#!/bin/sh

FIX7 P0 - CI seal-vs-bytes adoption packet :: independent rerun proof.

1) verify every packet file against HASH_MANIFEST.txt (raw bytes);

2) rerun commands.sh;

3) confirm the regenerated result JSONs are byte-identical to the sealed ones.

NO CI trigger, NO production contact.

set -u HERE=$(cd "$(dirname "$0")" && pwd) cd "$HERE" rc=0

echo "== [1/3] hash manifest verification (raw bytes) ==" shasum -a 256 -c HASH_MANIFEST.txt || rc=1

echo "== [2/3] rerun commands.sh ==" sh commands.sh || rc=1

echo "== [3/3] regenerated outputs byte-identical ==" for f in ci-seal-vs-bytes-gate-selftest-result.json ci-gate-test-results.json; do want=$(grep " $f$" HASH_MANIFEST.txt | cut -d' ' -f1) got=$(shasum -a 256 "$f" | cut -d' ' -f1) if [ "$want" = "$got" ]; then echo "MATCH $f" else echo "MISMATCH $f (want $want got $got)" rc=1 fi done

if [ "$rc" -eq 0 ]; then echo "RERUN_RESULT: PASS" else echo "RERUN_RESULT: FAIL" fi exit "$rc"