Codex Audit Prompt — FIX7 P0 Executable Capsule, post defect-fix (2026-06-13)
Codex Audit Prompt - FIX7 P0 Executable Capsule, post defect-fix (2026-06-13)
Supersedes fix7-p0-final-codex-audit-prompt-from-capsule-2026-06-12.md after the
CODEX_FIX7_P0_EXECUTABLE_CAPSULE_AUDIT_REJECTED defect was fixed and the capsule
resealed (capsule tree 86e553b8cdb5e15cc2c633cb8ed2516f0bc70ead95fbbd737f9aaa1a15541822).
The required first commands are UNCHANGED. Copy the block below to Codex VERBATIM.
Your audit CODEX_FIX7_P0_EXECUTABLE_CAPSULE_AUDIT_REJECTED was accepted as a real defect and FIXED on 2026-06-13: sealed rehearsal evidence no longer hashes raw SQLite file bytes; every pass/fail hash is now the CANONICAL LOGICAL STATE (CANONICAL_LOGICAL_STATE_V1, canonicalize_sqlite_state.py), byte-identical across SQLite library builds. Raw SQLite file hashes are diagnostic only (raw-sqlite-diagnostic.json, regenerated, never sealed, never pass/fail). Your rejection-run evidence is preserved untouched under logs/codex-rejection-evidence-preserved-2026-06-13/. The capsule was resealed.
Run audit only from this local capsule path:
/Users/nmhuyen/Documents/Manual Deploy/web-test/codex_review_evidence/fix7-p0-final-pre-real-data-readiness-2026-06-12/
Do not use MCP. Do not rely on KB prose. Do not infer from previous reports. Use local raw bytes, manifests, scripts, fixtures, bad inputs, and expected outputs.
Read first: CODEX_AUDIT_INSTRUCTIONS.md (top defect-fix note) and reports/fix7-p0-codex-rejected-sqlite-reproducibility-fix-report-2026-06-13.md.
Required first commands:
cd "/Users/nmhuyen/Documents/Manual Deploy/web-test/codex_review_evidence/fix7-p0-final-pre-real-data-readiness-2026-06-12/" pwd find . -maxdepth 2 -type f | sort | sed -n '1,80p' bash VERIFY_CAPSULE.sh bash RERUN_ALL.sh
Both entry points must exit 0 on YOUR runtime: regenerated rollback-evidence.json and surrogate-rehearsal-execution-evidence.json must be byte-identical to the sealed copies regardless of your SQLite build. raw-sqlite-diagnostic.json MAY differ on your machine - it is unsealed and diagnostic only; treating its drift as a failure would be a false positive.
Audit question:
Can the FIX7_P0_READY_FOR_REAL_DATA_DECISION claim be independently verified from this executable capsule, without production contact, without real data, without secrets, without CI trigger, and without production authorization - now that the SQLite reproducibility defect you found is fixed?
Allowed final Codex statuses:
- CODEX_FIX7_P0_EXECUTABLE_CAPSULE_AUDIT_PASS
- CODEX_FIX7_P0_EXECUTABLE_CAPSULE_AUDIT_REJECTED
- CODEX_FIX7_P0_EXECUTABLE_CAPSULE_AUDIT_BLOCKED_BY_CHANNEL
A PASS means: engineering handoff evidence is independently runnable; readiness is verified; production is still NOT authorized; next step may be owner/GPT real-data handoff decision.
A REJECT means: identify exact defective file/script/evidence and required fix.
A BLOCKED_BY_CHANNEL means: capsule self-verifies, but Codex runtime/channel cannot access or execute it.
Forbidden during your audit: production mutation, production DB/Directus/live contact, REAL_RUN, QT001/apply, permit/activation/repoint/cutover, CI/deploy trigger, secrets, real production data, decision selection, evidence deletion, canonical fold.