06 - Adversarial Self-Audit

The macro requires an adversarial self-review before reporting. Each scenario is an attempted bypass; the design must fail closed. All 11 PASS (10 required + 1 self-reference hole T1 proactively closed). This is the "catch my own holes before Codex does" discipline.

#	attempted bypass	does it fail closed?	by which guard / mechanism
1	Mutate an ACTIVE_AUTHORITY DOC_STATUS marker	YES	marker change → marker_fence_registry_sha256 mismatch (G-ACTIVE-AUTHORITY-HASH-MATCH) and the host doc body changes → KB revision increments (G-ACTIVE-AUTHORITY-REVISION-MATCH)
2	Flip a fenced SUPERSEDED block to active (or vice-versa)	YES	fence + body change → marker_fence_registry_sha256 / content-hash / active-section-identity mismatch (-HASH-MATCH / -CHANGE-FAIL-CLOSED); promotion requires re-enveloping + fresh recheck
3	Add a STUB/disposition term in an active section	YES	body change → revision/hash mismatch (envelope guards) and G-LEGACY-NO-DISPOSITION-AUTHORITY (envelope-bound) fails on the term in ACTIVE_AUTHORITY
4	Reference superseded content from PKG-F/PKG-G	YES	G-NO-SUPERSEDED-CONSUMPTION (envelope-bound) fails
5	Alter the doc 00 registry only	YES	registry edit → marker_fence_registry_sha256 + doc 00 content hash (registry is outside the EXCLUDE region) + possibly active_corpus_membership_sha256 mismatch (-HASH-MATCH)
6	Alter a guard definition (doc 06) only	YES	guard_set_sha256 + guard_set_revision mismatch (-HASH-MATCH / -REVISION-MATCH)
7	Move/renumber an active section without content change	YES	active_section_id_or_range identity mismatch (G-ACTIVE-AUTHORITY-CHANGE-FAIL-CLOSED); reordering also changes the body hash
8	Edit a history block only	YES (correct dual behavior)	a history block inside an ACTIVE doc (00/12) is part of that doc's pinned content hash → editing it trips -HASH-MATCH/-REVISION-MATCH (the whole active doc is immutable after seal); a whole SUPERSEDED doc (09/10/11) is not pinned, so it can be annotated but remains non-authority and can never become authority without re-enveloping
9	Proceed to authoring after any mismatch	YES — BLOCKED	G-ACTIVE-AUTHORITY-CHANGE-FAIL-CLOSED + guard-quality rule 9: the only valid next step is a fresh Codex recheck, never "continue authoring"
10	Rely on Directus/manual marker state as final authority	YES — rejected	G-ACTIVE-AUTHORITY-SCOPE fails if the active classification is taken from mutable markers rather than pinned to the sealed envelope; the envelope is anchored to the Codex checkpoint (not Directus-editable)
11	(self-reference hole, proactively closed) Edit the envelope block itself in doc 00 — which sits in the EXCLUDE region, so doc 00's content hash is unchanged	YES	the SEALED copy of record is in the Codex recheck-5 checkpoint (Codex-authored, not T1/Directus-editable); envelope_manifest_sha256 is in the -HASH-MATCH set, so the live doc-00 envelope must equal the checkpoint-sealed envelope → editing it diverges → ACTIVE_AUTHORITY_ENVELOPE_MISMATCH

Note on scenario 11 (the discipline the user asked for)

The envelope had to be excluded from its own host's content hash to avoid circularity. That exclusion, left unguarded, would have made the envelope itself editable after seal — a fresh mutable-authority hole of exactly the kind Codex flagged. T1 caught it during self-audit and closed it by anchoring the sealed envelope in the Codex recheck-5 checkpoint and including envelope_manifest_sha256 in the hash-match set. This is the kind of second-order hole that should be found in self-review, not at the next external recheck.

Verdict

ADVERSARIAL_SELF_AUDIT_PASS — 11/11 attempted bypasses fail closed / block authoring as designed.