01 — THE CODEX R3 FINDING (and how each part is addressed)

Source: knowledge/dev/laws-new/reports/c1-staging-codex-r3-final-review-before-dry-run/ (Codex R3).

Verdict in

CODEX_REJECT_C1_STAGING_R3_EVIDENCE_FALSE_PASS_RISK

Codex accepted as safe (carried forward unchanged)

R3-SELF-1 fix; injection; SBX propagation; P1 partial cleanup; plan cleanup target; P2 exit handling; --force disabled; P5 fail-closed exact oracle; official runtime protection; staging_DBs=0.

The blocker (Codex 06 / 09)

P3/P4/P5 commit ledger/DONE rows before their fatal gates. P6 treats those rows as DONE and does not independently verify the exact canonical set. Ignored upstream failures can therefore reach a committed P6 PASS.

Codex's static counterexample (06): an active sandbox holds three valid-shape rows including C1.READ_BALANCE but missing one expected code. P3 rejects after committing its ledger; P4 validates then rejects after committing its ledger; P5 can still pass; if the caller continues, P6 sees all ledger rows + 3 validated + 9/9 harness and commits digest/PASS for the noncanonical set.

Codex R3 "Required fixes" (09 + 07) — disposition

1. Move P3/P4/P5 fatal gates before DONE ledger + COMMIT (or post-gate success stamps). → DONE. Fix A. See 03 + 05.
2. Require those success stamps in P6 AND independently enforce the exact three op codes + field invariants. → DONE. Fix B. See 04 + 06.
3. Plan cleanup: require P2 RETIRED_OK/drop_success for the owned sandbox; NO_OP ≠ success. → DONE. cleanup_rc=88 when no RETIRED_OK: <SBX>. See 07.
4. JSON-encode dynamic host-ledger fields and verify the appended JSONL. → DONE. stg_json_escape + stg_ledger jq-verify (exit 7). See 07.
5. Refresh registry/ledger/evidence, rerun static no-write validation, request next external review. → DONE. registry rev=4 (integrity 18/18), ledger seq 11/12, this package; static GREEN; ready for R4.

Why a "blocker" not merely advisory

Although the plan's set -e + per-bin ON_ERROR_STOP mean a real chained dry-run would abort and drop the sandbox on a Pn gate failure (failing safe), the building blocks themselves were unsound: a committed DONE stamp could exist without its gate having passed, and P6 consumed stamps as DONE. The fix makes the DONE evidence atomically mean "gate passed", and makes P6 verify facts rather than trust stamps — so the property holds independent of the harness that invokes the primitives.