KB-3D35
13 — Internal Codex Negative Review (A1–A16) — 2026-06-22
3 min read Revision 1
governed-dot-c1-dryrun-p0-p6internal-codexnegative-reviewhold-upheld2026-06-22
13 — Internal Codex Negative Review (A1–A16) — 2026-06-22
Adversarial self-review. An attack "succeeds" if it shows the result is unsafe or overclaimed; any success ⇒ HOLD/REJECT, never READY.
| # | Attack | Finding | Verdict |
|---|---|---|---|
| A1 | Secret existed but wrong capability used | Secret values not accessed at all; no capability mis-applied | no overclaim |
| A2 | Directus key used manually outside DOT path | Never used; directus_create attempt DENIED by allowlist; no token consumed |
clean |
| A3 | Manual SQL/DDL on governed runtime | None; query_pg read-only; before==after |
clean |
| A4 | Existing DOT should've been reused but new DOT invented | Reuse-first table (file 03); registrar/ensure DOTs reused; only C1 vocab pair flagged new (not authored to runtime) | clean |
| A5 | New DOT created but not registered in dot_tools/CAT-006 | No new DOT created at all ⇒ no unregistered orphan | clean |
| A6 | DOT registered but not wired to dispatcher/contract | No registration occurred; contracts still 2 | clean |
| A7 | Handbook/ledger not updated | No governed change to record; status pointer written; governed rows = operator action | consistent |
| A8 | Preflight false-ready | Preflight reported NO_GO for C1 (refused: no contract); never claimed READY | clean |
| A9 | Dry-run did not exercise governed route | Route WAS exercised live (DOT_KG validated; C1 refused) and labeled route-level, not full dry-run | clean |
| A10 | Bad-input harness missing or not governed | Bad inputs run against the governed dispatcher; reachable cases all refused; unreachable cases documented as no-PASS-by-absence (not claimed as demonstrated harness) | clean |
| A11 | Invalid input emits PASS/digest/seal | None did; every bad case RAISEd before output | clean |
| A12 | Rollback/no-state unproven | before==after table; vacuous rollback; 0 observation rows | clean |
| A13 | Production / current corpus touched | Untouched; read-only + denied probes only | clean |
| A14 | C2/C3 touched | Untouched | clean |
| A15 | Local sandbox evidence overclaimed | No sandbox SQL used as governed proof; this package uses live governed runtime read-only evidence only | clean |
| A16 | Engineering PASS treated as authority PASS | The route-live PASS is explicitly engineering-only; READY withheld; verdict = CAPABILITY_LOCKED | clean |
Two attacks that WOULD succeed against a false-READY (and were honored)
- "You claim READY but C1 is undispatchable" → honored: READY withheld; verdict is a HOLD.
- "You used admin creds to write manually" → honored: creds never used to write; no manual mutation.
Result
HOLD upheld. No attack succeeds against the stated verdict (C1_DRYRUN_CAPABILITY_LOCKED_OPERATOR_ACTION_REQUIRED). A READY verdict, by contrast, would be refuted by A8/A9. Internal Codex negative review = PASS (the HOLD is correct and non-overclaimed).