KB-1178

FIX7 Authority-Seal Anti-Hardcode / Anti-Laundering Proof

6 min read Revision 1

tool-kiem-thufix7authority-sealanti-hardcodeharness2026-06-10

#!/usr/bin/env python3

============================================================================

FIX7 AUTHORITY-SEAL -- ANTI-HARDCODE / ANTI-LAUNDERING PROOF

Proves the encoder COMPUTES its digests over inputs (it does not return a

laundered/hardcoded constant), and that the published fixture digests are

either reproduced exactly or flagged as drift -- never trusted blindly.

Tests:

T1 mutate ONE engineering input -> N7 digest CHANGES

T2 mutate ONE approval input -> N7 digest CHANGES

T3 mutate expected P7 digest -> verify_pin FAILS

T4 physically broken encoder -> drift-check fixture oracle FLAGS it

(and selftest-alone does NOT, by design

-- documents why the drift oracle exists)

T5 fixture vs real-seal digests -> distinguishable; changing placeholder

engineering sub-digests changes output

============================================================================

import json, os, sys, hashlib, subprocess, importlib.util import authority_seal_encoder as E

HERE = os.path.dirname(os.path.abspath(file)) results = [] def rec(name, ok, detail=""): results.append((name, ok, detail));

N7 = E.encode_node("N7", E.fixture_n7_pairs()) N8 = E.encode_node("N8", E.fixture_n8_pairs(N7)) P7 = E.seal_p7(E.fixture_p7_pairs(N7, N8))

---- T1: mutate one engineering input -> digest changes ----

p = E.fixture_n7_pairs()

flip the last hex char of canonicalizer_sha256 (index 3)

orig = p[3][1]; p[3] = ("canonicalizer_sha256", orig[:-1] + ("0" if orig[-1] != "0" else "1")) n7_mut = E.encode_node("N7", p) rec("T1 mutate engineering input (N2) -> N7 digest changes", n7_mut != N7, f"{N7[:12]}.. -> {n7_mut[:12]}..")

---- T2: mutate one approval input -> digest changes ----

p2 = E.fixture_n7_pairs(); p2[8] = ("approval_event_id", "FIXTURE-APPROVAL-EVENT-9999") n7_mut2 = E.encode_node("N7", p2) rec("T2 mutate approval input (A1) -> N7 digest changes", n7_mut2 != N7, f"{N7[:12]}.. -> {n7_mut2[:12]}..")

---- T3: mutate expected digest -> verify fails ----

fake_expected = "f"*64 rec("T3 mutate expected P7 digest -> verify_pin FAILS", not E.verify_pin(fake_expected, E.fixture_p7_pairs(N7, N8)), "verify_pin against a wrong expected returns False")

---- T4: physically broken encoder caught by drift oracle ----

src = open(os.path.join(HERE, "authority_seal_encoder.py"), encoding="utf-8").read() broken_src = src.replace( '"N7": "FIX7_ACTIVE_AUTHORITY_ENVELOPE_MANIFEST_V1",', '"N7": "FIX7_TAMPERED_TAG_V1",', 1) assert broken_src != src, "mutation point not found" bpath = os.path.join(HERE, "_broken_encoder.py") open(bpath, "w").write(broken_src)

def load(modname, path): spec = importlib.util.spec_from_file_location(modname, path) m = importlib.util.module_from_spec(spec); spec.loader.exec_module(m); return m B = load("_broken_encoder", bpath)

(a) broken encoder still passes its OWN selftest (determinism/fail-closed hold)

broken_selftest = subprocess.run([sys.executable, bpath, "--selftest"], capture_output=True, text=True)

(b) but the published fixture-digest oracle (spec.json) no longer matches

sj = json.load(open(os.path.join(HERE, "authority-seal-encoder-spec.json"))) b_n7 = B.encode_node("N7", B.fixture_n7_pairs()) oracle_flags = (b_n7 != sj["fixture_digests_NOT_A_SEAL"]["N7"]) rec("T4 broken encoder selftest still exits 0 (no hex oracle in selftest)", broken_selftest.returncode == 0, f"rc={broken_selftest.returncode}") rec("T4 broken encoder FLAGGED by spec.json fixture-digest oracle (drift)", oracle_flags, f"broken N7 {b_n7[:12]}.. != published {sj['fixture_digests_NOT_A_SEAL']['N7'][:12]}..")

(c) run the real drift checker against broken encoder by swapping the module file

-> it must exit nonzero

drift_run = subprocess.run([sys.executable, "-c", "import importlib.util,sys;" "spec=importlib.util.spec_from_file_location('authority_seal_encoder'," f"r'{bpath}');m=importlib.util.module_from_spec(spec);spec.loader.exec_module(m);" "sys.modules['authority_seal_encoder']=m;" f"exec(open(r'{os.path.join(HERE,'authority_seal_drift_check.py')}').read())"], capture_output=True, text=True, cwd=HERE) rec("T4 drift-checker exits NONZERO on broken encoder", drift_run.returncode != 0, f"rc={drift_run.returncode}") os.remove(bpath)

---- T5: fixture vs real-seal digests distinguishable ----

changing a placeholder engineering sub-digest (N3) changes the output, proving

the fixture digest is specific to FIXTURE inputs, not a universal constant

p5 = E.fixture_n7_pairs(); p5[4] = ("marker_fence_registry_sha256", "a"*64) n7_real_like = E.encode_node("N7", p5) fixture_markers = [v for _, v in E.fixture_n7_pairs() if "FIXTURE" in str(v)] rec("T5 changing placeholder sub-digest changes N7 (fixture-specific, not constant)", n7_real_like != N7) rec("T5 fixture inputs are explicitly FIXTURE-marked (>=3 markers)", len(fixture_markers) >= 3, f"{fixture_markers}") rec("T5 spec.json labels these digests NOT_A_SEAL", "fixture_digests_NOT_A_SEAL" in sj)

npass = sum(1 for _, ok, _ in results if ok) for name, ok, detail in results: print(f" [{'PASS' if ok else 'FAIL'}] {name}" + (f" -- {detail}" if detail else "")) print(f"ANTI-HARDCODE/LAUNDERING: {npass}/{len(results)} PASS") sys.exit(0 if npass == len(results) else 1)