FIX7 Real-N6 Duplicate Fail-Open Closure Report
FIX7 Real-N6 — Duplicate Fail-Open Closure Report (2026-06-11)
- Host: T1 / Claude Code. Codex consulted: NO. Owner approval: NO. Production mutation: NO.
- Closes: Codex
CODEX-N6-DUP-DECLARED,CODEX-N6-DUP-MANIFEST. Object IDs: TKT-OBJ-274 (this report), 281/282/283 (artifacts). - Verifier:
277daf86…b67cf9cb(rev1) →922e5246…80224385(rev2). N6 value, certificate UNCHANGED.
1. Root cause (Codex-found)
| Defect | Code locus (rev1) | Why it failed open |
|---|---|---|
| duplicate declared corpus member | verify_corpus_membership() → declared_set = set(declared) |
the set silently absorbs a duplicated id; missing/extra stay empty; the per-doc loop re-hashes the same file → a candidate certificate is emitted |
| duplicate manifest record | parse_hash_manifest() → entries[rel] = h |
a dict silently overwrites a duplicate path; shasum -c alone never catches duplicate records; verification proceeds and certifies an ambiguous corpus |
2. The fix (rev2, fail-closed, no certificate on any)
verify_corpus_membership() — before the set() conversion:
_dup_seen = set()
for _m in declared:
if _m in _dup_seen:
raise N6Reject("N6_CORPUS_DUPLICATE", f"duplicate declared member {_m!r}")
_dup_seen.add(_m)
parse_hash_manifest() — before dict insertion, per line:
if sep != " " or not rel.strip():
raise N6Reject("N6_MANIFEST_MALFORMED_LINE", ...)
rel = rel.strip()
if not re.fullmatch(r"[0-9a-f]{64}", h):
raise N6Reject("N6_MANIFEST_BAD_HASH", ...)
if rel in entries:
raise N6Reject("N6_MANIFEST_DUPLICATE", ...)
New reject codes: N6_CORPUS_DUPLICATE (declared), N6_MANIFEST_DUPLICATE, N6_MANIFEST_MALFORMED_LINE, N6_MANIFEST_BAD_HASH. Each raises before any value/compute → verify_real_n6 exits 5 with no certificate.
3. Positive proof (the legitimate path is unchanged)
- cmd
python3 real_n6_provenance_verifier.py --selftest(cwd packet) → 19/19 PASS, exit 0 (was 14/14; +5 cases: clean-manifest-parses, dup-manifest-rejected, malformed-rejected, non-hex-rejected, dup-declared-rejected). - recon manifest format safety: the real 32-entry recheck-9
HASH_MANIFEST.txthas 0 lines that the stricter parser would reject (all^[0-9a-f]{64} .+). - full ledger
RECON=_recon bash commands.sh→REAL-N6 VERIFY: OK n6=d777e87c…, regenerated cert byte-identical to pinnedacf8d259…,OVERALL: PASS (5/5). - fresh-from-KB
bash RERUN.sh→RERUN_RESULT: PASS.
4. Negative / adversarial proof (the exact Codex inputs now fail closed)
Replay harness codex_replay.py (Codex's exact inputs), cwd packet, evidence _recon:
| Input | Unpatched 277daf86 |
Patched 922e5246 |
|---|---|---|
declared_members = CORPUS_MEMBERS + [CORPUS_MEMBERS[0]] |
ACCEPTED cert_emitted=True (FAIL-OPEN) |
REJECTED[N6_CORPUS_DUPLICATE] cert_emitted=False |
HASH_MANIFEST with duplicate docs/05-…md record |
ACCEPTED cert_emitted=True (FAIL-OPEN) |
REJECTED[N6_MANIFEST_DUPLICATE] cert_emitted=False |
HASH_MANIFEST malformed (single-space) line |
ACCEPTED cert_emitted=True (FAIL-OPEN) |
REJECTED[N6_MANIFEST_MALFORMED_LINE] cert_emitted=False |
Permanent regression probes P25–P28 added to n6_adversarial_probes.py (0f2c94d3…): full suite 31/31 fail-closed, any PASS emitted: False | any seal/official digest emitted: False.
5. Verdict
Both Codex duplicate fail-open classes are CLOSED. No invalid duplicate input emits a certificate/digest/seal. N6 remains the same engineering candidate d777e87c…; it is NOT Codex-ratified. Standing authority blocker SEAL_REAL_N6_NOT_AVAILABLE is unchanged and authority-only.