaker (not `created_at`) fixes a stable order |
| CH-05 | B-04/B-07 | Two revision steps target one artifact under the DAG → the precondition/rolling-hash check rejects the stale write; no lost update; parallel siblings not orphaned on one failure |
| CH-06 | B-05 | A revalidation cascade is triggered → it converges within the declared bound; the duplicated upstream-failure rule fires once |
| CH-07 | B-06 | A `pending_dependency` cycle is introduced → detected by `dag_acyclic` / topological cycle detection (B-25 verified mechanism); no deadlock |
### L5.3 Fixture-to-row matrix & gate
- **slice_local:** GS-07, GS-08, GS-10, GS-12. **cross_layer:** GS-01…GS-06, GS-09, GS-11, CH-01…CH-07.
- **Gate:** the runtime/concurrency fixes (B-03/B-04/B-05/B-06/B-07/B-09/B-16) and the compliance fixes (D-01/D-24) **do not ship** until CH-01…CH-07 pass; the safety fix (A-16) and taint fix (D-01) gate on GS-01/GS-02.
- All fixtures register their lints in `LintRegistry` (L1.7); none introduces new truth.
---
## New rows (added by this restructure)
Rows the restructure introduces or completes beyond the 126 consolidated-card items. Each traces to an existing decision or a named primitive; none is a free invention.
### NR.1 Layer-1 primitives as first-class rows (`TypeOwnerRegistry` entries)
The seven primitives get tracked rows so their ownership is explicit (not floating):
| Primitive | Owner doc | Status |
|---|---|---|
| `GovernanceEnvelope` (L1.1) | Common Contracts | new mixin |
| `TypeOwnerRegistry` + `SchemaReferenceValidationRule` (L1.2) | Common Contracts (governance) | new |
| `EvaluationFinding` event/record/view (L1.3) | Common Contracts §4.2 (A-01); shared w/ Review Studio §2 | replaces two schemas |
| `FindingMatchKey` (L1.4) | V3.3.1 (reuses §6.2 `FailureKind`) | new |
| `RevisorTerminationLedger` (L1.4) | V3.3.1 §6.7.3 | new (consolidates counters) |
| `FormulaEvaluationReceipt`/`MetricObservation`/`MetricRollup` (L1.5) | Common Contracts §9A | new (C-01 registry) |
| `DerivedReadModelRecord`/`ReadModelInvalidationSpec` (L1.6) | DOC20 / Common Contracts | new |
| `LintRegistry` (L1.7) | Common Contracts (governance) | new |
### NR.2 Reliance-decay (new)
Reliance is time- and dependency-bounded. **Fix:** `TaskReliancePacket` (G-06) gains `valid_until: ISO8601` + `decay_policy`; a `RelianceDecayCheck` (a `DerivedReadModelRecord`, L1.6, whose `declared_dependencies` are the packet's source/finding/policy refs) downgrades `reliance_status → "human_review_required"` when any underlying source/finding/policy has changed or aged past threshold. Lint: `reliance.packet_consumed_past_valid_until`.
### NR.3 Delegation (new)
A Hard Call or scoped task can be delegated (e.g., to a supervising attorney, or a sub-agent within scope). **Fix:**
```ts
interface DelegationGrant {
grant_id: string; delegator_ref: string; delegate_ref: string;
scope: { decision_kinds: HardRevisionCallKind[]; outcome_ids?: string[]; matter_ref?: MatterRef };
authority_basis: EvaluationAuthorityBasis; expires_at: ISO8601; revocation_ref?: string;
governance: GovernanceEnvelope; schema_version: 1;
}
// A delegated decision carries the delegator's access_tier; a delegated Hard Call resolution records grant_id.
```
Ties to `access_tier` (e.g., `supervising_attorney`) and surfaces in the `AttentionLedger` (G-07). Lints: `delegation.decision_outside_granted_scope`, `delegation.expired_grant_used`.
### NR.4 `D-19` / `D-20` completions (complete two §D standard rows)
- **`D-19`** (per-module cost attribution): add `cost_attribution_ref: TaskCostRecord` (C-07) on `SourceRecord` / module output, so cost rolls up per module. Closes the "no field" gap.
- **`D-20`** (library promotion gate): define `LibraryPromotionPolicy` — `promote_to_doc73_library_candidate` requires an EC `PolicyDecisionRef` (privilege/matter scope) **and** source tier ≥ 2 before promotion to the DOC73 library. Lint: `library.promotion_without_ec_policy`.
### NR.5 Grok §3.3 — feedback→prompt responsibility matrix
**Fix:** `FeedbackResponsibilityMatrix` maps each feedback kind → the component responsible for turning it into the next instruction: repair instruction → Revisor (via `revision_in`, A-16); strategic/scope change → Task Agent; ambiguous/contested → human (Gate-4). Prevents feedback from being dropped or double-handled. Lint: `feedback.without_responsible_owner`.
### NR.6 Grok §5.7 — sub-agent metric observation
**Fix:** sub-agents MUST emit `MetricObservation`s (L1.5) for cost/latency/outcome so metrics aggregate across the run; without it sub-agent work is invisible to the C-07 cost rollup and the §15 quality metrics. Contract: every sub-agent activation emits ≥1 `MetricObservation` keyed to its activation_seq. Lint: `subagent.work_without_metric_observation`.
### NR.7 Grok §5.9 — BoardDigest ResearchNeed import
**Fix:** the Run Board's `BoardDigest` (D-11) imports open `ResearchNeed`s (D-05/D-13) as a `research_needs_open[]` projection (a `DerivedReadModelRecord`, matter-scoped per D-24) so research gaps surface on the board rather than staying buried in the workspace.
### NR — citation/scope fixes carried
- **B-24 is Grok §4.9** (not §4.10).
- **B-14** also removes `task_agent_decides` (ChatGPT) — folded into the B-14 standard row.
---
## Final consistency pass
**Coverage (126 + new):** every consolidated-card item lands in exactly one place — §A 27 (L3 core 8 · L2 2 · standard 17), §B 27 (L3 core 5 · L2 2 · standard 20), §C 10 (L3 core 1 [C-03] · C-cluster 9), §D 24 (L3 core 2 · L2 1 · standard 21), §G 21 (Layer 4; G-21→Layer 5), §E 13, §F 4 = **126**. New rows NR.1–NR.7 add scope (NR.4 completes the D-19/D-20 standard rows). No item dropped; flips and re-grades explicit.
**Primitives owned:** all seven L1 primitives have `TypeOwnerRegistry` entries (NR.1); no later row redefines them.
**Lints — all registered in `LintRegistry` (L1.7):** Step-0 (×5), Layer-2 (×3), Layer-3 core (×6), C-cluster (×4), Layer-4 (×4), Layer-5 fixtures (their asserted lints), new-rows (reliance/delegation/library/feedback/subagent ×6). One waiver mechanism (`LintRegistryEntry.waiver`, architect-approved).
**OP-A rows to carry (cross-doc obligations):**
- **DOC20** — render the §G surfaces (G-07, G-08, G-10, G-11, G-12…G-16, G-20) as `DerivedReadModelRecord`-backed UI; matter-scoped (D-24).
- **Addenda A** — full `NoVerdictReason` consolidation absorbing the R203 taxonomy (A-07); the canonical enum + alias registry land now, the merge when Addenda A next opens.
- **DOC12** — `RoomKind.plan_review` registration (`OBL-DOC12-FORUM-01`, already exists; B-15).
- **DOC73** — `LibraryPromotionPolicy` gate (NR.4 / D-20).
- **Review Studio** — `OBL-RS-01…10` (already tracked in `DOC23_ADDB_Review_Studio.md`).
**Corrections baked in:** `confidence_merge_strategy` removed (was → A-04, route-resolution); `tiebreaker_epsilon` removed (was → B-16, a concurrency row); `A-02` not elevated (HIGH, not CRITICAL); `B-25` de-CRITICAL.
**Integrity:** §E (held, Phase-B) and §F (declined) intact and unmodified; the finding model is shared with (not forked from) the Review Studio unit; the `revision_in` chokepoint (A-16) is the single mutation path that the Review Studio human-assist also relies on.
---
## Status
**Staged card complete (Layers 0–5 + new rows).** Pending: architect review + the multi-LLM red-team pass (ChatGPT 5 Pro + Gemini 2.5 Pro + Codex), then fold into the eventual R0.4 spec edits.
**One open product call (non-blocking):** the ~58 standard ACCEPT rows are carried **by reference** (ID + disposition + consolidated-card anchor). Say the word if you want them rendered in full in this card instead.
**Next deliverable still owed (separate):** the Test-set adjudication card (`DOC23_ADDENDA_B_TEST_SET_ADJUDICATION_CARD.md`) second-round reviews.
*Assembled staged card, committed to the repo at `Active Working and Red Team/DOC23 Working/DOC23 Red Teaming/DOC23_ADDENDA_B_RT_ADJUDICATION_CARD_STAGED.md`.*