Check E - Codex Detached Seal Anchor

Verdict: CODEX_DETACHED_SEAL_NEEDS_FIX

The compensating controls are directionally correct, but the proposed anchor is circular and cannot be authored as one deterministic seal:

• The envelope manifest binds codex_checkpoint_content_sha256.
• The Codex checkpoint contains CODEX_DETACHED_SEAL, which binds sealed_envelope_manifest_sha256.
• Therefore the manifest depends on checkpoint bytes that depend on the manifest.
• seal_report_checkpoint_content_sha256 additionally asks the checkpoint to hash itself.

A path/revision/read-back statement does not remove this cycle.

Required fix: choose a non-circular trust model. Examples include a genuinely detached seal artifact whose content hash is anchored by a platform immutable revision/signature, or explicit EXCLUDE-region hashing plus a separate non-circular owner anchor. Define exactly which artifact pins which artifact; no mutual/self hash dependency is allowed. If no cryptographic/platform immutable anchor exists, state the limitation and keep authoring blocked.