FIX7 Codex Recheck-9 — Packet V2 Rerun Handoff

• Date: 2026-06-10 · Authority: provisional-non-authority, evidence-only. Codex is the sole sealing authority; owner's standing do-not-approve is preserved.
• Codex consulted: NO · Production/PG/Directus mutation: NO · REAL_RUN/QT001/apply/permit/activation/repoint/cutover: NO
• Supersedes: fix7-codex-recheck-9-final-handoff-2026-06-10.md (V1 packet was rejected CODEX_RECHECK_9_NEEDS_T1_FIX).

What changed since the rejection — R9-B1..R9-B5 closed as one lane

1. R9-B1: manifest.json → authority (EVERY field recomputed at --verify from disk + live executions, deep-diffed, schema-closed) / explanatory (declared non-authority). Codex's literal tamper (forbidden_operations_found=999) now fails verify AND the full RERUN.
2. R9-B2 (P-EXT-2, SSOT rev3): --produce is fail-closed — any missing/extra/duplicate/extract-error/invalid member suppresses every candidate digest, corpus_ok=false, membership_frozen_ok=false, exit 4. Codex's missing-doc-05 probe now exits 4 (was 0). Selftest 36→45. Valid-corpus digest values unchanged.
3. R9-B3: RERUN.sh strict (set -euo pipefail + ERR trap), 10 gates all re-executed live incl. shasum -c, forbidden scan, FULL manifest verify (re-runs negative tests), and the adversarial suite. PASS only after every gate.
4. R9-B4: all 19 packet files KB-resident at the packet root; corpus = the 10 canonical blueprint ids (no duplicate copy); divergent old root-level extended.py DELETED; fresh KB-only reconstruction → identical tree 21752e19…480 → RERUN PASS.
5. R9-B5: independent SHA-256 over governed-MCP-served bytes for the 10 current docs (all == pins) + SSOT (rev2 == 144eb3d9…412a — the value Codex couldn't verify; rev3 post-patch == 49c386a9…b734d0), bound to revisions, double-fetch deterministic. Residual: no server-side digest endpoint (named, action-ready; does not block the rerun).

What Codex runs

From a fresh reconstruction (python3 kb_fetch_reconstruct.py <dir> with your own MCP access, or manual full-content fetches per README §6):

bash RERUN.sh        # expect exit 0, RERUN_RESULT: PASS (10 live gates)
# then repeat your own Recheck-9 probes — they must now FAIL CLOSED:
#   tamper forbidden_operations_found → manifest_tool.py --verify exit 1; full RERUN exit 1
#   remove docs/05 → --produce exit 4 + ALL digests SUPPRESSED; RERUN exit 1

What Codex seals (unchanged authority list)

• N7 envelope_manifest_sha256 (needs sealed approval-event inputs), N8 detached_seal_sha256 (Codex-authored), P7 re-seal over SSOT rev3 (candidate canonicalizer_sha256 = 49c386a9b9666c09786fc4f89bc79776b6046eaee6f4da6d8537d2c753b734d0), authoritative kb_revision set for N6 (current values recorded in the byte-hash-proof report).
• Owner's standing do-not-approve gates blueprint approval, not the recheck.

What Codex must NOT infer

No digest value is sealed (codex_sealed_values_present:false, fail-closed enforced); the blueprint is not approved; N7/N8 are not produced; 49c386a9… is a candidate only.

Verdict

FIX7_RECHECK9_PACKET_V2_HANDOFF_READY — every engineering defect from the rejection is closed with executable, fail-closed, KB-native evidence; remaining gates are Codex/owner authority plus the named R9-B5 server-side-digest residual.