KB-7152
FIX7 Authority-Seal — Codex Final Seal Review Packet (2026-06-10)
7 min read Revision 1
tool-kiem-thufix7authority-sealcodex-final-packetcodex-ready2026-06-10
FIX7 Authority-Seal — Codex Final Seal Review Packet
- Date: 2026-06-10 · Host: T1 · Codex consulted: NO · Production mutation: NO
- Lane:
FIX7_AUTHORITY_SEAL_FULL_DRESS_REHEARSAL_AND_CODEX_READY_PACKET_MACRO_2026_06_10 - Status handed to Codex:
FIX7_AUTHORITY_SEAL_FULL_DRESS_REHEARSAL_CODEX_READY - This packet exists so Codex can author N7→N8→P7 inventing no field, order, tag, or encoding — every protocol element is fixed, executable, and self-red-teamed.
This is a REVIEW/ROUTING packet. It contains no real seal. T1 has authored nothing authoritative. The rehearsal digests are FIXTURE-only and labelled NOT-A-SEAL.
1. What T1 proved in this lane (full dress rehearsal)
| Workstream | Evidence | Verdict |
|---|---|---|
| A. Fresh KB reconstruction | encoder re-fetched from governed KB, written fresh, shasum = 47200442f176b1c534f000c4079632f6388b17dd1763bdbac2cbb725a452b5bb, 19131 bytes; spec.json = f1c499270923c65c56783196b411ad6cacfe1188be0c531fabdd05a7795ef5eb, 4928 bytes |
byte-exact, no local-only dependency |
| B. End-to-end rehearsal | authority_seal_rehearsal.py ran N7→N8→P7 (acyclic), deterministic 2nd pass identical |
PASS |
| C. Byte-exact artifacts | per-node ordered records + preimage bytes + preimage_sha256 == digest; HASH_MANIFEST + packet_tree |
PASS |
| D. Red-team (20 attacks) | authority_seal_redteam.py → 20/20 caught, 0 escaped |
PASS |
| E. Spec/code/json/doc drift | authority_seal_drift_check.py → 22/22 agree, drift=0 |
PASS |
| F. Anti-hardcode/laundering | authority_seal_antihardcode.py → 9/9 PASS; broken-encoder flagged by drift oracle |
PASS |
Fresh-reconstruction packet tree: PACKET_TREE_SHA256=9f40519aa390497869850a12a82e73b2d3dd17ec53b5356b9c4fa1a243fb7314 (22 tracked files; excludes HASH_MANIFEST.txt, packet_tree.sha256, this cover doc).
2. Exact command Codex runs (no invention required)
cd <packet-root> # the dir holding authority_seal_encoder.py
shasum -a 256 authority_seal_encoder.py # must equal 47200442…a452b5bb
python3 authority_seal_encoder.py --selftest # must print 22/22 PASS, exit 0
python3 authority_seal_drift_check.py . # must print 22/22 agree, drift=0, exit 0
python3 authority_seal_redteam.py rehearsal # must print 20/20 caught, exit 0
python3 authority_seal_antihardcode.py # must print 9/9 PASS, exit 0
Or simply bash rehearsal/commands.sh → ## RESULT rc=0.
Then, to author the real seal (acyclic order N7 → N8 → P7):
import authority_seal_encoder as E
n7 = E.encode_node("N7", [ ...A1/A2/A3/A5 + engineering N1..N6... ]) # -> envelope_manifest_sha256
n8 = E.encode_node("N8", [ ...N7 + Codex signer/timestamp/parent/report... ]) # -> detached_seal_sha256
p7 = E.seal_p7([ ...rev3 identity + Packet V3 tree + N7 + N8 + report/checkpoint/A1... ]) # -> authority_seal_pin_sha256
Field names, order, domain tags, and byte rules are fixed in authority-seal-encoder-spec.md §3/§4/§5 and authority-seal-encoder-spec.json.
3. Expected pass/fail conditions
| Check | PASS condition | FAIL meaning |
|---|---|---|
| encoder sha256 | == 47200442…a452b5bb |
tampered/wrong encoder — STOP |
--selftest |
22/22 PASS, exit 0 |
contract regression — STOP |
| drift check | 22/22 agree, drift=0, exit 0 |
spec/code/doc disagree — STOP |
| red-team | 20/20 caught, exit 0 |
an attack escaped = contract defect — STOP |
| anti-hardcode | 9/9 PASS, exit 0 |
digests may be laundered — STOP |
| N7/N8/P7 encode | returns 64-hex | a SEAL_* Reject names exactly the missing/extra/order/tag/cycle/constant/byte violation |
Any Reject status is self-explaining; it tells Codex exactly which input to fix. No silent failure path exists.
4. Remaining TRUE authority inputs — what Codex MUST supply
| Input | Node field | Actor | Notes |
|---|---|---|---|
| A1 approval_event_id | N7.approval_event_id, P7.approval_event_id |
Codex | minted at the authorized approval event |
| A2 approver_identity | N7.approver_identity |
owner + Codex | both parts supplied inside the seal event |
| A3 approval_event_timestamp | N7.approval_event_timestamp |
Codex | stamped at seal time |
| A5 owner_blueprint_decision | N7.owner_blueprint_decision |
owner | owner picks an option in owner-decision-packet.md §4 (OWN-1) |
| signer | N8.sealed_by |
Codex | Codex signer identity |
| timestamp | N8.sealed_at |
Codex | seal timestamp |
| parent | N8.parent_checkpoint |
Codex | checkpoint document_id@revision |
| reports | N8.report_documents_digest |
Codex | report_documents_digest([(doc,rev),…]) |
| report/checkpoint ids | P7.codex_report_document, P7.codex_checkpoint_document |
Codex | document_id@revision |
| engineering N1..N6 | N7 sub-digests | engineering (already candidate) | from canonicalizer --produce / Packet V3 |
5. What Codex MUST NOT infer / invent
- No new field, field order, domain tag, or byte encoding — all fixed, proven byte-identical to canonicalizer rev3 (drift report).
- No prose-only P7 pin — rejected
SEAL_PROSE_ONLY_PIN_REJECTED; P7 must be the computed digest (or the documented checkpoint-as-pin alternative, also byte-exact). - No N7↔N8 cycle — N8 depends on N7, P7 depends on N7,N8; N7 never binds N8/P7. Any back-edge →
SEAL_HASH_GRAPH_CYCLE. - No treating a FIXTURE digest as a real seal — the rehearsal digests (
6225f265…,b1f001b6…,3599f663…) are FIXTURE outputs; the real seal will differ because real A1–A5/signer differ. - No semantic guessing of signer/timestamp — the contract binds whatever Codex supplies and is tamper-evident; supplying the correct authority values is Codex's responsibility (semantic format validation is intentionally out of the encoder's scope — see red-team A7/A8).
6. Engineering boundary (unchanged)
- Packet V3 tree
b95df0a5d2f41f80bea0cef8621c1f8bb0f6b49a40175116418494ed4141ca6d— unchanged, not redone. - Canonicalizer rev3
49c386a9b9666c09786fc4f89bc79776b6046eaee6f4da6d8537d2c753b734d0@ rev 3 / 38756 bytes — candidate, becomes authoritative only at the P7 seal. - FIX7 implementation and all production/runtime gates remain BLOCKED (
fix7-implementation-precondition-checklist.md).
7. Routing
Route the full closure packet (knowledge/dev/laws/tool-kiem-thu/packets/fix7-authority-closure-2026-06-10/) — encoder + spec md/json + n7/n8/p7 rev2 + owner-decision + precondition checklist + the four harnesses + rehearsal/ — to Codex for a new seal macro. Codex runs §2, supplies §4, observes §5, and authors N7→N8→P7. Nothing in the protocol is left for Codex to invent.