The note says "contained within defined bounds" That's Dusk Foundation...
No incident ID. No severity tag. It reads like something written for a reviewer, not for an engineer. Deterministic finality kept landing. Committee ratification stayed clean. Attestation certificates still arrived on schedule.
The release stayed on hold anyway.
Not because liveness failed. Because the only signable statement was "contained", and the file does not close on that. A desk can live with a contained event. It can't live with an event the desk can't clear inside its acceptance window without widening Dusk's disclosure scope and owning the precedent.
On Dusk Foundation, "what happened" is not a free question though. The answer has to be packaged.. an evidence bundle keyed to a policy pack and an entitlement set. Who can see it. Under which credential category. Under which policy version. Whether the scope you use for the bundle is the same scope the venue will accept when the counterparty starts pushing back.
Ops has nothing to escalate. Nothing is "broken'. Risk still will not release. Compliance still won't sign. Dusk Committee attestation is still clean. That doesn't clear acceptance.
Because disclosure scope is not something you turn up when the room gets tense. It is a workflow boundary. Widen it once and you've created the next ticket in advance who authorized the widening, why this case was "special" and whether you just softened the privacy posture for this instrument class going forward.
Most holds on Dusk don't start as incidents. They start as the stuff nobody wants to sign though, policy version, credential category, entitlement.
Which policy version governed execution. Not "the current one." The one that was in force for that exact run. Was the credential category valid at the moment of state transition, not at onboarding, not "earlier today." Who is entitled to receive the evidence package, and how that entitlement is proven without dragging the review into a broader disclosure regime.
Here is what it looks like in the ticket when you strip the narrative out:
TRANSFER_FINALIZED = TRUE
ACCEPTANCE = PENDING
HOLD_REASON = POLICY_VERSION_MISMATCH / ENTITLEMENT_UNVERIFIED
DISCLOSURE_SCOPE_REQUEST = "MINIMUM NECESSARY" (needs counsel ok)
REVIEW_QUEUE ~ 4h (best case, if someone's actually online)
TRADE_WINDOW = 30m real life
Finality is done. The organization is not though.
The venue wants something it can archive and defend. The desk wants something it can point to when limits get reviewed. Counsel wants the scope to match prior decisions somehow. Nobody wants to be the person who approves "just show more", then explains why Dusk's confidentiality model got widened under pressure.
So the hold becomes the control surface.
Not as an emergency tool. As routine policy. Acceptance windows stretch because reviewer time becomes settlement time. Counterparty limits tighten because arguing under confidentiality is expensive even when the state is final. @Dusk Eligibility checks get pushed earlier because nobody wants to discover after execution that the only way to contest is to reopen scope and eat the governance cost of that decision.
Telemetry stays clean. Money does not move.
And the last update in the thread isn't technical. It is procedural. Someone asks for "one more item" in the package, because that's the only safe move left.
HOLD remains. Scope approval pending. Next update is always some variation of "still waiting. who is signing this".