READY-TO-ASSEMBLE-LEGO1-PATCH2 09 — Canonical Serialization / Hash / Artifact Binding Proof (B8) — 2026-06-22

CLOSED (Codex 5.8). Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations. This is the one blocker PATCH2 can fully close now — hashing requires no mutation.

---

1. Codex residual (reproduced)

PATCH1 file 09 described "RFC 8785 style" but supplied no canonical bytes, no digest, no recomputation command, and its §3 plan object omitted schema/manifest digests while §4 claimed they were included. Confirmed real.

2. cser-v1 (pinned)

Canonical JSON (JCS/RFC 8785 profile): keys sorted lexicographically by Unicode code point; UTF-8 NFC; no insignificant whitespace; explicit null (missing ≠ null); shortest round-trip numbers; "cser":"v1" carried as a field; digest = SHA-256 over the canonical UTF-8 bytes.

3. Worked example — REAL bytes and digest (recomputable)

Per-value record (one C1 value), exact canonical bytes:

{"act_type":"governance_operation","cser":"v1","governing_authority_ref":"PG:sb1-gov-vocab","operation_code":"authorize_build_step","protocol_version":"1.0.0","semantics_frozen":{"description":"Issue an L3 governance_build_authorization grant for one build step"}}

value_digest = SHA-256 = 2ab1f90bc57322438186f967613290824c704664d516ca3feec96f01eb99e650

Two-element manifest (sorted by operation_code: assign_governance_owner, authorize_build_step): manifest_digest(2) = SHA-256 = 6f138d35737432d2db98b52175b476d7f4c8d3c037d3c975e8ecb3f576556554

These were computed this session (Python hashlib, NFC, UTF-8) and are deterministically reproducible.

4. Recompute command (anyone, anytime)

python3 - <<'PY'
import hashlib, unicodedata
rec='{"act_type":"governance_operation","cser":"v1","governing_authority_ref":"PG:sb1-gov-vocab","operation_code":"authorize_build_step","protocol_version":"1.0.0","semantics_frozen":{"description":"Issue an L3 governance_build_authorization grant for one build step"}}'
print(hashlib.sha256(unicodedata.normalize("NFC",rec).encode()).hexdigest())
PY
# ⇒ 2ab1f90bc57322438186f967613290824c704664d516ca3feec96f01eb99e650

At build time the full manifest_digest is the SHA-256 over the cser-v1 array of all R_C1 rows (file 04), recomputed identically by the verifier and the readback.

5. Binding chain (internally consistent)

plan_digest = cser-v1 of {cser, plan_id, plan_revision, carrier:"C1", schema_digest, manifest_digest} — explicitly includes schema+manifest digests (fixing PATCH1's §3/§4 inconsistency). The authorization grant scope binds plan_revision + schema_digest + manifest_digest (file 05). Execution records idempotency_root + per-state results. Readback recomputes each value_digest[i] and manifest_digest and asserts equality (T16/T18). Any mismatch ⇒ fail-closed (no PASS/seal). Answers to the four required questions: equivalent payloads → identical hash (sorted keys/NFC); field omission can't collide (explicit null + fixed field set); auth↔execution can't diverge (grant binds the digests); audit hash recomputable from stored evidence (§4 command).

6. Honest status & boundary

Classification: CLOSED. No residual depends on mutation. Design-only; nothing written. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations. Supersedes PATCH1 file 09 §3/§4.