FIX7 Recheck-9 Current KB Byte Hash Proof — R9-B5 (2026-06-10)
FIX7 Recheck-9 — Current KB Byte Hash Proof (R9-B5)
- Date: 2026-06-10 · Authority: provisional-non-authority, evidence-only. Codex consulted: NO · Production mutation: NO (the SSOT rev3 write is the authorized P-EXT-2 apply of this lane).
- Export method (documented, reproducible): governed agent-data MCP endpoint, tool
get_document_for_rewrite(returns FULL untruncated content +revision); hash = SHA-256 over the UTF-8 encoding of the returnedcontentstring; every document fetched TWICE — identical hash and revision both times (determinism shown below as ✓✓).
1. Current 10 active blueprint docs + canonicalizer SSOT (post P-EXT-2 state)
Prefix: knowledge/dev/reports/architecture/t1-fix7-existing-system-refactor-execution-blueprint-2026-06-08/
| document_id (suffix) | kb_revision | chars | utf8 bytes | sha256 (utf-8 bytes) | fetch |
|---|---|---|---|---|---|
00-readme-first.md |
49 | 61311 | 61577 | aae97ad59afd706d1cf004d5e1a64b2796c1ae298fe26c328c4c7701c9d1373e |
✓✓ |
01-live-existing-system-inventory.md |
6 | 10076 | 10100 | 523f67ece22b7981ff2bce7f089a0d101c3e5b1fa62c50c08fff79156a665cb8 |
✓✓ |
02-design-to-live-mapping.md |
33 | 38642 | 38833 | 877cb7963ff51ed5afffb8f2bbd2416ed5ee7de45f502d329d9b3aec71fce86b |
✓✓ |
03-gap-classification.md |
6 | 9233 | 9243 | b2ddb5ed96a82e26c40357a71b2ebccf2338576f7ecb950b9762b304714451ad |
✓✓ |
04-dependency-safe-construction-order.md |
39 | 32586 | 32674 | 610ebd154ca0652dcacf9427c0a16360c0c1b143e88f2646441cd66a8f6b0d40 |
✓✓ |
05-rollback-blueprint.md |
24 | 15338 | 15370 | f1b8dfca5827dfff0ef457662ba837b5c8cf623f7d589f1d110c4228c9dd1ef4 |
✓✓ |
06-test-guard-blueprint.md |
70 | 75912 | 76223 | 227e0fabe2b5b1eb67af65568c574c04926feefcbd0f461989ddb230f7b0e8f0 |
✓✓ |
07-implementation-package-split.md |
55 | 35165 | 35269 | 97d1247bc40f0870c7fc78ee331a933300c3748935d8eafd45c1bc283553a356 |
✓✓ |
08-hard-blocks-do-not-touch-list.md |
17 | 12378 | 12402 | 5d463c411902fa0fb6dca23e3c1903085163e9e032652bae5c60bcf7557852cf |
✓✓ |
12-final-verdict.md |
64 | 64935 | 65178 | 31a2fd7ebf7988a09fb4f1ebcf98e84408c815bc694c86fe5a98118534e8eaae |
✓✓ |
canonicalizer-fix7-canon-v1-ssot.md |
3 | 38735 | 38756 | 49c386a9b9666c09786fc4f89bc79776b6046eaee6f4da6d8537d2c753b734d0 |
✓✓ |
All 10 doc hashes are IDENTICAL to the packet's pinned docs/ hashes (manifest authority artifacts + input rows of HASH_MANIFEST) — the pinned corpus IS the current KB corpus, byte-for-byte at these revisions.
2. The value Codex could not verify — now independently verified
Codex Recheck-9 §5: "exact current KB-byte SHA-256 could not be independently recomputed through the available MCP read interface." This session recomputed it:
- pre-patch SSOT rev2: fetched full content, 31301 chars / 31320 utf8 bytes, sha256 =
144eb3d9f44bc69b0955c387b7f6c3cf5e306a41e9e2716d42ddf2412f87412a— exactly the recheck-9 candidate value. - post-patch SSOT rev3 (P-EXT-2 applied this lane): update → re-fetch → sha256 =
49c386a9b9666c09786fc4f89bc79776b6046eaee6f4da6d8537d2c753b734d0== local patched bytes (byte-exact apply proof). This is the new CANDIDATEcanonicalizer_sha256; not pinned as authoritative — Codex seals it.
KB store byte-fidelity was probed (probe doc then deleted): tabs, trailing spaces, consecutive blank lines, non-ASCII (incl. ⁄), and absent final newline all round-trip exactly; content_length metadata is a CHARACTER count (chars ≠ utf8 bytes for these docs — both recorded above).
3. N6 kb_revision binding
The kb_revision values above are the current bindings for the active_corpus (N6) records. They are recorded in manifest.json → explanatory.kb_binding (excluded from offline --verify PASS — they are KB state, not offline-recomputable) and in this report. The N6 digest remains class REHEARSAL: Codex seals the revision set at the seal event.
4. Honest residual (action-ready tooling blocker — NOT a byte-seal claim beyond its method)
R9-B5-RES: the agent-data service exposes no server-computed digest (e.g. sha256(document_id, revision)); the proof above is client-computed over MCP-served full content. It is deterministic, revision-bound, and reproducible by Codex with the same governed access (one tool call per doc + sha256). If Codex requires a server-side digest for the final seal:
- exact next action: add a read-only
document_digestendpoint/named-query to the agent-data service returning{document_id, revision, content_sha256, content_length}; - who acts: owner / KB-service tooling; then Codex re-checks;
- blocks fresh Codex rerun: NO (Codex can reproduce the MCP-fetch hashes today); blocks only a stricter-than-MCP byte-seal standard if Codex demands one.
5. Verdict
R9-B5 PROVEN at MCP-byte level (ids + revisions + char/byte lengths + sha256 + determinism + method), with the server-side-digest residual named and action-ready. No authoritative canonicalizer_sha256/revision is pinned here.