Incomex AI Portal
KB-7F64

C1 Staging Codex R3 Fixes — Index

4 min read Revision 1
c1stagingcodex-r3-fixesready-for-r42026-06-23

00 — C1 STAGING CODEX R3 FIXES — INDEX

Verdict: C1_STAGING_CODEX_R3_FIXES_READY_FOR_CODEX_R4

Round in: CODEX_REJECT_C1_STAGING_R3_EVIDENCE_FALSE_PASS_RISK (external Codex R3).

Scope of mutation: /opt/incomex/staging/c1/ only. Official runtime read-only. Dry-run executed: NO. Staging DB created: NO. staging_dbs: 0. Official before==after: YES (db_list_hash=dfc368f6eb899ad5b0006466195fb4ab).

What the R3 blocker was

P3/P4/P5 committed their DONE ledger rows before their fatal gates ran (gates were post-COMMIT statements). P6 then trusted those DONE stamps and did not independently verify the exact canonical set — so an ignored upstream gate failure could reach a committed P6 PASS for a noncanonical set.

Fixes applied

  • Fix A (DONE atomicity): P3/P4/P5 fatal gates moved INSIDE the txn, BEFORE the DONE ledger row and COMMIT. Gate RAISE → txn rolls back → no DONE row persists. DONE is the last write before COMMIT.
  • Fix B (P6 independent verification): P6 re-verifies every PASS fact itself — exact 3-op set, field+mode invariants (CASE-guarded), 9-case bad-input via an oracle P6 carries itself (stored pass not trusted; anti-tamper), sandbox_id-matched stamps, 42P01 isolation, 0 orphan. Digest now also spans per-op P4 evidence and the upstream success stamps.
  • Codex R3 #3: plan cleanup requires governed RETIRED_OK for the owned sandbox (NO_OP ≠ success); dry-run gate bumped CODEX_R3_PASSCODEX_R4_PASS.
  • Codex R3 #4: _common.sh adds stg_json_escape + stg_ledger jq-verifies appended JSON (fail-closed exit 7); P1 host-ledger escapes dynamic fields.

Files (read back from AgentData)

00-index · 01-codex-r3-finding · 02-before-official-runtime-snapshot · 03-fix-p3-p4-p5-done-atomicity · 04-fix-p6-independent-verification · 05-done-ordering-static-proof · 06-p6-digest-source-proof · 07-static-no-write-validation · 08-codex-style-self-review · 09-after-official-runtime-snapshot · 10-final-decision

Changed-file sha256 (deployed; local==remote 19/19; registry integrity 18/18)

  • sql/p3-vocab-build.sql 9614809dec22599585ed0b3763c3eb333c5e7ce79b17dddf7aa2d18cd8f01bf9
  • sql/p4-verify.sql 2aeba78ddd2629b3cad730ebdac0ee1a2076badc56962ce0eb39d9b8ad56905d
  • sql/p5-bad-input-harness.sql 44cb64b800b1e861088da5b0e9689a829125d1d881d91afb827f886c9e989618
  • sql/p6-evidence-readback.sql a021c88bff2cd66709e302a9303300daf684f8cc2ef99d33748090b4509f1ac7
  • bin/_common.sh 26777c4866d170c5677ae85092bfcdf03ac05e41b051eac29866e92f775b3f5d
  • bin/dot-staging-sandbox-create 87e262252de7115c66e12886bfe0c84034859707f981796a2984d1840de02b61
  • plan/c1-staging-fast-dry-run.plan.sh ba0eb532fc2876f6843cd8a8f3965e15e79a1a393f41755a3ffcedf3691b84e3
  • registry/primitives.jsonl 8e0ce701ba6ad9bb243dc2d92b96529400a8eeb7a700ffc3c67e5d52878a0c2d
  • ledger/dot_manage.jsonl db57a9b0b3d9cfc90622d8a1bb085af220bffab60ff8d629927c280911e8d153
  • README.md 18b4e4c57e02de4885890a6a9478476c3d612334a79641c678481775c95aa92a
  • ROLLBACK.md 20556292f1a822a85db8845990f0f7a6737b655cb4b7a735da080d1467b647c3

Unchanged (byte-identical to R3 baseline)

sql/p1a-create-db.sql, sql/p1b-meta.sql, bin/dot-staging-sandbox-drop, bin/dot-c1-staging-vocab-build, bin/dot-c1-staging-verify, bin/dot-c1-staging-bad-input-harness, bin/dot-c1-staging-evidence-readback, admission/DOT-100-staging-lite-admission.md.

NEXT

External Codex R4 review. NO dry-run without Codex. NO promotion. NO production. NO APR-0415.