FIX7 Authority-Seal Acyclic DAG Report (2026-06-10)
FIX7 Authority-Seal Acyclic DAG Report (AS-P2)
- Date: 2026-06-10 · Host: T1 · Codex consulted: NO
1. Authoritative edges (engineering verbatim from canonicalizer SSOT rev3)
From canonicalizer-fix7-canon-v1-ssot.md (sha256 49c386a9…b734d0), line EDGES=…:
N1 [] N2 [] N3 [] N4 [] N5 [] N6 [N1]
N7 [N2,N3,N4,N5,N6,N1]
N8 [N2,N5,N6,N7]
N9_DIAG []
These engineering edges are copied byte-for-byte into authority_seal_encoder.py EDGES (verified equal: EDGES engineering subset identical: True). The authority layer adds exactly one node:
P7 [N2,N7,N8]
2. Cycle proof
has_cycle(EDGES) (Tarjan-style 3-colour DFS, copied verbatim from the canonicalizer) → False.
- N7 depends on engineering leaves N1..N6 only.
- N8 depends on N2,N5,N6 and N7 (N8 is a child of N7).
- P7 depends on N2 and N7,N8 (P7 is a child of both).
- No node lists N7 as needing N8/P7, nor N8 as needing P7. No back-edges ⇒ acyclic.
Negative confirmation: injecting N7→N8 (the prior packet's defect) makes has_cycle → True (injected N7->N8 edge detected as cycle PASS). This is the exact cycle Codex flagged in AS-P2.
3. Seal sequence (acyclic topological order)
N1..N6 (engineering, candidate via canonicalizer --produce)
→ N7 (envelope manifest: engineering digests + approval-event A1/A2/A3/A5)
→ N8 (detached seal: binds N7 + Codex signer/timestamp/parent/report)
→ P7 (authority pin: binds N7 + N8 + pinned rev3/Packet-V3 identity)
4. The old A4 cycle and its removal
Prior n7-approval-event-input-envelope.md rev1 A4: "Codex seals N8/P7 values; the N7 encoder then binds them." That made N7 a parent of N8 while the DAG makes N8 a parent of N7 → a 2-cycle that must fail SEAL_HASH_GRAPH_CYCLE. rev2 §6.1 deletes it and enforces the correct direction. The encoder's CYCLE_FORBIDDEN set rejects any attempt to feed detached_seal_sha256/authority_seal_pin_sha256 into N7, or authority_seal_pin_sha256 into N8.
5. P7 precede-vs-follow rationale (Codex "P7/N2 → N7")
Codex's AS-P2 note suggested "normally P7/N2 → N7 → N8". This refers to the candidate-input role of the pinned identity: the canonicalizer rev3 hash (= N2) and Packet V3 tree are leaf data available before N7. The final pin (P7 as a node) FOLLOWS N7,N8 — it must, because the pin records which N7/N8 were sealed. Both readings coexist without a cycle: the rev3/tree values are leaves (in-degree only); the P7 node has no node depending on it. Documented in spec §2 and p7 §1.