KB-B884
FIX7 Blueprint — Approval-Acceleration Punch-List (2026-06-10)
5 min read Revision 1
tool-kiem-thufix7approval-accelerationpunch-listconstruction-blueprintnon-gating2026-06-10
FIX7 Blueprint — Approval-Acceleration Punch-List
- Date: 2026-06-10 · Object ID: TKT-OBJ-044 · Authority:
evidence-only, advisory / non-gating (decision_effect=NONE) · Audience: owner + T1 (author) + Codex (sealer) - Purpose: turn Codex Recheck-8's prose verdict into a precise, evidence-bound, deduplicated punch-list so the next approval round of the construction blueprint ("bản vẽ thi công") is faster. This does NOT approve the blueprint — owner decision stands: "Do not approve the construction blueprint for implementation-authoring planning." It tells T1 exactly what to fix and tells the approver exactly what to re-check.
- Inputs: checkable package (TKT-OBJ-042), 5-lens check report (TKT-OBJ-043), Recheck-8 docs.
1. Single root cause (fix this first → most of the board clears)
The one runnable artifact
canonicalizer-fix7-canon-v1-ssot.pydoes not exist (only a.md). Everything red flows from this: B-FAIL → F-FAIL → G-BLOCKED, and C/E/K NEEDS_FIX persist because the production logic that would execute those guards lives only in prose.
2. Punch-list (ordered; each item = exact fix + acceptance test + which lens/check it clears)
| # | Defect (lens) | Recheck-8 | Exact fix T1 must deliver | Acceptance evidence the approver re-checks |
|---|---|---|---|---|
| P1 | L1 missing artifact + L3 non-runnable | B, F, G | Deliver ONE actually runnable, scoped SSOT artifact. If code stays in Markdown, define+test an exact byte extraction/materialization command; the declared invocation must exist and exit 0. | python3 canonicalizer-fix7-canon-v1-ssot.py --selftest (or the materialization command) runs → exit 0, real output pasted. |
| P2 | L1 missing output | F, G | Implement the full production pipeline: MCP input-bundle validation, active extractor, marker/fence enumeration + duplicate checks, normalized per-doc records, corpus/registry/boundary/guard/manifest/seal encoders, and all 8 digest outputs. | All 8 digests produced (incl. membership=f2bda8…fe251, envelope_manifest_sha256, detached_seal_sha256). |
| P3 | L2 fake selftest | B, F | Make --selftest execute every claimed scenario — duplicate authority / package divergence, duplicate markers, extractor ambiguities, envelope roster closure, real self-revision input rejection — and paste complete real output. |
Selftest output shows each scenario actually executed (not 22 narrow unit asserts); exit 0. |
| P4 | L4 duplicate authority | C | Implement G-NO-DUPLICATE-CANONICAL-AUTHORITY mechanically over scoped ACTIVE_AUTHORITY/package inputs (a runnable inventory proving exactly one canonical identity/hash); remove the permission for an unpinned reimplementation to qualify via incomplete vectors. |
A runnable duplicate-authority inventory passes; no demoted-prose consultation required to seal. |
| P5 | L5 forbidden/unenforced scope | E | Implement+test the complete marker/extractor pipeline incl. duplicate-marker and ambiguity cases and whole-document fence balance/nesting/overlap; boundary guards scope current authority only. | Marker/extractor tests cover duplicate + ambiguity + fence cases; pass. |
| P6 | L4-adjacent mutable seal | A-res, H, I | Define an independently authenticated or revision-bound detached-seal anchor (no self-reference). | Seal anchored by independent signature / pinned revision, not a hash beside mutable content. |
| P7 | re-seal | G, K | Re-run Codex sealing; a single command consumes a precisely-defined MCP-export bundle and emits the complete machine-readable seal result (all 8 values). | Codex recheck-9 seal with all digest fields populated. |
Constraint carried from Recheck-8: reusable-framework work is OUT OF SCOPE; corrections are limited to this construction blueprint.
3. Ready-to-approve gate (what "green" requires)
The blueprint is ready for the owner to authorize implementation-authoring planning when P1–P6 are delivered with pasted real output AND Codex recheck-9 returns a seal (P7) — i.e. checks B,C,E,F,H,I flip to ACCEPTED and G unblocks, with A/D/J already ACCEPTED. Until then status remains NEEDS_T1_FIX.
4. Why this accelerates approval
- Collapses a multi-section Codex narrative into 7 atomic, testable items with explicit acceptance evidence and a single root cause → T1 fixes in dependency order (P1 first) and the approver re-checks against a checklist instead of re-deriving findings.
- Each item is pre-bound to its Recheck-8 check letter, so recheck-9 is a verification pass, not a fresh discovery pass.
- Non-gating + non-authority: it cannot wrongly "pass" the blueprint; Codex still seals.
Verdict
APPROVAL_PUNCH_LIST_READY — 7-item, root-caused, evidence-bound, dependency-ordered punch-list; owner's no-approve decision preserved; Codex remains the sealer.