FIX7 Authority-Seal Spec/Code/JSON/Doc Drift Checker
#!/usr/bin/env python3
============================================================================
FIX7 AUTHORITY-SEAL -- SPEC / CODE / JSON / DOC DRIFT CHECKER
Deterministic extraction + compare. Proves the encoder, the machine spec
(.json), the human spec (.md), and the N7/N8/P7 request docs all agree on
roster, order, domain tags, DAG edges, constants, output fields, cycle-guard
fields, and the fixture digests. NO visual/manual "looks same".
exit 0 iff zero drift; nonzero with an itemised drift list otherwise.
Usage: python3 authority_seal_drift_check.py [dir] (dir defaults to ".")
============================================================================
import json, re, sys, os, hashlib import authority_seal_encoder as E
D = sys.argv[1] if len(sys.argv) > 1 else "." def path(p): return os.path.join(D, p) def read(p): with open(path(p), encoding="utf-8") as f: return f.read()
drift = [] def check(name, ok, detail=""): drift.append((name, ok, detail))
---------- 0. encoder self-identity ----------
enc_bytes = open(path("authority_seal_encoder.py"), "rb").read() enc_sha = hashlib.sha256(enc_bytes).hexdigest()
---------- 1. encoder vs spec.json ----------
sj = json.loads(read("authority-seal-encoder-spec.json")) check("spec.json encoder_sha256 == actual encoder file sha256", sj["encoder_sha256"] == enc_sha, f"{sj['encoder_sha256']} vs {enc_sha}") check("rosters: encoder == spec.json", E.ROSTERS == sj["rosters"], "ordered field rosters differ") check("domain_tags: encoder == spec.json", E.TAGS == sj["domain_tags"]) check("DAG edges: encoder == spec.json", E.EDGES == sj["dag"]["edges"]) check("output_fields: encoder == spec.json", E.OUTPUT_FIELD == sj["output_fields"])
constants
enc_const = {"all": {"schema_version": E.SCHEMA}, "N7": E.CONST["N7"], "N8": E.CONST["N8"], "P7": E.CONST["P7"]} check("constant_fields: encoder == spec.json", enc_const == sj["constant_fields"])
cycle-forbidden (sets)
enc_cf = {k: sorted(v) for k, v in E.CYCLE_FORBIDDEN.items()} sj_cf = {k: sorted(v) for k, v in sj["cycle_forbidden_fields"].items()} check("cycle_forbidden_fields: encoder == spec.json", enc_cf == sj_cf)
fail-closed statuses: every spec status must appear literally in encoder source
src = enc_bytes.decode("utf-8") missing_status = [s for s in sj["fail_closed_statuses"] if f'"{s}"' not in src] check("fail_closed_statuses: all present in encoder source", not missing_status, f"missing: {missing_status}")
fixture digests: recompute from encoder, compare to spec.json record
n7 = E.encode_node("N7", E.fixture_n7_pairs()) n8 = E.encode_node("N8", E.fixture_n8_pairs(n7)) p7 = E.seal_p7(E.fixture_p7_pairs(n7, n8)) fx = sj["fixture_digests_NOT_A_SEAL"] check("fixture N7 digest: recomputed == spec.json", n7 == fx["N7"], f"{n7} vs {fx['N7']}") check("fixture N8 digest: recomputed == spec.json", n8 == fx["N8"], f"{n8} vs {fx['N8']}") check("fixture P7 digest: recomputed == spec.json", p7 == fx["P7"], f"{p7} vs {fx['P7']}")
---------- 2. markdown roster table extractor ----------
def md_section(text, start_hdr, end_hdrs): i = text.index(start_hdr) j = len(text) for h in end_hdrs: k = text.find(h, i + len(start_hdr)) if k != -1: j = min(j, k) return text[i:j]
def md_roster(section):
"""Ordered field names from numbered table rows: | N | field... |."""
out = []
for line in section.splitlines():
m = re.match(r"\s*|\s*\d+\s*|\s*([a-z0-9_]+)", line)
if m:
out.append(m.group(1))
return out
spec_md = read("authority-seal-encoder-spec.md") n7_md_roster_src = json.loads(read("n7-approval-event-input-envelope.json"))["executable_contract"]["n7_roster"] n8_md = read("n8-detached-seal-request.md") p7_md = read("p7-codex-reseal-request.md")
r_n7_specmd = md_roster(md_section(spec_md, "## 3. N7", ["## 4. N8"])) r_n8_specmd = md_roster(md_section(spec_md, "## 4. N8", ["## 5. P7"])) r_p7_specmd = md_roster(md_section(spec_md, "## 5. P7", ["## 6. Fail-closed"])) check("spec.md N7 roster == encoder", r_n7_specmd == E.ROSTERS["N7"], f"{r_n7_specmd}") check("spec.md N8 roster == encoder", r_n8_specmd == E.ROSTERS["N8"], f"{r_n8_specmd}") check("spec.md P7 roster == encoder", r_p7_specmd == E.ROSTERS["P7"], f"{r_p7_specmd}")
n7.json machine roster
check("n7.json n7_roster == encoder N7", n7_md_roster_src == E.ROSTERS["N7"], f"{n7_md_roster_src}")
n8.md / p7.md request roster tables
r_n8_req = md_roster(md_section(n8_md, "## 1. N8 fixed roster", ["## 2."])) r_p7_req = md_roster(md_section(p7_md, "## 1. P7 fixed roster", ["## 2."])) check("n8-request roster == encoder N8", r_n8_req == E.ROSTERS["N8"], f"{r_n8_req}") check("p7-request roster == encoder P7", r_p7_req == E.ROSTERS["P7"], f"{r_p7_req}")
---------- 3. domain tags appear in spec.md ----------
for node, tag in E.TAGS.items(): check(f"domain tag {tag} present in spec.md", tag in spec_md)
---------- 4. spec.md fail-closed vocabulary == encoder statuses ----------
vocab_line = md_section(spec_md, "## 6. Fail-closed", ["## 7."])
md_statuses = set(re.findall(r"(SEAL_[A-Z_]+)", vocab_line))
enc_statuses = set(sj["fail_closed_statuses"])
check("spec.md fail-closed vocab == spec.json statuses", md_statuses == enc_statuses,
f"only in md: {md_statuses-enc_statuses}; only in json: {enc_statuses-md_statuses}")
---------- report ----------
npass = sum(1 for _, ok, _ in drift if ok) for name, ok, detail in drift: print(f" [{'PASS' if ok else 'DRIFT'}] {name}" + (f" -- {detail}" if (not ok and detail) else "")) print(f"DRIFT-CHECK: {npass}/{len(drift)} agree; drift={len(drift)-npass}") sys.exit(0 if npass == len(drift) else 1)