Codex FIX7 Final Authority Seal N7 N8 P7 Review — REJECT
Codex FIX7 Final Authority Seal N7/N8/P7 Review
- Macro label:
FIX7_FINAL_AUTHORITY_SEAL_MACRO_N7_N8_P7_AFTER_FULL_DRESS_REHEARSAL_2026_06_10 - Execution date:
2026-06-11Asia/Ho_Chi_Minh - Host/design owner:
CODEX - Final status:
CODEX_FIX7_FINAL_AUTHORITY_SEAL_REJECT - Production mutation:
NO - Real N7 authored:
NO - Real N8 authored:
NO - Real P7 authored:
NO
Executive verdict
The engineering packet is internally reproducible in the existing temporary reconstruction and the supplied harnesses pass after correct sequential execution. However, the final authority seal cannot be authored because the authority-seal contract remains fail-open and the governed-KB evidence packet is incomplete.
Two independent blockers are sufficient to reject final sealing:
- The encoder accepts invalid or empty authority values and does not enforce required field grammar, report-set validity, or provenance classes.
- Packet V3 classifies
active_corpus_sha256(the proposed N6 input) asREHEARSAL; accepting it into real N7 would launder rehearsal evidence into authority evidence.
Therefore the canonicalizer and Packet V3 tree pins remain reviewed engineering candidates only. They are not promoted to official authority pins.
Required-source and governed-KB reconstruction verdict
Required design, law, prior-review, packet, encoder, harness, rehearsal, red-team, drift, anti-hardcode, manifest, canonicalizer, N7/N8/P7 draft, owner packet, and implementation-checklist documents were live-read.
Fresh governed-KB reconstruction: REJECT.
The following required actual governed files returned 404:
rehearsal/commands.shrehearsal/HASH_MANIFEST.txtrehearsal/packet_tree.sha256rehearsal/rehearsal-summary.jsonrehearsal/exit_codes.jsonrehearsal/stdout.logrehearsal/stderr.log
An aggregate prose document embeds representations of these artifacts, but prose is not a substitute for the actual governed files required by the macro.
Reproduction and harness evidence
Secondary executable verification used the existing /private/tmp/fix7-dress/recon reconstruction. This confirms engineering consistency only; it does not cure governed-KB incompleteness.
| Check | Command/result | Verdict |
|---|---|---|
| Encoder self-test | python3 authority_seal_encoder.py --selftest; exit 0; 22/22 PASS |
PASS |
| N7/N8/P7 rehearsal | python3 authority_seal_rehearsal.py /private/tmp/fix7-codex-final-review/rehearsal; exit 0; deterministic; DAG acyclic |
PASS |
| Drift | python3 authority_seal_drift_check.py .; exit 0; 22/22 agree; drift 0 |
PASS |
| Anti-hardcode | python3 authority_seal_antihardcode.py; exit 0; 9/9 PASS |
PASS |
| Red-team | Sequential rerun: python3 authority_seal_redteam.py /private/tmp/fix7-codex-final-review/rehearsal; exit 0; 20/20 caught |
PASS but incomplete coverage |
The first parallel red-team invocation exited 1 because it raced before rehearsal artifacts existed. The correct sequential rerun passed.
Direct adversarial probes
Direct probes outside the supplied red-team cases proved fail-open behavior. Each invalid input below was accepted and produced a 64-hex digest:
| Invalid input | Result |
|---|---|
N7 canonicalizer_sha256="NOT_A_SHA" |
ACCEPTED |
N7 approval_event_id="" |
ACCEPTED |
N8 sealed_by="" |
ACCEPTED |
N8 report_documents_digest="NOT_A_SHA" |
ACCEPTED |
P7 pinned_canonicalizer_revision="not-an-int" |
ACCEPTED |
P7 pinned_canonicalizer_utf8_bytes="-1" |
ACCEPTED |
report_documents_digest([]) |
ACCEPTED |
| Duplicate report-document records | ACCEPTED |
The encoder currently checks basic string/forbidden-byte properties but not the required semantic grammar, non-empty constraints, set uniqueness, or authority provenance. Existing red-team coverage did not test these classes.
Authority protocol verdict
| Protocol property | Verdict | Basis |
|---|---|---|
| AS-P1 | PARTIALLY_CLOSED / FAIL |
Structural encoder exists, but value grammar/provenance and real N6 are absent. |
| AS-P2 | CLOSED |
N7 -> N8 -> P7 DAG is acyclic and deterministic. |
| AS-P3 | NOT_CLOSED |
N8 accepts empty signer/non-hex report digest; report set permits empty and duplicate records. |
| AS-P4 | NOT_CLOSED |
P7 accepts invalid revision, byte count, and hashes; prose-only guard is insufficient. |
Overall protocol verdict: DEFECTIVE_FOR_REAL_AUTHORITY_SEAL.
Pins reviewed but not promoted
- Canonicalizer revision:
3 - Canonicalizer UTF-8 bytes:
38756 - Canonicalizer SHA256:
49c386a9b9666c09786fc4f89bc79776b6046eaee6f4da6d8537d2c753b734d0 - Packet V3 tree SHA256:
b95df0a5d2f41f80bea0cef8621c1f8bb0f6b49a40175116418494ed4141ca6d - Encoder SHA256:
47200442f176b1c534f000c4079632f6388b17dd1763bdbac2cbb725a452b5bb - Encoder-spec JSON SHA256:
f1c499270923c65c56783196b411ad6cacfe1188be0c531fabdd05a7795ef5eb
These remain engineering candidates, not official authority pins.
Blocking ledger
| Blocker | Required correction | Owner | Blocks implementation/production |
|---|---|---|---|
FINAL-AS-VALUE-GRAMMAR |
Enforce per-field non-empty/type/grammar/range validation and reject invalid hashes, IDs, revisions, byte counts, and signers. Add adversarial tests for every field class. | T1 / engineering | YES |
FINAL-AS-PROVENANCE |
N7 must reject non-authority and REHEARSAL inputs; supply a real non-rehearsal N1-N6 chain with explicit provenance validation. |
T1 / engineering | YES |
FINAL-AS-REPORT-SET |
Reject empty report sets, duplicate records, invalid document IDs/revisions, and ambiguous ordering/provenance. | T1 / engineering | YES |
FINAL-AS-KB-PACKET |
Publish the required actual rehearsal files into governed KB and prove manifest/tree bidirectional completeness. | T1 / engineering | YES |
IMPL-OWNER-AUTHORIZATION |
Obtain a separate authorized implementation macro only after seal blockers close. | Owner | YES |
Hardcode and PG/constitution assessment
No digest hardcode laundering was demonstrated; the supplied anti-hardcode harness passed 9/9. That pass does not make the authority seal safe because the encoder remains fail-open and provenance-blind. No production, PostgreSQL, Directus, registry, system issue, permit, REAL_RUN, QT001 apply, or Stage 2.6B mutation was performed.
Authorization boundary
The current macro is sufficient to perform this read-only final-seal review and to author a seal only if all authority conditions pass. It does not authorize implementation or production changes. Because the authority conditions fail, no N7, N8, or P7 is authored.
Minimal next phase
T1 must patch only the authority-seal contract and governed evidence packet: enforce field grammar and provenance, reject invalid report sets, add the missing adversarial cases, publish the actual governed rehearsal artifacts, and provide a real non-rehearsal N6. A new owner macro must then request another final authority-seal review. Implementation remains blocked until a separate later authorization.