<!-- DOC_STATUS: ACTIVE_NON_AUTHORITY -->

Current State - FIX7 P0 Codex-Rejected SQLite Reproducibility Fix (2026-06-13)

Status: FIX7_P0_CODEX_REJECTED_SQLITE_REPRODUCIBILITY_FIXED_CAPSULE_READY Host: T1 / CLEAN TERMINAL. Authority: local defect fix + capsule reseal ONLY (authorizes nothing; NOT production). Production mutation: NO . Live contact: NO . CI trigger: NO . Secrets: NO . Real production data: NO . Decision selected: NO

On 2026-06-13 Codex REJECTED the FIX7 P0 executable review capsule (CODEX_FIX7_P0_EXECUTABLE_CAPSULE_AUDIT_REJECTED): fresh rerun gave VERIFY/RERUN_ALL exit 1 with rollback-evidence.json + surrogate-rehearsal-execution-evidence.json hash mismatches. Root cause (confirmed, reproduced before fixing): sealed evidence embedded RAW SQLite FILE hashes, which are stable within one runtime but differ across SQLite library builds (3.42.0 vs 3.51.0 vs Codex's build).

Fixed without weakening safety: all pass/fail hashes now derive from the CANONICAL LOGICAL STATE (canonicalize_sqlite_state.py, CANONICAL_LOGICAL_STATE_V1, sha 6997da40...69715c41); raw file hashes are diagnostic-only in unsealed raw-sqlite-diagnostic.json; rollback proof (apply!=before, rollback==before, row counts, row absence) intact on canonical hashes plus within-run raw checks; hardened validator e6547e69...956c47 unchanged; fake no-mutation rollback still fails closed.

Capsule (resealed, same path): /Users/nmhuyen/Documents/Manual Deploy/web-test/codex_review_evidence/fix7-p0-final-pre-real-data-readiness-2026-06-12/

• Final readiness packet tree: ad9e15112d378ca2734707d04b4ff21614148f040d534c43df77d89be574f401 (supersedes b476b547...)
• Capsule tree: 86e553b8cdb5e15cc2c633cb8ed2516f0bc70ead95fbbd737f9aaa1a15541822 (203 manifest files)
• Fixture canonical state pin: ec8a584c...adc8bd
• VERIFY_CAPSULE.sh exit 0 (13/13); RERUN_ALL.sh exit 0 (14/14)
• Cross-build proof: packet RERUN PASS on sqlite 3.51.0 with 4/4 sealed evidence byte-identical; 2 fresh-process runs PASS on 3.42.0
• Bad inputs: capsule 10/10 + packet 12/12 fail-closed, 0 token leaks
• Codex rejection evidence preserved: logs/codex-rejection-evidence-preserved-2026-06-13/

Governance: no fold; registry rev26/idx117 untouched; TKT-OBJ-531..539 reserved APPLY_NOW=NO in the 2026-06-13 standalone addendum (above 530).

Production: STILL BLOCKED / NOT AUTHORIZED. Default HOLD_REAL_DATA. This lane selected nothing.

NEXT: owner routes Codex back to the capsule using knowledge/dev/reports/architecture/fix7-p0-final-codex-audit-prompt-from-capsule-2026-06-13.md (first commands unchanged). If Codex returns PASS -> owner/GPT real-data handoff decision (default HOLD). Real-data/production phases remain separately gated.