READY-TO-ASSEMBLE-LEGO1 12 — Codex-Style Adversarial Self-Review — 2026-06-22
READY-TO-ASSEMBLE-LEGO1 12 — Codex-Style Adversarial Self-Review — 2026-06-22
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations.
Method (instruction §3.12): (1) do not trust the report; (2) open actual governed files (done: controlling Codex accept + PATCH2/PATCH1/closeout read directly; live schema introspected); (3) fresh-reconstruct; (4) run/read actual read-only evidence (file 02); (5) create bad inputs beyond the harness; (6) check rejection; (7) if any invalid input gets PASS/digest/seal/ready ⇒ REJECT; (8) distinguish engineering PASS from authority PASS.
1. Attack table A1–A25
Each row: input · expected rejection · actual contract response · evidence source · can PASS? (must be No).
| # | Attack (input) | Expected rejection | Actual contract response | Evidence | Can PASS? |
|---|---|---|---|---|---|
| A1 | chosen carrier ambiguous | named carrier required | C1 named specifically with risk ranking | file 03 §3/§4 | No |
| A2 | carrier cannot be generated separately | generate-boundary required | C1 born as standalone vocab table, no other carrier needed | file 04 §2.1 | No |
| A3 | carrier cannot be checked separately | check-boundary required | C1 check is a read-only lookup with single reject codes | file 04 §2.2 | No |
| A4 | carrier cannot be updated separately | update-boundary required | C1 versioned supersession per value | file 04 §2.3 | No |
| A5 | carrier cannot be rolled back separately | rollback-boundary required | C1 rollback is local (I9), retire-with-successor | file 08 | No |
| A6 | carrier requires silent mutation of another carrier | ROLLBACK_NOT_LOCAL (RBP-10) |
C1 rollback stays within its table; cross-carrier edit rejected | file 04 §5; file 08 RBP-10 | No |
| A7 | dependency map misses incoming edge | incoming edges enumerated | incoming = NONE, proven from E1–E8 + live absence | file 05 §2/§7 | No |
| A8 | dependency map misses outgoing edge | outgoing edges enumerated | outgoing = E1→C2 only, full card | file 05 §3 | No |
| A9 | build plan contains hidden write command | all commands labelled | every command classified; writes WRITE_PLANNED_NOT_RUN; none run |
file 06 §9 | No |
| A10 | test matrix lacks bad input | bad inputs required | AD1–AD20 + I1–I6 cover all required bad inputs | file 07 §2/§3 | No |
| A11 | rollback plan permits identity deletion | ROLLBACK_DELETES_REFERENCED_IDENTITY (RBP-2) |
no DELETE in any C1 rollback; deletion forbidden |
file 08 §2/§5 | No |
| A12 | rollback plan permits orphan edge | ROLLBACK_ORPHANS_DEPENDENCY (RBP-3) |
retired value stays resolvable; orphan rejected | file 08 RBP-3 | No |
| A13 | rollback plan erases history | ROLLBACK_ERASES_HISTORY (RBP-4) |
prior value/audit preserved | file 08 RBP-4 | No |
| A14 | rollback plan weakens authority | ROLLBACK_WEAKENS_AUTHORITY (RBP-6) |
governing_authority_ref stays required |
file 08 RBP-6 | No |
| A15 | successor exists but retired value remains valid | ROLLBACK_FORWARD_FAIL_CLOSED_VIOLATED (RBP-8) |
retired value fail-closed for new use (I6) | file 08 RBP-8; XBI-26 | No |
| A16 | Gate A treated as P2 open | BASELINE_ACCEPTANCE_NOT_P2_OPEN_AUTHORIZATION (XBI-22) |
Gate A permits preparing only; opens nothing | file 11 §1; file 07 AD13 | No |
| A17 | Gate B treated as registration/activation permission | sealed wording: named lane only | Gate B opens only the named lane; no registration/activation/register_dot/P3 | file 11 §1/§5 | No |
| A18 | generic Chairman token accepted | CHAIRMAN_AUTHORIZATION_SCOPE_MISMATCH (XBI-24) |
token must be exact-scoped to the plan | file 11 §4; file 07 AD11 | No |
| A19 | no Chairman token accepted | G2_EXECUTION_REQUIRES_SEPARATE_AUTHORIZATION (XBI-23) |
PF5 fails (0 rows today); build blocked | file 09 PF5; file 07 AD12 | No |
| A20 | runtime mutation attempted | RUNTIME_MUTATION_REJECTED (RBP-0) |
0 mutations; only read-only discovery run | file 02 §8; file 06 §9 | No |
| A21 | invalid input still emits PASS/digest/seal | fail-open ⇒ REJECT/HOLD | PASS is full conjunction; every bad input matches an RBP/XBI code first | file 07 §6 | No |
| A22 | mega-registry / mega-graph / mega-birth coupling appears | LEGO_BOUNDARY_INSUFFICIENT (XBI-6) |
C1 is one table, one outgoing ref; no shared table/lifecycle | file 04 §5; file 07 AD19 | No |
| A23 | preparation gap remains | READY_TO_ASSEMBLE_LEGO1_REJECT_PREPARATION_GAP_REMAINS |
all preparation complete; only authority/execution residuals (§2 below) | file 13 §2/§3 | No (gap=none) |
| A24 | Agent reports ready based only on prose, not actual files | reconstruct from files | controlling Codex accept + packages read directly; live schema introspected; citations throughout | file 01 §1–§3; file 02 | No |
| A25 | engineering PASS treated as authority PASS | distinguish PASS tiers | acceptance = contract PASS; authority needs Chairman token (item 13); HOLD retained | file 10 §2; file 11 §5 | No |
2. Specific scrutiny — is there a hidden preparation gap (A23)?
The one place a gap could hide is the vocabulary value set. Resolution: the value-admission contract (schema, versioning, admission rule that each value is its own governed entry, forward-fail-closed, rollback) is fully prepared (files 04/06/08). The actual values are admitted during the authorized build, each as its own governed entry — consistent with the accepted rule "no rows invented." Determining/admitting values is execution under Gate B, not preparation. The build plan is value-independent (file 06 §1), so it is complete without the values. ⇒ No preparation gap; the residual is authority/execution only.
3. Engineering vs authority PASS (A25) — explicit
- Engineering/contract PASS (now): the C1 preparation package is internally complete and fail-closed.
- Authority PASS (later): requires Gate B satisfied + an exact-scoped Chairman token consumed (item 13). This package asserts none of it.
- The two are never conflated; acceptance of this package authorizes no write.
4. Result
All A1–A25 reject their invalid input before any PASS/digest/seal/ready, OR (A23/A24/A25) confirm completeness/honesty without creating a fail-open path. No invalid input reaches PASS, seal, authority token, registration-ready output, runtime mutation, or rollback execution. The adversarial self-review passes; no READY_TO_ASSEMBLE_LEGO1_HOLD_ADVERSARIAL_SELF_REVIEW_FAILED.
5. Boundary attestation
This file is an adversarial self-review at design level. It creates no carrier, writes no row, opens no P2/lane, and clears no blocker. REGISTRATION_HOLD retained; REGISTRATION_CAN_PROCEED = NO; 0 runtime mutations.