KB-3BB1
FIX7 Recheck-9 RERUN Strictness Report — R9-B3 (2026-06-10)
4 min read Revision 1
tool-kiem-thufix7recheck-9packet-v2r9-b1-b52026-06-10
FIX7 Recheck-9 — RERUN Strictness Report (R9-B3)
- Date: 2026-06-10 · Authority: provisional-non-authority, evidence-only. Codex consulted: NO · Production mutation: NO.
- Subject:
RERUN.shV2 in packetknowledge/dev/laws/tool-kiem-thu/packets/fix7-codex-recheck-9-2026-06-10/.
1. The V1 defect (Codex evidence)
V1 used set -u only; selftest/produce exits were echo-printed but never checked; RERUN never ran shasum -c, the forbidden scan, or any negative test — RERUN_RESULT: PASS was stronger than the executed checks. Confirmed in V1 source first-hand.
2. V2 shell mode and enforcement
set -euo pipefail+trap '… FAIL (line $LINENO); exit 1' ERR— every command's exit is enforced; a pipeline component failure fails the pipeline; the FAIL trap prints the failing line and exits 1 BEFORE any PASS text.- The canonical packet is never mutated during a rerun: all outputs go to
./rerun-out/(excluded from the tracked tree); negative/adversarial tests run on OS-temp copies.
3. The 10 gates (each re-executed live, each exit-checked)
| gate | command | what a failure means |
|---|---|---|
| 0 | manifest_tool.py --complete |
required file missing, or HASH_MANIFEST not bidirectionally covering the tree, or hash mismatch |
| 1 | shasum -a 256 -c HASH_MANIFEST.txt |
cross-tool byte divergence of any tracked file |
| 2 | materialize fence → cmp vs pinned .py AND vs extended reference |
SSOT fence no longer materializes to the one canonical identity |
| 3 | SSOT selftest → diff vs pinned expected output |
any of the 45 checks failed or output drifted |
| 4 | extended-reference selftest → diff vs same expected |
reference diverged from fence |
| 5 | --produce docs … → diff vs pinned expected output |
corpus/digests changed, or fail-closed exit 4 fired |
| 6 | cross-tool membership: python hashlib assert + `shasum | grep` of the frozen pin |
| 7 | manifest_tool.py --scan |
forbidden operation present in seal-path code |
| 8 | manifest_tool.py --verify |
ANY authority field ≠ full recomputation (includes re-running all 8 negative tests) |
| 9 | adversarial_suite.py |
a tamper class is no longer caught, or a positive control broke — an expected-fail test that unexpectedly passes FAILS the suite (each T-test asserts rc==1/exit-4 behavior; report() marks UNEXPECTED and the suite exits 1) |
RERUN_RESULT: PASS is the last line and is reachable only after all 10 gates succeed in the SAME invocation — no pinned log, manifest literal, or prose is trusted for it.
4. Executed evidence
- Nominal:
bash RERUN.shexit 0 twice;rerun-out/outputs byte-identical across runs (selftest.log,ext-selftest.log,produce.log,materialized.py,membership_input.binallcmp-equal) — determinism at file level. - Adversarial, full-RERUN level (Codex's own probes re-run end-to-end):
- tamper
forbidden_operations_found=999→TAMPER_LITERAL_FULL_RERUN_EXIT=1(V1: 0); - remove doc 05 →
MISSING05_FULL_RERUN_EXIT=1(V1: 0); - 1-byte SSOT tamper →
SSOT_BYTE_TAMPER_FULL_RERUN_EXIT=1. Each aborts withRERUN_RESULT: FAIL (command failed at line …)before any PASS.
- tamper
- KB-reconstructed packet (fetched fresh from KB only):
bash RERUN.shexit 0, PASS — the strict rerun is reproducible from the governed surface (see KB-native packet completeness report).
5. Verdict
R9-B3 CLOSED. Every claimed piece of evidence is regenerated inside the rerun itself; every command exit is enforced; expected-fail tests are themselves gated; PASS cannot print after an unchecked or failed step.