C1-DRYRUN-EXECUTION 10 — Internal Codex Negative Review (A1–A15) — 2026-06-22
C1-DRYRUN-EXECUTION 10 — Internal Codex Negative Review (A1–A15) — 2026-06-22
Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations.
Posture: I do not trust this package's prose. I inspected the actual governed runtime read-only this session. I distinguish engineering PASS from authority PASS, and test/sandbox dry-run from production assembly. Rule: if any attack succeeds, the result is HOLD/REJECT — not READY.
Attack results
| # | Attack | Finding | Verdict |
|---|---|---|---|
| A1 | dry-run did not actually execute | TRUE. No C1 contract to dispatch; dispatcher raises on REAL_RUN; no tool to reach …:8090/dispatch; nothing executed (file 06). |
ATTACK SUCCEEDS → cannot be READY |
| A2 | C1 contract not registered / not read-back | TRUE. DOT_C1_*=0; no write channel; nothing registered (file 03). |
ATTACK SUCCEEDS → cannot be READY |
| A3 | contract not C1-scoped | No contract was created → nothing mis-scoped to exploit. | does not apply (no contract) |
| A4 | contract can write production | No contract; and writes independently blocked (MCP 403, block_after_guard, read-only role). |
defended / does not apply |
| A5 | manifest hash cannot be recomputed | Sample value digest is recomputable (cser-v1 bytes+cmd); the manifest is honestly marked not-frozen (file 04), not falsely claimed recomputed. | no overclaim |
| A6 | authorization matching is loose | Design uses exact set-equality + status='active'; live auth_total=0 so nothing to match loosely. |
defended |
| A7 | no/generic/wrong authorization passes | Impossible — no live verifier surface; auth_total=0 (file 05). |
defended (by absence) |
| A8 | invalid value passes | Impossible — no admission surface (file 07). | defended (by absence) |
| A9 | retry duplicates state | No execution, 0 state (file 08). | does not apply |
| A10 | partial failure leaves orphan | No execution, 0 state. | does not apply |
| A11 | rollback deletes / erases history | No rollback executed; design = versioned-retire-not-delete (file 08). | does not apply / defended |
| A12 | bad input still emits PASS/digest/seal | Impossible — no surface emits any (file 07). This is the critical fail-open check: it does not trigger. | defended |
| A13 | C2/C3 side effect exists | 0 mutations; before==after; no non-C1 write (file 09). | defended |
| A14 | evidence cannot be read back | Evidence is the read-only probe trail; before==after fully re-queryable. | defended |
| A15 | dry-run readiness overclaimed as production readiness | Package states NOT READY, ready-for-production=NO, REGISTRATION_HOLD retained. No overclaim. | defended |
Conclusion
A1 and A2 succeed — by design of the honest outcome: the work did not execute a dry-run and did not register a contract, because the test/sandbox write channel/runtime is missing. Per the governing rule, a succeeding attack forbids READY. The package therefore does not report READY; it reports HOLD. No fail-open attack (A7/A8/A12) and no overclaim/side-effect attack (A13/A15) succeeds, so the result is HOLD, not REJECT.
Internal review verdict: HOLD upheld — C1_DRYRUN_HOLD_TEST_SANDBOX_AUTH_OR_RUNTIME_MISSING. READY is correctly withheld.
Boundary attestation
Adversarial review only; no mutation. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations.