FIX7 Authority-Seal Contract Executable — Master Report (2026-06-10)
FIX7 Authority-Seal Contract Executable — Master Report
- Date: 2026-06-10 · Host: T1 · Production mutation: NO · Codex consulted: NO
- Lane:
FIX7_AUTHORITY_SEAL_CONTRACT_EXECUTABLE_MACRO_2026_06_10 - Final status:
FIX7_AUTHORITY_SEAL_CONTRACT_SELF_CODEX_READY - Scope: patch ONLY the authority-seal contract layer (N7/N8/P7). Packet V3 engineering NOT redone; canonicalizer rev3 unchanged; no seal authored; no self-approval.
0. Why this lane ran
Codex returned CODEX_FIX7_AUTHORITY_REJECT (report knowledge/dev/reports/architecture/codex-fix7-authority-seal-approval-lane-2026-06-10/00-readme-first.md), preserving engineering PASS but rejecting the authority-seal layer on four contract defects (AS-P1..AS-P4). The prior closure packet was prose-only: no executable N7 encoder, an N7↔N8 cycle, no byte-exact N8/P7 contract. Sealing would have forced Codex to invent fields/order/encoding — prohibited. This lane delivers a finite, byte-exact, acyclic, executable authority-seal contract so Codex can author N7/N8/P7 inventing nothing.
1. Readback table (Codex blocker → repair → acceptance)
| Codex ID | Codex evidence | Root cause | Affected doc/tool | Executable repair | Acceptance test | Overclaim avoided |
|---|---|---|---|---|---|---|
| AS-P1 | "N7 deterministic encoder absent; canonicalizer emits only REHEARSAL_ONLY_NEEDS_SEALED_INPUTS (N7); no N7 function/roster/order/vector" |
N7 was prose; no executable encoder | authority_seal_encoder.py, spec §3, n7 envelope |
encode_node("N7", …) with fixed 13-field roster, domain tag FIX7_ACTIVE_AUTHORITY_ENVELOPE_MANIFEST_V1, byte-exact rec/digest |
selftest N7 encodes 64-hex + deterministic; missing/extra/order/tag/byte negatives fail-closed | did NOT claim N7 sealed; fixture digest labelled NOT-A-SEAL |
| AS-P2 | "N7 A4 says N7 binds N8/P7; DAG says N8→N7 ⇒ cycle SEAL_HASH_GRAPH_CYCLE" |
wording made N7 parent+child of N8 | spec §2, n7 §6.1, encoder EDGES | deleted A4; enacted N7→…; N8→…N7; P7→…N7,N8; cycle-guard rejects N8/P7 fields in N7 |
has_cycle(EDGES)=False; injected N7→N8 detected as cycle; N7-binds-N8/P7 → reject |
did NOT keep cyclic wording |
| AS-P3 | "N8 lists only objects; no roster/order/encoding/signer/encoder/vector" | N8 was prose-only | authority_seal_encoder.py, spec §4, n8 request |
encode_node("N8", …) 11-field roster, tag FIX7_CODEX_DETACHED_SEAL_V1, binds N7 + Codex signer/timestamp/parent/report |
N8 encodes 64-hex binding N7; N8-missing-N7 → SEAL_INPUT_MISSING; N3-into-N8 → SEAL_INPUT_EXTRA |
did NOT author N8; signer/time = Codex inputs |
| AS-P4 | "P7 candidate verified but no exact seal artifact schema/encoding; prose-only prohibited" | P7 had no schema | authority_seal_encoder.py, spec §5, p7 request |
seal_p7() 13-field roster, tag FIX7_AUTHORITY_SEAL_PIN_V1, digest form (alt checkpoint-pin rule documented) |
P7 seals 64-hex; prose-only → reject; mutated rev3/tree → verify_pin FAIL |
did NOT pin rev3; remains candidate |
2. What was built
| Artifact | Path | Hash / state |
|---|---|---|
| Executable encoder | …/fix7-authority-closure-2026-06-10/authority_seal_encoder.py |
sha256 47200442…a452b5bb, 19131 bytes, selftest 22/22 exit 0 |
| Spec (human) | …/authority-seal-encoder-spec.md |
rev1 |
| Spec (machine) | …/authority-seal-encoder-spec.json |
sha256 f1c49927…95ef5eb, generated from encoder |
| N7 envelope | …/n7-approval-event-input-envelope.md/.json |
rev2 (cycle removed, roster bound) |
| N8 request | …/n8-detached-seal-request.md |
rev2 (executable roster) |
| P7 request | …/p7-codex-reseal-request.md |
rev2 (executable schema) |
3. Verdicts
- AS-P1 — CLOSED. N7 encoder executable + byte-exact (spec §3; selftest).
- AS-P2 — CLOSED. DAG acyclic; N7 never binds N8/P7; order N7→N8→P7;
has_cycle=False. - AS-P3 — CLOSED. N8 detached-seal contract executable + byte-exact (spec §4; binds N7).
- AS-P4 — CLOSED. P7 seal artifact schema/encoding executable + byte-exact (spec §5; prose-only rejected; mutation-detected).
- Encoder/spec — PASS. stdlib-only, offline, deterministic, fail-closed; grammar proven byte-identical to canonicalizer rev3.
- DAG — PASS. acyclic; engineering edges verbatim from SSOT; only P7 added.
- Test vectors — PASS. 22/22 (positive + every AS-P5 negative).
- Self-Codex dry-run — PASS. see
fix7-authority-seal-self-codex-dry-run-report-2026-06-10.md. - Anti-overclaim — PASS. no seal/approval claimed; fixture digests labelled NOT-A-SEAL; engineering unchanged.
4. Engineering preserved (no contradiction)
Packet V3 tree b95df0a5…ca6d and canonicalizer rev3 (49c386a9…b734d0, rev3, 38756 bytes) are unchanged and re-confirmed locally (shasum over the rev3 byte copy = 49c386a9…b734d0). The authority-seal encoder is a SEPARATE layer that consumes engineering digests; it does not touch Packet V3. No engineering contradiction found → status is not …ENGINEERING_CONTRADICTION.
5. Remaining blockers (true owner/Codex authority only)
| ID | AS-P map | Missing | Actor | Blocks Codex seal? | Blocks implementation? |
|---|---|---|---|---|---|
| N7-INPUTS | AS-P1 | A1/A2/A3/A5 approval-event values | Owner + Codex | YES (Codex computes after inputs) | YES |
| N8-AUTH | AS-P3 | signer identity, timestamp, parent, report set | Codex | YES | YES |
| P7-PIN | AS-P4 | Codex runs seal_p7() and pins rev3 |
Codex | YES | YES |
| OWN-1 | — | owner blueprint decision (option in owner-decision-packet) | Owner | gates approval | YES |
| IMPL-OWNER | — | separate implementation-macro authorization after seal PASS | Owner | — | YES |
All remaining items are genuine authority inputs, NOT engineering gaps. T1 has closed every T1-closable contract defect.
6. Minimal safe next step
Route the patched closure packet (encoder + spec + n7/n8/p7 rev2) to Codex for a new seal macro. Codex runs authority_seal_encoder.py, supplies the authority inputs, and authors N7→N8→P7. Preserve Packet V3 and canonicalizer rev3 unchanged; keep all implementation/production gates closed.