KB-310A

FIX7 P0 — Codex-Rejected SQLite Reproducibility Defect Fix + Capsule Reseal (2026-06-13)

7 min read Revision 1

tool-kiem-thufix7p0codex-capsuledefect-fixsqlite-reproducibility2026-06-13

FIX7 P0 - Codex-Rejected SQLite Reproducibility Defect Fix + Capsule Reseal (2026-06-13)

Macro: FIX7_P0_FIX_CODEX_REJECTED_SQLITE_REPRODUCIBILITY_AND_RESEAL_CAPSULE_MACRO_2026_06_13 Host: T1 / CLEAN TERMINAL Final status: FIX7_P0_CODEX_REJECTED_SQLITE_REPRODUCIBILITY_FIXED_CAPSULE_READY

Production mutation: NO. Production DB/Directus/live contact: NO. REAL_RUN/QT001/cutover/permit/activation/repoint: NO. CI trigger: NO. Secrets copied/changed: NO. Real production data copied: NO. Real-data or production decision selected: NO. Codex rejection evidence deleted: NO (preserved byte-exact under logs/codex-rejection-evidence-preserved-2026-06-13/).

KB note: this document mirrors the sealed in-capsule report reports/fix7-p0-codex-rejected-sqlite-reproducibility-fix-report-2026-06-13.md (capsule copy sha256 12719988598c8d762789366581e4e7ed8201c22fc082d9b57d9a97e6b74ba135, 8152 bytes). The KB edition adds this note plus the final capsule tree, which the sealed copy cannot self-reference: capsule tree (sha256 of capsule HASH_MANIFEST.txt) = 86e553b8cdb5e15cc2c633cb8ed2516f0bc70ead95fbbd737f9aaa1a15541822.

1. The Codex rejection (reproduced BEFORE any change)

Codex returned CODEX_FIX7_P0_EXECUTABLE_CAPSULE_AUDIT_REJECTED on a fresh 2026-06-13 rerun: VERIFY_CAPSULE.sh exit 1, RERUN_ALL.sh exit 1, rollback-evidence.json and surrogate-rehearsal-execution-evidence.json hash-mismatched against the seal.

Reproduced locally before changing anything (logs/codex-rejection-reproduced-before-fix.log): VERIFY_EXIT=1, RERUN_ALL_EXIT=1, with exactly those two files FAILED in the capsule manifest check and MISMATCH in the packet RERUN step.

2. Exact root cause

The surrogate generator and rehearsal are logically deterministic, but the sealed evidence embedded raw SQLite FILE sha256 values in the pass/fail path. Raw SQLite file bytes are deterministic within one runtime and NOT byte-identical across SQLite library builds. Measured:

runtime	raw db sha256 (fresh generation)	stable within runtime?
python 3.11.6 / sqlite 3.42.0 (seal env)	`5a6ad463...bcf598`	YES (2 runs identical)
python 3.9.6 / sqlite 3.51.0	`a7c5bddd...8fade7`	YES (2 runs identical)
Codex audit runtime (third build)	`1fbf9607...97691e`	YES

Diff of Codex's regenerated evidence vs the seal confirmed the drift is confined to raw-file-hash fields; every logical field matched.

3. Old vs new proof model

OLD (rejected): raw SQLite FILE sha256 in the pass/fail path; breaks on any other SQLite build.
NEW: CANONICAL LOGICAL STATE sha256 (CANONICAL_LOGICAL_STATE_V1, canonicalize_sqlite_state.py, sha256 6997da403c602d6f483c201ad77bdded6750a3cd5284a4c2f6627b5269715c41): user tables sorted; stored CREATE text whitespace-normalized; columns sorted; rows as column-keyed objects sorted by canonical JSON; BLOBs as sha256+length; UTF-8 / sort_keys / compact separators / ensure_ascii / trailing newline; no volatile metadata, no SQLite page/header bytes. Byte-identical on any SQLite build (proven 3.42.0 vs 3.51.0).
Raw SQLite file hashes are now DIAGNOSTIC ONLY in raw-sqlite-diagnostic.json (regenerated, unsealed, never compared).

Rollback proof NOT weakened: sealed evidence still requires after_apply_state_hash != before_state_hash AND after_rollback_state_hash == before_state_hash (canonical, full-db + mutated-table-subset entries), row counts restored, rehearsal row absent; raw-file snapshot/mutation/restore still enforced within-run; hardened validator e6547e69...956c47 UNCHANGED byte-exact; fake no-mutation rollback still fails closed.

4. Files changed

Packet fix7-p0-final-pre-real-data-readiness-packet-2026-06-12: NEW canonicalize_sqlite_state.py; patched surrogate_rehearsal.py, commands.sh, RERUN.sh, README.md, spec/provenance JSONs, manifest.json; regenerated rollback-evidence.json (2fe4567150fca5990ecacd604b49b28295d1874946eb6531f5baf269218fca68) and surrogate-rehearsal-execution-evidence.json (c269dfa40cb30808a6ba6228ad0b0f75dbf9cec4d7bb4057fa1462c40e08a748); NEW unsealed raw-sqlite-diagnostic.json. New packet tree ad9e15112d378ca2734707d04b4ff21614148f040d534c43df77d89be574f401 (supersedes b476b547...55cd90).

Capsule root: VERIFY_CAPSULE.sh (13 steps, new canonical-state step), RERUN_ALL.sh (14 steps), EXPECTED_HASHES_AND_TREES.json (new tree, fixture canonical pin ec8a584c...adc8bd, defect_fix_2026_06_13 supersession block), EVIDENCE_PATH_MAP.json, expected_outputs/expected-results.json, manifest.json, CODEX_AUDIT_INSTRUCTIONS.md, README_FOR_CODEX.md, REQUIRED_READ_ORDER.md, fixtures/FIXTURE_PROVENANCE.md + fixture JSON copies, new defect-fix report (md+json). 2026-06-12 lane reports and the prior Codex BLOCKED audit preserved byte-intact (pins superseded, not rewritten). Hardened validator, generator, authority seal, governance bytes, decision packets, CI gate packet: UNCHANGED.

5. Fresh reproducibility proof

Fresh process run #1 + #2 (sqlite 3.42.0): packet RERUN PASS, 4/4 evidence files byte-identical (MATCH).
Fresh tempdir + DIFFERENT runtime (/usr/bin/python3, sqlite 3.51.0): packet RERUN PASS, 4/4 byte-identical; only the unsealed diagnostic differs.
bash VERIFY_CAPSULE.sh -> exit 0 (13/13).
bash RERUN_ALL.sh -> exit 0 (14/14 incl. post-rerun seal integrity).
Bad-input regression: capsule 10/10 + packet 12/12 fail-closed, 0 forbidden token leaks; hardened validator selftest PASS.

6. Boundary (unchanged) and next step

This fix authorizes NOTHING. Production remains NOT authorized; default decision remains HOLD_REAL_DATA; operator real-data clone input remains owner/operator-only. NEXT: owner routes Codex back to the capsule at /Users/nmhuyen/Documents/Manual Deploy/web-test/codex_review_evidence/fix7-p0-final-pre-real-data-readiness-2026-06-12/ — first commands in CODEX_AUDIT_INSTRUCTIONS.md are UNCHANGED (pwd, find, bash VERIFY_CAPSULE.sh, bash RERUN_ALL.sh).