KB-2B28
FIX7 authority-input packet — authority_firewall.py
5 min read Revision 1
tool-kiem-thufix7authority-inputfirewall2026-06-11
#!/usr/bin/env python3
============================================================================
FIX7 N7/N8/P7 AUTHORITY-INPUT -- EXECUTABLE AUTHORITY FIREWALL (fail-closed)
Enforces, as runnable assertions, the boundary between PREPARING authority
inputs and AUTHORING/SEALING. exit 0 iff EVERY rule holds. A single broken
rule -> nonzero. This firewall seals nothing, approves nothing, promotes
nothing, and authors no N7/N8/P7.
Usage: python3 authority_firewall.py <packet_dir>
============================================================================
import json, os, sys, importlib.util
HERE = os.path.dirname(os.path.abspath(file)) sys.path.insert(0, HERE) import authority_input_validator as V
PK = sys.argv[1] if len(sys.argv) > 1 else "."
def _load(name): with open(os.path.join(PK, name), "r", encoding="utf-8") as f: return json.load(f)
rules = []
def rule(name, ok, note=""): rules.append((name, bool(ok), note))
class OutOfLane(Exception): pass
def main(): n6 = _load("n7-envelope-n6-status.json") owner = _load("owner-decision-template.json") p7 = _load("p7-id-proposal.json") roster = _load("authority-input-roster.json") rs = _load("report-set-candidate.json")
# The validator itself must pass on this packet (composes all input rules).
try:
V.validate_packet(PK)
validator_ok = True
except V.AuthInputReject as e:
validator_ok = False
rule("validator", False, e.status)
rule("F0 authority_input_validator passes", validator_ok)
# F1: N6 referenced as engineering candidate, NOT seal/pin
rule("F1 N6 is candidate, not seal/pin",
n6.get("n6_current_status") == "RATIFIED_ENGINEERING_VERIFIED_CANDIDATE"
and n6.get("n6_is_official_seal") is False
and n6.get("n6_is_official_pin") is False)
# F2: N6 does NOT by itself authorize N7/N8/P7
rule("F2 N6 alone does not authorize N7/N8/P7",
n6.get("n6_authorizes_n7_n8_p7_alone") is False)
# F3: N7/N8/P7 remain NOT authored in this packet
authored = roster.get("n7_n8_p7_authored", {})
rule("F3 N7/N8/P7 not authored",
authored.get("N7") is False and authored.get("N8") is False
and authored.get("P7") is False)
# F4: owner approval not fabricated (default safe HOLD)
rule("F4 owner approval not fabricated",
owner.get("current_decision") in (None, "NOT_APPROVED_HOLD")
and owner.get("owner_signed") is False)
# F5: N8 signer not fabricated (CODEX_ONLY)
rule("F5 N8 signer not fabricated",
rs.get("is_codex_authored_n8") is False
and rs.get("sealed_by") is None and rs.get("sealed_at") is None)
# F6: P7 ids proposed only, not official
rule("F6 P7 ids proposed, not official",
p7.get("is_official_p7") is False and p7.get("is_official_pin") is False
and p7.get("p7_authored") is False)
# F7: ratified N-number table binding; membership un-numbered
rule("F7 N-number table ratified-binding; membership un-numbered",
n6.get("n_number_table_status") == "RATIFIED_FOR_BINDING_USE"
and "membership" in str(n6.get("membership_label", "")).lower()
and str(n6.get("membership_label", "")).strip() != "N1")
# F8: implementation + out-of-lane production ops remain blocked
def out_of_lane(op):
raise OutOfLane(op)
all_blocked = True
for op in ("REAL_RUN", "QT001", "permit", "activation", "repoint", "cutover",
"implementation", "promote_v0.2", "registry_row"):
try:
out_of_lane(op); all_blocked = False
except OutOfLane:
pass
rule("F8 implementation/REAL_RUN/QT001/permit remain blocked",
all_blocked and roster.get("implementation_unblocked") is False
and roster.get("production_mutation") is False)
npass = sum(1 for _, ok, _ in rules if ok)
for name, ok, note in rules:
print(f" [{'PASS' if ok else 'FAIL'}] {name}" + (f" ({note})" if note else ""))
print(f"AUTHORITY-FIREWALL: {npass}/{len(rules)} rules hold")
return all(ok for _, ok, _ in rules)
if name == "main": sys.exit(0 if main() else 1)