Incomex AI Portal
KB-6CCB

C1 Staging Codex R1 Fixes Ready for R2 — Index

3 min read Revision 1
c1stagingcodex-r1-fixready-for-r22026-06-23

C1 STAGING — CODEX R1 FIXES READY FOR R2 — INDEX

Session: C1-STAGING-CODEX-R1-FIXES-2026-06-23 Date: 2026-06-23 Mode: PATCH staging-lane files only; static/no-write validation; NO dry-run; NO sandbox DB; official runtime read-only.

Input verdict (Codex review revision 1)

CODEX_REJECT_C1_STAGING_BAD_INPUT_FAIL_OPEN — dry-run NOT authorized.

Output verdict (this macro)

C1_STAGING_CODEX_R1_FIXES_READY_FOR_CODEX_R2 Preceded by self-review gate: CLAUDE_CODEX_STYLE_SELF_REVIEW_PASS.

What changed (only under /opt/incomex/staging/c1/)

  • Fix 1 — injection: _common.sh now invokes psql as explicit argv via docker exec <c> psql. No sh -lc, no eval, no $* re-parse. User values pass as psql -v argv words. Unpredictable in-container mktemp temp + EXIT-trap cleanup. TTL format validated.
  • Fix 2 — SBX propagation: P1 emits SANDBOX_JSON {sandbox_id,sandbox_db,created}; new reviewed plan/c1-staging-fast-dry-run.plan.sh captures it via jq under set -euo pipefail with an EXIT-trap cleanup and a Codex-R2 confirmation gate. No placeholder.
  • Fix 3 — P5 fail-closed: exact-oracle harness; pass only on exact reject_code/SQLSTATE; accepted bad input or unexpected exception = FAIL; FATAL DO gate raises unless 9/9 pass, 0 fail, 0 accepted, residue=3.
  • Fix 4 — P6 false-PASS: FATAL DO gate (P3/P4/P5 ledger present, 3 validated ops, 9/9 matrix, isolation proof case8=42P01, 0 orphan) runs BEFORE any digest/PASS is emitted.
  • Fix 5 — TTL honesty: typed expires_at stored; docs state TTL is advisory/manual; cleanup is P2 / dry-run EXIT trap, NOT an automatic timer.
  • Bonus (Codex-required #3 + A7): P4 fail-closed gate; P3 exact-set postcondition; P2 records drop-attempt before / drop-success only after readback.

Headline proofs

  • Official runtime BEFORE == AFTER == AFTER-AFTER: dot_tools=309, contracts=2, table_registry=21, gba=0, appr=231, apr_action_types=14, authorize_build_step.handler_ref=unimplemented, c1/staging-in-dot_tools=0, APR-0415=pending, staging_dbs=0; identical DB list (no new database).
  • staging_DBs = 0 throughout; no sandbox created; no dry-run executed; no evidence/ dir.
  • bash -n 8/8 OK; shellcheck CLEAN; injection grep = only quoted "$@" argv passthrough; guard self-tests 9/9 expected; SQL dollar-quote/txn balanced; registry sha256 self-consistent; registry+ledger valid JSONL.

Files

00-index · 01-codex-r1-findings · 02-before-official-runtime-snapshot · 03-fix-injection-risk · 04-fix-sbx-propagation · 05-fix-p5-fail-closed-harness · 06-fix-p6-evidence-false-pass · 07-fix-ttl-cleanup-policy · 08-static-no-write-validation · 09-after-official-runtime-snapshot · 10-final-decision · 11-codex-style-self-review-matrix · 12-self-review-command-outputs · 13-self-review-final-gate

Gates

  • ready for Codex R2 review: YES
  • ready to run dry-run without Codex: NO
  • ready for promotion: NO
  • ready for production: NO