Incomex AI Portal
KB-5C16

FIX7 Real-N6 — fix7-real-n6-adversarial-probes-under-tkt-v02-2026-06-11.md

5 min read Revision 1
tool-kiem-thufix7n6real-n6tkt-v022026-06-11

FIX7 Real-N6 Adversarial Probes — under TKT v0.2 (2026-06-11)

  • Host: T1. Codex: NO. Owner: NO. Production mutation: NO.
  • Harness: n6_adversarial_probes.py in packet …/fix7-real-n6-provenance-under-tkt-v02-2026-06-11/.
  • Run against a fresh KB reconstruction of the governed evidence (RERUN.sh gate 0).
  • Result: 27/27 fail-closed; exit 0; no PASS emitted; no seal/official digest emitted.

Probe ledger (Codex-style — bad inputs outside the happy path)

For each: mutated input → command → expected → observed exit/status → PASS emitted? → digest/seal emitted? → verdict.

PID mutated input expected reject/behavior observed PASS? seal/digest? verdict
P1 N6 submitted with provenance REHEARSAL N6_PROVENANCE_REHEARSAL_BLOCKED same NO NO PASS
P2 fixture corpus (REHEARSAL) → real N7 (encoder) SEAL_PROVENANCE_REHEARSAL_BLOCKED same NO NO PASS
P3 source_kind=LOCAL_ONLY N6_SOURCE_NOT_GOVERNED same NO NO PASS
P4 empty corpus dir (prose-only) N6_CORPUS_PROSE_ONLY same NO NO PASS
P5 one corpus member removed N6_CORPUS_MEMBER_MISSING same NO NO PASS
P6 duplicate (case-variant) member [injected listing — macOS FS is case-insensitive] N6_CORPUS_DUPLICATE same NO NO PASS
P7 duplicate document id (report set) SEAL_REPORT_SET_DUPLICATE same NO NO PASS
P8 path traversal member ../../secret.md N6_CORPUS_PATH_TRAVERSAL same NO NO PASS
P9 path alias (non-.md) N6_CORPUS_PATH_ALIAS same NO NO PASS
P10 stale corpus hash in manifest N6_CORPUS_HASH_MISMATCH same NO NO PASS
P11 byte count correct, content hash wrong (1 byte flipped) N6_CORPUS_HASH_MISMATCH same NO NO PASS
P12 P7 pin: canonicalizer hash ok, utf8_bytes wrong verify → False False NO NO PASS
P13 HASH_MANIFEST missing a member entry N6_MANIFEST_MISSING_MEMBER same NO NO PASS
P14 HASH_MANIFEST empty (no entries) N6_MANIFEST_MISSING_MEMBER same NO NO PASS
P15 manifest edited → packet_tree changes tree differs 79191246… != b7cb13a4… NO NO PASS
P16 provenance class missing N6_PROVENANCE_MISSING same NO NO PASS
P17 provenance class REHEARSAL (explicit) N6_PROVENANCE_REHEARSAL_BLOCKED same NO NO PASS
P18 provenance class FORBIDDEN_FOR_REAL_SEAL N6_PROVENANCE_FORBIDDEN_CLASS same NO NO PASS
P19 OFFICIAL_PIN claimed without owner/Codex N6_OFFICIAL_PIN_WITHOUT_AUTHORITY same NO NO PASS
P20 N6 certificate tampered (value swapped) verify_certificateFalse False NO NO PASS
P21 report says "PASS" but verifier rejected (broken corpus) N6_REPORT_CONTRADICTS_VERIFIER (trust verifier) same NO NO PASS
P22 real N7 attempted in this lane (candidate + authority classes, no real-upstream) SEAL_REAL_N6_NOT_AVAILABLE same NO NO PASS
P23a real N8 attempted in this lane SEAL_REAL_N6_NOT_AVAILABLE same NO NO PASS
P23b real P7 official pin attempted in this lane SEAL_REAL_N6_NOT_AVAILABLE same NO NO PASS
P24:REAL_RUN REAL_RUN attempted in lane OUT_OF_LANE_OPERATION_BLOCKED same NO NO PASS
P24:QT001 QT001 attempted in lane OUT_OF_LANE_OPERATION_BLOCKED same NO NO PASS
P24:permit permit/activation/repoint/cutover attempted OUT_OF_LANE_OPERATION_BLOCKED same NO NO PASS

Notes

  • Raw stdout: packet logs/probes.log (regenerable; not trusted as proof — re-run via RERUN.sh).
  • All 24 macro-required probe classes are covered (P23/P24 split into a/b/per-op = 27 total checks).
  • The one macro probe with no representable filesystem form on macOS (case-variant duplicate, P6) is exercised honestly by injecting a duplicate directory listing into os.listdir — the gate itself (N6_CORPUS_DUPLICATE) is the real surface and fires.
  • hash correct but byte count wrong (macro probe #12) is exercised at the P7 pin layer (P12), where byte-count and content-hash are independent pinned fields — a sha256 preimage to force a real byte-count/hash divergence on the corpus is not constructible, so the honest representation is the pin-field independence check.
Back to Knowledge Hub knowledge/dev/reports/architecture/fix7-real-n6-adversarial-probes-under-tkt-v02-2026-06-11.md