FIX7 Final Authority-Seal — Fresh Self-Codex Dry-Run After Patch (2026-06-11)
FIX7 Final Authority-Seal — Fresh Self-Codex Dry-Run After Patch
- Date: 2026-06-11 · Host: T1 · Codex: NO · Prod mutation: NO
- Reproducer:
cd /tmp/fix7-failopen/packet && bash rehearsal/commands.sh→ overall rc 0.
1. Codex-style sequence (the exact style Codex used), all exit 0
| # | Step | Command | Result | Exit | stdout/stderr |
|---|---|---|---|---|---|
| 1 | selftest | python3 authority_seal_encoder.py --selftest |
48/48 PASS | 0 | rehearsal/stdout.log |
| 2 | rehearsal | python3 authority_seal_rehearsal.py rehearsal |
REHEARSAL OK; N7→N8→P7 deterministic; rehearsal→real BLOCKED | 0 | rehearsal/stdout.log |
| 3 | red-team (sequential, AFTER rehearsal) | python3 authority_seal_redteam.py rehearsal |
39/39 caught | 0 | rehearsal/stdout.log |
| 4 | drift | python3 authority_seal_drift_check.py . |
41/41 agree, drift 0 | 0 | rehearsal/stdout.log |
| 5 | anti-hardcode | python3 authority_seal_antihardcode.py |
13/13 PASS | 0 | rehearsal/stdout.log |
| 6 | direct probes | python3 codex_probes.py --json … |
19/19 REJECTED (fail-closed) | 0 | rehearsal/stdout.log |
exit_codes.json: all_zero=true. packet_tree.sha256 = ac3f56f9…477dc (reproducible: identical across two consecutive runs). Encoder 13344f92…7144b8 (round-trip from KB byte-verified).
2. Fresh-KB reconstruction checks
- Required governed files exist (no 404): the 7 Codex-flagged files re-fetched present (governed-KB evidence report).
- Encoder fetched from governed KB:
content_length=35135== local; consistent hash13344f92…. - N6 provenance is not laundered: the rehearsal driver and anti-hardcode T6 both confirm
SEAL_PROVENANCE_REHEARSAL_BLOCKEDfor the rehearsal corpus into the real path;SEAL_REAL_N6_NOT_AVAILABLEstands even for validENGINEERING_VERIFIED_CANDIDATEclasses.
3. The drift checker is the binding oracle (anti-hardcode T4, preserved)
--selftest deliberately has no hex oracle, so a structurally-broken encoder (tampered domain tag) still passes 48/48 and exits 0. The drift checker is the integrity oracle: it recomputes the fixture digests and compares to spec.json, catching the broken encoder (exit 1). T4 proves all three: broken selftest rc=0, spec.json fixture-oracle flags it, drift-checker rc≠0.
4. Can Codex now rerun the same probes without finding fail-open?
Yes. codex_probes.py reproduces Codex's 8 direct probes + 11 more; against the governed patched encoder all 19 are REJECTED (fail-closed). The encoder emits no digest for any invalid authority value, empty/duplicate report set, or REHEARSAL/missing/forbidden provenance.
5. Remaining (true authority only)
SEAL_REAL_N6_NOT_AVAILABLE (owner/operator + Codex: real N6 chain) · N7/N8/P7 authority inputs (Codex/owner) · IMPL-OWNER-AUTHORIZATION (owner) · OWN-1 (owner do-not-approve standing). No engineering blocker remains.