ELNOR REPO READER TEXT MIRROR Original path: Memory Rebuild Docs/Stage_6_Charters/E1_E2_DOC81_Scope_Policy/E1_E2_R2_Application_Report.md Source repo: /Users/OpenClaw1/Elnor/Elnor Specs Git branch: main Git commit: dbaa25962edc11ab30e8d4ca1715f9ae5bf77331 Generated: 2026-06-09T01:23:58.539Z --- # E1/E2 (DOC81) — R2 Application Report **Date:** 2026-06-04 · **Applied by:** Claude Code (per `E1_E2_R2_Application_Commission_Claude_Code.md`) **Target modified (in place):** `DOC81_Scope_Policy_Charter_Draft.md` — R1 + 2 CODEX fixes (1,382 lines) → **R2 (2,255 lines)**. **Authority applied:** `E1_E2_Adjudication_Card.md` — §1-bis rulings R-1…R-5; §4 forks F1–F10 (F8 superseded by R-2); §2 U-clusters U1–U33; §5 declines D1–D12 (as verified non-changes). Paste-ready bodies diffed **field-by-field** from the three reviews per the card's merge decisions (D12 standing rule honored — no review patch pasted wholesale). **Constraints honored:** only the draft was modified; only this report was created; no `git`; no new version-suffixed files; no E0 re-declaration; no retired name reintroduced; §9 stays downward-only. The header status line now reads: *"R2 — adjudicated design-red-team round applied; awaiting CODEX application audit + delta re-review."* The next steps are the CODEX application-fidelity audit and the delta design re-review of changed sections (card §8 steps 3–4). --- ## 1. Per-edit-unit results (card §7's 19 units, in order) Section line numbers are approximate (R2 numbering). | # | Section | What changed | U/F/R discharged | Result | |---|---|---|---|---| | 1 | **NEW §3.0** (~§460–600) | Added the `PolicyLattice` module (chains/`PolicyPoint`/`BOTTOM`/`TOP`/`meetPoints`/`leqPoint`/`makeCoherent`) from CL §2.1 with **GPT §4.4 `AXIS_RANKS` as the rank source** (never enum order); `PolicyRuntimeFreshnessKey` (GPT §4.2, declared-by-DOC81/components-EC-owned); `PolicyEvaluationContext` (GPT §4.3); the F1 floor-the-axis rule; NI-2/3/4 design-rationale note. | U1, U5, U6; F1; NI-2/3/4 | LANDED | | 2 | §2.1–§2.2 | `unknown_synthetic` scope kind + lifecycle + `VisibilityClassRef`; `ScopeEquivalenceCluster` + pairwise evidence + **firewall guard** (CL §2.10 default per F2; GPT full-pairwise recorded as the declined stricter alt); `*_topology_link` renames + `load_bearing_effects`; DAG acyclicity + depth bound; **Project↔scope seam** (RD §3.8). | U10, U11, U16, U27c, U30; F2 | LANDED | | 3 | §2.4–§2.6 | `ScopeResolutionResult` additions (confidence breakdown = min-of-required, population pinning, sensitivity inputs, protection derivation, freshness key, generation/effective-time, threshold ref); **NEW §2.6 `ScopeSearchCoverageProof`**. Floor type alias `ScopeConservatismFloor` (table lives in §4.6.1 per the U2 §2.4+§4.6 split). | U2, U16, U24, U5 | LANDED | | 4 | §3.1 + §0 | §0 brand block → **real `Brand`** brands (all primary IDs + `ExternalVocabularyValueRef`); `MemoryPolicyDecision` carries `policy_evaluation_context_ref` + `disclosure_vector` + `valid_from/valid_to` + `freshness_key`; `learning_scope` gains `same_firewall_only`. | U31, U20, U6, U8, U5 | LANDED | | 5 | §3.2 | **meet v2** — full ordered normative pipeline (generation/effective-state precondition → egress precondition → context/in-force filter w/ F1 per-axis flooring → per-axis MIN incl. always-present domain contribution → floor → sticky-restrictive → obligation resolve/conflict → coherence LAST); `excluded_decision_refs`; v2 lints. | U1, U5, U6, U7, U9; F1 | LANDED | | 6 | §3.3 | Expanded `PolicyObligationKind` (+PropA/V15 kinds) + `PolicyObligationEnforcementOwner` (+DOC84/DOC86) + typed union + `PolicyObligationConflict` + `PolicyObligationDischarge` + transitive-dominance resolution (CL §2.6); **`PolicyMembraneDispositionDerivation`** (derived disposition). | U9, U22; F6 | LANDED (closes §13.4) | | 7 | §3.4 | `PolicyStampScopeItem[]` triple-binding; `PolicyCeilingSnapshot` + `RestampChainIntegrity` (compare-to-root, no ratcheting); restamp **discriminated union** keep/downgrade/block; per-item invalidation deltas; **`RestampAuthority`** with R-2 firewalled-only `human_required`. | U3, U4; F8→R-2 | LANDED | | 8 | §3.5–§3.6 | Disambiguation **blocking/non-blocking union** + `PolicyDisambiguationAnswer` (never-direct-allow effect) + `deadline_at`; `EpisodePolicyEpoch` `epoch_version` CAS + bitemporal window + linear chain. | U23, U5; M6, M7 | LANDED | | 9 | §4.1–§4.2 | `DisclosurePermissionVector` + meet + `deriveDisclosureClass` + `CountDisclosurePolicy` + `DISCLOSURE_ALLOWS`; `SafeLabelDisclosurePolicy` revision (conditional `default_label_ref`, internal manifest label — GPT §4.13/M5). | U8, U33 (M5) | LANDED | | 10 | §4.3–§4.5 | `ExtractionRoutePolicyEnvelope` real refs (rule refs/gate result/governance ref); `PolicyCappedDAMSInput` keyed + `EligibilityCeilingDerivation`; `ContaminationRiskMeasurement` (DOC84-owned, F9) + executable threshold rule; `TopicRiskConfirmation` + `auto_created_lens_only` (D12 enum guard — `unbounded_requires_review` kept). | U19, U21, U33 (M4); F9; D12 | LANDED | | 11 | §4.6 + **NEW §4.7** | `ConservatismFloorEffect` table (F3 seed); `DomainProfilePolicyContribution` (B3); `DomainPolicyThresholds` + `ThresholdEvaluation`; **`DestinationPolicyCrosswalk`** constraint table (F5 — GK total-function rejected); NEW §4.7 action closure + predicates (seed). | U17, U7, U29, U1 (B3); F5 | LANDED (closes §13.5) | | 12 | §5 | `CascadingSourceInvalidationRun` + `PlaneCascadeStatus` + `LastActiveSupportEdgeEvaluation` (denominator proof); freeze-then-5-planes ordering, idempotent monotone-down, legal-hold dominance; **F10 framing preserved** (`doc84_published_views` is a row within the DOC84 plane; DOC83 freeze is pre-fanout, not a 6th plane). | U15; F10 | LANDED | | 13 | §6 | `LegalHoldSelector` + `DestructiveJobLegalHoldGate`/`Registry` (default-block) + `LegalHoldClearance`; §6.3 consumption-time re-gate; **NEW §6.5 portability**; **NEW §6.6 cache keys**; **NEW §6.7 quota envelopes**. | U12, U27a/b, U26, U25 | LANDED | | 14 | §7 | `CollectionMode` rank + `meetCollectionMode` + governance backfill + **`CollectionSuppressionEvaluation`** (R-4 ambiguity = `defer_review_fail_closed` + reviewable queue); source-exclusion input/output cycle fix + closure; V15-01 exact mapping confirmed (`same_firewall_only`). | U18, U19, U20; R-4 | LANDED | | 15 | §8 | Removed `\| string`; closed `RelationTraversalPolicyKind` + `RelationTraversalPolicyRegistry` (default-deny) + `RelationTraversalBudget` + `RelationTraversalExecutionTrace`. | U11 | LANDED | | 16 | §9 | `PolicyUIExport` expanded to per-(action,destination) `scope_items` + disclosure vector + count policy + `pending_disambiguation_ref` + `coordination_trace_ref` + freshness key + optional MFC ref (GK); **`visible_action_disposition` EXCISED (F7)**; M8 command-note. | U13, U33 (M8); F7 | LANDED | | 17 | §10–§11 | §10 enforcement table extended with 8 new invariant rows (freshness, triple-binding, coherence, sticky-restrictive, action closure, dormant-firewall, R-1, R-5); §11 M1 lint-count fix (11 of 16; named the 5 E10/DOC86) + NI-1 property-fixture family + the two R-lints. | U33 (M1), NI-1 | LANDED | | 18 | §12–§13 | §12-bis golden-scenario steps 2/8/11.5 + §20 trace row + degraded states (M5); §12-ter R-5 Phase-2 readiness; §13.4/§13.5 → RESOLVED; §13.1/§13.2 → CONFIRMED; **NEW §13.6 architect-confirm seed table**; classification/derived split note. | U33 (M5), U22, U7, U28; R-5 | LANDED | | 19 | §14 | **§14.2 REPLACED** with GPT §4.12 corrected table (row-accurate vs fixed §7.3); §14.3 adds Round D §3.8 + the ~28 new-schema Owner-Map discharge list + U30 rename entries + U28 classification rows. | U14, U27c, U32, U28 | LANDED | **Items not landed: none.** All 19 units landed. No blockers encountered; no improvisation. The single mechanical defect introduced mid-pass (a stranded `​```typescript` fence in the §4.2 replacement) was caught by the fence-balance regression check and corrected before completion. ## 2. §1-bis rulings (Pass 2) — expressed normatively - **R-1** → **NEW §4.0** (internal-use-permissive default; the exhaustive 4-item internal-block list; the explicit non-blockers incl. privilege⇒egress-only / holds⇒destruction-only / privacy-topics⇒collection-only / cross-matter⇒relevance+send-time; lint `policy.internal_use_blocked_without_qualifying_basis` + negative fixture). LANDED. - **R-2** → **§3.4** (`RestampAuthority` with `human_required` only for `firewalled` crossings; all else `agent_autonomous`, both directions, incl. disclosure-raising; DOC5 send-time gate is the human checkpoint; CL §2.5 authority-tier rule replaced). LANDED; **supersedes F8** (recorded as such in the mapping table). - **R-3** → **§4.2** (surface-keyed notice posture pair — `ui_disclose` MAY be specific for non-wall restrictions; output-embeddable notices generic + bucketed; walls produce no notice; wired as default decision postures, not new schemas). LANDED. - **R-4** → **§7.1** (`CollectionSuppressionEvaluation.disposition = defer_review_fail_closed` for ambiguous suppress/exclude matches, with the reviewable-queue surface noted, no interrupting prompt; F1 contain-and-continue noted at §3.2 step 1). LANDED. - **R-5** → **§12-ter** (Phase-2 readiness: principal keys mandatory; per-user restrictions arrive as a DOC5-produced decision source; egress generalizes to principal-boundary crossing) + **§11** lint `policy.internal_use_default_assumed_single_principal`. LANDED. ## 3. Regression checklist (card §7 10-point gate) — results | # | Check | Result | |---|---|---| | 1 | No E0 contract re-declared (freshness-key + context reference EC/E0 components, never redefine) | **PASS** — 0 declarations of `ReasonCodeRegistry`/`DomainProfileRegistry`/`MemoryFlowCertificate`/`MemoryMutationEnvelope`/`MemoryCoordinationTrace`/`E0EgressAttestation`/`EffectiveStateGenerationId`/`PolicyGenerationId`/`ReasonCodeId`/`DomainProfileId`. The freshness-key components + `E0InteractionMode` are referenced, with a §0 note that they are EC/E0-owned. | | 2 | No retired name reintroduced | **PASS** — `ScopeMembrane`/`ask_user`/scalar decisions appear only in retired-guard/replacement context; `source_membership`/`topic_membership` appear only in the U30 rename notes (renamed to `*_topology_link`). | | 3 | §9 acyclicity — exports downward only | **PASS** — `AvailabilityDisposition` + `visible_action_disposition` appear only in DOC86-boundary notes (the latter excised per F7); `import_graph.upward_schema_import_to_policy` lint present; reverse direction is the M8 EC-routed command. | | 4 | §7.3 ↔ §14.2 row-for-row consistent | **PASS** — §14.2 replaced with the corrected table; V15-02 (`SchemaMigrationPlan`→§3.3) and V15-05 (post-retrieval critique→§3.3/§6.3) match §7.3 in both tables. | | 5 | One-owner held incl. F7/F9 boundaries | **PASS** — `ContaminationRiskMeasurement` carries `schema_owner: 'DOC84'` (named-not-owned, F9); `ExposureContextSchema` is referenced via `exposure_context_ref: string`, never redefined; `visible_action_disposition` excised (F7). | | 6 | Zero `\| string` escapes; zero bare-string primary IDs | **PASS** — the only `\| string` hits are comments documenting the *removed* §8 escape; all primary IDs are `Brand`; `schema.primary_id_not_branded` lint present. | | 7 | Gate+lint+fixture triple for every new invariant | **PASS** — §10 extended with freshness, triple-binding, coherence, sticky-restrictive, action closure, dormant-firewall, R-1 internal-use, R-5 principal (each with runtime gate + Stage-9 lint + Stage-8 fixture). | | 8 | Golden scenario + §18 fixtures for the `same_firewall_only` chain + egress phase | **PASS** — §12-bis declares steps 2/8/11.5 + the §20 trace row; `same_firewall_only` is in the learning chain (§3.0) and the NI-1 + per-section fixtures exercise it. | | 9 | Line count + §0 bind-list updated | **PASS** — header records R2 + magnitude; §0 bind-list extended with the freshness-key components; 2,255 lines. | | 10 | §1.5/§1-bis boundary audit | **PASS** — nothing classifies destinations (the `DestinationPolicyCrosswalk` resolves to E0 classes and flags attestation; the classifier stays DOC5/EC §22), runs confirmations (`PolicyDisambiguationRequest` decides *that* confirmation is needed; DOC84/DOC5 run it), owns a privilege taxonomy (sensitivity is a referenced input seam), or blocks internal use outside the R-1 four (enforced by `policy.internal_use_blocked_without_qualifying_basis`). | **Structural integrity:** code fences balanced (80, even, open/close alternation verified); 15 top-level `## §` headers (§0–§14); no duplicate type/interface definitions of the shared types; open `OPEN_FOR_ARCHITECT_REVIEW` items = **0** (the two textual mentions are the §0 convention description and the §13 "go to zero" statement). ## 4. Complete disposition mapping (every U1–U33, F1–F10, R-1–R-5, D1–D12) ### §2 U-clusters | ID | Landing | Note | |---|---|---| | U1 | §3.0 (PolicyLattice) + §3.2 (meet v2) + §4.6.2 (domain contribution) | F1 = floor-the-axis adopted | | U2 | §4.6.1 `ConservatismFloorEffect` (F3 seed) + §2.4 floor type | intermediate cells → §13.6 seed | | U3 | §3.4 `PolicyCeilingSnapshot` + `RestampChainIntegrity` + restamp union | compare-to-root, no ratcheting | | U4 | §3.4 `PolicyStampScopeItem[]` + per-item invalidation deltas + `lifecycle_state` | triple-binding fixed | | U5 | §3.0 `PolicyRuntimeFreshnessKey` + §3.2 step-0 precondition + §3.1 valid-time + §3.6 epoch CAS | GK `PolicyEpochVersion`-on-E0 declined (D4) | | U6 | §3.0 `PolicyEvaluationContext` + §3.1 ref | applicability rule added | | U7 | §3.2 egress precondition + §4.6.4 `DestinationPolicyCrosswalk` | **closes §13.5**; GK total-function rejected (D3) | | U8 | §4.2 `DisclosurePermissionVector` + `deriveDisclosureClass` + §3.1 field | scalar always derived | | U9 | §3.3 typed union + `PolicyObligationConflict` + `PolicyObligationDischarge` + resolution | +DOC84/DOC86 owners; DOC8 excluded | | U10 | §2.1 `ScopeEquivalenceCluster` + firewall guard | F2 default; GPT full-pairwise = stricter alt | | U11 | §2.2 DAG/depth + §8 closed registry/budget/trace | `\| string` removed | | U12 | §6.1 selector + registry (default-block) + clearance | structural at EC registration | | U13 | §9 `PolicyUIExport` expanded | F7 excision applied | | U14 | §14.2 replaced (GPT §4.12) + lint `propa.opa_landing_table_stale_after_fix` | row-accurate vs §7.3 | | U15 | §5.1 `CascadingSourceInvalidationRun` + `PlaneCascadeStatus` + `LastActiveSupportEdgeEvaluation` | F10 5-plane framing preserved | | U16 | §2.1 `unknown_synthetic` + §2.4 confidence breakdown/protection derivation/population pinning | protection rank → §13.6 seed | | U17 | §4.6.3 `DomainPolicyThresholds` + `ThresholdEvaluation` | fail-closed defaults | | U18 | §7.1 rank + ambiguity + backfill | ambiguity = R-4 disposition | | U19 | §7.2 input/output cycle fix + closure; §4.3 envelope refs | closure default → §13.6 seed | | U20 | §3.0/§3.1 `same_firewall_only` + §3.3 obligation carrier + §7.3 mapping | F4 lattice value | | U21 | §4.4 `PolicyCappedDAMSInput` keyed + `EligibilityCeilingDerivation` + threshold rule | F9 measurement = DOC84 | | U22 | §3.3 `PolicyMembraneDispositionDerivation` | **closes §13.4** (F6) | | U23 | §3.5 request union + `PolicyDisambiguationAnswer` (never-direct-allow) | D2 declined enum not added | | U24 | §2.6 `ScopeSearchCoverageProof` | DOC81-owned; EC produces | | U25 | §6.7 `DOC81BatchOperationQuotaEnvelope` | ties E0 quota family | | U26 | §6.6 cache keys | specializes E0 reproducibility | | U27 | §6.3 consumption re-gate (a) + §6.5 portability (b) + §2.2 Project seam (c) | (c) closes the §14.3 source-coverage gap | | U28 | lifecycle fields on durables; derived objects flagged; §14.3 classification rows | | | U29 | §4.7 closure table + predicates | minima → §13.6 seed | | U30 | §0 `VisibilityClassRef`; §2.2 `*_topology_link` + `load_bearing_effects` | M1/M2/M7 | | U31 | §0 real `Brand` for all primary IDs | lint `schema.primary_id_not_branded` | | U32 | §14.3 Owner-Map discharge list + `LegalHoldState` citation fix | | | U33 | M1 (§11), M3 (§0 brands), M4 (§4.5 `TopicRiskConfirmation`), M5 (§12-bis), M8 (§9), M9 (E0 reason-codes throughout), M11 (§3.1 axes note), GPT M4/M5/M10, NI-1 (§11) | D12 enum swap declined (kept in §4.5) | ### §4 forks | ID | Landing / disposition | |---|---| | F1 | §3.0/§3.2 — malformed axis floors THAT axis (GPT block-whole-action declined) | | F2 | §2.1 — MIN-over-spanning + firewall guard default (GPT full-pairwise = recorded stricter alt, §13.6) | | F3 | §4.6.1 floor seed (per-cell CL∪GPT MEET); intermediates → §13.6 | | F4 | §3.0 `same_firewall_only` inserted into the learning chain | | F5 | §4.6.4 constraint table (GK total-function rejected, D3) | | F6 | §3.3 disposition confirmed + derived (closes §13.4) | | F7 | §9 `visible_action_disposition` excised | | F8 | **SUPERSEDED BY R-2** (§3.4 `RestampAuthority` — firewalled-only human) | | F9 | §4.4 `ContaminationRiskMeasurement` = DOC84-owned consumed interface | | F10 | §5.1/§5.2 — exactly 5 planes; DOC83 freeze pre-fanout; published-views = DOC84-plane row | ### §1-bis rulings | ID | Landing | |---|---| | R-1 | §4.0 (internal-use-permissive + 4-item block list + non-blockers + lint + fixture) | | R-2 | §3.4 (`RestampAuthority` firewalled-only human; supersedes F8) | | R-3 | §4.2 (surface-keyed notice posture pair) | | R-4 | §7.1 (`CollectionSuppressionEvaluation.disposition = defer_review_fail_closed` + reviewable queue) | | R-5 | §12-ter (Phase-2 readiness) + §11 lint `policy.internal_use_default_assumed_single_principal` | ### §5 declines (verified non-changes) | ID | Verified non-change | |---|---| | D1 | GK snake/camel standardize — **not changed** (draft is uniform PascalCase types + snake_case fields, matching E0; no instance to fix). | | D2 | GK `defer_to_safe_label_only` — **not added** (§3.5 union + answer object solve the timeout; no un-sourced enum growth). | | D3 | GK total-function crosswalk — **not used**; §4.6.4 uses the audited-GPT constraint table; unknown fails closed before classing. | | D4 | GK `PolicyEpochVersion` on E0 `MemoryMutationEnvelope` — **not added**; forward-flagged Phase-2 in §3.6/§12-ter (E0 §7.1 CAS + epoch chain cover Phase-1). | | D5 | GPT `visible_action_disposition` on UI export — **excised** (§9, F7). | | D6 | Formal lattice proofs — **not added**; NI-1 property fixtures deliver the assurance executably (§11). | | D7 | GPT full-pairwise equivalence default — **not default**; recorded as the stricter alternative (§2.1/§13.6). | | D8 | CL B20 (output inherits source-privilege meet) — **withdrawn**; §3.0 carries no `composeOutputPolicy`; routes to DOC5 + the sensitivity input-seam. | | D9 | CL B18 disambiguation timeout — **already handled** in §3.5; only the U23 refinements landed. | | D10 | Count/aggregate inference attacks — **forward-flagged Phase-2**; U8 bucketing closes the cheap leak now (§4.2). | | D11 | GK multi-principal axis on `ScopeAffinity` — **not added**; `principal_ref` already on context/result; U27(b)/§6.5 carries the separation invariant. | | D12 | GPT `TopicRiskClass.risk_level` enum swap (`unbounded_requires_review`→`unknown`) — **not applied**; §4.5 keeps the sourced value set; only the §4.24 additions (`TopicRiskConfirmation` + `auto_created_lens_only` + `confirmation_ref`) landed via U33/M4. | --- ## 5. Acceptance summary All 19 edit units landed (none blocked); §1-bis R-1…R-5 expressed normatively; §13 and §14 rebuilt as specified (R1's two OFAR items → 0; new §13.6 seeds; §14.2 corrected; §14.3 discharge list + renames + classification); the 10-point regression checklist passes; this report's mapping table is complete (every U1–U33, F1–F10 [F8-as-superseded], R-1–R-5, D1–D12 dispositioned). The draft grew 1,382 → 2,255 lines — the intended charter weight (the executable contracts downstream charters bind to). *Self-reported honestly for the independent CODEX application-fidelity audit (card §8 step 3). Git history is the version record.*