Incomex AI Portal
KB-4EC1

FIX7 N-Node Numbering/Semantic Checker (TKT v0.2-aligned, fail-closed)

11 min read Revision 1
tool-kiem-thufix7n-nodecheckertkt-v022026-06-11

#!/usr/bin/env python3

============================================================================

FIX7 N-NODE NUMBERING / SEMANTIC CHECKER (TKT v0.2-aligned, fail-closed)

Grounded BYTE-FOR-FACT in the governed machine-readable N-node model:

knowledge/dev/laws/tool-kiem-thu/designs/

fix7-n-node-authority-model-design-addendum-2026-06-11.json (rev1)

It invents NO node meaning. It encodes the PROPOSED canonical numbering

(model.proposed_correction_not_adopted) as an ENGINEERING CONVENTION ONLY.

This convention is NOT owner/Codex-ratified and is NOT an authority seal.

Purpose: give future agents a deterministic gate that rejects the drift

classes MC-1 (N1/N2 label reassignment) and MC-2 (N9 naming) outside an

explicit alias context, plus the six checker rules named in the macro:

R1 reject N1/N2 swapped use outside explicit alias context

R2 reject unknown node id (e.g. N10)

R3 reject treating N9 (diagnostic) as load-bearing unless declared

R4 reject active_corpus_sha256 under a wrong node number (it is N6)

R5 reject a load-bearing node with a missing semantic name

R6 reject a diagnostic node marked as an authority input

exit 0 iff every positive assertion holds AND every bad-label probe is

rejected (fail-closed). Any accepted bad label => exit 1.

============================================================================

import sys

---- canonical model (PROPOSED engineering convention, model-grounded) -----

load_bearing per model.authoritative_edges_engineering.LOAD_BEARING

names per model.proposed_correction_not_adopted (labels only; no math change)

CANONICAL = { "N1": {"name": "normalized_active_content_sha256[d]", "value": "normalized_active_content_sha256", "load_bearing": True, "authority_class": "engineering"}, "N2": {"name": "canonicalizer_sha256", "value": "canonicalizer_sha256", "load_bearing": True, "authority_class": "engineering"}, "N3": {"name": "marker_fence_registry_sha256", "value": "marker_fence_registry_sha256", "load_bearing": True, "authority_class": "engineering"}, "N4": {"name": "superseded_boundary_sha256", "value": "superseded_boundary_sha256", "load_bearing": True, "authority_class": "engineering"}, "N5": {"name": "guard_set_sha256", "value": "guard_set_sha256", "load_bearing": True, "authority_class": "engineering"}, "N6": {"name": "active_corpus_sha256", "value": "active_corpus_sha256", "load_bearing": True, "authority_class": "engineering"}, "N7": {"name": "envelope_manifest_sha256", "value": "envelope_manifest_sha256", "load_bearing": True, "authority_class": "approval"}, "N8": {"name": "detached_seal_sha256", "value": "detached_seal_sha256", "load_bearing": True, "authority_class": "detached_seal"}, "N9": {"name": "codex_checkpoint_content_sha256_excluding_seal", "value": "codex_checkpoint_content_sha256_excluding_seal", "load_bearing": False, "authority_class": "diagnostic"}, "P7": {"name": "authority_seal_pin_sha256", "value": "authority_seal_pin_sha256", "load_bearing": True, "authority_class": "official_pin"}, # membership is the MC-1 locus: canonical decision = name it 'membership', # STOP numbering it N1/N2. It is a distinct un-numbered digest (frozen pin). "membership": {"name": "active_corpus_membership_sha256", "value": "active_corpus_membership_sha256", "load_bearing": True, "authority_class": "engineering"}, }

deprecated/aliased labels that may ONLY appear inside an explicit alias context.

These are exactly the drift labels recorded in the model (MC-1 / MC-2).

ALIASES = { # label seen in a source : (canonical_id, source_where_drifted) "N2=active_corpus_membership_sha256": ("membership", "S2_blueprint"), "N1=membership": ("membership", "S3_authority_encoder"), "N2=membership": ("membership", "S2_blueprint"), "N1=per_doc_content": ("N1", "S1_S2"), "N9_DIAG": ("N9", "S1_canonicalizer_code"), }

value -> the ONE canonical node it may carry (R4 generalised to all digests)

VALUE_TO_NODE = {v["value"]: k for k, v in CANONICAL.items()}

DIAGNOSTIC_NODES = {k for k, v in CANONICAL.items() if v["authority_class"] == "diagnostic"} KNOWN_IDS = set(CANONICAL) | {"N9_DIAG"} # N9_DIAG tolerated only as an alias token

class NodeReject(Exception): def init(self, rule, detail=""): super().init(f"{rule}: {detail}") self.rule = rule

def assert_node(node_id, claimed_name=None, claimed_value=None, claimed_load_bearing=None, used_as_authority_input=False, alias_context=False): """Validate one N-node assertion against the canonical convention. Raises NodeReject (fail-closed) on any drift outside an explicit alias context. Returns the canonical id on success.""" # R2: unknown node id (e.g. N10) -> reject if node_id not in CANONICAL: if node_id in ALIASES and alias_context: node_id = ALIASES[node_id][0] # resolve alias in alias context elif node_id == "N9_DIAG" and alias_context: node_id = "N9" else: raise NodeReject("R2_UNKNOWN_NODE", f"{node_id!r} not a canonical N-node") spec = CANONICAL[node_id]

# R1: N1/N2 (and membership) label reassignment outside alias context
if claimed_name is not None and claimed_name != spec["name"]:
    # is the (node, claimed_name) a known drift alias?
    drift_key_candidates = [f"{node_id}={claimed_name}", claimed_name]
    is_known_alias = any(k in ALIASES for k in drift_key_candidates)
    if not (alias_context and is_known_alias):
        raise NodeReject("R1_LABEL_REASSIGNMENT",
                         f"{node_id} name={claimed_name!r} != canonical {spec['name']!r}")

# R4: a value digest must sit under its one canonical node
if claimed_value is not None and claimed_value in VALUE_TO_NODE:
    want = VALUE_TO_NODE[claimed_value]
    if want != node_id and not alias_context:
        raise NodeReject("R4_VALUE_WRONG_NODE",
                         f"value {claimed_value!r} belongs to {want}, not {node_id}")

# R5: a load-bearing node must carry a semantic name
if spec["load_bearing"] and not spec["name"]:
    raise NodeReject("R5_LOADBEARING_NO_NAME", node_id)
if claimed_load_bearing is True and not spec["name"]:
    raise NodeReject("R5_LOADBEARING_NO_NAME", f"{node_id} claimed load-bearing w/o name")

# R3: a diagnostic node claimed load-bearing (without explicit declaration)
if node_id in DIAGNOSTIC_NODES and claimed_load_bearing is True and not alias_context:
    raise NodeReject("R3_DIAGNOSTIC_AS_LOADBEARING",
                     f"{node_id} is diagnostic, cannot be load-bearing")

# R6: a diagnostic node used as an authority/seal input
if node_id in DIAGNOSTIC_NODES and used_as_authority_input:
    raise NodeReject("R6_DIAGNOSTIC_AS_AUTHORITY",
                     f"{node_id} (diagnostic) cannot be an authority input")
return node_id

def _expect_reject(rule, fn): try: fn() except NodeReject as e: return (e.rule == rule), e.rule return False, "NO_REJECT"

def selftest(): res = [] def chk(name, ok, note=""): res.append((name, ok, note))

# ---- positive assertions (canonical, must PASS) ----
chk("N6 = active_corpus_sha256 (canonical)",
    assert_node("N6", "active_corpus_sha256", "active_corpus_sha256", True) == "N6")
chk("N2 = canonicalizer_sha256 (canonical)",
    assert_node("N2", "canonicalizer_sha256", "canonicalizer_sha256", True) == "N2")
chk("N9 diagnostic, not load-bearing (canonical)",
    assert_node("N9", "codex_checkpoint_content_sha256_excluding_seal", None, False) == "N9")
chk("membership named 'membership', not numbered",
    assert_node("membership", "active_corpus_membership_sha256", "active_corpus_membership_sha256", True) == "membership")
# alias context: the historical drift labels resolve, no reject
chk("N9_DIAG resolves to N9 IN alias context",
    assert_node("N9_DIAG", alias_context=True) == "N9")
chk("membership-as-N2 tolerated IN alias context",
    assert_node("N2", "active_corpus_membership_sha256", alias_context=True, claimed_value=None) == "N2")

# ---- bad-label probes (must FAIL closed) ----
# R1: N1/N2 swapped semantic outside alias context
ok, r = _expect_reject("R1_LABEL_REASSIGNMENT",
    lambda: assert_node("N2", claimed_name="active_corpus_membership_sha256"))
chk("R1 N2:=membership (no alias ctx) -> reject", ok, r)
ok, r = _expect_reject("R1_LABEL_REASSIGNMENT",
    lambda: assert_node("N1", claimed_name="canonicalizer_sha256"))
chk("R1 N1:=canonicalizer (swap) -> reject", ok, r)
# R2: unknown N10
ok, r = _expect_reject("R2_UNKNOWN_NODE", lambda: assert_node("N10"))
chk("R2 unknown N10 -> reject", ok, r)
ok, r = _expect_reject("R2_UNKNOWN_NODE", lambda: assert_node("N0"))
chk("R2 unknown N0 -> reject", ok, r)
# R3: N9 diagnostic claimed load-bearing
ok, r = _expect_reject("R3_DIAGNOSTIC_AS_LOADBEARING",
    lambda: assert_node("N9", claimed_load_bearing=True))
chk("R3 N9 claimed load-bearing -> reject", ok, r)
# R4: active_corpus_sha256 under the wrong node (claim it is N5)
ok, r = _expect_reject("R4_VALUE_WRONG_NODE",
    lambda: assert_node("N5", claimed_value="active_corpus_sha256"))
chk("R4 active_corpus_sha256 as N5 -> reject", ok, r)
ok, r = _expect_reject("R4_VALUE_WRONG_NODE",
    lambda: assert_node("N7", claimed_value="canonicalizer_sha256"))
chk("R4 canonicalizer_sha256 as N7 -> reject", ok, r)
# R6: diagnostic node used as authority input
ok, r = _expect_reject("R6_DIAGNOSTIC_AS_AUTHORITY",
    lambda: assert_node("N9", used_as_authority_input=True))
chk("R6 N9 as authority input -> reject", ok, r)
# N9_DIAG without alias context is unknown (R2)
ok, r = _expect_reject("R2_UNKNOWN_NODE", lambda: assert_node("N9_DIAG"))
chk("R2 N9_DIAG without alias ctx -> reject", ok, r)

npass = sum(1 for _, ok, _ in res if ok)
for name, ok, note in res:
    print(f"  [{'PASS' if ok else 'FAIL'}] {name}" + (f"  ({note})" if note and not ok else ""))
print(f"N-NODE-CHECKER SELFTEST: {npass}/{len(res)} PASS")
return all(ok for _, ok, _ in res)

if name == "main": sys.exit(0 if selftest() else 1)

Back to Knowledge Hub knowledge/dev/reports/architecture/fix7-authority-n-node-tkt-v02-alignment-2026-06-11/n_node_checker.py