Skip to content

docs(v1.100 Amendment 2): orphan-NFTBan explicit-intent CSF restore path — DOC SEED#518

Merged
itcmsgr merged 1 commit intomainfrom
amendment-2-doc-orphan-nftban-restore
Apr 28, 2026
Merged

docs(v1.100 Amendment 2): orphan-NFTBan explicit-intent CSF restore path — DOC SEED#518
itcmsgr merged 1 commit intomainfrom
amendment-2-doc-orphan-nftban-restore

Conversation

@itcmsgr
Copy link
Copy Markdown
Owner

@itcmsgr itcmsgr commented Apr 28, 2026

Summary

  • Appends Part V (§§52–61) to internal/installer/restore/contract.md defining a narrow explicit-intent override for the orphan-NFTBan-on-DirectAdmin restore case.
  • Doc-only. Single file changed, 454 insertions, 0 deletions, §§1–51 untouched.
  • Authority basis: auditor disposition of PR-26-code-E srv3 partial run (2026-04-28). Options B and C rejected; Option A (narrow explicit-intent override) approved.

What this changes

Splits the existing G1/AuthorityNFTBan row in §6 into two sub-rows evaluated entirely within Group 1:

Sub-row Condition Output Rule label
G1/AuthorityNFTBan/default candidate triple absent REFUSE unchanged behavior
G1/AuthorityNFTBan/orphan-intent-candidate AuthorityNFTBan + NoRecord + DirectAdmin + --panel-auto-takeover + --accept-orphan-nftban delegates to §54 evidence predicate G1/AuthorityNFTBan/OrphanProceed (all rows true) or G1/EvidenceMismatch (any row false)

The split is ENTIRELY within Group 1; no later group ever defeats a Group 1 outcome. §5 precedence rule preserved.

PROCEED activates only for:

AuthorityNFTBan + NoRecord + DirectAdmin + --panel-auto-takeover
+ --accept-orphan-nftban + ALL §54.1 evidence rows true → PROCEED PanelNative/csf

What this does NOT change

  • §§1–51 are byte-unchanged.
  • AuthorityExternal, AmbiguityConflictExternal, AmbiguityOrphanNFTBan G1 hard-stops remain absolute under all flag combinations.
  • Amendment 1 §31 mutation set (A.1–A.7) and §32 11-step ordering: unchanged.
  • §22 state-machine terminals, §19.4 exit codes: unchanged.
  • §51.3 Option B (no iptables introspection): unchanged.
  • §19.2 layer 4 / main.go:132 writeHistory gate: unchanged.
  • INV-PR26-NEW-MUTATION-SURFACES-BOUNDED: holds (decision-only amendment, zero new mutation surfaces).

Locked decisions

  • Q1 LOCKED 2026-04-28: flag name = --accept-orphan-nftban.
  • Q2 LOCKED 2026-04-28: AmbiguityOrphanNFTBan remains REFUSE under all flag combinations.
  • Q3–Q7 remain OPEN; must be locked before amendment-2-code-A opens.

New invariant

INV-AMD2-EXPLICIT-INTENT-IS-NARROW (§52.5) — --accept-orphan-nftban may activate the new lattice row ONLY in combination with --panel-auto-takeover AND Panel == DirectAdmin AND Classifier == AuthorityNFTBan AND Prior == NoRecord AND every §54.1 evidence row holds.

Sequencing

  1. This PR — doc seed only. No code, no CI, no host action.
  2. amendment-2-code-A (separate PR after this merges) — implements §53 + §54 decision-layer logic.
  3. amendment-2-code-E (separate PR after code-A merges) — fresh Tier 1 binary, fresh srv3 destructive run, captures merge-blocking evidence for PR-26 final.

Test plan

  • CI passes (no code change; doc-only)
  • Auditor confirms §§1–51 byte-unchanged
  • Auditor confirms Q1 + Q2 locked verbatim
  • Auditor confirms zero G6/ labels and zero stale "Group 6" model (only allowed phrase is the rebuttal sentence at §53.1)
  • Auditor confirms no code, no CI gate, no host action

🤖 Generated with Claude Code

@itcmsgr @claude
docs(v1.100 Amendment 2): orphan-NFTBan explicit-intent CSF restore p…
255ab9d 
…ath — DOC SEED

Appends Part V (§§52–61) to internal/installer/restore/contract.md.

Authority gap discovered during PR-26-code-E srv3 destructive evidence run
(2026-04-28): the dispatcher refused at G1/AuthorityNFTBan on a host whose
precondition was the canonical "nftban-took-over-from-csf with no
prior-record" state, blocking the destructive cycle from running on a real
host. Auditor disposition (2026-04-28) approved Option A (narrow
explicit-intent override); Options B (different host) and C (manual
pre-mutation) rejected.

Amendment 2 splits the existing G1/AuthorityNFTBan row into two sub-rows
evaluated entirely within Group 1:

- G1/AuthorityNFTBan/default — REFUSE, unchanged behavior for all flag
  patterns outside the candidate triple.
- G1/AuthorityNFTBan/orphan-intent-candidate — delegates to the §54
  evidence predicate; G1/AuthorityNFTBan/OrphanProceed on all-true,
  G1/EvidenceMismatch on any-false.

The split is ENTIRELY within Group 1; no later group ever defeats a Group
1 outcome and §5 precedence is preserved.

PROCEED row activates only for:
  AuthorityNFTBan + NoRecord + DirectAdmin + --panel-auto-takeover
  + --accept-orphan-nftban + ALL §54.1 evidence rows true
  → PROCEED PanelNative/csf

Every other §6 G1 row remains REFUSE under all flag combinations.

Adds new invariant INV-AMD2-EXPLICIT-INTENT-IS-NARROW (§52.5).

§59 Q1 (flag name --accept-orphan-nftban) and Q2 (AmbiguityOrphanNFTBan
REFUSE) locked by auditor disposition 2026-04-28; Q3–Q7 remain open.

Doc-only commit. Single file changed: internal/installer/restore/contract.md.
No production code, no CI gate, no host action. Code phase opens in a
separate amendment-2-code-A PR after this seed merges.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 28, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@itcmsgr itcmsgr merged commit 7080096 into main Apr 28, 2026
57 checks passed
@itcmsgr itcmsgr deleted the amendment-2-doc-orphan-nftban-restore branch April 28, 2026 19:04
@itcmsgr itcmsgr mentioned this pull request Apr 28, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@itcmsgr