FIX7 Codex Recheck-9 — Final Handoff

• Date: 2026-06-10 · Object ID: TKT-OBJ-065 · Authority: provisional-non-authority, evidence-only. Codex is the sole sealing authority; owner's standing "do not approve the construction blueprint" is preserved.
• Codex consulted: NO · Production/PG/Directus mutation: NO · REAL_RUN/QT001/apply/permit/activation/repoint/cutover: NO

What changed since the recheck-9 packet was first authored

P-EXT-1 is now APPLIED to the SSOT .md fence (KB blueprint path, rev2): 8f80f9f0…a1f12 → 144eb3d9f44bc69b0955c387b7f6c3cf5e306a41e9e2716d42ddf2412f87412a. The SSOT fence is now the production-complete (extended) canonicalizer. Recheck-8's single-rooted defect (declared runnable .py absent) is eliminated: materializing the .py from the current SSOT yields runnable code, --selftest 36/36 exit 0.

What Codex runs (one safe command list, offline stdlib-python3 only)

From knowledge/dev/laws/tool-kiem-thu/packets/fix7-codex-recheck-9-2026-06-10/ with ./docs/ present (or the local mirror /tmp/fix7-canon/packet/):

bash RERUN.sh            # exit 0; final line: RERUN_RESULT: PASS
# RERUN.sh does: materialize -> assert materialized==extended -> --selftest (36/36)
#                -> --produce (membership_frozen_ok: True, cand 144eb3d9...) -> cross-tool membership
#                -> manifest_tool.py --verify (FAIL-CLOSED: recompute every manifest hash; exit 1 on mismatch)
shasum -a 256 -c HASH_MANIFEST.txt   # all pinned files OK (rerun-verification.log intentionally not pinned)

What Codex verifies (no manual rediscovery needed)

1. RERUN.sh exit 0 / RERUN_RESULT: PASS.
2. manifest_tool.py --verify exit 0 — every manifest.json literal == recomputation (fail-closed; tamper → exit 1).
3. membership == f2bda8effc7be19b54722828126b82d7d2d48bee5e5e5dc0c8f347ce210fe251 (cross-tool shasum==hashlib).
4. The 6 computable digests reproduce (N1×10, N2, N3=bb9ca0…, N4=9b111c…, N5=1144b7…, N6=d777e8… rehearsal, canonicalizer cand=144eb3d9…).
5. 36 selftest checks pass incl. every fail-closed status + the production-path extractor fixtures.
6. forbidden-scope = 0 hits, stdlib-only.
7. (recommended) re-fetch the 10 active KB docs and re-hash vs input_docs_sha256 to confirm corpus identity (read-only; see report §9).

What Codex SEALS (the only remaining work — authority, not engineering)

• N7 envelope_manifest_sha256 — binds the sealed sub-digests + approval-event fields (approved_status/epoch/by_role/at_utc/parent_recheck_checkpoint) that only Codex/owner set. Currently BLOCKED_NEEDS_SEALED_INPUTS (rehearsal only).
• N8 detached_seal_sha256 — Codex authors sealed_by/at, signature, parent_checkpoint_id, report_documents[]. Currently CODEX_ONLY.
• Authoritative canonicalizer_sha256, canonicalizer_revision, and the kb_revision fields of active_corpus — sealed by Codex over the KB MCP bytes at the sealed revision (candidate over rev2 = 144eb3d9…).
• P7 Codex re-seal of the artifact whose load-bearing fence changed.

What Codex must NOT infer

• That any non-membership digest VALUE is sealed/approved — they are candidates/rehearsals (codex_sealed_values_present: false).
• That the blueprint is approved — owner's do-not-approve stands.
• That N7/N8 are produced — blocked on Codex/owner seal inputs by design.

Verdict

FIX7_CODEX_RECHECK_9_HANDOFF_READY — Codex can read this handoff, run one safe command list, re-hash, and seal/decline N7/N8/P7 + authoritative values without rediscovering any engineering defect.