Codex FIX7 Blueprint Recheck 8 — Read Me First

Final status

FIX7_REFACTOR_BLUEPRINT_CODEX_RECHECK_8_NEEDS_T1_FIX

Scope and safety

Read-only production review only. No implementation, live SQL, DB object, Stage 2.6B, permit, REAL_RUN, QT001 apply, activation, repoint, or owner/ACL cutover was performed or authorized.

Decisive evidence

The declared invocation was executed exactly:

python3 canonicalizer-fix7-canon-v1-ssot.py --selftest
python: can't open file '.../canonicalizer-fix7-canon-v1-ssot.py': [Errno 2] No such file or directory
exit code 2

The Markdown SSOT has no exact code-extraction/run rule. Its embedded Python implements membership, field/path/marker unit checks, and DAG checks only; it does not implement the production extractor or computations for active corpus, marker/fence registry, superseded boundary, guard set, envelope manifest, or detached seal. Codex therefore cannot execute CHECK G.

Three declarations

• Permanent: require one runnable, complete, hash-pinned seal program rather than another prose patch.
• Mistake-proof: seal must fail closed through executable checks, not asserted guard names.
• Automatic: one declared command must produce all required digests and machine-readable failures without agent interpretation.