FIX7 Authority Closure — N7 Approval-Event Input Envelope (rev2, executable contract)
FIX7 Authority Closure — N7 Approval-Event Input Envelope (rev2)
- Date: 2026-06-10 · rev2 patches the Codex
AS-P1/AS-P2rejection (executable encoder added; N7↔N8 cycle removed). - Lane:
FIX7_AUTHORITY_SEAL_CONTRACT_EXECUTABLE_MACRO_2026_06_10 - Authority of THIS doc: provisional-non-authority input assembly. T1 assembles candidate inputs ONLY. This document is NOT an approval event, NOT a seal, NOT N7. Codex/owner author the actual N7 at the seal.
- Owner basis:
OWNER_AUTHORIZATION_FIX7_AUTHORITY_CLOSURE_AND_SEAL_ONLY_2026_06_10(prepare + route only; does NOT approve the blueprint, does NOT authorize implementation). - Executable contract (new in rev2):
authority_seal_encoder.py(sha25647200442f176b1c534f000c4079632f6388b17dd1763bdbac2cbb725a452b5bb) +authority-seal-encoder-spec.md/.json. N7's domain tag, fixed field roster, order, and encoding are defined there; Codex computes N7 by runningencode_node("N7", …)— it invents nothing. - Machine mirror:
n7-approval-event-input-envelope.json.
1. Explicit non-self-approval statement
T1 prepared this envelope under owner authorization limited to assembly and routing. T1 has NOT approved anything, has NOT computed or claimed
envelope_manifest_sha256as sealed, and CANNOT do so. Every value below is either (a) an engineering-verified candidate value reproduced from the Codex Recheck-9 V3 review, or (b) an explicitly marked MISSING_AUTHORITY_INPUT that only owner/Codex can supply. Any N7 value computed before the authority fields are supplied is fixture/rehearsal-only and invalid as a seal.
2. Packet V3 identity (engineering-verified, candidate inputs)
| Field | Value |
|---|---|
| packet_kb_root | knowledge/dev/laws/tool-kiem-thu/packets/fix7-codex-recheck-9-2026-06-10/ |
| packet_version | V3 |
| packet_tree_sha256 | b95df0a5d2f41f80bea0cef8621c1f8bb0f6b49a40175116418494ed4141ca6d (relpath\0bytes\0 over 32 tracked files; HASH_MANIFEST excluded) |
| tracked_files | 32 |
| reconstruction | Codex V3 fresh governed-MCP fetch: RECONSTRUCTION: OK, tree identical bidirectionally |
3. Canonicalizer rev3 candidate identity (engineering-verified)
| Field | Value |
|---|---|
| document_id | knowledge/dev/reports/architecture/t1-fix7-existing-system-refactor-execution-blueprint-2026-06-08/canonicalizer-fix7-canon-v1-ssot.md |
| revision | 3 |
| utf8_bytes | 38756 |
| sha256 | 49c386a9b9666c09786fc4f89bc79776b6046eaee6f4da6d8537d2c753b734d0 |
| status | CANDIDATE — independently byte-verified by Codex V3 §8; becomes authoritative pin ONLY at P7 seal |
| membership_digest | f2bda8…fe251 (cross-tool shasum==hashlib, reproduced in V3 lane) |
4. Codex Recheck-9 V3 verdicts (verbatim, with source paths)
- Report:
knowledge/dev/reports/architecture/codex-fix7-blueprint-recheck-9-v3-blackbox-cli-oracle-rerun-and-seal-review-2026-06-10/00-readme-first.md(rev1) - Checkpoint:
knowledge/dev/reports/architecture/checkpoint-codex-fix7-blueprint-recheck-9-v3-blackbox-cli-oracle-rerun-and-seal-review-2026-06-10.md(rev1)
| Verdict | Value |
|---|---|
| Final status | CODEX_RECHECK_9_V3_AUTHORITY_BLOCKED |
| Engineering verdict | PASS |
| Article 13 / NT13 | PASS |
| Article 14 / NT14 | PASS |
| Hardcode / disguised hardcode | PASS (no remaining defect in review scope) |
| Candidate/rehearsal discipline | PASS |
5. N7 fixed roster (executable — AS-P1)
N7 binds, in this exact order (domain tag FIX7_ACTIVE_AUTHORITY_ENVELOPE_MANIFEST_V1; full byte rule in authority-seal-encoder-spec.md §3):
schema_version · node_id · membership_sha256 (N1) · canonicalizer_sha256 (N2) · marker_fence_registry_sha256 (N3) · superseded_boundary_sha256 (N4) · guard_set_sha256 (N5) · active_corpus_sha256 (N6) · approval_event_id (A1) · approver_identity (A2) · approval_event_timestamp (A3) · owner_blueprint_decision (A5) · approval_scope
Output: envelope_manifest_sha256. N7 binds ONLY the six engineering sub-digests + the approval-event fields. N7 does NOT bind N8 or P7 (see §6.1). Per-doc N1 digests are bound transitively through N6.
6. MISSING authority inputs (only owner/Codex can supply — DO NOT fabricate)
| # | Field | Status | Exact actor | Exact next action |
|---|---|---|---|---|
| A1 | approval_event_id | MISSING_AUTHORITY_INPUT | Codex/authority | Codex mints the approval-event identifier at seal time |
| A2 | approver_identity (owner + Codex) | MISSING_AUTHORITY_INPUT | Owner + Codex | Supplied inside the authorized seal event |
| A3 | approval_event_timestamp | MISSING_AUTHORITY_INPUT | Codex/authority | Stamped at seal time, not by T1 |
| A5 | owner blueprint decision (OWN-1 disposition) | MISSING_AUTHORITY_INPUT | Owner | Owner chooses an option in owner-decision-packet.md |
| A6 | envelope_manifest_sha256 (N7 itself) |
NOT COMPUTABLE AS SEAL BY T1 | Codex | Codex runs authority_seal_encoder.py encode_node("N7", …) over A1/A2/A3/A5 + §3/§5 engineering digests |
6.1 Cycle correction (AS-P2)
The rev1 "A4" said "Codex seals N8/P7 values; the N7 encoder then binds them." That is deleted — it created a forbidden cycle. The authoritative DAG is N7 → N2,N3,N4,N5,N6,N1; N8 → N2,N5,N6,N7; P7 → N2,N7,N8. So N8 depends on N7 and P7 depends on N7 and N8. The acyclic seal order is N7 → N8 → P7 (has_cycle(EDGES) = False, executable). N7's inputs are the engineering sub-digests + approval-event fields only; supplying detached_seal_sha256 or authority_seal_pin_sha256 to N7 is rejected SEAL_HASH_GRAPH_CYCLE.
7. Routing
Route this envelope + n8-detached-seal-request.md + p7-codex-reseal-request.md + authority-seal-encoder-spec.md + authority_seal_encoder.py + owner-decision-packet.md to Codex/authority. Authority sequence (acyclic): authorized approval event → Codex encode_node("N7") → Codex encode_node("N8") (binds N7) → Codex seal_p7() (pins rev3, binds N7+N8).