T1 FIX7 Blueprint Patch After Codex Recheck 5 - Readme First
00 - T1 FIX7 Blueprint Patch After Codex Recheck 5 (Canonical Envelope) - Readme First
Date: 2026-06-09
Author: T1 (production Agent for Agent Data)
Macro: PROGRAM_PATCH_T1_FIX7_BLUEPRINT_AFTER_CODEX_RECHECK_5_CANONICAL_ENVELOPE_SEALING
Mode: READ-ONLY production; blueprint KB-doc direct-revision; NO production mutation.
Final status
FIX7_REFACTOR_BLUEPRINT_T1_PATCHED_AFTER_CODEX_RECHECK_5_READY_FOR_CODEX_RECHECK_6
What this macro did
Codex recheck 5 (codex-fix7-blueprint-recheck-5-final-envelope-2026-06-09/, status
FIX7_REFACTOR_BLUEPRINT_CODEX_RECHECK_5_NEEDS_T1_FIX) accepted the recheck-4 work in direction —
the approval-envelope model, the guard rebinding, and the invariants/boundary
(INVARIANTS_BOUNDARY_FINAL_ACCEPTED) — but did not seal the envelope. It left six
canonical-encoding / seal / anchor blockers. This macro patched all six in-blueprint; no runtime
design amendment; nothing Codex accepted was reopened.
The fix is entirely about construction-document content-addressing: making every aggregate digest byte-reproducible, binding the complete authority-bearing envelope, removing doc 00's self-reference, classifying the blueprint checkpoint, and defining an actually-immutable Codex seal anchor.
The six blockers and the fix (one line each)
- A — canonical encoding incomplete → doc 00 Canonical hash encoding (FIX7-CANON-V1): domain
tag + record type + field order + sort key + separators + newline normalization + UTF-8 + null/bool
tokens + full-path normalization + revision representation + trailing-LF + reproducible command, per
aggregate.
active_corpus_membership_sha256recomputed over full doc_ids =f2bda8effc7be19b54722828126b82d7d2d48bee5e5e5dc0c8f347ce210fe251. +G-CANONICAL-ENCODING-CONTRACT. - B — manifest omits authority fields →
envelope_manifest_sha256now binds the complete authority-field roster (excluding only itself +detached_seal_sha256); unknown/missing field fails closed. +G-ENVELOPE-MANIFEST-AUTHORITY-COMPLETE. - C — doc 00 self-reference → Option 1:
full_document_sha256is NON_AUTHORITY_DIAGNOSTIC for every member; load-bearing =normalized_active_content_sha256excluding the ENVELOPE:EXCLUDE region. - D — blueprint checkpoint self-host/ACTIVE ambiguity → reclassified NON_AUTHORITY_INDEX (DERIVED_STATUS / REPORT_ONLY); not a member, not a self-host, consumed by no guard/package.
- E — Codex checkpoint not immutable → Codex detached seal anchor contract; compensating
fail-closed rule for the missing cryptographic signature (revision + SHA-256 + MCP read-back +
mismatch guard). +
G-CODEX-DETACHED-SEAL-ANCHOR. - F — fail-closed guards must use canonical hashes → 5 guards re-bound to FIX7-CANON-V1 + the detached seal; guard-quality rule 10.
Document map (this report)
| Doc | Content |
|---|---|
| 00 | This readme |
| 01 | Codex recheck-5 failure matrix (verbatim verdicts → fix) |
| 02 | Canonical hash encoding spec (FIX7-CANON-V1) |
| 03 | Envelope-manifest authority-field roster |
| 04 | doc 00 self-reference resolution (Option 1) |
| 05 | Blueprint-checkpoint authority classification |
| 06 | Codex detached seal anchor contract |
| 07 | Fail-closed drift guard update (51 → 54) |
| 08 | Adversarial canonicalization self-audit (12/12, computationally verified) |
| 09 | Hardcode / PG-native self-review |
| 10 | Cross-layer boundary self-review |
| 11 | Direct blueprint revisions applied (every patch + revision) |
| 12 | Final verdict |
Boundaries (unchanged)
No production implementation, Stage 2.6B, qt001_backfill_permit, REAL_RUN, QT001 apply, manifest
activation, repoint, or owner/ACL cutover is authorized. Production was READ-ONLY throughout; the only
writes were blueprint-doc revisions, this report, and the checkpoints. Next is Codex recheck 6 only
— which seals the canonical envelope and writes the Codex detached seal. Do not claim implementation
approval.