FIX7 Recheck-9 V3 — Codex V2 Failure Reproduction Report (2026-06-10)
FIX7 Recheck-9 V3 — Codex V2 Failure Reproduction Report
- Date: 2026-06-10 · Verdict: REPRODUCED FIRST-HAND (not merely mapped to Codex evidence)
- Baseline integrity: local Packet V2 tree hash recomputed =
21752e19c76f76613ba1680b734686c558a130e05d64dbc9eb5131b822fba480(28 tracked files) == the tree Codex fresh-fetched and reviewed;shasum -a 256 -c HASH_MANIFEST.txt28/28 OK.
1. Exact Codex attack (from codex-fix7-blueprint-recheck-9-v2-packet-rerun-and-seal-review-2026-06-10/00-readme-first.md)
- Change ONLY the canonicalizer error wrapper
sys.exit(4)→sys.exit(0)consistently in the SSOT fence (evidence/canonicalizer-fix7-canon-v1-ssot.md), materialized.py, and extended.py(each contains exactly one occurrence — asserted). - Regenerate expected valid-corpus outputs,
manifest.json(--emit) andHASH_MANIFEST.txt(--emit-hash-manifest) using the packet's OWN publishing commands. - Run full
bash RERUN.sh. - Remove doc 05 and run the actual canonicalizer CLI.
2. First-hand reproduction on Packet V2 bytes (work dir /private/tmp/r9-repro/v2-failopen, copy of the canonical V2 packet; canonical packet untouched)
| step | command | expected (Codex) | OBSERVED |
|---|---|---|---|
| mutate | python string-replace, 1 occurrence per file asserted | — | 3 files mutated |
| regen | --selftest > expected, --produce … > expected, logs copied, --emit, --verify, adversarial_suite.py, --emit-hash-manifest |
all succeed | all exit 0 (suite 22/22 once HASH was final) |
| full rerun | bash RERUN.sh |
PASS (the defect) | BYPASS_RERUN_EXIT=0, RERUN_RESULT: PASS (all 10 gates…), ADVERSARIAL_SUITE: PASS (22/22…) — raw log /private/tmp/r9-repro/v2-failopen-rerun.log |
| actual CLI | remove doc 05 in temp docs; python3 evidence/canonicalizer-fix7-canon-v1-ssot.py --produce <tmp> <ssot.md> |
exit 0 (fail-open) | BYPASS_MISSING_DOC_CLI_EXIT=0 while stdout still printed corpus_ok: False, membership_frozen_ok: False, ALL CANDIDATE DIGESTS SUPPRESSED … -> exit 4 (prose lying about the exit) — raw log /private/tmp/r9-repro/v2-failopen-missing-doc-cli.log |
Note: one run-order artifact was observed (adversarial suite run before --emit-hash-manifest gives 21/22 because copies carry a stale HASH_MANIFEST); with the publishing order the packet itself documents, the suite is 22/22 — matching Codex's result exactly.
3. Root-cause statement
The V2 proof chain contained no observation of any process exit. cli_exit_contract was computed from canon.produce() in-process state; --emit re-derived every "expected" value from the current SUT; --verify compared two copies of the same synthesis; RERUN never ran a negative CLI case. Therefore any mutation confined to the CLI exit wrapper was invisible to every gate while remaining visible to a real caller. Classification: Article-14 failure + disguised hardcode (a hand-derivable constant presented as executed negative evidence) + oracle laundering (SUT output used as its own oracle via regeneration).
4. After-fix replay (same attack, Packet V3 final bytes — see fail-open regression report)
V3_BYPASS_EMIT_EXIT=1 (ORACLE_VIOLATION, observed 0 ≠ expected 4) · V3_BYPASS_RERUN_EXIT=1 at gate 6 (OBSERVED exit 0 != 4 — FAIL-OPEN, RERUN_RESULT: FAIL) before any PASS · adversarial suite exit 1 · V3_BYPASS_MISSING_DOC_CLI_EXIT=0 (mutation took; detected). The identical regression also runs LIVE inside canonical RERUN gate 8 (failopen_regression.py, 6/6).