Incomex AI Portal
KB-1CF1 rev 2

FIX7 Real-N6 packet — README_FOR_OWNER_AND_CODEX.md

8 min read Revision 2
tool-kiem-thufix7n6real-n6tkt-v022026-06-11

FIX7 Real-N6 Provenance Packet — README for Owner & Codex (2026-06-11)

  • Host: T1 / Claude Code. Codex consulted: NO. Owner approval requested: NO.
  • Production / PG / Directus / registry mutation: NO. Real N7/N8/P7 seal: NOT created.
  • Authority of this packet: engineering evidence only — provisional-non-authority. It seals, approves, ratifies, and promotes nothing.
  • Final status: FIX7_REAL_N6_ENGINEERING_CANDIDATE_READY_UNDER_TKT_V02.

rev2 (2026-06-11) — Codex duplicate fail-open repair. Codex's independent review found two fail-opens: a duplicate declared corpus member (CODEX-N6-DUP-DECLARED) and a duplicate HASH_MANIFEST path record (CODEX-N6-DUP-MANIFEST) were each accepted and certified. The verifier (real_n6_provenance_verifier.py, now sha 922e5246…) now fails closed on both before any set conversion / dict insertion, plus on malformed manifest lines and non-64-lowercase-hex hashes — and emits no certificate. Selftest 14→19; adversarial probes 27→31 (P25–P28 reproduce the exact Codex inputs). N6 remains the same engineering candidate; it is not Codex-ratified.

1. What this packet proves (and what it deliberately does not)

It answers one question from existing governed evidence:

Can a real, non-rehearsal N6 = active_corpus_sha256 be materialized as an ENGINEERING_VERIFIED_CANDIDATE — without inventing anything, without owner/Codex authority, and without claiming a seal?

Answer: YES (engineering half). The candidate digest is:

N6  active_corpus_sha256 = d777e87c73d3b62d36789d9343f346102e98dbf301f2c93f7608470b876b258c

It is computed fresh from the governed KB corpus (the 10 frozen active-authority blueprint docs), using the governed canonicalizer SSOT algorithm, and reproduces byte-for-byte the value already on record in the FIX7 Recheck-9 Packet V2 produce evidence.

It is NOT, and this packet never claims it is:

  • an official seal, an OFFICIAL_PIN, or owner/Codex-ratified;
  • an N7 envelope, N8 detached seal, or P7 pin (none are created — all remain blocked);
  • a statement that FIX7 implementation is unblocked.

The standing authority blocker SEAL_REAL_N6_NOT_AVAILABLE is split: the engineering half (materialize + verify a real corpus candidate) is now closed; the authority half (owner/Codex approval inputs + ratification/promotion) remains open by design (anti-laundering).

2. Provenance class

Field Value
Node N6 (active_corpus_sha256), load-bearing, dep N1 (per the reconciliation table, engineering convention only)
Provenance class ENGINEERING_VERIFIED_CANDIDATE
Source GOVERNED_KB (10 blueprint docs, byte-exact, HASH_MANIFEST-pinned)
Algorithm canonicalizer SSOT .py sha256 d9caa9fe…26f3e5 (materialized from .md 49c386a9…b734d0)
Membership pin f2bda8…fe251 (frozen; reproduced)
Authority NOT_A_SEAL; is_official_pin=false; creates_n7_n8_p7=false; promotion requires owner + Codex

The N-number table from fix7-n-node-numbering-reconciliation-under-tkt-v02-2026-06-11.json is consumed as a temporary engineering convention for this macro only — not owner/Codex ratification, not a seal, not production approval.

3. How to reproduce (fresh, from KB, no local workbench)

# 0. reconstruct governed evidence from the KB (read-only; needs agent-data MCP creds)
python3 kb_fetch_reconstruct.py _recon

# 1. run the canonical gate sequence
RECON=_recon bash commands.sh        # -> OVERALL: PASS (5/5 gates)

# or, strict end-to-end from KB with every exit/diff/hash enforced:
bash RERUN.sh                        # -> RERUN_RESULT: PASS

kb_fetch_reconstruct.py fetches the FIX7 Recheck-9 Packet V2 tree + the 10 active corpus docs from their canonical blueprint document ids, verifies them bidirectionally against that packet's HASH_MANIFEST.txt, and fetches the governed authority_seal_encoder.py (pinned 13344f92…957144b8). No corpus copy is duplicated into this packet — one authority, one nature.

4. Gates (all re-executed live; none trusted from prose)

Gate Tool Result
Verifier selftest real_n6_provenance_verifier.py --selftest 19/19 fail-closed gates, exit 0
Real N6 verify --verify … --emit-cert exit 0; d777e87c…, class ENGINEERING_VERIFIED_CANDIDATE, NOT_A_SEAL
Adversarial probes n6_adversarial_probes.py 31/31 fail-closed; no PASS / no seal / no official digest emitted
Authority firewall authority_firewall.py 8/8 rules hold
Certificate binding verify_certificate() intact; tampered cert → False

Adversarial probe coverage (Codex-style, bad inputs outside the happy path)

rehearsal-as-real · fixture-corpus-into-real-N7 · local-only · prose-only/empty · missing member · duplicate (case-variant, injected listing) · duplicate doc-id (report set) · path traversal · path alias · stale hash · byte-count-ok-hash-wrong · hash-ok-bytecount-wrong (P7 pin) · manifest-missing-member · empty manifest · packet_tree mismatch · provenance missing/REHEARSAL/FORBIDDEN · OFFICIAL_PIN-without-authority · certificate tamper · report-contradicts-verifier · real N7 blocked · real N8/P7 blocked · REAL_RUN/QT001/permit out-of-lane blocked · duplicate-declared-member (P25, Codex) · duplicate-manifest-path (P26, Codex) · malformed-manifest-line (P27) · non-hex-manifest-hash (P28).

5. The real-N6 verifier — fail-closed gate order

real_n6_provenance_verifier.py :: verify_real_n6() rejects (exit 5, no certificate) on any of: source not GOVERNED_KB · provenance missing/unknown/REHEARSAL/FORBIDDEN/OFFICIAL_PIN-without-authority · algorithm file missing or hash ≠ d9caa9fe… · SSOT .md hash ≠ 49c386a9… · HASH_MANIFEST missing · corpus dir missing/empty(prose-only) · member missing/extra/duplicate · path traversal/alias · manifest missing a member · corpus byte/hash mismatch · produce corpus_ok=False or membership_frozen_ok=False · membership ≠ frozen pin · value not 64-hex · value is a rehearsal fixture sentinel · value ≠ on-record candidate. It emits a certificate only when every gate passes.

6. What remains (authority-only — NOT for T1, NOT in this macro)

To turn this ENGINEERING_VERIFIED_CANDIDATE into a real sealed N6 → N7 → N8 → P7:

  1. Owner/Codex ratify the N-number reconciliation table (currently engineering convention only).
  2. Owner/Codex supply the authority inputs (approval_event_id, approver_identity, approval timestamp, owner blueprint decision; Codex signer for N8) — these do not exist in this lane.
  3. Codex runs the real seal path with real_n6_available=True consuming this candidate, then promotes it to OFFICIAL_PIN.

Until then the encoder’s SEAL_REAL_N6_NOT_AVAILABLE / provenance gates keep every seal blocked, as demonstrated live by probes P22/P23 and firewall F3.

7. File map

  • real_n6_provenance_verifier.py — the fail-closed verifier + certificate emitter (rev2, selftest 19/19)
  • n6_adversarial_probes.py — 31 Codex-style adversarial probes (all fail-closed; P25–P28 = Codex dup/manifest regression)
  • authority_firewall.py — 8 executable firewall rules (engineering ≠ authority)
  • real-n6-provenance-certificate.json — the emitted ENGINEERING_VERIFIED_CANDIDATE certificate
  • kb_fetch_reconstruct.py — KB fresh-fetch reconstruction of governed evidence
  • commands.sh / exit_codes.json / RERUN.sh — canonical run + strict from-KB rerun
  • HASH_MANIFEST.txt / packet_tree.sha256 / manifest.json — integrity surface
  • RECONSTRUCT.md — reconstruction instructions
  • logs/ — captured stdout of each gate (regenerable; not trusted as proof)
Back to Knowledge Hub knowledge/dev/reports/architecture/fix7-real-n6-provenance-under-tkt-v02-2026-06-11/README_FOR_OWNER_AND_CODEX.md