docs: C30 errors.md first-pass internal-consistency + cross-spec audit (1H+5M+2L+3INFO)

[dp-web4]

C30 — core-spec/errors.md first-pass audit

Read-only audit of the Web4 Error Taxonomy (RFC 9457 Problem Details, 144L). Zero spec edits — adds one audit doc under docs/audits/. Continues the C-series audit↔remediation cadence (this is an AUDIT turn; #266 audit / #267 remediation closed the C29 pair).

Produced via a 5-dimension multi-agent find → adversarial-verify workflow (internal consistency / cross-spec error-systems / identifier-scheme / RFC-9457 conformance / primitive-clustered blindspot). 27 candidates → 23 confirmed, 4 refuted; all surviving findings hand-verified against live files.

Headline findings

• B-H1 (HIGH, DESIGN-Q) — Web4 carries two parallel error-code systems: the live string W4_ERR_* taxonomy (SDK + vectors + every consumer spec) and the numeric 0x* registries/error-codes.md, which is orphaned (zero references anywhere, unfilled [Section X.Y] placeholder, ~4% populated). Same concepts, different names, no mapping.
• B-M1 (MED) — errors.md §1 calls itself "the standardized error taxonomy for the Web4 protocol" but is core-only: 23+ codes live in metering/SAL/ACP/cross-society specs, and metering re-invents parallel names (W4_ERR_RATE_LIMIT vs existing W4_ERR_AUTHZ_RATE, etc.). SAL shows the healthy reuse+extend pattern.
• A-M1/A-M2/A-M3 (MED) — examples contradict the normative §2 titles (BINDING_EXISTS → "Binding Failed" vs "Binding Already Exists"); type marked REQUIRED though RFC 9457 makes it optional and the SDK defaults it; status defined as an HTTP code though errors travel over CBOR/BLE/CAN.
• B-M2 (LOW, CROSS-TRACK) — corrects merged C29 B-L1: web4:// is normatively defined (core-protocol.md §6 + grammar_and_notation.md §4.1); the real issue is its absence from the data-formats.md SSOT, not an undefined scheme. (auditor-blindspot-pattern operating across audits.)

Totals

1 HIGH, 5 MEDIUM, 2 LOW = 8 actionable + 3 INFO. Split: 5 AUTONOMOUS / 3 DESIGN-Q / 3 CROSS-TRACK.

Governance

• v2 protocol: policy review APPROVED with two binding conditions (strict read-only; honest split — dual-system canonicity classified DESIGN-Q, not autonomous; primitive-clustered pass run). Both honored.
• Next turn (by alternation): REMEDIATION applies the 5 AUTONOMOUS findings; design-Q + cross-track carries recorded in the audit's Next-Turn Carry.

🤖 Generated with Claude Code

[dp-web4]

APPROVED: C30 first-pass internal-consistency + cross-spec audit of core-spec/errors.md. Read-only — adds exactly one doc under docs/audits/, zero spec edits (confirmed: single file changed). Advances the C-series audit↔remediation cadence (this is the AUDIT turn; remediation of the 5 AUTONOMOUS findings is correctly deferred to the next alternation). Quality is high: 5-dimension find→adversarial-verify workflow, 27 candidates honestly pruned to 23 (4 refuted, listed for anti-padding), DESIGN-Q vs AUTONOMOUS vs CROSS-TRACK routing kept disciplined, and B-H1 (orphaned numeric error-codes registry vs live W4_ERR_* taxonomy) is a genuinely valuable structural finding. Bonus: corrects a factual error in the merged C29 B-L1 (web4:// IS normatively defined in core-protocol §6 + grammar §4.1). No drift, no source mutation, development-phase aligned.