KB-7273
Codex-Style Self-Review Matrix
4 min read Revision 1
c1stagingcodex-r1-fixself-reviewmatrix2026-06-23
11 — CODEX-STYLE SELF-REVIEW MATRIX
Adversarial self-gate: I tried to REJECT my own patch using Codex's methods before claiming ready.
| Codex concern | Test / inspection performed | Expected safe result | Actual result | Evidence | Verdict |
|---|---|---|---|---|---|
| injection / sh -lc / eval | `grep -RnE '$[*@]','eval | sh -c | sh -lc | bash -c','docker exec.*sh -c'` on deployed bin/ | no user data through a shell |
| injection — runtime guards | sourced _common.sh, ran stg_assert_sandbox_name/stg_assert_ttl with hostile inputs |
off-limits/regex/injection names + bad TTL refused | 9/9 expected (directus/postgres/badfmt/injection→4; valid→0) | file 12 | PASS |
| SBX propagation | read deployed P1 (emits SANDBOX_JSON); read plan jq-capture+regex+db==id; `grep '<SBX> | placeholder'` | machine-readable id consumed downstream; no placeholder | P1 emits JSON; plan captures via jq, validates; no placeholder in exec paths | file 04, 12 |
| P5 fail-closed oracle | read c1_run: accepted→pass=false hardcoded; rejected→exact match only; FATAL gate; case_no PK; verified OR short-circuit + split_part read-only |
bad accepted=FAIL; unexpected exception=FAIL; 9/9 or abort | exact-match logic confirmed; gate raises unless 9/9·0fail·0accepted·residue=3 | file 05, 12 | PASS |
| P6 false-PASS prevention | read p6: FATAL gate (P3/P4/P5 ledger, 3 validated, 9/9, isolation 42P01, 0 orphan) precedes digest/PASS | no digest/PASS without full upstream | gate before digest; RAISE aborts psql (ON_ERROR_STOP) | file 06, 12 | PASS |
| official runtime unchanged | query_pg BEFORE / AFTER / AFTER-AFTER (11 metrics + DB list) |
before == after; staging_dbs=0 | identical across all three; staging_dbs=0; no new DB | file 02, 09, 12 | PASS |
| drop guard | self-tests + code read: regex requires c1_staging_; db derived from id; off-limits refused; empty refused (exit 3); active-registry required; defense-in-depth in stg_drop_db |
cannot drop official/empty/unregistered | refused directus/postgres/bad/injection (exit 4); empty→exit 3; active-registry check present | file 03, 12 | PASS |
| TTL honesty | read README/ROLLBACK + p1b | no automatic-timer claim; cleanup=P2/trap | docs say advisory/manual, no timer; typed expires_at stored | file 07 | PASS |
| manual SQL bypass | grep/read: all SQL via named primitives through stg_run_sql_file; no raw manual SQL path added |
no ungoverned SQL | none introduced | file 03, 08 | PASS |
| scope drift / APR-0415 avoidance | sha256 of official files unchanged; only staging tree touched; no APR/dot-apr-approve/promotion/dot-bin | staging-only; APR-0415 untouched | official before==after; APR-0415 pending; no promotion | file 09 | PASS |
| hardcoded secret / path risk | secret-pattern scan; PG user resolution check | no secrets; no hardcoded creds | none (only "token" comment FP); PG user via printenv; directus only in off-limits list |
file 08, 12 | PASS |
Result
Every row PASS. No row is HOLD/FAIL. → CLAUDE_CODEX_STYLE_SELF_REVIEW_PASS.
Transparent residual (does not downgrade any row)
The exact runtime reject_code/SQLSTATE of the 9 P5 cases is statically derived against the deployed trigger/constraint logic and read-only-verified for the short-circuit + extraction mechanics. Full runtime confirmation can only occur during the Codex-R2-gated dry-run (hard lock forbids running it now). The failure mode of any mismatch is fail-closed abort, never a false PASS — so the "P5 fail-closed oracle" row is correctly PASS.