KB-4F5B
Codex R1 Findings → Fix Mapping
3 min read Revision 1
c1stagingcodex-r1-fixfindings2026-06-23
01 — CODEX R1 FINDINGS → FIX MAPPING
Source: knowledge/dev/laws-new/reports/c1-staging-codex-review-before-dry-run/ (rev 1).
Rejecting verdict: CODEX_REJECT_C1_STAGING_BAD_INPUT_FAIL_OPEN.
| Codex finding | Where | Fix applied | File(s) |
|---|---|---|---|
A13 $* reparsed by sh -lc; purpose/owner/ttl unconstrained; predictable temp; no cleanup trap |
_common.sh stg_run_sql_file/stg_scalar/stg_drop_db |
psql as explicit argv via docker exec psql (no shell); "$@" passthrough; stg_assert_ttl; in-container mktemp; EXIT-trap cleanup; cached stg_pg_user via printenv |
bin/_common.sh |
| A8 SBX placeholder, not captured | dry-run plan | P1 emits SANDBOX_JSON; reviewed plan parses via jq, regex-validates, asserts db==id |
bin/dot-staging-sandbox-create, plan/…plan.sh |
| A9 any exception counted PASS; sentinel asserts non-fatal (THE rejecting blocker) | p5 c1_run |
exact-oracle: pass only on expected reject_code/SQLSTATE; accepted=FAIL; FATAL gate raises unless 9/9·0fail·0accepted·residue=3 | sql/p5-bad-input-harness.sql |
A10 digest/P6_DONE without upstream proof |
p6 |
FATAL gate (P3/P4/P5 ledger, 3 validated, 9/9 matrix, isolation 42P01, 0 orphan) BEFORE digest/PASS | sql/p6-evidence-readback.sql |
| A7 TTL manual & overclaimed; P2 ledger logs drop before success | docs + p1b + P2 |
typed expires_at; honest advisory-TTL docs; P2 attempt-then-success ledger ordering |
README.md,ROLLBACK.md,sql/p1b-meta.sql,bin/dot-staging-sandbox-drop |
| #3 P4 invariant non-fatal; no exact set | p4 |
FATAL gate: count=3, exact code set, all validated, 0 invariant violations | sql/p4-verify.sql |
| P3 partial set silently retained | p3 |
FATAL exact-set postcondition (count=3, exact 3 codes) | sql/p3-vocab-build.sql |
P1 --force misleading (CREATE still fails) |
P1 | --force now drops-then-recreates (regex-guarded) |
bin/dot-staging-sandbox-create |
What was intentionally NOT done (scope / hard locks)
- No automatic TTL cron/systemd timer (would be new infra; Codex's acceptable model = P2/trap primary + advisory TTL). Stated honestly instead of implemented.
- No execution of P1→P3→P4→P5→P6→P2; no sandbox DB created.
- No official-runtime change (dot_tools/CAT-006/dot_agent_api_contract untouched); no APR-0415 approve/execute; no dot-apr-approve; no promotion; no dot/bin deploy.