Codex Recheck 4 Failure Matrix
01 - Codex Recheck 4 Failure Matrix
Source: codex-fix7-blueprint-recheck-4-final-before-authoring-2026-06-09/ (00,05,06,07,09,10) +
checkpoint, status FIX7_REFACTOR_BLUEPRINT_CODEX_RECHECK_4_NEEDS_T1_FIX.
Codex per-check verdicts → T1 disposition
| Codex check | Verdict | T1 disposition this pass |
|---|---|---|
| A U_legacy object-only | U_LEGACY_OBJECT_ONLY_ACCEPTED |
preserved (not reopened) |
| B principal separation | PRINCIPAL_SET_SEPARATION_ACCEPTED |
preserved |
| C entry-vector separation | ENTRY_VECTOR_SEPARATION_ACCEPTED |
preserved |
| D uniform end-state scope | UNIFORM_ENDSTATE_SCOPE_ACCEPTED |
preserved |
| E active/superseded boundary | ACTIVE_SUPERSEDED_BOUNDARY_NEEDS_FIX |
FIXED — content-addressed approval envelope (doc 02) |
| F no-disposition guard | NO_DISPOSITION_GUARD_NEEDS_FIX |
FIXED — guard re-bound to the sealed envelope (doc 04) |
| G hardcode final | HARDCODE_FINAL_NEEDS_FIX |
FIXED — mutable authoring denominator content-addressed; guard-quality rule 9 (doc 07) |
| H PG-native final | PG_NATIVE_FINAL_ACCEPTED |
preserved (runtime design unchanged) |
| I invariants/boundary | INVARIANTS_BOUNDARY_FINAL_ACCEPTED |
preserved (envelope is non-runtime; 27/11/14/7 intact) |
| J authoring planning | AUTHORING_PLANNING_NEEDS_T1_FIX |
FIXED — PKG-A gated on SEALED, verified envelope (doc 05/08) |
The single root blocker (verbatim intent)
"ACTIVE_AUTHORITY is currently identified only by Markdown registry/markers/fences. Those can be modified after approval. This is a disguised hardcode / mutable authority boundary. T1 must add an immutable approval envelope: revision + SHA-256 for every ACTIVE_AUTHORITY document/section. Every future change to content, marker, fence, registry, or active section must fail closed and require Codex recheck."
E/F/G/J are one defect with four faces: the active corpus is mutable, so (E) the boundary, (F) the no-disposition guard's scope, (G) the authoring-time hardcode check, and (J) authoring readiness all depend on something that can change after approval. Content-addressing the corpus and binding the guards to the sealed envelope fixes all four.
What Codex accepted (must NOT be reopened)
object-only legacy universe · principal separation · entry-vector separation · uniform end-state scope · PG-native-final (runtime authority stays PG ownership + sealed #20/#21 + #11 closure + #26/#27 + control epoch + manifest activation + evidence_registry-as-evidence) · 27/11/14/7 · all execution boundaries (implementation / Stage 2.6B / permit / REAL_RUN / QT001 apply / activation / repoint / owner-ACL cutover BLOCKED). Codex's explicit constraint: the envelope must not add a runtime authority surface, readiness gate, #20 column, catalog family, or top-level FIX7 runtime hash contract.