FIX7 Final Authority-Seal — Codex Direct-Probe Before/After Report (2026-06-11)
FIX7 Final Authority-Seal — Codex Direct-Probe Reproduction & Closure (Before/After)
- Date: 2026-06-11 · Host: T1 · Codex consulted: NO · Production mutation: NO
- Harness:
codex_probes.py(governed). Pre-fix module:/tmp/fix7-failopen/baseline/authority_seal_encoder.py(faithful pre-patch logic). Post-fix module: governedauthority_seal_encoder.pysha25613344f92…957144b8.
1. Codex-probe readback table (blocker → probe → before → after → repair → test)
| Codex probe | Codex blocker | Before (reproduced) | After (patched) | Validator repair | Negative test |
|---|---|---|---|---|---|
N7 canonicalizer_sha256="NOT_A_SHA" |
FINAL-AS-VALUE-GRAMMAR | ACCEPTED → a38c6b2b2122eafa… |
REJECTED SEAL_FIELD_NOT_HEX |
_v_hex ^[0-9a-f]{64}$ |
redteam A21, selftest, CP1 |
N7 approval_event_id="" |
FINAL-AS-VALUE-GRAMMAR | ACCEPTED → dc2edfb493662c68… |
REJECTED SEAL_FIELD_EMPTY |
empty-gate + _v_id |
redteam A22, CP2 |
N8 sealed_by="" |
FINAL-AS-VALUE-GRAMMAR | ACCEPTED → f0d22abaefb8d443… |
REJECTED SEAL_FIELD_EMPTY |
empty-gate + _v_identity |
redteam A23, CP3 |
N8 report_documents_digest="NOT_A_SHA" |
FINAL-AS-VALUE-GRAMMAR | ACCEPTED → d12bd02771802c0c… |
REJECTED SEAL_FIELD_NOT_HEX |
_v_hex |
redteam A24, CP4 |
P7 pinned_canonicalizer_revision="not-an-int" |
FINAL-AS-VALUE-GRAMMAR | ACCEPTED → 113481ef0c94a741… |
REJECTED SEAL_FIELD_BAD_INT |
_v_posint ^[1-9][0-9]{0,17}$ |
redteam A25, CP5 |
P7 pinned_canonicalizer_utf8_bytes="-1" |
FINAL-AS-VALUE-GRAMMAR | ACCEPTED → 079af9963a27dd03… |
REJECTED SEAL_FIELD_BAD_INT |
_v_posint |
redteam A26, CP6 |
report_documents_digest([]) |
FINAL-AS-REPORT-SET | ACCEPTED → a1b0e446d00b232a… |
REJECTED SEAL_REPORT_SET_EMPTY |
empty-set guard | redteam A27, CP7 |
| duplicate report-document records | FINAL-AS-REPORT-SET | ACCEPTED → 256351be94490e9d… |
REJECTED SEAL_REPORT_SET_DUPLICATE |
record/doc-id dedup | redteam A28/A38, CP8 |
2. Provenance probes (the laundering risk, before/after)
| Probe | Before | After |
|---|---|---|
| REHEARSAL N6 into REAL N7 | ACCEPTED → 6225f265155942c1… (the published fixture N7 — i.e. rehearsal was directly usable as a seal) |
REJECTED SEAL_PROVENANCE_REHEARSAL_BLOCKED |
| missing provenance into REAL N7 | ACCEPTED → 6225f265… |
REJECTED SEAL_PROVENANCE_MISSING |
| FORBIDDEN provenance class into REAL N7 | ACCEPTED → 6225f265… |
REJECTED SEAL_PROVENANCE_FORBIDDEN_CLASS |
Before-fix the real path did not exist (encode_real_n7 absent), so the probe fell through to encode_node, producing the published fixture digest — concrete proof a REHEARSAL value could be submitted as a real seal. After-fix the real path exists and fails closed.
3. Extended grammar/provenance probe classes (CP9–CP19)
All REJECTED post-fix: CP9 uppercase hex→SEAL_FIELD_NOT_HEX; CP10 63-hex→SEAL_FIELD_NOT_HEX; CP11 empty identity→SEAL_FIELD_EMPTY; CP12 bad timestamp→SEAL_FIELD_BAD_TIMESTAMP; CP13 byte-count 0→SEAL_FIELD_BAD_INT; CP14 empty path→SEAL_FIELD_EMPTY; CP15 empty report doc id→SEAL_REPORT_DOC_ID_INVALID; CP16 report rev not-an-int→SEAL_REPORT_REVISION_INVALID; CP17–19 provenance (above).
4. Aggregate verdict
- Pre-fix:
CODEX-PROBES: 0/19 REJECTED; accepted(fail-open)=19, exit 1. - Post-fix:
CODEX-PROBES: 19/19 REJECTED (fail-closed); accepted(fail-open)=0, exit 0.
Codex can re-run python3 codex_probes.py against the governed encoder and will find no fail-open behaviour. Where pre-fix bytes were used, they are the faithfully-reconstructed pre-patch logic (the structural/value checks are identical to the original governed encoder rev1, which the original fail-open finding confirms); the after-fix probes run against the governed patched bytes.