And what happens if somebody needs to move the coins that are delayed by the vault, because an unauthorized person initiated the transfer in the first place? Will RBF still work in that kind of enclave, or does this design require the consensus to reject such transactions?
The way I understand it, the RBF itself has to be changed and added to the protocol as part of the consensus rules (it currently is just an option) at least for transactions containing the proposed OP codes so that they can treat them differently and enforce it correctly too (ie. reject if the "ephemeral anchor" was not optional).
Yeah, I don't see that happening. It sounds like a more extreme version of fullrbf where instead of being default-on, the "off" switch is completely disabled.
And then all the other full nodes which do not have any support for "node policies" would have to implement the RBF capability as well.