#!/usr/bin/env python3

============================================================================

FIX7 AUTHORITY-SEAL -- SUPPLEMENTAL INDEPENDENT ADVERSARIAL PROBES

(this lane's own authorship; does NOT reuse codex_probes.py cases)

Covers macro probe-list items that the shipped codex_probes.py does not

exercise: empty hash, revision=-1, byte-count<->hash independence on P7

verify, candidate/local-only class fed into an AUTHORITY slot, manifest extra

authority field, prose-only pin. Each must fail closed. Exit 0 iff every probe

is REJECTED (or the verify-probe returns False, i.e. tamper detected).

============================================================================

import sys import authority_seal_encoder as E

results = []

def expect_reject(pid, desc, status, fn): try: out = fn() results.append((pid, desc, "ACCEPTED(FAIL-OPEN)", repr(out)[:24])) except E.Reject as e: ok = (e.status == status) results.append((pid, desc, "REJECTED" if ok else f"REJECTED(wrong:{e.status})", e.status)) except Exception as e: results.append((pid, desc, "REJECTED(other)", type(e).name))

def expect_false(pid, desc, fn): """For verify_pin tamper checks: a correct gate returns False (tamper seen).""" try: v = fn() results.append((pid, desc, "REJECTED" if v is False else "ACCEPTED(FAIL-OPEN)", str(v))) except Exception as e: results.append((pid, desc, "REJECTED(other)", type(e).name))

def _set(pairs, field, value): return [(k, value if k == field else v) for k, v in pairs]

N7 = E.encode_node("N7", E.fixture_n7_pairs()) N8 = E.encode_node("N8", E.fixture_n8_pairs(N7)) P7 = E.seal_p7(E.fixture_p7_pairs(N7, N8))

SP1 empty hash (macro probe #2)

expect_reject("SP1", "N7 canonicalizer_sha256='' (empty hash)", "SEAL_FIELD_EMPTY", lambda: E.encode_node("N7", _set(E.fixture_n7_pairs(), "canonicalizer_sha256", "")))

SP2 revision = -1 on P7 (macro probe #7)

expect_reject("SP2", "P7 pinned_canonicalizer_revision='-1'", "SEAL_FIELD_BAD_INT", lambda: E.encode_node("P7", _set(E.fixture_p7_pairs(N7, N8), "pinned_canonicalizer_revision", "-1")))

SP3 byte count correct but hash wrong -> P7 verify must fail (macro probe #9)

expect_false("SP3", "P7 verify: byte count ok, canonicalizer hash wrong", lambda: E.verify_pin(P7, _set(E.fixture_p7_pairs(N7, N8), "pinned_canonicalizer_sha256", "0"*64)))

SP4 hash correct but byte count wrong -> P7 verify must fail (macro probe #10)

expect_false("SP4", "P7 verify: canonicalizer hash ok, byte count wrong", lambda: E.verify_pin(P7, _set(E.fixture_p7_pairs(N7, N8), "pinned_canonicalizer_utf8_bytes", "99999")))

SP5 candidate (ENGINEERING_VERIFIED_CANDIDATE) class fed into AUTHORITY slot of real N7

(macro probe #14: candidate evidence claimed as authority) -> FORBIDDEN_CLASS

def sp5(): prov = {} for f in ("active_corpus_sha256","membership_sha256","canonicalizer_sha256", "marker_fence_registry_sha256","superseded_boundary_sha256","guard_set_sha256"): prov[f] = "ENGINEERING_VERIFIED_CANDIDATE" for f in ("approval_event_id","approver_identity","approval_event_timestamp","owner_blueprint_decision"): prov[f] = "ENGINEERING_VERIFIED_CANDIDATE" # <-- WRONG: candidate is not authority return E.encode_real_n7(E.fixture_n7_pairs(), prov, real_n6_available=True) expect_reject("SP5", "candidate class in AUTHORITY slot of real N7", "SEAL_PROVENANCE_FORBIDDEN_CLASS", sp5)

SP6 valid candidate corpus + authority, but no real N6 -> still blocked

(macro probe #15/#16: rehearsal/local-only cannot self-promote)

def sp6(): prov = {} for f in ("active_corpus_sha256","membership_sha256","canonicalizer_sha256", "marker_fence_registry_sha256","superseded_boundary_sha256","guard_set_sha256"): prov[f] = "ENGINEERING_VERIFIED_CANDIDATE" for f in ("approval_event_id","approver_identity","approval_event_timestamp","owner_blueprint_decision"): prov[f] = "AUTHORITY_INPUT" return E.encode_real_n7(E.fixture_n7_pairs(), prov) # real_n6_available defaults False expect_reject("SP6", "valid classes, no real N6 -> true blocker", "SEAL_REAL_N6_NOT_AVAILABLE", sp6)

SP7 N8 real path requires CODEX_AUTHORED/AUTHORITY signer; candidate signer -> FORBIDDEN

def sp7(): prov = {f: "ENGINEERING_VERIFIED_CANDIDATE" for f in ("sealed_by","sealed_at","parent_checkpoint","report_documents_digest")} return E.encode_real_n8(E.fixture_n8_pairs(N7), prov, real_upstream=True) expect_reject("SP7", "candidate class as N8 signer", "SEAL_PROVENANCE_FORBIDDEN_CLASS", sp7)

SP8 manifest extra authority field (macro probe #28)

expect_reject("SP8", "N7 + extra rogue authority field", "SEAL_INPUT_EXTRA", lambda: E.encode_node("N7", E.fixture_n7_pairs() + [("rogue_authority_grant","ALL")]))

SP9 prose-only pin (seal claim with no computed digest) (macro probe #29)

expect_reject("SP9", "P7 prose-only pin (no compute)", "SEAL_PROSE_ONLY_PIN_REJECTED", lambda: E.seal_p7(E.fixture_p7_pairs(N7, N8), prose_only=True))

SP10 duplicate report doc id with different revision (macro probe #12/#13)

expect_reject("SP10", "report set: same doc id, different rev", "SEAL_REPORT_SET_DUPLICATE", lambda: E.report_documents_digest([("doc-a.md","1"), ("doc-a.md","2")]))

caught = sum(1 for ,,v,_ in results if v == "REJECTED") for pid, desc, verdict, detail in results: print(f" [{verdict:24}] {pid:<5} {desc} -> {detail}") print(f"SUPPLEMENTAL-PROBES: {caught}/{len(results)} fail-closed") sys.exit(0 if caught == len(results) else 1)