READY-TO-ASSEMBLE-LEGO1-PATCH1 09 — [P1-6] Canonical Serialization & Artifact Binding — 2026-06-22
READY-TO-ASSEMBLE-LEGO1-PATCH1 09 — [P1-6] Canonical Serialization & Artifact Binding — 2026-06-22
Closes Codex P1-6. Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations. Design-only.
1. Defect (reconstructed)
Prior hash input operation_code|protocol_version|act_type|governing_authority_ref had no escaping, normalization, encoding, null handling, field-version, or canonical serialization — delimiter ambiguity ⇒ non-portable evidence. SUPERSEDED.
2. cser-v1 — versioned canonical serialization
| Rule | Specification |
|---|---|
| Format | Canonical JSON (JCS / RFC 8785 style), not delimiter-joined strings |
| Field names | fixed, explicit; no positional fields |
| Key order | lexicographic by Unicode code point |
| Strings | UTF-8, Unicode NFC normalized |
| Whitespace | none (no insignificant whitespace) |
| Numbers | shortest round-trip form per RFC 8785 |
| Null handling | explicit null (a missing field ≠ null; both represented distinctly) |
| Encoding | UTF-8 bytes |
| Version tag | every serialized object includes "cser":"v1" as the first canonical field-value pair conceptually (covered by digest domain) |
| Digest | SHA-256 over the canonical UTF-8 byte string |
3. Bound artifacts (each gets a cser-v1 digest)
| Artifact | Object serialized | Digest name |
|---|---|---|
| Plan | {cser, plan_id, plan_revision, carrier:"C1"} |
plan_digest |
| Schema | the file-03 field set + constraints (canonical) | schema_digest |
| Value manifest | the file-04 R_C1 projection (sorted by operation_code) |
manifest_digest |
| Per-value record | {cser, operation_code, protocol_version, act_type, semantics_frozen, governing_authority_ref} |
value_digest[i] |
| Authorization | the verifier-bound scope (file 05 §2) incl. plan/schema/manifest digests | bound inside grant scope |
| Execution log | per-state dispatch result (idempotency_root, mode, correlation_id) |
exec_log_digest |
| Readback | post-build snapshot (file-10 base plan) | readback_digest |
4. Binding chain
plan_digest ⊃ schema_digest + manifest_digest; the authorization grant (file 05) binds plan_revision + manifest_digest + schema_digest; the execution records idempotency_root + per-state results; the readback recomputes value_digest[i] and manifest_digest and asserts equality (test T16, file 08). A mismatch anywhere ⇒ fail-closed (no PASS/seal). Evidence is portable because every digest is over cser-v1 bytes, not ambiguous delimiters.
5. Boundary attestation
Design-only serialization spec; nothing hashed in runtime, nothing written. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations. Supersedes prior file-10 §3 hashing rule.