KB-1B6A
FIX7 Recheck-9 V3 — Black-Box CLI Negative Suite Report (2026-06-10)
4 min read Revision 1
tool-kiem-thufix7recheck-9packet-v3r9-b6blackbox-negative-suite2026-06-10
FIX7 Recheck-9 V3 — Black-Box CLI Negative Suite Report
- Date: 2026-06-10 · Verdict: PASS — 10/10 observed-behavior checks; zero inferred exits
- Tool:
blackbox_negative_suite.py(packet root; in forbidden-scan scope; sha256c2ebbdcb…e9f75e) - Oracle:
manifest_tool.CLI_ORACLE— STATIC spec pin (produce ok→0, corpus error→4, selftest pass→0, suppression marker, suppressed token). Never generated from SUT output. - Execution levels: every case runs the REAL CLI file as
__main__(runpy harness, observed SystemExit); the four corpus cases are ADDITIONALLY executed as true OS processes byRERUN.shgate 6 with$?observed from bash (raw stdout per case inrerun-out/neg-{missing,extra,invalid,absentdir}.log).
Per-case results (canonical Packet V3; raw log logs/blackbox-negative-suite.log, regenerated live by RERUN gate 7)
| case | command (SUT) | expected exit | OBSERVED exit | stdout / artifact / digest checks | verdict |
|---|---|---|---|---|---|
| P1 positive control | canonicalizer …py --produce docs ssot.md |
0 | 0 | corpus_ok: True; no suppression marker; no suppressed token |
PASS |
| P2 positive control | canonicalizer …py (selftest) |
0 | 0 | ALL PASS: True (45/45) |
PASS |
| N1 missing active doc 05 | --produce <copy-without-05> ssot.md |
4 | 4 | corpus_ok: False ✓ · membership_frozen_ok: False ✓ · suppression marker ✓ · zero aggregate-digest hex leak (8 labels checked) ✓ · no output artifact created (dir snapshot before==after) ✓ |
PASS |
| N2 extra active doc | --produce <copy+99-extra-doc.md> |
4 | 4 | same five checks ✓ | PASS |
| N3 invalid / extract-error doc | --produce <copy with unbalanced fence in 03> |
4 | 4 | same five checks ✓ | PASS |
| N4 absent docs dir | --produce <nonexistent> |
4 | 4 | same five checks ✓ | PASS |
| N5 duplicate active doc ON DISK | — | — | — | N/A with rationale: case-insensitive filesystem cannot host two casefold-equal filenames; NOT marked PASS | N/A |
| N5′ adjacent equivalent | validate_corpus_listing(DOCS+["05-Rollback-Blueprint.md"]) (executed validator) |
ok=False | ok=False, 1 duplicate | duplicate detection proven at the validator the CLI uses | PASS |
| N6 forbidden-operation marker | REAL manifest_tool.py --scan CLI on a copy with a forbidden token appended to seal-path code |
1 | 1 | scanner fails closed, observed not inferred | PASS |
| N7 manifest authority tamper | REAL manifest_tool.py --verify CLI on a copy with forbidden_operations_found=999 |
1 | 1 | verifier CLI exit observed (closes the main()-return vs __main__-exit gap) |
PASS |
| N8 candidate claimed sealed | REAL manifest_tool.py --verify CLI on a copy with digest_classes.canonicalizer_sha256="CODEX_SEALED" |
1 | 1 | seal-flag toggle rejected at observed CLI level | PASS |
Digest-suppression check detail
When corpus_not_ok, all 8 aggregate digest stdout lines (membership_sha256, active_corpus_sha256, marker_fence_registry_sha256, superseded_boundary_sha256, guard_set_sha256, canonicalizer_sha256_cand, envelope_manifest_sha256, detached_seal_sha256) must carry SUPPRESSED_CORPUS_NOT_OK and no 64-hex value; verified by agg_digest_leak() in python AND an independent grep -E in RERUN gate 6. Per-doc N1 hashes of PRESENT docs are allowed by design (they are per-doc evidence, not aggregate candidates).
Integration
- RERUN gate 7 runs this suite live and greps its PASS line; gate 6 re-executes the 4 corpus cases at OS-process level;
manifest_tool --emit/--verifyre-execute the same 4 cases + 2 positive controls internally and RAISE on violation (negative_tests.*inmanifest.jsoncarriescli_exit_observed/cli_exit_expected/cli_exit_matches_oracle/evidence_class=EXECUTED_CLI_BLACKBOX). cli_exit_contract(the V2 inferred field) is REMOVED; RERUN gate 11 fails if it reappears.