FIX7 Authority-Seal N7→N8→P7 End-to-End Rehearsal Report (2026-06-10)
FIX7 Authority-Seal — N7→N8→P7 End-to-End Rehearsal Report (Workstream B/C)
- Date: 2026-06-10 · Host: T1 · Codex consulted: NO · Production mutation: NO
- ⛔ NOT A SEAL. Every digest here is computed over clearly-labelled FIXTURE authority inputs. No approval, no authority.
1. Driver
authority_seal_rehearsal.py imports the reconstructed authority_seal_encoder, builds the fixture inputs, and runs the acyclic order N7 → N8 → P7. For each node it emits ordered input pairs, the exact canonical record bytes, the digest preimage, preimage_sha256, and the node digest. It cross-checks encode_node(...) == sha(preimage) (assert), independently confirming the byte-exact preimage.
2. Fixture authority inputs (labelled NOT-A-SEAL)
| Field | Fixture value | Real source |
|---|---|---|
approval_event_id (A1) |
FIXTURE-APPROVAL-EVENT-0001 |
Codex mints at seal |
approver_identity (A2) |
FIXTURE-OWNER+FIXTURE-CODEX |
owner + Codex |
approval_event_timestamp (A3) |
2026-06-10T00:00:00Z |
Codex stamps |
owner_blueprint_decision (A5) |
FIXTURE_OPTION_2_SEAL_ONLY |
owner chooses (OWN-1) |
N8 sealed_by/sealed_at/parent_checkpoint/report_documents_digest |
FIXTURE-CODEX-SIGNER / 2026-06-10T00:00:00Z / fixture id@rev / computed sub-digest |
Codex-only |
| N3/N4/N5/N6 sub-digests | 3×64/4×64/5×64/6×64 placeholders |
engineering candidate (canonicalizer --produce) |
| N2 / membership / Packet-V3 tree | real published candidates (49c386a9…, f2bda8…fe251, b95df0a5…) |
engineering, consumed not recomputed |
3. Sequence & digests (NOT A SEAL)
N7 (envelope manifest, 13 fields, tag FIX7_ACTIVE_AUTHORITY_ENVELOPE_MANIFEST_V1)
preimage 858 bytes → 6225f265155942c1d32ce3ed2d491b4c3b7b0109a3b4b6fde9a37f434b459bfd
N8 (detached seal, 11 fields, binds N7, tag FIX7_CODEX_DETACHED_SEAL_V1)
→ b1f001b64da50748823259593393b6e2d050c8c55c56918c99386984d075aa73
P7 (authority pin, 13 fields, binds N7+N8, tag FIX7_AUTHORITY_SEAL_PIN_V1)
→ 3599f6635be42a695991f66f561642e26718403f4e14ad220480480a8da7d541
DAG acyclic (N7,N8,P7): True
deterministic 2nd pass identical: True
4. Acyclicity (executable)
has_cycle(EDGES) = False over N7→[N2,N3,N4,N5,N6,N1], N8→[N2,N5,N6,N7], P7→[N2,N7,N8]. N7 never binds N8/P7; N8 never binds P7. Injecting N7→N8 flips has_cycle to True (caught). The order N7→N8→P7 is the only topological order consistent with the authoritative DAG; it matches the corrected (post-AS-P2) sequence.
5. Byte-exact artifact set (rehearsal/)
README_NOT_A_SEAL.md, fixture-inputs.json, n7/n8/p7-rehearsal-artifact.json (each with ordered records + preimage bytes + preimage_sha256 == digest), rehearsal-summary.json, redteam-results.json, commands.sh, stdout.log, stderr.log (empty), exit_codes.json (all 0), HASH_MANIFEST.txt, packet_tree.sha256 (9f40519a…).
6. Verdict
End-to-end N7→N8→P7 rehearsal PASS (exit 0), deterministic, acyclic, byte-exact, fully labelled NOT-A-SEAL. The chain demonstrates Codex can author the real seal by swapping the fixture authority fields for real ones — the protocol is finite and runnable, nothing is left ambiguous.