#!/usr/bin/env python3

Reproduce Codex-owned duplicate fail-open probes against the governed verifier.

import sys, os, importlib.util, tempfile sys.path.insert(0, ".") import real_n6_provenance_verifier as V RECON = sys.argv[1] if len(sys.argv) > 1 else "_recon" DOCS = os.path.join(RECON, "docs") CANON = os.path.join(RECON, "evidence", "fix7_canon_v1_ssot_extended.py") SSOT = os.path.join(RECON, "evidence", "canonicalizer-fix7-canon-v1-ssot.md") HM = os.path.join(RECON, "HASH_MANIFEST.txt")

def probe(name, fn): try: out = fn() emitted_cert = isinstance(out, dict) and out.get("certificate_kind") print(f"[{name}] RESULT=ACCEPTED cert_emitted={bool(emitted_cert)} -> FAIL-OPEN") return "FAIL-OPEN" except V.N6Reject as e: print(f"[{name}] RESULT=REJECTED[{e.status}] cert_emitted=False -> FAIL-CLOSED") return e.status except Exception as e: print(f"[{name}] RESULT=ERROR({type(e).name}: {e})") return "ERROR"

Codex probe 1: duplicate declared corpus member

probe("DUP-DECLARED", lambda: V.verify_real_n6( DOCS, CANON, SSOT, HM, declared_members=V.CORPUS_MEMBERS + [V.CORPUS_MEMBERS[0]]))

Codex probe 2: duplicate manifest record (duplicate docs/ path line)

def dup_manifest(): lines = open(HM).read().splitlines() dup = [] for ln in lines: dup.append(ln) h, _, rel = ln.partition(" ") if rel == "docs/05-rollback-blueprint.md": dup.append(ln) # duplicate the same path entry p = os.path.join(tempfile.mkdtemp(prefix="dupman-"), "HM.txt") open(p, "w").write("\n".join(dup) + "\n") return V.verify_real_n6(DOCS, CANON, SSOT, p) probe("DUP-MANIFEST", dup_manifest)

Codex probe 3: malformed manifest line (no double-space) + bad hash

def malformed_manifest(): lines = open(HM).read().splitlines() lines.append("NOTAHASH docs/99-bogus.md") # single space, bad hash p = os.path.join(tempfile.mkdtemp(prefix="malman-"), "HM.txt") open(p, "w").write("\n".join(lines) + "\n") return V.verify_real_n6(DOCS, CANON, SSOT, p) probe("MALFORMED-MANIFEST", malformed_manifest)