KB-9AF9
Codex Recheck 5 Failure Matrix
5 min read Revision 1
01 - Codex Recheck 5 Failure Matrix
Source: codex-fix7-blueprint-recheck-5-final-envelope-2026-06-09/ (status
FIX7_REFACTOR_BLUEPRINT_CODEX_RECHECK_5_NEEDS_T1_FIX) and its checkpoint.
What Codex accepted (NOT reopened by this patch)
- Approval-envelope direction — a machine-readable YAML envelope listing active members, revisions, section scope, and boundary/guard/membership hashes is the right model.
- Guard rebinding direction — re-binding
G-ACTIVE-AUTHORITY-SCOPE/G-NO-SUPERSEDED-CONSUMPTION/G-LEGACY-NO-DISPOSITION-AUTHORITYto the sealed envelope is correct. - Invariants / boundary — Check H
INVARIANTS_BOUNDARY_FINAL_ACCEPTED: exactly 27 surfaces, 11 runtime-evidence, 14 gates, 7 hash contracts preserved; no new runtime surface / #20 column / catalog family / readiness gate.
The per-check verdicts and the T1 fix
| Check | Codex verdict | Root issue | T1 fix (this patch) |
|---|---|---|---|
| A approval-envelope shape | APPROVAL_ENVELOPE_SHAPE_NEEDS_FIX |
envelope rows omit the knowledge/dev/reports/architecture/ prefix (ambiguous membership input); aggregate encodings underspecified; manifest omits authority fields; doc 00 full-doc hash circular; checkpoint self-host contradiction |
full-path doc_ids; FIX7-CANON-V1 canonical encoding (doc 02); complete manifest roster (doc 03); Option-1 self-reference (doc 04); checkpoint classified (doc 05) |
| B Codex sealing | CODEX_SEALING_NEEDS_T1_FIX |
cannot produce one unambiguous authority-complete seal; anchor not bound to an immutable revision/hash/signature | canonical encoding + complete manifest + Codex detached seal anchor (doc 06); Codex computes + publishes the seal at recheck 6 |
| C fail-closed drift | FAIL_CLOSED_DRIFT_NEEDS_FIX |
manifest binds only doc/revision/normalized-content + membership/registry/guard; omitted fields (superseded boundary, section identity, approval metadata, anchor, recheck-on-change) can be edited to evade the equality proof | manifest binds the complete roster (doc 03); guards re-bound to canonical hashes + detached seal (doc 07) |
| D no-disposition envelope scope | NO_DISPOSITION_ENVELOPE_SCOPE_NEEDS_FIX |
blocked downstream of A–C; guard must depend on the exact sealed envelope | G-LEGACY-NO-DISPOSITION-AUTHORITY re-bound to the canonical sealed envelope + detached seal (doc 07) |
| E no-superseded consumption | NO_SUPERSEDED_CONSUMPTION_NEEDS_FIX |
superseded_boundary_sha256 + section identities + partition not canonical; blueprint-checkpoint ACTIVE-vs-omitted contradiction |
canonical superseded_boundary_sha256 (doc 02); checkpoint classified NON_AUTHORITY (doc 05); guard re-bound (doc 07) |
| F hardcode-final | HARDCODE_FINAL_NEEDS_FIX |
an underspecified aggregate hash / omitted manifest field / circular self-host hash / mutable-unpinned anchor would leave a disguised mutable-authority path | all four closed; non-runtime; no new runtime surface (doc 09) |
| G PG-native-final | PG_NATIVE_FINAL_NEEDS_FIX |
same document-seal defects; runtime design itself unchanged/accepted | construction-document content-address only; runtime PG-first/native/driven untouched (docs 09, 10) |
| H invariants / boundary | INVARIANTS_BOUNDARY_FINAL_ACCEPTED |
— | preserved; nothing reopened (doc 10) |
| I authoring-planning | AUTHORING_PLANNING_NEEDS_T1_FIX |
cannot approve until Codex can produce a complete deterministic seal + verify the immutable anchor | unblocked once recheck 6 seals; still BLOCKED now (doc 12) |
The recurring pattern (self-audit memo)
Every recheck in this chain has flagged the same class one level up: each new mechanism T1 adds to remove a mutable-authority hole contains the same kind of hole inside it. Recheck-4 content-addressed the corpus but left the encoding in prose and the anchor mutable. This patch closes that by making the encoding byte-exact, the manifest complete, and the anchor an immutable detached seal — and by computationally verifying the canonicalization self-tests (doc 08) rather than asserting them.