Check A - Canonical Hash Encoding

Verdict: CANONICAL_ENCODING_NEEDS_FIX

Accepted: SHA-256, domain tags, full canonical paths, UTF-8, CR/CRLF normalization, TAB/LF separators, sorting, boolean/null/revision tokens, trailing LF, and the membership computation are specified. Codex independently reproduced the membership digest f2bda8...fe251.

Remaining blockers:

1. No escaping/rejection contract exists for TAB, LF, CR, backslash, or reserved literal tokens inside field values. TAB/LF-delimited records are therefore not injective.
2. normalized active bytes and restricted to active scope have no exact parser/extraction algorithm. Doc 00/doc 12 scopes are prose descriptions; exact begin/end sentinels and removal/concatenation rules are not defined.
3. marker_literal, fence_range, superseded_id, manifest scalar/list records, and detached-seal records lack exact canonical representations.
4. detached_seal_sha256 says only seal order; exact closed field roster, list ordering, and record shapes are absent.

T1 must provide an executable byte-contract or equivalent exact pseudocode/test vectors for every load-bearing digest. Unknown/unescaped values must fail closed.