Incomex AI Portal
KB-7FA9

FIX7 P0 No-Production Execution — rollback_gate_driver.py

4 min read Revision 1
tool-kiem-thufix7p0no-productionexecution-packet2026-06-12

#!/usr/bin/env python3 """Mandatory hardened rollback gate for the FIX7 P0 NO-PRODUCTION execution lane.

Uses the byte-exact hardened validator (hardened_dryrun_validator.py, sha256 e6547e69..56c47, from the hardening patch packet tree 59788d04..e20e4) as the required gate over THIS macro's rollback evidence.

Three checks (all must hold; otherwise exit 1):

  1. V.selftest(HERE): the hardened gate itself is sound -- real frozen T1 rollback evidence PASSES and a fabricated no-mutation rollback FAILS CLOSED.
  2. check_rollback_proof(rollback-evidence.json) == [] -- this macro's real staging rollback proof passes (apply real != before; restored == before).
  3. A fabricated no-mutation variant of THIS macro's own evidence (after_apply forced == before) FAILS CLOSED with ROLLBACK_APPLY_DID_NOT_MUTATE.

Writes hardened-validator-result.json. Authorizes nothing; no production mutation. """ import copy import json import os import sys

import hardened_dryrun_validator as V

HERE = os.path.dirname(os.path.abspath(file))

def load_rb(): with open(os.path.join(HERE, "rollback-evidence.json"), "r", encoding="utf-8") as fh: return json.load(fh)

def main(): # 1. gate is sound (selftest over frozen T1 evidence + fabricated no-mutation) gate_sound = V.selftest(HERE)

# 2. this macro's real rollback evidence passes the hardened gate
rb = load_rb()
real_fails = V.check_rollback_proof(rb)
real_ok = not real_fails
print("[%s] this-macro rollback evidence passes hardened gate%s"
      % ("PASS" if real_ok else "FAIL",
         "" if real_ok else " -> " + "; ".join(real_fails)))

# 3. fabricated no-mutation variant of THIS evidence fails closed
fake = copy.deepcopy(rb)
e0 = fake["entries"][0]
e0["before_hash"] = e0["after_apply_hash"]   # apply changed nothing (fabricated)
e0["after_rollback_hash"] = e0["after_apply_hash"]
fake_fails = V.check_rollback_proof(fake)
fake_closed = any(f.startswith("ROLLBACK_APPLY_DID_NOT_MUTATE") for f in fake_fails)
print("[%s] fabricated no-mutation variant of this evidence fails closed%s"
      % ("PASS" if fake_closed else "FAIL",
         " (" + "; ".join(fake_fails) + ")" if fake_fails else " (FAIL-OPEN!)"))

overall = bool(gate_sound and real_ok and fake_closed)
out = {
    "doc": "fix7-p0-no-production-implementation-execution-hardened-validator-result",
    "date": "2026-06-12",
    "validator": "hardened_dryrun_validator.py",
    "validator_sha256": "e6547e6935cb01aae5feb405899c97107f1990ff3e2f7e6b9157828a90956c47",
    "hardening_packet_tree": "59788d04c8d7afb01b28e7c05f23aa9c2b708f03d5dae02096c4c024287e20e4",
    "gate_selftest_pass": bool(gate_sound),
    "this_macro_rollback_evidence_pass": real_ok,
    "this_macro_rollback_fail_codes": real_fails,
    "fabricated_no_mutation_fails_closed": fake_closed,
    "fabricated_fail_codes": fake_fails,
    "overall_pass": overall,
    "production_rollback_claimed": False,
    "note": "Mandatory gate result for the NO-PRODUCTION execution lane. Authorizes nothing; no production mutation; no REAL_RUN/QT001/cutover.",
}
with open(os.path.join(HERE, "hardened-validator-result.json"), "w", encoding="utf-8") as fh:
    json.dump(out, fh, indent=2, sort_keys=True)
    fh.write("\n")

print("HARDENED_GATE_RESULT: %s" % ("PASS" if overall else "FAIL"))
sys.exit(0 if overall else 1)

if name == "main": main()

Back to Knowledge Hub knowledge/dev/reports/architecture/fix7-p0-no-production-implementation-execution-and-review-packet-2026-06-12/rollback_gate_driver.py