FIX7 Real-N6 Report-vs-File Audit (rev2)
FIX7 Real-N6 — Report-vs-File Consistency Audit (rev2, 2026-06-11)
- Host: T1 / Claude Code. Codex consulted: NO. Production mutation: NO. Object ID: TKT-OBJ-278.
- rev2: re-audited after the Codex duplicate fail-open repair + alignment publish + N7 envelope rev4. Every load-bearing claim below is checked against the actual governed KB bytes (re-fetch + sha256), not against report prose.
- Method note (added rev2): this audit checks BOTH hash-match AND file-presence at packet paths (the gap that produced
CODEX-ALIGNMENT-PACKET-INCOMPLETE/CODEX-T2-PACKET-INCOMPLETEwas that earlier audits hashed the manifest but never fetched the listed files).
1. Real-N6 packet — file presence + hash == manifest
shasum -a 256 -c HASH_MANIFEST.txt over a fresh full KB fetch of all 16 listed files → 16/16 OK. sha256(HASH_MANIFEST.txt) = 356a0cee…282a8b9b == packet_tree.sha256. Key files:
| File | KB sha256 | In manifest? | Present at path? |
|---|---|---|---|
real_n6_provenance_verifier.py (rev2) |
922e5246…80224385 |
YES | YES |
n6_adversarial_probes.py (rev2) |
0f2c94d3…ce2865dfe |
YES | YES |
real-n6-provenance-certificate.json |
acf8d259…acef73786 |
YES | YES (unchanged) |
logs/verifier-selftest.log |
eed42e6d… |
YES | YES (regenerated 19/19) |
logs/probes.log |
c254e5d6… |
YES | YES (regenerated 31/31) |
README / manifest.json / exit_codes.json |
fa1d46ae… / 04f5a9fc… / f9f6569d… |
YES | YES |
2. Report claims vs verified reality
| Report claim | Verified by | Match |
|---|---|---|
verifier 277daf86 → 922e5246 |
re-fetch + sha256 | YES |
| selftest 14 → 19/19 PASS | live --selftest exit 0 |
YES |
| probes 27 → 31/31 fail-closed, no PASS/digest | live n6_adversarial_probes.py exit 0 |
YES |
N6 = d777e87c…, cert byte-identical |
live --verify + diff vs pinned |
YES |
| duplicate inputs emit no certificate | codex_replay.py pre/post |
YES |
real-N6 tree 43b4914a → 356a0cee |
sha256(HASH_MANIFEST.txt) |
YES |
alignment authority_seal_encoder.py published 13344f92 |
re-fetch from packet path + sha256 | YES |
alignment codex_probes.py published 112b4ec5 |
re-fetch from packet path + sha256 | YES |
alignment tree 96d00b9e unchanged, RERUN_RESULT: PASS |
live RERUN.sh exit 0 |
YES |
N7 envelope no longer labels membership (N1) (rev4 182a6d9f) |
re-fetch + grep + envelope_conformance_probe.py 8/8 |
YES |
| N6 NOT Codex-ratified; N7/N8/P7 NOT authored | manifest.json n6_codex_ratified:false; firewall 8/8 |
YES |
3. No-vector / evidence-escrow note
Replay/reconstruction logs were produced in ephemeral /tmp reconstruction dirs (read-only governed KB fetch; nothing written to production). They are regenerable byte-for-byte by bash RERUN.sh (real-N6) and bash RERUN.sh (alignment) from the published KB packets; the load-bearing proof is the fresh recompute, not any pinned log. No raw vector root was invented.
4. Verdict
Report-vs-file audit: PASS. Every load-bearing hash in the rev2 reports recomputes from the actual governed KB bytes; every manifest-listed file is present at its packet path; both packets reconstruct fresh and fail closed on bad input. No prose-only claim remains unbacked.