Elnor Repo Reader

ELNOR REPO READER TEXT MIRROR
Original path: Active Working and Red Team/DOC23 Working/DOC23 Red Teaming/Test-set Card V2 Red Team Responses/Claude_Opus_4_8_Review.md
Source repo: /Users/OpenClaw1/Elnor/Elnor Specs
Git branch: main
Git commit: dbaa25962edc11ab30e8d4ca1715f9ae5bf77331
Generated: 2026-06-09T01:23:58.539Z

---

# Claude Opus 4.8 — Final Red-Team Review: DOC23 Addenda B Test-Set Adjudication Card V2

**Reviewer:** Claude Opus 4.8. **Method:** all six operative Addenda B files **plus base R3.1** pulled from `main` and grepped/read at the type and line level (Core R0.7.1, V3.3.1 Outcome Evaluator/Revisor, Common Contracts V1.1.1, Source Workspace V1.0.1, Task Forum + Run Board V1.0.1, Feedback Delivery V1.0.1; base R3.1 = `DOC23_TASK_SYSTEM_MODULAR_ARCHITECTURE_R3_1.md`). Citations are to the **operative files**, not the card, unless I write "card." Single consolidated review (three passes merged); standalone.

**One-line verdict:** the card's architecture (P-1 unifying 01/02/03/05; P-2 matter-dominant isolation; P-4 gate-signal integrity) is sound and well-reasoned. The defects are about **where the constructs attach**, **totality of the decision logic**, **duplicate truth** against fields the envelope already carries, and **several formulas that do not work as written**. Fixing those also *shrinks* P-1/P-4/P-5 — the subtractive direction.

---

## 0. What the third pass changed (read first)

A harder re-read — including verifying my *own* schemas against the enums — produced six corrections to earlier passes plus new findings. The architecture is unchanged; the **risk vocabulary, one verdict-map gap, and the BUG-02 fix** needed correction, and P-1 collapses to a single invariant.

- **SC-1 (corrects §D/§E) — `risk_class` vocabulary was phantom.** The existing enum is **`"low" | "medium" | "high"`** (evrev §13 `PatternPerformanceSlice.context_signature`, L6406); `filing_bound`/`evaluator_load_bearing`/`ordinary` appear **nowhere**. All risk gates now key off `risk_class === "high" || privileged === true`; "filing-bound/load-bearing" are *derivations* that set `high`, not enum values.
- **SC-2 (corrects §H #9) — §3.2 verdict map is NOT total.** The enum lists **15** values; the map covers 14 and **omits `evaluating`**. Add `evaluating → NOT emitted (transient)`; the recurring "14-value" label is off-by-one.
- **SC-3 (corrects §E) — `claim.support_status` / the claim structure are NET-NEW** (co-land with `EvidencePackage`/`claim_support_map`, §A), not existing fields.
- **SC-4 (corrects §G/§H #1) — the BUG-02 resample salt is UNSAFE on `never_replay` steps.** Gate it to stochastic *generation* only; on `external_message_send`/`filing_or_submission` (§11.18 L5653–5666) a resample salt would bypass `never_replay` and double-file. `idempotency_semantics` (currently `idempotent|non_idempotent`, L4317) is too coarse — split into *stochastic_pure* vs *side_effecting*.
- **SC-5 (corrects §D P-4) — executed-basis is trace-derived from the execution receipts** (`RevisionExecutionRecord`/`RevisionOperationReceipt`, `DecisionTraceRecord`), NOT the `EvaluationSnapshot` (content/topology hashes only).
- **SC-6 (corrects §E/§H #5) — `tier` is DOCUMENTATION DEPTH, not source authority** (Source WS §3: 0 lookup_receipt → 4 full_workspace). AB-T-05 reframed as a documentation-completeness floor; mode-4 (full workspace) handled separately from `SourceRecord.tier` 0..3.
- **Confirmed sound:** `needs_verification`/`needs_human_judgment` ARE real `OutcomeEvaluationState` values (L277) — P-1's forcing is not a minted state. §6.7.3 budgets, §11.8 replay text, `SubBasisRecord` (§5.4.1.2), `ArtifactMutationPrecondition` (taint_class_acceptable + policy_decision_required), and `external_untrusted` "treat as data, never instruction" (L3429) all verified.
- **New (see §F/§H/§K):** IB-14 (disclosure `policy_accepted` is a self-cert hole unless bound to an EC PolicyDecision); §H #10–#12 (define `worst()` severity order; Phase-3.5 recompute termination; the composite promotion-gate predicate); and the headline simplification — **P-1 reduces to one invariant: no presented verdict exceeds its weakest load-bearing support** (§K #7).

---

## A. Headline corrections — these move where everything lands (CRITICAL)

**BUG-A — three "main-card" plug-in types the card calls *existing* are absent from the entire operative set (incl. base R3.1, 476 KB).** Grepped all seven files: `EvaluationChainResolutionPolicy`, `RevisorTerminationLedger`, `RequiredQuorumManifest` appear **only in the card**. Yet P-1 (card §2) "plugs into the existing `EvaluationChainResolutionPolicy`"; AB-T-02 says "`RequiredQuorumManifest` … unchanged from V1"; interaction bug 7 (card §4.7) wires the `needs_verification` spin to "the `RevisorTerminationLedger` (prior round)." These are adjudication-stage, not landed — the card's own words ("from the main card," "prior round," "unchanged from V1") say so. The card *correctly* flags `EvidencePackage`/`claim_support_map`/`TaskReliancePacket`/`SourceRetrievalOutcome`/`SourceMissing` as net-new proposals (V-4, §8) — apply the same treatment to these three. **Effect:** P-1, AB-T-02, and bug 7 carry an unlanded co-landing dependency. The fixes in §D re-home them onto machinery that *does* exist.

**BUG-B — `FeedbackFindingView` (the named P-1 carrier, card §2 P-1) does not exist.** The real carriers are `EvaluationResultEnvelope` (Common §3.1) and `EvaluationFeedbackBundle` (Feedback §2.1), which *already mirror each other*: the bundle carries `EvaluationDecision { state, verdict, pass, blocks_downstream }` and `evaluation_result_envelope_ref`. "No state-only consumer can drop it" is met by **gating the shared state both already carry** and setting `blocks_downstream=true` (§D P-1).

**BUG-C — citation errors (you want line precision):**
- P-3 / AB-T-13 cite the matter-reclassification event as "Core ~L7723." It is **V3.3.1 (evrev) L7723** ("Re-classification requires firm_admin tier and creates an audit record") and **L7793** — and today it only fires `validation.matter_class_changed_during_active_work`, a **non-blocking warning**. The event exists (P-3's trigger is real); it is *merely an audit warning*, which strengthens the severity case.
- P-3 / AB-T-14 cite `task_agent_fallback_policy` as "Core Sec. 6.9.1." It is **V3.3.1 §6.9.1** (evrev L2912/L3059) and is a 3-value enum (`pause | escalate_hard_call | abort_plan`), **not** a registry shape.

**CONFIRMED (card claims that check out exactly):** V-1 (HumanGateSummary undefined — Core L1228, L4881; `decision_log_required` Core L6487, no record type); V-2 (`EmailTriggerScopeSummary.new_case_or_matter_candidate_refs: EntityRef[]` plural, no confidence/separation/resolution_status — Core L6002–6016); V-3 (staleness substrate exists — V3.3.1 §5.16/§7.13/§11.20/§11.21); V-4 (AssuranceBasis has the three bases — V3.3.1 L1831); V-5 (provenance mixed). Re-scopes on AB-T-06/14/15/17 are accurate.

---

## B. Deeper-dive structural findings (NEW in this pass)

**BUG (duplicate truth) DT-1 — `AssuranceExecutionRecord` (card AB-T-02 / my P-4) duplicates `AssuranceAndLimitationSlice` (Common §4.4).** §4.4 already carries `assurance_basis: AssuranceBasis[]` (the *executed* bases), `limitations: EvaluationLimitationKind[]`, and `evidence_status: available_verified|available_unverified|missing_required|stale|blocked_by_policy`. Net-new is only: the **target-vs-executed** distinction, `assurance_status`, and `provenance`. **Extend §4.4; do not mint a parallel record** (card §2.1 forbids duplicate truth). Final schema §D P-4.

**BUG (duplicate truth) DT-2 — P-1 `substrate_freshness` duplicates `assurance_slice.evidence_status="stale"` + `EvaluationLimitationKind="stale_evidence"`.** P-1 must *read* the existing staleness signal, not mint a parallel one.

**BUG (duplicate truth) DT-3 — P-5 quarantine for the LEARNING path already exists.** `pattern_promotion_eligible: boolean` (Common §5.3 L502; Core L3785), gated by EC ("privileged signals do not auto-promote"; `validation.signal_promotion_eligible_without_policy` Common L800). For non-clean artifacts feeding learning, set `pattern_promotion_eligible=false`. Net-new is only **artifact** promotion (DOC73 corpus / DOC72 task-memory), via the `safety_slice` field EC already reads at persistence (Common §4.5: EC "reads these fields at envelope persistence time to gate retention, promotion, and cross-matter access").

**BETTER_IDEA / simplification DT-4 — make `CleanVerdictEligibility` a THIN projection, not a fat record.** The envelope already has `evaluation_verdict (passed|failed|indeterminate|not_applicable)`, `indeterminate_reasons: IndeterminateCause[]`, `overall_state` (14-value), `route_recommendation`, `hard_call_surface_ref`, `limitation_records`, `assurance_slice`, `safety_slice` (Common §3.1). Most of P-1 is a **total precedence function** over those signals + a **monotonic-downgrade** rule — not a new truth store. Net-new fields are small. Removes duplicate-truth and shrinks P-1. Final form §D.

**BUG (missed interaction) IB-9 — Pattern C lets a downstream Judge override the upstream honesty gate.** Common §3.7: two envelopes share a `target_evaluation_chain_id` (Evaluator + downstream Judge), and "the Judge's quantitative recommendation governs when Pattern C is wired." A Judge that scores `pass_path` can route the chain clean **even when the Evaluator's eligibility said needs_verification**. **Fix:** eligibility is **chain-scoped, not envelope-scoped** — `clean_verdict_allowed=false` on any envelope sharing the chain id dominates the chain's route; a Judge cannot upgrade a blocked chain. Lint `verdict.chain_route_upgraded_over_blocked_eligibility`.

**SUGGESTION DT-5 — P-3 likely *defines* an already-referenced `RecoveryPolicy`, and should reuse `RevisionSideEffectPolicy`.** V3.3.1 §11.17.2 (L5610): "Loop Controller may schedule completion retry per **RecoveryPolicy**"; §11.18 `RevisionSideEffectPolicy` has `requires_dry_run`, `requires_human_gate`, `replay_policy`. (a) Confirm whether `RecoveryPolicy` is referenced-but-undefined — if so P-3 defines it (parallel to AB-T-04). (b) The privilege re-taint cascade is a side effect → reuse `RevisionSideEffectPolicy { requires_dry_run: true, requires_human_gate: true }`, do not invent a dry-run.

**OPEN_FOR_ARCHITECT — privilege vocabulary is fragmented FOUR ways; pick one.** `MatterClassification` (my earlier suggestion) and the card's `privileged|work_product|ordinary` are phantoms. The specs actually carry: (1) `privileged: boolean` (Common §4.5; Source WS §4.1); (2) `AccessTier` 7-value (V3.3.1 §16 L693); (3) **`privilege_class: "none"|"matter_team"|"supervising_attorney"`** (evrev §13 `PatternPerformanceSlice.context_signature` L6404), already aligned to `AccessTier` (matter_team_access / supervising_attorney_review); (4) the proposed `privileged|work_product|ordinary`. **Recommendation:** P-2 reuses (3) for the access axis + the existing `privileged: boolean` for the flag; "work_product" has no existing home (make it `privileged`-with-reason, not a third value). Do not add a fifth vocabulary.

**MINOR — "quarantine" is overloaded.** V3.3.1 uses it for taint (L724, L5306 `taint_quarantine_active`, L5340 sandboxed eval) and pattern health (L6521). Rename P-5 (e.g., `promotion_quarantine` / `WorkProductPromotionHold`) to avoid conflation.

**MINOR — verify/extend `IndeterminateCause` (V4 R203, Addenda A; referenced Common L214)** rather than invent presentation vocabulary; P-1's needs_verification reasons should map to / extend it.

---

## C. Correctness of adjudications + the divergences

**D1 (field-not-state) — CONFIRMED, with a clarification.** A 15th `OutcomeEvaluationState` value would force every consumer, the Common §3.2 verdict map (L264–287), and every state machine to learn it; redundant because field + **mandatory flip-rule** already yields a routable signal — the flip changes `overall_state` to `needs_verification`/`needs_human_judgment`, which the DAG already routes. **State it as "field PLUS state-flip," not "field instead of state."** Make the flip mandatory and linted.

**AB-T-08 hard-gate decline — CONFIRMED.** A hard gate on a self-asserted `CausalProof` is the exact `self_reported`-signal theater P-4 forbids. Light `RevisionChangeRationale` only; cross-reference P-4.

**AB-T-09 scoped (admission/read-model, not orchestrator) — CONFIRMED Sec-2.2-safe.**

**AB-T-02 / AB-T-03 — CONFIRMED** (AB-T-03 highest severity; closes the Core §13A.3 cond. 5 hole, L5816).

**GAP — P-1 precedence is not total; two "dimensions" are preconditions** (fix §D P-1). `matter_resolution=*_hold` short-circuits evaluation; `substrate_freshness` unmet forces `dirty`→§11.21; only `affirmative_grounding > assurance_floor / source_documentation_tier` are gradable.

**GAP — P-1 mints a parallel verdict vocabulary it claims to avoid.** `"clean"/"clean_with_disclosure"` have no home in `OutcomeEvaluationState`/`evaluation_verdict`. Make `presentation_status` a derived projection (P-6), not stored.

---

## D. The six packages — FINAL corrected, paste-ready

### P-1 `CleanVerdictEligibility` → thin projection on `EvaluationResultEnvelope` (Common §3.1); add §3.8
```ts
// ADD Common §3.8. Computed by the Evaluator; CHAIN-SCOPED (IB-9).
type VerdictHonestyDimension = "affirmative_grounding" | "assurance_floor" | "source_documentation_tier";
type DimensionStatus = "met" | "downgraded_disclosed" | "unmet"; // unmet => non-degradable only (precedence)
type VerdictPrecondition =
  | { kind: "matter_resolution"; status: "resolved" | "ambiguous_hold" | "unresolved_hold" }
  | { kind: "substrate_freshness"; status: "fresh" | "stale_revalidation_required" }; // reads evidence_status (DT-2)
type CleanVerdictEligibility = {
  outcome_ref: string;
  evaluation_chain_id: string;          // IB-9
  preconditions: VerdictPrecondition[];
  precondition_outcome: "all_satisfied" | "short_circuit_hold" | "short_circuit_revalidate";
  dimensions: { dimension: VerdictHonestyDimension; status: DimensionStatus;
                detail_ref?: string; signal_provenance: GateSignalProvenance }[];
  clean_verdict_allowed: boolean;
  disclosures: { dimension: VerdictHonestyDimension; reason: string; policy_accepted: boolean }[];
  precedence_ruleset_id: string;        // invalidate cached eligibilities when the rule changes
  recomputed_at: string;                // MUST recompute on §11.21 (Phase 3.5)
  schema_version: "1.0";
};
```
**Precedence (total).** (1) **Preconditions first.** `matter_resolution ∈ {ambiguous_hold,unresolved_hold}` → `short_circuit_hold`: raise `HardRevisionCall` (V3.3.1 §7.9, `kind="privilege_or_confidentiality_risk"`, **`default_if_no_response="pause"`** — never `continue_without_fix`, IB-13), set `overall_state="needs_human_judgment"`, `route_recommendation="human_review_path"`; do not grade. `substrate_freshness="stale_revalidation_required"` → force `dirty`, re-enter §11.21; no verdict yet. (2) **Degradation transform, then gradable dimensions:** a degradable + policy-accepted + disclosed `unmet` becomes `downgraded_disclosed`; only non-degradable unmets remain `unmet`. Then `affirmative_grounding=unmet` dominates → `needs_verification`; else remaining `unmet` → `needs_verification`/`needs_human_judgment`; else (U=∅,D≠∅) → `satisfied`+`disclosures`; else → clean. (3) **Monotonic downgrade:** `overall_state = worst(producer_state, eligibility_forced_state)`; never upgrades. (4) **P-4 conjunctive gate** per dimension. (5) **Chain rule (IB-9):** chain effective route = worst over all envelopes sharing `evaluation_chain_id`.
**Carrier (BUG-B):** forced state propagates to BOTH `EvaluationResultEnvelope.overall_state` and the mirrored `EvaluationFeedbackBundle.EvaluationDecision.{state,verdict,blocks_downstream}` (Feedback §2.1); set `blocks_downstream=true` **only** for the forced-state cases (needs_verification/needs_human_judgment); the clean_with_disclosure (satisfied) case keeps `blocks_downstream=false` and rides the `disclosures` — do not over-block legitimate passing-with-disclosure.
**Lints (Common §9):** `verdict.clean_presented_with_unmet_dimension`; `verdict.downgrade_not_propagated_to_envelope_and_bundle`; `verdict.eligibility_carried_stale_after_revalidation`; `verdict.precedence_not_applied`; `verdict.matter_hold_graded_instead_of_short_circuited`; `verdict.stale_substrate_graded_without_revalidation`; `verdict.presentation_status_stored_not_derived`; `verdict.chain_route_upgraded_over_blocked_eligibility`.
**Fixtures:** `FIX-P1-grounding-dominates`; `FIX-P1-hold-short-circuits` (HardRevisionCall default=pause; dimensions=[]); `FIX-P1-stale-revalidates`; `FIX-P1-clean-with-disclosure`; `FIX-P1-chain-block` (Judge pass + upstream blocked → route stays human_review_path).

### P-2 `ContextBoundaryRef` → Common §7.5; applied Core §9A, Forum §1.2
```ts
type ContextBoundaryRef = {
  boundary_id: string;
  matter_ref?: string;             // dominant; REQUIRED for §9A learning unless scope_kind="global"
  context_class_key?: string;      // subordinate sub-key within matter
  scope_kind: "matter" | "work_product" | "library" | "source_set" | "pending_matter_assignment" | "global";
  privilege_class?: "none" | "matter_team" | "supervising_attorney"; // REUSE existing enum (evrev §13 L6404, aligned to AccessTier); see §B
};
```
**BUG — for §9A, `matter_ref` must be required.** `TaskSuggestionFeedbackEvent` (§9A.1) and `TaskInvocationLearningSignal` (§9A.2) carry a **flat `context_class_key: string`**; if `matter_ref` is omittable the cross-matter leak persists. EDIT both: replace `context_class_key: string` with `boundary: ContextBoundaryRef`, default `matter_ref` to the run's matter; global signals set `scope_kind="global"` explicitly.
**Lints:** `boundary.matter_scoped_mechanism_keyed_without_matter_ref`; `learning.sec9a_signal_crosses_matter_without_boundary`; `appendlog.privileged_streams_share_physical_file`.
**GAP (AB-T-10):** `context_feedback.jsonl`/`task_audit_events.jsonl` are **not in any pulled spec** — confirm the append-log substrate's home before binding the partition.

### P-3 `RecoveryPolicyRegistry` → V3.3.1 §11.17 + §6.9.x; subsumes, not reuses
```ts
type RecoveryTrigger = "malformed_loadbearing_eval_output" | "durable_store_exhausted"
                     | "mid_run_privilege_reclassification" | "tool_or_model_unavailable";
type RecoveryStrategy = "retry_alternate_model" | "cheap_fallback" | "mark_indeterminate"
  | "escalate_human" | "fail_closed_write" | "pause_and_retaint"
  | "pause" | "escalate_hard_call" | "abort_plan";  // existing §6.9.1 values, unified
type RecoveryPolicy = {                  // DT-5: likely DEFINES the type referenced at §11.17.2/§11.18
  trigger: RecoveryTrigger; strategy: RecoveryStrategy;
  retaint_emitted_artifacts?: boolean; rollback_side_effects?: boolean;  // GraphStateRollback §11.13
  retry_budget_ref?: "per_outcome_retry_budget" | "per_plan_max_replans" | "consecutive_insufficient_limit"; // §6.7.3
  side_effect_policy_ref?: string;       // reuse RevisionSideEffectPolicy §11.18 for the retaint cascade
  records_to: "ModuleDecisionRationale" | "HardCallResolutionLedger"; schema_version: "1.0";
};
```
**(a) `durable_store_exhausted`** EDIT §11.17 `WorkspaceWriteFailureKind` (L5570) + add; EDIT §11.17.1 mapping → `write_blocked_storage_exhausted` (fail-closed, never partial).
**(b) `mid_run_privilege_reclassification`** upgrades L7793: for privilege-increasing reclassification, escalate `validation.matter_class_changed_during_active_work` warning→blocking and emit a re-taint cascade over already-produced artifacts via `ArtifactMutationPrecondition` (§7.13) + `TaintClearanceRecord` (§15.12); preview via `RevisionSideEffectPolicy.requires_dry_run`.
**Lints:** `recovery.loadbearing_eval_malformed_without_policy`; `recovery.privilege_reclass_without_retaint_cascade`; `recovery.durable_store_exhausted_not_fail_closed`; `recovery.duplicate_retry_budget_not_referencing_existing`.

### P-4 Gate-signal integrity → Common §3.9 + **extend `AssuranceAndLimitationSlice` (Common §4.4)** (DT-1)
```ts
type GateSignalProvenance = "deterministic" | "independent_check" | "self_reported";
// Lattice (§H): self_reported ⊏ independent_check ⊏ deterministic. weakest() = GLB.
const ASSURANCE_PROVENANCE_DEFAULT: Record<AssuranceBasis, GateSignalProvenance> = {
  deterministic_check:"deterministic", structured_validation:"deterministic", trace_verified:"deterministic",
  source_verified_external:"independent_check", policy_backed:"independent_check",
  human_confirmed_in_run:"independent_check", coverage_mapping:"independent_check", statistical_threshold:"independent_check",
  comparative_judge:"self_reported", llm_expert_judgment:"self_reported",
  specialist_panel_judgment:"self_reported", historical_baseline:"self_reported", mixed:"self_reported" /*=weakest over sub-bases*/ };
// EXTEND Common §4.4 (NOT a parallel AssuranceExecutionRecord — DT-1):
//   + target_assurance_basis: AssuranceBasis[]          // executed = existing assurance_basis[]
//   + assurance_status: "met"|"downgraded_policy_accepted"|"downgraded_needs_review"|"not_met"
//   + executed_basis_provenance: GateSignalProvenance   // = weakest(assurance_basis), trace-derived
```
**Rule `no_self_certified_bypass`:** for **high-stakes** outcomes (`risk_class === "high"` per the existing `low|medium|high` enum — evrev §13 `PatternPerformanceSlice.context_signature` L6406 — **or** `privileged === true`), a dimension is `met`/`downgraded_disclosed` only if provenance is `deterministic`/`independent_check`. `executed` bases are derived from the **execution trace/receipts** (`RevisionExecutionRecord`/`RevisionOperationReceipt` §11; `DecisionTraceRecord`), **not** the `EvaluationSnapshot` (which records content/topology hashes only). There is no `filing_bound`/`evaluator_load_bearing` enum — those are derivations that set `risk_class="high"`.
**Lints:** `gate.high_stakes_dimension_met_on_self_reported_signal`; `assurance.executed_basis_model_claimed_not_trace_derived`; `risk_class.self_reported_for_high_stakes`; `assurance.mixed_basis_provenance_not_weakest_of_subbases`.

### P-5 Promotion Quarantine → OP-A DOC73 **+ DOC72**, hooking the existing EC persistence gate (DT-3)
Learning signals: reuse `pattern_promotion_eligible=false` (Common §5.3). Artifacts: add `promotion_eligible=false` on `safety_slice` (EC reads at persistence, Common §4.5). Gate **both** DOC73 corpus (Source WS §9.3) and DOC72 task-memory (Source WS §9.2). Release on human `WorkProductCertification`. Rename to avoid the taint-quarantine collision. Schema §J.

### P-6 `EnforcementBadge` → OP-A DOC20 — home for the **derived** `presentation_status`
Derives `clean / clean_with_disclosure / needs_verification / needs_human_judgment` from `overall_state` + `disclosures`; no consumer stores it. BETTER_IDEA: `EnforcementCase` lists which dimension blocked **and which signal was self_reported**, turning a hard block into an actionable "supply an independent check." Schema §J.

---

## E. Adopted AB-T items — paste-ready (those not fully covered above)

**AB-T-03 `MatterResolution` → Core §13A.7 (`TaskRunScopeEnvelope`) + §13A.8.** (Decision function audited §H.)
```ts
// ADD to §13A.7: matter_resolution?: MatterResolution;
type MatterResolution = {
  candidate_matter_refs: EntityRef[];              // sorted desc by confidence
  top_confidence: number; second_confidence?: number; separation: number; // = c1 - (c2 ?? 0)
  status: "resolved" | "ambiguous_hold" | "unresolved_hold";
  resolution_rule: "single_above_floor_well_separated" | "below_floor_hold" | "ambiguous_separation_hold";
  privileged_trigger: boolean;
  floor_used: number; separation_threshold_used: number; // defensibility — record what gated the bind
  confidence_scale: "calibrated_prob_0_1";         // OBL-DOC24-MATTER-CONF-01 must guarantee calibration (§H)
  pending_boundary_ref?: ContextBoundaryRef;       // scope_kind="pending_matter_assignment" on hold
};
// EDIT §13A.8 EmailTriggerScopeSummary: replace new_case_or_matter_candidate_refs: EntityRef[] with:
//   matter_candidates: { matter_ref: EntityRef; confidence: number }[]
```
On `*_hold`: emit `pending_boundary_ref`, **fail closed to privileged**, quarantine + prompt; never auto-bind privileged context across a matter. **Lints:** `matter.scope_admitted_without_resolution_status`; `matter.hold_auto_bound_privileged_context`; `matter.confidence_not_calibrated`.

**AB-T-04 `HumanGateSummary` + `HumanGateDecisionRecord` → Core (referenced L1228, L4881, L6487).**
```ts
type HumanGateSummary = { gate_id: string;
  gate_kind: "approval"|"review"|"quorum_waiver"|"policy_override"|"hard_call";
  status: "pending"|"satisfied"|"waived"|"rejected"|"timed_out";
  decisions: HumanGateDecisionRecord[]; schema_version: "1.0"; };
type HumanGateDecisionRecord = { decider_ref: string;
  decision: "approved"|"rejected"|"deferred"|"waived";
  rationale?: string; standard_applied?: string;
  shown_refs: DocumentRef[];     // displayed material — REQUIRED
  weighed_refs?: DocumentRef[]; quorum_waived?: boolean; decided_at: ISO8601; };
```
Bind `decision_log_required: true` (L6487) → requires a record. **Lints:** `core.referenced_type_undefined`; `gate.decision_log_required_without_record_schema`; `gate.shown_refs_missing_displayed_material`.

**AB-T-05 `MinimumDocumentationTierPolicy` + `ADEQUATELY_GROUNDED` → Source WS §3.4 + Common predicate.** (Aggregation audited §H.) `SourceRecord.tier` is `0|1|2|3` (Source WS §4.1).
```ts
type MinimumDocumentationTierPolicy = {  // DOCUMENTATION-DEPTH floor (not source authority) — SC-6
  by_risk_class: Record<"low"|"medium"|"high", 0|1|2|3>;   // reuse existing risk_class; default high => 2 (>= source_note)
  enforced_at: "source_use"; };
// SourceDocumentationMode (Source WS §3): 0 lookup_receipt,1 source_reference,2 source_note,3 source_cards,4 full_workspace.
// SourceRecord.tier populates 0..3; mode 4 = full workspace (a mode-4-backed claim is adequately documented by construction).
// NOTE: claim.support_status / the claim structure are NET-NEW (co-land with EvidencePackage/claim_support_map; §A).
function adequatelyGrounded(claim, supportingSources: SourceRecord[], policy): boolean {
  if (claim.backed_by_full_workspace) return claim.support_status==="supported";   // mode 4 branch
  const best = Math.max(0, ...supportingSources.map(s=>s.tier));   // 0..3; cited load-bearing source must clear the floor
  return claim.support_status==="supported" && best >= policy.by_risk_class[claim.risk_class /* low|medium|high */];
}
```
P-1 `affirmative_grounding` consumes `adequatelyGrounded`, not raw `support_status` (interaction bug 1). **Lint:** `source.load_bearing_claim_supported_by_subminimum_tier`.

**AB-T-06 `ModuleDecisionRationale` (runtime, lightweight) → V3.3.1.** Material decisions only; no hidden CoT; no `CausalProof` escalation. `{ activation_seq, module_id, material_decision, chosen, alternatives_considered?, basis_refs, schema_version }`.

**AB-T-07 `CitationManifest` (write-time, scoped to final/filing/public/load-bearing) → Feedback/Source WS.** `{ generated_text_ref, bindings:[{text_span:TextAnchor (Common §7.2), source_ref, exact_quote}], capability:"factual_drafting" }`. **Interaction IB-10:** a manifest binding to a tier-0/1 source still fails `adequatelyGrounded` — manifest presence ≠ adequate grounding; the two compose. **Lints:** `drafting.loadbearing_factual_text_without_citation_manifest`; `citation.manifest_source_below_min_tier`.

**AB-T-12 `RunOperatorContext` → Forum/Run Board.** `{ run_id, operator_ref, authority_basis:"owner"|"delegate"|"system_job", handoff_from_ref?, recorded_at }`. Defer multi-actor model to DOC50/§20H.

**AB-T-13 / AB-T-14** — covered by P-3.

**AB-T-15 `TaskKnowledgePackFreshnessPolicy` → Core §8A.5; feeds existing `TaskKnowledgePackReadiness` (L3657) + `stale_pack_behavior` (L2976).** Detection only; cross-ref `OBL-DOC24-CTXPKT-01`. `{ pack_id, ttl_seconds?, invalidation_triggers:[...], on_detected_stale:"mark_stale_source_refs"|"force_readiness_downgrade" }`. **TTL vs trigger (§H):** an invalidation trigger forces stale regardless of TTL; TTL is an upper bound only. **Lint:** `tkp.consumed_without_freshness_check`.

**AB-T-16 `TaskOpportunityClassifierPolicy` → Core §9A.** `{ fp_threshold, fn_threshold, regression_fixture_ids, kill_switch_enabled }`.

**AB-T-17 `SnapshotReferencePin` → V3.3.1 §5.16 + §16 retention.** `{ snapshot_ref, pinned_by:["live_reliance_packet"|"dirty_outcome"|"active_replay"], boundary:ContextBoundaryRef, released_when_empty:true }`. **Lint:** `snapshot.evicted_while_referenced`.

---

## F. Interaction bugs — card §4 (reviewed) + new IB-9..IB-13

Card bugs 1–6, 8 are correct and resolved by the P-1 restructure + `adequatelyGrounded` + `HumanGateDecisionRecord.quorum_waived`.
- **1/2/3** — handled. **CONFIRMED.**
- **4 (budget-rollback discards grounded work)** — correct. `GraphStateRollback` (§11.13) must preserve a `ResumeProgressSummary`. **Lint** `rollback.discards_grounding_layer`.
- **5 (matter-limbo home)** — handled by `pending_boundary_ref` (`scope_kind="pending_matter_assignment"`), fail-closed privileged. **CONFIRMED.**
- **6 (quorum waiver record)** — handled by `HumanGateDecisionRecord.quorum_waived`. **CONFIRMED.**
- **7 (`needs_verification` spin) — BUG: depends on phantom `RevisorTerminationLedger`.** Re-home onto the **existing** loop breaker `consecutive_insufficient_limit` (V3.3.1 §6.7.3) + `per_outcome_retry_budget`; bounded failed verification → `needs_human_judgment`. Define `RevisorTerminationLedger` explicitly only if you want a distinct ledger. **Lint** `verdict.failed_verification_unbounded`.
- **8 (stale eligibility) — add a concrete cascade phase.** §11.21 (V3.3.1 L5780) Phases 1–4. Insert **Phase 3.5: recompute `CleanVerdictEligibility` for re-evaluated outcomes; clear if full assurance achieved.** (Also see §H formula issue: Phase-4 cascade must include eligibility-forced downgrades.)

New (this pass):
- **IB-9 (Pattern C chain) [MAJOR]** — eligibility must be chain-scoped (§B / §D P-1).
- **IB-10 (CitationManifest ≠ adequately grounded) [MEDIUM]** — a manifest to a tier-0/1 source still fails the tier floor; compose (§E AB-T-07).
- **IB-11 (quarantine release on PENDING_MATTER_ASSIGNMENT) [MEDIUM]** — you cannot certify work-product into a corpus when the matter is unresolved; **release blocked until matter resolution.** Lint `quarantine.released_under_pending_matter_boundary`.
- **IB-12 (eviction vs audit/recompute) [MEDIUM]** — `ContextEvictionPolicy` (BUG-01) must **never compact `CleanVerdictEligibility`, `disclosures`, or taint labels** — they are needed for the §11.21 recompute and the audit of *why* a verdict was downgraded. Lint `eviction.compacts_eligibility_or_taint`.
- **IB-13 (Hard Call default for matter holds) [HIGH — ties to AB-T-03 CRITICAL]** — `HardRevisionCall.default_if_no_response` includes `continue_without_fix` (V3.3.1 §7.9). For matter/privilege holds the default MUST be `pause`. Lint `hardcall.matter_or_privilege_hold_default_continue_without_fix`.
- **IB-14 (disclosure acceptance is a self-certification hole) [HIGH — P-1 × P-4 × EC]** — P-1 step 2 turns an `unmet` degradable dimension into `downgraded_disclosed` "when policy-accepted." If `policy_accepted` is a bare boolean the producing model sets, a model can accept its own downgrade — the exact self-certification P-4 forbids. **Fix:** `policy_accepted` MUST reference a real EC `PolicyDecision` (`safety_slice.policy_decision_refs`, Common §4.5) and be provenance-clean (P-4); add `policy_decision_ref` to each disclosure record. Lint `verdict.disclosure_accepted_without_policy_decision`.

---

## G. Gemini systemic bugs — card §5

**BUG-01 (quadratic context) — CONFIRMED net-new. → V3.3.1 §7.4 (`RevisionIntelligencePacket`).**
```ts
type ContextEvictionPolicy = {
  keep_verbatim_last_n: number;     // default 2
  compact_older_to: "summary"; preserve_taint_labels: true; preserve_eligibility_and_disclosures: true; // IB-12
  incremental: true;                // §H: summary_{N-1} + iter_{N-1} -> summary_N; do NOT re-summarize 1..N-2 each pass
};
```
**§H correctness:** the policy MUST be incremental/rolling, else O(n²) compute replaces O(n²) tokens. **Lint** `revision.iteration_context_unpruned`; `revision.eviction_resummarizes_full_history`.

**BUG-02 (deterministic replay dedups stochastic retries) — CONFIRMED; the fix as stated is unsafe — see §H. → V3.3.1 §11.8 (L5081).** A *random* per-attempt nonce breaks the §11.8.3 replay invariant ("replay engines use stored keys to resume safely") — crash-recovery would re-sample committed work. Correct fix: salt = `hash(run_id, step_id, resample_seq)` with a **persisted monotonic `resample_seq`**, added to `TypedRevisionInstruction.idempotency_key` inputs **iff** the step is stochastic *generation* — explicitly **NOT** for `never_replay` side-effecting steps (`external_message_send`/`filing_or_submission`, §11.18 L5653–5666), where a resample would bypass `never_replay` and double-send/file. Split `idempotency_semantics` (currently `idempotent|non_idempotent`, L4317) into *stochastic_pure* vs *side_effecting*. Crash-recovery of attempt *k* reproduces *k*'s key (idempotent); an intentional resample increments `resample_seq`. **Lint** `idempotency.stochastic_capability_missing_resample_seq`; `idempotency.resample_salt_nondeterministic`; `idempotency.resample_salt_on_never_replay_step`.

**BUG-03 (async context-packet race) — CONFIRMED; redirect to `OBL-DOC24-CTXPKT-01` correct.** Forum `TaskRunContextPacket` (§6.3) is DOC24-assembled (§6.4) over an async append-only forum with **no sequence freeze** — confirms the race. The `ContextSequenceLock` is the `ContextPacketFidelityContract`. Schema §J.

**BUG-04 (syntactic-taint deadlock) — GAP: the P-4 provenance caveat is NECESSARY but NOT SUFFICIENT.** Provenance-clean classification stops a model *lying* that a tool is "mechanical"; it does not stop a genuinely-mechanical-but-rendering tool (e.g., deterministic md→HTML) from faithfully rendering an injected instruction into a slot a downstream consumer treats as instruction. Need P-4 **plus**:
```ts
type TaintTransformClass = "semantic_ingestion" | "syntactic_transformation";
// Rule deterministic_mechanical_data_only:
//   (1) classification provenance-clean (P-4);
//   (2) payload taint PRESERVED — content stays external_untrusted as DATA; only quarantine-WIDENING is relaxed;
//   (3) output is non-instruction-eligible downstream — re-formattable, but NEVER promoted to instruction
//       without a separate semantic clearance (TaintClearanceRecord, V3.3.1 §15.12).
```
Bind in the taint model (F-03 family, Core L5290/L5300). **Lint** `taint.mechanical_output_promoted_to_instruction_without_clearance`. Positive red-team **fixture** `FIX-BUG04-no-launder`: an instruction embedded in a mechanically-transformed `external_untrusted` doc never reaches an instruction slot.

---

## H. Formula & function audit (does the math/logic actually work?)

1. **idempotency_key hashes (V3.3.1 §11.8 L5081–5105)** — hierarchical chaining is deterministic and sound (L5098: replay reproduces keys; L5105: replay engines resume from stored keys). ✔ **Two fixes to BUG-02.** (i) The salt must be `hash(run_id, step_id, resample_seq)` with a **persisted monotonic `resample_seq`**, NOT random — random breaks the L5105 stored-key replay invariant (crash recovery would re-sample committed work). (ii) **The salt must apply ONLY to stochastic-GENERATION steps and be FORBIDDEN on `never_replay` side-effecting steps** (`external_message_send`/`filing_or_submission`, §11.18 L5653–5666) — a resample salt there bypasses `never_replay` and **files/sends twice**. The 2-value `idempotency_semantics: idempotent|non_idempotent` (L4317) is too coarse: split into *stochastic_pure* (resample OK) vs *side_effecting* (never_replay, resample forbidden). **FIX REQUIRED — the naive "add salt iff non_idempotent" framing in my prior pass was unsafe for filing steps.**
2. **MatterResolution decision (AB-T-03)** — the card's "single ≥ floor OR ≥2 with separation" is **not total/safe**: read literally, the dangerous case (`c1 ≥ floor` but `separation < threshold` = "confident it's *some* matter, not *which*") could resolve. Total form: `resolved` iff `c1 ≥ F ∧ (n=1 ∨ (c1−c2) ≥ S)`; `ambiguous_hold` iff `c1 ≥ F ∧ (c1−c2) < S`; `unresolved_hold` iff `c1 < F` (incl. `n=0`; ties `c1=c2≥F` → ambiguous). **Also:** confidences must be **calibrated/normalized** for a separation threshold to mean anything — `OBL-DOC24-MATTER-CONF-01` must specify the scale (e.g., calibrated prob [0,1]) and method; a threshold on uncalibrated scores does not work. **FIX REQUIRED** (this is the CRITICAL item's core logic). **Refinement:** the pairwise `c1−c2` separation rule fails *safe* under miscalibration (two inflated scores → small separation → `ambiguous_hold`), so it is robust for the >2-candidate case; it is specifically the **floor** `F` that needs calibration (a single overconfident score could clear an absolute floor spuriously).
3. **`GateSignalProvenance` "min" (P-4)** — "min over executed_basis" is undefined without an order. Define lattice `self_reported ⊏ independent_check ⊏ deterministic`; `executed_basis_provenance = weakest(executed_basis)` (a chain is only as strong as its weakest link); `mixed` = weakest over `SubBasisRecord` sub-bases. **FIX REQUIRED** (specify the order, else "min" is ambiguous).
4. **P-1 precedence totality** — fixed via the degradation transform + monotonic-downgrade + chain rule (§D P-1). With those, the dimension state space is total (U≠∅ / U=∅∧D≠∅ / both ∅). **OK after fix.**
5. **`adequatelyGrounded` aggregation + tier semantics (AB-T-05) — SC-6.** Two corrections. (a) Aggregate over the claim's support **set** (`max(tier)` over supporting sources / the cited load-bearing source), not a single `src`. (b) **`tier` is DOCUMENTATION DEPTH, not source authority** (Source WS §3: 0 lookup_receipt → 4 full_workspace) — so the floor means "a load-bearing claim needs ≥ a `source_note` (tier 2) record," which is coherent, but reframe accordingly. `SourceRecord.tier` is 0..3; mode 4 (full workspace) is workspace-level (separate branch — not a `SourceRecord.tier` value). Key the floor to the existing `risk_class: low|medium|high`, not `filing_bound`. **FIX REQUIRED.**
6. **`ContextEvictionPolicy` complexity (BUG-01)** — must be **incremental/rolling**, else O(n²) compute replaces O(n²) tokens. **FIX REQUIRED.**
7. **§11.21 cascade + Phase 3.5** — an eligibility-forced `satisfied → needs_verification` is **not** in Phase-4's "regression" set (`satisfied → needs_revision`), so it may not cascade. **Extend Phase 4 to treat eligibility-forced downgrades as cascade triggers.** **FIX REQUIRED.**
8. **TTL vs invalidation triggers (AB-T-15)** — define precedence: a trigger forces stale regardless of TTL; TTL is an upper bound. Use a monotonic clock. **OK after spec.**
9. **§3.2 verdict map (Common L264–300) — NOT total; off-by-one (SC-2).** The actual enum (evrev §0.4/§5.1 L277) lists **15** values; the map covers **14** (10 → a verdict; 4 "NOT emitted"). **`evaluating` has no row** — an envelope emitted with `overall_state="evaluating"` has no verdict mapping. The recurring "14-value enum" label is also off-by-one vs the 15 listed. **FIX REQUIRED:** add `evaluating → NOT emitted (transient)` (a pre-result state, like `pending`/`dirty`) and reconcile the label. (Corrects my prior pass, which called §3.2 total.)

10. **`worst(producer_state, eligibility_forced_state)` (P-1 monotonic downgrade) — undefined without a severity order.** Define the partial order P-1 uses over `OutcomeEvaluationState`: `satisfied (clean) ≺ needs_verification ≺ needs_human_judgment`; `needs_revision`/`regressed`/`unrecoverable` are already-failing and eligibility never *upgrades* them. `worst` = the more-severe; eligibility may move `satisfied → needs_verification/needs_human_judgment` but never the reverse, and never overrides an already-failing producer state. **FIX REQUIRED** (else `worst` is ambiguous — same class as the provenance `min`).
11. **§11.21 Phase 3.5 recompute must terminate.** Recompute → forced downgrade → Phase-4 cascade → revision → new outcome → §11.21 re-runs → recompute again. Bound it to the existing `consecutive_insufficient_limit` (§6.7.3): a forced downgrade that recurs N times escalates to `needs_human_judgment` rather than re-looping; recompute is monotonic within a pass (clears only on full assurance). **FIX REQUIRED** (else the cascade can thrash).
12. **Composite promotion-gate predicate (P-5 × P-2 × §5.4).** Promotion eligibility is a conjunction of orthogonal axes that all already exist: `promote ⇔ matter_boundary_ok (P-2) ∧ cross_model_applicability ≠ requires_validation (§5.4) ∧ clean_verdict_allowed (P-1) ∧ pattern_promotion_eligible (§5.3, learning path)`. Write it as one predicate so no axis is checked in isolation. ✔ **Works once written as a conjunction** — the risk is implementing one axis and forgetting the others.

---

## I. AB-T-HYDR — placement, precedence, schema

**Placement (SUGGESTION): split.** The *precedence ordering rule* is task-architecture semantics → **Core §13A.9** (alongside §13A.3 isolation invariant and §13A.7 `TaskRunScopeEnvelope`). The *assembly/manifest mechanics* → **DOC24 OP-A** (`OBL-DOC24-TASKCTX-PRECEDENCE-01`, extending `OBL-DOC24-CTXPKT-01`; DOC24 owns sealed assembly + manifests, card §38). Pure-DOC24 orphans the rule from the Core invariant; pure-Core forces Core to specify DOC24 internals.

**Precedence order — right; make non-droppability explicit.**
```ts
type TaskPathInstructionPrecedence = {
  source_class: "user_directive"|"task_objective"|"run_guidance"|"matter_policy"|"global_learned_pattern"|"safety_required";
  rank: number;          // safety_required=0 (non-overridable); user_directive=1; task_objective=2;
                         // run_guidance=3 (Feedback §4.2 RunGuidanceItem); matter_policy=4; global_learned_pattern=5
  droppable: boolean;    // safety_required=false; user_directive=false
  source_class_provenance: GateSignalProvenance;  // trace-derived for high-stakes/privileged/filing (P-4)
};
type InstructionConflictStrategy = "mask" | "merge_flag" | "escalate";  // recorded in the §38 manifest
```
safety/policy-required sits **above** the user, not "highest user" (it cannot be user-overridden). **Large attachments:** small → inject (DOC24 §27.0A); large → Source Workspace/DOC25 (`SourceArtifact`/`ArtifactSegment`) → file lane (§27)/compact (§28). I'd **default lazy-retrieve under a `SnapshotReferencePin`** (reuse AB-T-17) so large context is freshness-pinned + matter/privilege-bounded; front-loading blows the budget the rule protects.

---

## J. OP-A obligation contracts (the five candidate rows)

Proposing obligation **content** only (owners flattening-scoped — not editing DOC24/DOC73/DOC20 here).
```ts
// OBL-DOC24-MATTER-CONF-01 (DOC24) — AB-T-03
type Obl_DOC24_MatterConfidence = {
  produces: "MatterResolutionInputs";
  fields: { candidate_matter_refs:"EntityRef[]"; confidence:"calibrated_prob_0_1 per candidate"; separation:"number" };
  calibration: "REQUIRED — confidences calibrated; method declared (§H #2)";
  provenance: "deterministic_or_independent"; consumed_by: "Core §13A.8 MatterResolution"; };

// OBL-DOC24-CTXPKT-01 (existing, DOC24) — AB-T-15 + BUG-03
type Obl_DOC24_CtxPkt = {
  adds: ["TaskKnowledgePackFreshnessPolicy","ContextPacketFidelityContract"];
  ContextPacketFidelityContract: { freeze:"forum timeline at sequence_id for the assembly window";
    fields:{ sequence_id:"string"; frozen_at:"ISO8601"; budget_computed_against_sequence_id:"string" };
    invariant:"budget calc and prompt serialization read the SAME sequence_id"; }; };

// OBL-DOC73-QUARANTINE-01 (DOC73) — P-5 (EXTENDED to DOC72; renamed)
type Obl_DOC73_PromotionQuarantine = {
  rule: "artifact with clean_verdict_allowed=false (downgraded / SourceMissing / ambiguous_hold) has promotion_eligible=false";
  applies_to: ["DOC73 Library/Corpus promotion (Source WS §9.3)","DOC72 task-memory summary (Source WS §9.2)"];
  carries: "ContextBoundaryRef"; release: "human WorkProductCertification";
  blocked_release_if: "boundary.scope_kind=='pending_matter_assignment' (IB-11)"; };

// OBL-DOC20-ENFORCEMENT-BADGE-01 (DOC20) — P-6
type Obl_DOC20_EnforcementBadge = {
  computes_from: "CleanVerdictEligibility (Common §3.8)";
  EnforcementBadge: { headline:"string"; presentation_status:"DERIVED, not stored"; counts:"Record<string,number>" };
  EnforcementCase: { grouped_dimensions:"VerdictHonestyDimension[]"; provenance_per_dimension:"GateSignalProvenance[]";
    actionable_self_reported_signals:"string[]" /*BETTER_IDEA*/; click_through_refs:"string[]" };
  rule: "DOC20/21/22 MUST NOT each invent badge semantics — single read-model"; };

// OBL-DOC24-TASKCTX-PRECEDENCE-01 (DOC24; placement SPLIT, §I) — AB-T-HYDR
type Obl_DOC24_TaskCtxPrecedence = {
  rule_home:"Core §13A.9"; mechanics_home:"DOC24 sealed assembly + manifest (§38)";
  carries:["TaskPathInstructionPrecedence","InstructionConflictStrategy"];
  provenance:"source_class label trace-derived for high-stakes/privileged/filing (P-4)"; };
```

---

## K. BETTER_IDEAs

1. **Derive `GateSignalProvenance` from `AssuranceBasis` mechanically (P-4 table).** Turns P-4 from a field-someone-fills into a property the system computes from what actually ran — the difference between a stricter *reporting* layer and real *enforcement*. Highest-leverage idea on the card; currently under-mechanized.
2. **`CleanVerdictEligibility` as a thin projection (DT-4).** Removes the duplicate-truth risk *and* shrinks P-1; most of the work is one total precedence function over fields the envelope already has.
3. **`precedence_ruleset_id` on the eligibility** — when the precedence rule changes, cached eligibilities invalidate (mirrors the flattening plan's hash-invalidation; ties to §11.21 recompute).
4. **Provenance-downgrade → actionable path** — `EnforcementCase` surfaces *which* signal was `self_reported` so the user can supply an independent check; a hard block becomes a next step.
5. **`RetaintCascadePlan` dry-run** via the existing `RevisionSideEffectPolicy{requires_dry_run:true,requires_human_gate:true}` (§11.18) before executing the privilege re-taint — prevents a runaway destructive cascade.
6. **Calibration contract for matter confidence (§H #2)** — make `OBL-DOC24-MATTER-CONF-01` specify scale + calibration; a separation threshold on uncalibrated scores is meaningless. Directly protects the CRITICAL item.
7. **The headline simplification — P-1 is ONE invariant, not a checklist.** Everything P-1/P-4/P-5 enforces reduces to: **no presented verdict is more favorable than its weakest load-bearing support.** Formally `presented_favorability ≤ min` over a lattice of `{ grounding_adequacy, assurance_provenance_strength, documentation_depth, matter_resolution_certainty, freshness }`. Framing it as a single monotone `min` (a) makes the precedence function obviously total, (b) unifies the six dimensions/preconditions under one rule, and (c) is the subtractive collapse — `CleanVerdictEligibility` becomes "the projection that computes this min and forces the state when the min sits below the presented verdict." The cleanest version of the whole construct.
8. **`derivePresentationStatus()` as a shared pure function in Common (§3.10), imported by DOC20/21/22 — not re-implemented.** Turns "MUST NOT each invent badge semantics" (P-6) from a rule into a single code path; one function is the only real guard against three renderers drifting.
9. **Lazy `precedence_ruleset_id` invalidation at promotion/egress.** A dormant `satisfied` outcome won't re-enter §11.21 when the precedence rule changes, so it never recomputes. At promotion/egress (P-5 already checks eligibility there), if `eligibility.precedence_ruleset_id ≠ current`, recompute before trusting `clean_verdict_allowed`. Closes the staleness hole for outcomes not in active revalidation.

---

## L. Value-tiered summary

**Critical (resolve before these constructs are written):**
- BUG-A: P-1/AB-T-02/bug-7 depend on `EvaluationChainResolutionPolicy`/`RequiredQuorumManifest`/`RevisorTerminationLedger` — absent from the whole operative set + base R3.1. Re-home P-1 onto `EvaluationResultEnvelope`+§3.2; bug-7 onto §6.7.3; flag the others as co-landing proposals (symmetric with Appendix O).
- BUG-B: `FeedbackFindingView` does not exist; gate the shared `EvaluationResultEnvelope.overall_state` / `EvaluationFeedbackBundle.EvaluationDecision` + `blocks_downstream`.
- DT-1/DT-2/DT-3/DT-4: duplicate truth — `AssuranceExecutionRecord` ⊆ `AssuranceAndLimitationSlice` (§4.4); `substrate_freshness` ⊆ `evidence_status`; learning-quarantine ⊆ `pattern_promotion_eligible`. Make P-1/P-4/P-5 thin extensions, not parallel records.
- IB-9: Pattern C — eligibility must be chain-scoped or a downstream Judge launders a clean verdict.
- IB-13: matter-hold `HardRevisionCall` must default `pause`, never `continue_without_fix` (silent privilege crossing — the AB-T-03 failure mode).
- §H formula fixes that block correctness: MatterResolution totality + calibration (#2); provenance lattice (#3); `adequatelyGrounded` aggregation + tier-4 (#5); BUG-02 resample_seq not random (#1); ContextEviction incremental (#6); §11.21 Phase-4 cascades eligibility downgrades (#7).
- GAP BUG-04: P-4 caveat insufficient; add payload-taint-preserved + output-non-instruction-eligible.

**Substantive:**
- BUG-C citation fixes (reclassification = V3.3.1 L7723/L7793, a non-blocking warning today; `task_agent_fallback_policy` = V3.3.1 §6.9.1, a 3-value enum — P-3 subsumes, not reuses; DT-5).
- P-2 BUG: `matter_ref` required for §9A learning (Core §9A.1/.2 carry flat `context_class_key`).
- P-5 GAP: quarantine must cover DOC72 task-memory (Source WS §9.2), not just DOC73; IB-11 (no release under pending-matter boundary).
- OPEN_FOR_ARCHITECT: no canonical privilege-classification enum exists (only `privileged:boolean` + `AccessTier`) — define one or key P-2 to the existing pair.
- Paste-ready schemas + lints + fixtures supplied for P-1..P-6, AB-T-03/04/05/06/07/12/15/16/17, BUG-01..04, HYDR, all five OP-A rows.
- §11.21 Phase 3.5 (recompute eligibility); IB-4/10/12 lints.

**Minor:**
- "quarantine" naming collision with taint/pattern quarantine — rename P-5.
- Verify/extend `IndeterminateCause` (V4 R203) rather than invent presentation vocab.
- AB-T-10 append-log filenames not found in pulled specs — confirm substrate home before binding the partition.
- D1 wording: "field PLUS state-flip."

**Considered and declined:**
- Discrete `satisfied_downgraded` state (Gemini) — correctly declined; the flip onto existing states is the routable signal (D1).
- Hard `CausalProof` gate (AB-T-08) — correctly declined; it is the self-reported-signal theater P-4 forbids.
- Standalone portfolio orchestrator (AB-T-09) — correctly declined for admission/read-model-only (Sec-2.2-safe).

---
*Reviewer: Claude Opus 4.8. Operative anchors verified against `wbrody/Elnor-Specs@main`: Core R0.7.1, V3.3.1, Common Contracts V1.1.1, Source Workspace V1.0.1, Task Forum V1.0.1, Feedback Delivery V1.0.1, base R3.1. Cross-doc changes are OP-A candidate content only; no spec edits proposed inline.*