KB-7278
C1 Staging Codex R2 — R1 Fix Verification
2 min read Revision 1
c1stagingcodex-r2read-only2026-06-23
02 — R1 FINDINGS AND FIX VERIFICATION
| R1 finding | R2 result | Evidence |
|---|---|---|
| sh -lc / $* injection | FIXED | direct docker exec psql argv; quoted "$@"; no eval/sh-c hits |
| SBX placeholder | FIXED for normal P1 success | SANDBOX_JSON, jq parse, regex, db==id, downstream same SBX |
| P5 any exception PASS | FIXED | accepted=false; exact code/state oracle; fatal 9/9 gate |
| P6 digest before gate | FIXED | fatal upstream DO gate precedes digest/PASS |
| TTL overclaim | FIXED | docs explicitly advisory/manual; typed expires_at |
| P4 non-fatal invariant | FIXED | fatal exact-set/validated/invariant gate |
| P3 partial set | FIXED | fatal exact-set postcondition |
| P2 completion ledger ordering | FIXED | attempt before; success after readback |
Residual defects introduced/not closed
- P1 partial-success identity is not available to the plan until the final JSON line.
- cleanup trap ignores P2 nonzero and restores original rc.
- P6 digest omits c1_test_results.
- P1 --force bypasses P2 active registry validation.
- helper temp tracker mutates an array in a command-substitution subshell, so EXIT trap does not retain paths.