FIX7 — N7/N8/P7 Authority-Input Packet (README for Owner and Codex)

• Host: T1 / Claude Code / MYTHOS · Date: 2026-06-11
• Lane: FIX7_N7_N8_P7_AUTHORITY_INPUT_PREPARATION_MACRO_2026_06_11
• Authority of this packet: PROVISIONAL_NON_AUTHORITY. It prepares the authority inputs for the next owner/Codex authoring phase. It authors no N7, no N8, no P7, creates no official pin, approves nothing, promotes nothing, and unblocks no implementation or production action.
• Codex consulted: NO · Owner approval requested: NO · Production mutation: NO

0. What Codex ratified (2026-06-11, engineering only)

Per knowledge/dev/reports/architecture/codex-fix7-n-number-n6-targeted-recheck-2026-06-11/:

Item	Status	Authorizes	Does NOT authorize
Canonical N-number table	RATIFIED_FOR_BINDING_USE	binding use of N1..N8/membership/P7 labels	any seal, N7/N8/P7, implementation
N6 d777e87c…b258c (active_corpus_sha256)	RATIFIED_ENGINEERING_VERIFIED_CANDIDATE	Codex consuming it as the engineering N6	being an official seal/pin; authorizing N7/N8/P7 alone

Ratification is not an official seal and creates no N7/N8/P7, implementation approval, or production authorization.

1. What this packet does (and does not) do

• Does: assemble the complete authority-input roster; mark what is present vs missing; prepare an owner decision packet (default safe NOT_APPROVED_HOLD); prepare an N8 governed report-set candidate; prepare a P7 authority-ID proposal; and prove, with runnable fail-closed checks, that nothing here fabricates an authority input or authors a seal.
• Does not: author N7/N8/P7; supply A1/A2/A3/A5; fabricate an owner decision, a Codex N8 signer, or P7 official IDs; promote N6 to OFFICIAL_PIN; change the N6 digest; change N-number semantics; mutate production / PG / Directus / registry / system_issues; run REAL_RUN / QT001 / permit / activation / repoint / cutover; or promote / mutate Tool-Kiem-Thu v0.2.

2. Files

File	Role
authority-input-roster.json	machine roster: every N7/N8/P7 input, present/missing, actor, next action
owner-decision-template.json	machine-readable owner decision (default NOT_APPROVED_HOLD, options + required fields)
report-set-candidate.json	candidate governed report set for N8 (NOT a Codex-authored N8 seal)
p7-id-proposal.json	PROPOSED P7 pin target + dependencies + rollback (NOT an official P7)
n7-envelope-n6-status.json	corrected N6 availability snapshot for the N7 envelope
authority_input_validator.py	fail-closed roster/input validator (--selftest, --validate <dir>)
stale_prose_detector.py	fail-closed stale-N6-prose detector (--selftest, --scan)
authority_firewall.py	fail-closed engineering↔authority boundary firewall
bad_input_probes.py	10 adversarial bad inputs; all must fail closed
commands.sh	canonical gate sequence → OVERALL: PASS; writes exit_codes.json
RERUN.sh	strict reproducible rerun (RERUN_RESULT: PASS)
HASH_MANIFEST.txt / packet_tree.sha256	byte pins; packet_tree = sha256(HASH_MANIFEST.txt)
manifest.json	machine summary + gate results

3. How to verify

shasum -a 256 -c HASH_MANIFEST.txt          # every tracked file byte-exact
bash RERUN.sh                                # strict: shasum -c, tree, commands.sh, probes

commands.sh runs: validator selftest + --validate, stale-prose selftest + scan, authority firewall, bad-input probes (10/10 fail-closed), and the hash/tree gates.

4. Remaining authority inputs (owner/Codex only — NOT fabricated here)

Input	For	Actor	Status
A1 approval_event_id	N7	Codex	MISSING
A2 approver_identity	N7	Owner + Codex	MISSING
A3 approval_event_timestamp	N7	Codex	MISSING
A5 owner_blueprint_decision (OWN-1)	N7 + impl	Owner	MISSING (default NOT_APPROVED_HOLD)
N8 Codex signer / timestamp / parent / report digest	N8	Codex	MISSING (report set is candidate only)
P7 authority IDs + real upstream N7/N8	P7	Codex	MISSING (proposal only)

N6 digest + certificate are present (ratified engineering candidate). Everything else above is owner/Codex-only. ready_to_author = false while any remain missing.

5. Next phase (separately authorized)

Owner issues an explicit decision (OWN-1). If the owner authorizes the seal (option 2+), Codex supplies A1/A2/A3 + signer/report digest + P7 IDs and authors, acyclically, N7 → N8 → P7 via authority_seal_encoder.py (13344f92…957144b8). Implementation and production remain blocked until the seal and the implementation precondition checklist are separately satisfied.