Incomex AI Portal
KB-67CE

FIX7 Read/Report Pilot Design rev3 — Implementation Package DOT v0.1 (read-only artifact discovery chain; Fixture A => UNVERIFIED not FAIL; not-adequately-evidenced != does-not-exist; DESIGN ONLY, no run, 2026-06-09)

15 min read Revision 1
tool-kiem-thufix7read-report-pilotrev3article-14recheck-8discovery-chainunverified-not-failevidence-adequacydesign-onlyno-run2026-06-09

FIX7 Read/Report Pilot Design (rev3)

Nature: a DESIGN for a read/report-only pilot demonstrating that the future Implementation Package DOT v0.1 can detect the Article-14 evidence-adequacy defect at read/report levelrepaired after the Codex re-seal (GAP_ONLY_SPEC_REV2_PARTIAL_FIX_REQUIRED), which found that rev2 had not proven allowed read surfaces can actually resolve the FIX7 canonicalizer artifact identity/existence, so a missing executable might be UNVERIFIED, not deterministic FAIL (Codex correction #4 / Gate 3 PARTIAL). Date: 2026-06-09 · Supersedes: designs/fix7-read-report-pilot-design-rev2-for-implementation-package-dot-v0-1-2026-06-09.md (rev2). Retained for trace. Status: FIX7_READ_REPORT_PILOT_DESIGN_REV3_READY_FOR_CODEX. Production mutation: NO. Read-only; report-only; no FIX7 resume; no canonicalizer run; no command; no selftest; no detector; no hash recomputation; no mutation. Read-only verification performed (disclosed): the §3.1 discovery chain was actually run via the KB read connector + query_pg gateway to ground (not assert) the result. writes_performed: KB design docs only. Governing authority: the rev3 Gap-only Scope Spec designs/implementation-package-dot-v0-1-gap-only-scope-spec-rev3-2026-06-09.md (§2 triage-only model, §3 adequacy chain, §4 verdicts, §12.1/§21 discovery chain) over sealed B/C/D/G/H and the Codex re-seal's four blockers. KB-first / PG-first / native-driven / local-last (rev3 spec §0).

1. Final verdict + scope correction

FIX7_READ_REPORT_PILOT_DESIGN_REV3_READY_FOR_CODEX.

Scope (stated plainly, narrowed again in rev3): this pilot catches the evidence-presence / binding / adequacy half of the Recheck-8 / Article-14 class at read level — it detects when an executable claim is not backed by adequately-bound, right-kind, independent, governed-surface-resolvable evidence. It does NOT prove the executable runs or is correct, and — the rev3 correction — it does NOT prove an executable does not exist anywhere. The strongest output for any FIX7 dossier (which always carries execution claims) is UNVERIFIED + ARTICLE14_NOT_PROVEN_EXECUTION_UNVERIFIED, escalating to READ_LEVEL_FAIL only when a prose-only-PASS, wrong-kind, or contradiction defect fires. There is no READ_LEVEL_ACCEPTABLE and no exit 0 (rev3 spec §2/§11). Full Recheck-8 run-proof (and any claim of global absence) is the deferred Call / Proof-of-run contract.

2. What the Recheck-8 / Article-14 class is (per the Codex facts) — UNCHANGED from rev2 §2

The defect class CONSTITUTION_14_EXECUTABLE_CHECK_FAIL = any of: (1) executable/SSOT claimed but no ARTIFACT_IDENTITY+EXISTENCE on a governed surface; (2) selftest PASS/exit 0 claimed but no accepted LOG/EXIT_CODE/RUN_LEDGER; (3) hash match claimed but no HASH_EVIDENCE (v0.1 never recomputes); (4) command string but no Call Contract; (5) evidence present but not bound; (6) evidence present but wrong kind; (7) evidence present but self-referential; (8) evidence artifacts contradict. Each is a read/existence/kind/binding/independence/conflict property — not a "what happens when you run it" property.

3. Pilot inputs (read-only) — KB-first / PG-first (rev3 §0)

  • KB read connector (search_knowledge, list_documents, get_document) — the FIX7 dossier's document_id + revision + blueprint_ref, and reference resolution.
  • Governed PG read gateway (query_pg, role context_pack_readonly) — result surfaces only: v_kg_edges_all/universal_edges (reference resolution), v_dot_reconciliation_reliability, wf_fs_dot_bin_snapshot (artifact-existence mirror, scope /opt/incomex/dot/bin), dot_iu_command_run (run-ledger read).
  • No local filesystem read of /opt/incomex/dot/bin or the FIX7 workspace (local is not authority; §0); no execution; no hash recomputation.

3.1 The read-only artifact discovery chain (rev3 — closes Codex B-3 / correction #4)

The pilot resolves a declared artifact through this six-step, read-only chain (rev3 spec §12.1):

(1) input dossier claim            ─ e.g. "canonicalizer SSOT exists/runs; selftest PASS; exit 0; hash reproduced"
(2) declared artifact identity     ─ the named identity/identities (a KB doc id AND/OR a filesystem .py name)
(3) declared KB path / registry ref / evidence path
(4) allowed read-surface lookup    ─ KB connector + governed PG surfaces ONLY (no local FS authority)
(5) artifact existence evidence    ─ resolves on a GOVERNED surface? right kind for the claim?
(6) adequacy verdict               ─ per rev3 §4 (never positive; existence-only never sufficient)

Decision rule when allowed surfaces cannot locate the artifact (Codex correction #4):

  • the artifact-existence sub-result is BLOCKED_BY_UNVERIFIED_SOURCE (not a deterministic "FAIL: does not exist");
  • the pilot verdict for that claim is EVIDENCE_INSUFFICIENT (claim unprovable at read level) with existence flagged unverified; net dossier ⇒ UNVERIFIED (or READ_LEVEL_FAIL if an independent prose-only/wrong-kind/contradiction flag fires);
  • the pilot states it proves "not adequately evidenced in dossier/allowed surfaces", never "does not exist anywhere."

3.2 Discovery-chain run record for the REAL FIX7 dossier (actually run, read-only, 2026-06-09)

This is grounded evidence, not assertion (the user's standing instruction; mirrors rev3 spec §21):

  • Declared identity → KB resolution: FIX7-CANON-V1-CANONICALIZER resolves on the KB surface to a Markdown document knowledge/dev/reports/architecture/t1-fix7-existing-system-refactor-execution-blueprint-2026-06-08/canonicalizer-fix7-canon-v1-ssot.md (DOC_STATUS LOAD_BEARING_SSOT_ARTIFACT). ⇒ ARTIFACT_EXISTENCE_EVIDENCE for the .md only.
  • Executable identity → resolution: the load-bearing executable canonicalizer-fix7-canon-v1-ssot.py does not resolve on the KB surface (only the .md exists) and is out of scope of the only governed FS-mirror surface (wf_fs_dot_bin_snapshot = /opt/incomex/dot/bin, disjoint from the FIX7 blueprint workspace). No governed read-only surface indexes FIX7-blueprint-workspace .py files.
  • Result: .py existence = BLOCKED_BY_UNVERIFIED_SOURCE. The resolvable .md is the wrong kind for an "executable runs" claim. So the executable/selftest/exit/hash claims are EVIDENCE_INSUFFICIENT; the dossier is UNVERIFIED + NOT_PROVEN (escalating to READ_LEVEL_FAIL because the dossier also asserts selftest "22/22 PASS / exit 0" as prose with no governed run-evidence ⇒ FLAG_PROSE_ONLY_PASS and a wrong-kind .md citation ⇒ C5).
  • Honesty bound: Codex's Recheck-8 absence finding (…codex-fix7-blueprint-recheck-8…/00-readme-first.md: python3 canonicalizer-fix7-canon-v1-ssot.py --selftestcan't open file exit 2) came from running the invocation — the deferred run-half. v0.1 cannot and does not make that global-absence claim.

4. Pilot checks (each maps a Recheck-8 reason → the §3 adequacy chain → a read-only verdict)

# Recheck-8 reason Read-only check (no run) Per-claim verdict Spec rule
C1 executable/SSOT claimed; existence not resolvable on a governed surface discovery chain (§3.1): does the artifact resolve on KB/PG, right kind? EVIDENCE_INSUFFICIENT + existence BLOCKED_BY_UNVERIFIED_SOURCE (never "does not exist") §3.1, F19, rev3 §12.1
C2 selftest PASS/exit 0 claimed, no run evidence required LOG+EXIT_CODE(+RUN_LEDGER) resolves + binds? EVIDENCE_INSUFFICIENT §6 t3/t5, F4
C3 command string, no Call Contract required Call-Contract ref → none exists BLOCKED_BY_NO_CALL_CONTRACT §19 carve-out
C4 prose-only PASS vs missing executable evidence prose asserts success, no resolvable+capable governed evidence FLAG_PROSE_ONLY_PASS ⇒ FAIL §4.2, F5
C5 evidence present but wrong kind/unbound (e.g. a .md cited for an "executable runs" claim) capability step: right kind + bound? EVIDENCE_INSUFFICIENT §3 step 5, F10
C6 evidence present but self-referential independence step EVIDENCE_INSUFFICIENT §3 step 5, F10
C7 evidence artifacts contradict conflict step (exit 0 vs exit 2) EVIDENCE_CONFLICTING ⇒ FAIL §4.1, F11
C8 hash match claimed, no pinned hash evidence required HASH_EVIDENCE bound to identity; never recompute EVIDENCE_INSUFFICIENT §6 t4, F4
C9 reference/denominator/corpus ambiguity multi-match / bare count / TAC-IU collapse EVIDENCE_INSUFFICIENT/FLAG_HARDCODED_DENOMINATOR/BLOCKED §7/§8/§13
C10 (rev3) local source used as authority where a KB/PG source exists, or no governed surface cited provenance check (§0) FLAG_LOCAL_FIRST_AUTHORITY ⇒ FAIL rev3 §0, F18

Whole-dossier rule: any execution-class claim ⇒ article14_status = ARTICLE14_NOT_PROVEN_EXECUTION_UNVERIFIED; dossier ⇒ UNVERIFIED at best, READ_LEVEL_FAIL if any C4/C5/C6/C7/C10 fires. READ_LEVEL_ACCEPTABLE does not exist; no exit 0; the pilot never upgrades anything to "ran / PASS".

5. Pilot output

Report triplet under knowledge/dev/laws/tool-kiem-thu/ (KB write): reports/fix7-read-report-pilot-<date>.{md,json} + checkpoints/checkpoint-fix7-read-report-pilot-<date>.md.

  • report.md: header → final_verdict + article14_status + triage_outcome → FIX7 dossier identity → discovery-chain result per declared artifact (§3.1) → claim/evidence adequacy inventory (C1–C10, with governed_surface per claim) → UNPARSED_REGION[] + completeness → denominator ledger → dual-corpus note → read-only access provenance (role/txn/queries) → deferred carve-outs → writes_performed[] → cross-refs.
  • report.json: as rev3 spec §10, plus fix7_recheck8_reasons[] (C1–C10 per-reason verdict), discovery_chain[] (per artifact: identity, declared path, surface_looked_up, resolves_on_governed_surface, kind, existence_verdict), catches_article_14_adequacy_class: true, proves_execution: false, proves_global_absence: false (new, rev3).

6. Demonstration fixtures (all read-only; design fixtures, not executed)

  • Fixture A — the real FIX7 Recheck-8 dossier (rev3 expected outcome corrected). Contains executable + selftest + hash + exit-0 claims. Expected (per the §3.2 grounded run): the .md resolves but the .py executable is not resolvable on any governed surface ⇒ existence BLOCKED_BY_UNVERIFIED_SOURCE; the execution claims ⇒ EVIDENCE_INSUFFICIENT; article14_status = NOT_PROVEN; final_verdict = READ_LEVEL_FAIL because the dossier also carries a prose-only "22/22 PASS / exit 0" with no governed run-evidence (C4) and cites a wrong-kind .md (C5). Crucially, the artifact-existence sub-verdict is UNVERIFIED (BLOCKED_BY_UNVERIFIED_SOURCE), NOT a deterministic "the .py does not exist" — that corrects rev2's overclaim. The pilot proves "not adequately evidenced via allowed surfaces," not global absence.
  • Fixture A′ — pure discoverability case (NEW, rev3). A dossier asserting "executable X exists" whose only defect is that no governed surface can resolve X's identity/existence (no prose-only PASS, no contradiction). Expected: UNVERIFIED + BLOCKED_BY_UNVERIFIED_SOURCE, NOT READ_LEVEL_FAIL. This is the exact case Codex required: a missing executable that allowed surfaces cannot locate must be UNVERIFIED, not deterministic FAIL, and must not claim global absence.
  • Fixture B — stripped/synthetic (references removed). Asserts success with no evidence references. Expected: READ_LEVEL_FAIL (C1/C2/C4/C8 = EVIDENCE_INSUFFICIENT + FLAG_PROSE_ONLY_PASS).
  • Fixture C — resolvable-but-insufficient/contradictory (the rev2 counter-fixture, preserved). Cites evidence documents that resolve but are prose-only / wrong-kind / contradictory / unbound. Expected: READ_LEVEL_FAIL + NOT_PROVEN via C5/C6/C7. Must not be NO_READ_LEVEL_DEFECT_FOUND, must not be acceptable, must not be PASS.

Fixtures are design fixtures described here, not built or executed in this phase.

7. Hard prohibitions for the pilot (carried + tightened)

  • Does NOT run the canonicalizer/any command/selftest/detector; does NOT recompute any hash; does NOT resume FIX7 or alter any FIX7 document.
  • Does NOT emit any positive/PASS/ACCEPTABLE verdict and does NOT exit 0 (none exist in v0.1). The strongest output is UNVERIFIED + NOT_PROVEN.
  • Does NOT claim global absence of any artifact — only "not adequately evidenced via allowed surfaces."
  • Does NOT read local paths as authority, mutate anything, write system_issues, collapse denominators, or join TAC/IU. Any prohibited action ⇒ CONTRACT_VIOLATION ⇒ BLOCKED/exit 3.

8. Why this is sufficient for the adequacy class — and exactly where it stops (statement for Codex)

The Article-14 adequacy class is a claim-without-adequate-governed-evidence defect. Detecting it is a read/existence/kind/binding/independence/conflict operation over governed surfaces. Fixtures A/A′/B/C demonstrate the missing-reference, pure-discoverability, resolvable-but-insufficient, and contradictory sub-cases — and all fail closed to READ_LEVEL_FAIL or UNVERIFIED + NOT_PROVEN, never higher. The pilot stops at adequacy. Proving the executable runs/reproduces its hash, and proving global absence, are the deferred run-half (Call / Proof-of-run contract) — strictly stronger, not performed here. The pilot's honesty fields are always present: proves_execution:false, proves_global_absence:false.

Cross-references

  • Gap-only Spec rev3: designs/implementation-package-dot-v0-1-gap-only-scope-spec-rev3-2026-06-09.{md,json} (§2, §3, §4, §12.1, §21)
  • Fix ledger rev3: reports/codex-fix-ledger-gap-only-spec-rev3-2026-06-09.md (B-3)
  • Acceptance matrix rev3: designs/acceptance-test-matrix-implementation-package-dot-v0-1-rev3-2026-06-09.md (#20/#21/#22/#23)
  • Codex re-seal: reviews/codex-reseal-gap-only-spec-rev2-2026-06-09.md (Gate 3, correction #4)
  • Superseded rev2: designs/fix7-read-report-pilot-design-rev2-for-implementation-package-dot-v0-1-2026-06-09.md
Back to Knowledge Hub knowledge/dev/laws/tool-kiem-thu/designs/fix7-read-report-pilot-design-rev3-for-implementation-package-dot-v0-1-2026-06-09.md