KB-3EB5
Codex FIX7 N-number / N6 / Authority Seal Review — REJECT
10 min read Revision 1
fix7codexn-numbern6authority-sealreject2026-06-11
Codex FIX7 N-number / N6 / Authority-Seal Review
- Host:
CODEX - Date:
2026-06-11Asia/Ho_Chi_Minh - Final status:
CODEX_FIX7_N_NUMBER_OR_N6_REJECTED - Production mutation:
NO - N7/N8/P7 authored:
NO / NO / NO
Executive decision
The N6 digest d777e87c73d3b62d36789d9343f346102e98dbf301f2c93f7608470b876b258c is reproducible from the governed corpus, but it is not ratified as an ENGINEERING_VERIFIED_CANDIDATE in this review because Codex-owned probes found two fail-open duplicate classes that emit a certificate.
The proposed N-number table is also not ratified for binding use because a load-bearing authority document still identifies membership_sha256 as N1, while the proposed table defines N1 as the per-document normalized-content digest and makes membership unnumbered. Ratifying the proposal without reconciling the active authority surfaces would preserve conflicting binding meanings.
T2 and T1-alignment review packets additionally fail fresh governed-KB reconstruction because manifest-listed load-bearing files are absent from their packet paths.
Answers required by the macro
| Question | Verdict |
|---|---|
| N-number canonical table safe to ratify for binding use? | NO — active authority-envelope conflict plus incomplete alignment packet. |
| N6 digest real/non-rehearsal and reproducible? | Digest reproducible, but candidate NOT ratified because verifier fails open on duplicate declarations/manifest entries. |
| T1/T2 proof packets reconstruct and fail closed? | NO — T2 and alignment packets do not reconstruct; real-N6 packet reconstructs but fails Codex-owned duplicate probes. |
| Evidence laundering found? | No rehearsal/local/prose laundering was accepted in tested paths, but duplicate ambiguity can be certified as governed evidence. |
| All authority inputs present? | NO. A1/A2/A3/A5, owner decision, N8 signer/report/checkpoint inputs, and P7 report/checkpoint inputs are absent. |
| N7/N8/P7 authorable now? | NO. Not authored. |
File reality table
| Path/surface | Exists? | Hash/tree | Role | Authority level | Load-bearing | Verified by command |
|---|---|---|---|---|---|---|
| Real-N6 packet | YES | tree 43b4914acd52a1c410ac1fb4cd1f09d676f3ab53c4af99204e65c15d752eea23 |
N6 evidence | provisional non-authority | YES | YES |
| Alignment packet | PARTIAL | tree text matches manifest hash 96d00b9e..., but 2 manifest files absent |
N-number/encoder alignment | non-authority | YES | YES, FAIL |
| T2 v0.2 review packet | PARTIAL | tree text matches manifest hash b221f224..., but 6 manifest files absent |
proof convention | non-authority/not promoted | YES | YES, FAIL |
| Governed reconstructed encoder | YES | 13344f92cafcaf0d07dcb21700bdb642f38b89351702e08080eacb0e957144b8 |
seal contract boundary | provisional contract | YES | YES |
| Canonicalizer algorithm | YES | d9caa9fe9f46854c38c996747d50d2e73bc5074705730e869fd6b1f8cc26f3e5 |
N6 computation | engineering | YES | YES |
| Canonicalizer SSOT | YES | 49c386a9b9666c09786fc4f89bc79776b6046eaee6f4da6d8537d2c753b734d0 |
candidate pin | engineering candidate | YES | YES |
| N6 certificate | YES | file acf8d259...; binding 055828db... |
candidate certificate | NOT_A_SEAL | YES | YES, but verifier defect invalidates ratification |
N-number table
| Node | Proposed canonical meaning | Source | Conflict? | Load-bearing | Ratifiable? | Reason |
|---|---|---|---|---|---|---|
| N1 | normalized_active_content_sha256[d] |
proposed reconciliation | YES | YES | NO | Authority N7 envelope still labels membership_sha256 (N1). |
| N2 | canonicalizer_sha256 |
proposed reconciliation | historical conflict | YES | NO | Binding packet incomplete; all active surfaces are not reconciled. |
| N3 | marker_fence_registry_sha256 |
model | NO found | YES | held | Cannot ratify table partially as binding. |
| N4 | superseded_boundary_sha256 |
model | NO found | YES | held | Same. |
| N5 | guard_set_sha256 |
model | cosmetic ambiguity recorded | YES | held | Same. |
| N6 | active_corpus_sha256 |
model/recompute | verifier defect | YES | NO | Duplicate inputs can receive a certificate. |
| N7 | envelope_manifest_sha256 |
seal contract | NO semantic conflict found | YES | NO | Upstream not ratified; authority inputs absent. |
| N8 | detached_seal_sha256 |
seal contract | NO semantic conflict found | YES | NO | N7 absent and Codex inputs absent. |
| N9 | diagnostic sink | proposal/model | historical naming conflict | NO | held | Not authority-bearing, but full table is not ratified. |
| membership | unnumbered active_corpus_membership_sha256 |
proposal | YES | YES | NO | Authority envelope still calls it N1. |
| P7 | authority_seal_pin_sha256 |
authority layer | NO semantic conflict found | YES | NO | N7/N8 absent. |
N6 table
| Digest | Source corpus | Provenance | Governed | Reconstructable | Rehearsal | Ratifiable | Reason |
|---|---|---|---|---|---|---|---|
d777e87c...b258c |
10 governed blueprint documents | claimed ENGINEERING_VERIFIED_CANDIDATE |
YES | YES | NO | NO | Verifier accepts duplicate declared members and duplicate manifest entries, then emits a certificate. |
6 x 64 fixture |
rehearsal fixture | REHEARSAL |
fixture only | YES | YES | NO | Correctly rejected from real path. |
f2bda8...fe251 |
membership set | engineering membership pin | YES | YES | NO | Not N6 | Membership digest is not active corpus digest. |
Authority input table
| Input | Required for | Present | Source/class | Can Codex author now? | Missing action |
|---|---|---|---|---|---|
| Ratified N-number table | N7/N8/P7 binding | NO | proposed only | NO | Reconcile active surfaces and rerun review. |
| Ratified real N6 candidate | N7/N8 | NO | reproducible but verifier-defective | NO | Close duplicate fail-open and rerun. |
| A1 approval_event_id | N7/P7 | NO | AUTHORITY_INPUT | NO | Authorized seal event required. |
| A2 approver_identity | N7 | NO | owner + Codex | NO | Owner/Codex decision required. |
| A3 approval timestamp | N7 | NO | AUTHORITY_INPUT | NO | Mint at authorized seal event. |
| A5 owner blueprint decision | N7 | NO | owner | NO | Owner must select/authorize. |
| N8 signer/timestamp/checkpoint/report digest | N8 | NO | CODEX_AUTHORED | NO | Only after valid N7. |
| P7 report/checkpoint/N7/N8/A1 | P7 | NO | CODEX_AUTHORED/authority | NO | Only after valid N7/N8. |
Independent fail-open findings
Codex supplied invalid inputs beyond T1 tests:
declared_members = CORPUS_MEMBERS + [CORPUS_MEMBERS[0]]was accepted byverify_real_n6()and emitted a certificate-like dictionary. ExpectedN6_CORPUS_DUPLICATE.- A
HASH_MANIFEST.txtwith a duplicatedocs/...entry was accepted and emitted a certificate-like dictionary. Expected a duplicate-manifest rejection.
These violate C8 and the macro rule that any accepted invalid input requires rejection. T1's case-variant directory-listing probe does not cover duplicate declared membership or duplicate manifest records.
Reconstruction verdict
- Real-N6 packet:
RERUN_RESULT: PASS; fresh governed KB reconstruction succeeded; canonical gates passed. - Alignment packet:
RERUN_RESULT: FAIL; governed packet paths lackauthority_seal_encoder.pyandcodex_probes.pydespite manifest entries. - T2 review packet:
OVERALL_RESULT: FAIL; governed packet paths lackcontent_bind_oracle.py,content_bind_verify.py,content_bind_regression.py,content_bind_rerun.sh,content_bind_oracle.json, andreal-sut/fix7_canon_v1_ssot.py.
Authority firewall and authoring verdict
The tested rehearsal/local-only/OFFICIAL_PIN-without-authority paths rejected correctly. Missing N7/N8/P7 provenance also rejected correctly. Nevertheless, the authority firewall is not sufficient because duplicate ambiguity is certified at the N6 evidence boundary.
No N7, N8, P7, approval, official pin, Tool-Kiem-Thu promotion, implementation, or production action was authored.
Blockers
| ID | Failed/missing input | Evidence | Actor | Next action | Blocks |
|---|---|---|---|---|---|
CODEX-N6-DUP-DECLARED |
Duplicate declared corpus member accepted | Codex-owned probe emitted certificate | T1 | Reject duplicate declared members before set conversion; add regression probe. | N6, N7, N8, P7, implementation, production |
CODEX-N6-DUP-MANIFEST |
Duplicate manifest record accepted | Codex-owned probe emitted certificate | T1 | Reject duplicate manifest paths and malformed records; add regression probe. | N6, N7, N8, P7, implementation, production |
CODEX-NNODE-ACTIVE-CONFLICT |
membership_sha256 (N1) remains in authority N7 envelope |
governed n7-approval-event-input-envelope.md rev3 vs proposed table |
T1/owner/Codex | Reconcile every load-bearing authority surface, then request binding ratification. | N-number ratification, N7 onward |
CODEX-ALIGNMENT-PACKET-INCOMPLETE |
Two manifest-listed files absent | fresh fetch + shasum -c / RERUN.sh exit 1 |
T1 | Publish actual files or a governed self-contained reconstruction that passes bidirectionally. | proof packet, ratification |
CODEX-T2-PACKET-INCOMPLETE |
Six manifest-listed files absent | fresh fetch + commands exit 1 | T2 | Publish/reconstruct actual files at governed paths; preserve non-authority status. | proof-convention verification |
AUTHORITY-INPUTS-MISSING |
A1/A2/A3/A5, N8/P7 Codex inputs and owner decision absent | governed authority request docs | Owner/Codex | Supply only in a later authorized seal macro after engineering blockers close. | N7/N8/P7 |
Recommended next action
T1 should patch only the real-N6 duplicate validation and reconcile all binding N-number references. T2 should make its review packet reconstructable without promotion. Then route a new independent Codex review macro. Production and implementation remain blocked.