Fail-Closed Drift Guard Update (51 to 54)
07 - Fail-Closed Drift Guard Update (51 → 54)
(Codex recheck-5 blocker F.) Every fail-closed guard must depend on canonical encoded hash values, not loose YAML/prose, and on the immutable detached seal. This patch re-binds the five named guards and adds three new ones (doc 06 of the blueprint).
Re-bound guards (now canonical)
| guard | recheck-5 change |
|---|---|
G-ACTIVE-AUTHORITY-HASH-MATCH |
live recompute via FIX7-CANON-V1 (not "the envelope normalization spec"); adds active_corpus_sha256; also requires live envelope_manifest_sha256 == the detached seal's sealed_envelope_manifest_sha256 |
G-ACTIVE-AUTHORITY-REVISION-MATCH |
uses canonical revision_repr; the sole self-host (doc 00) is pinned by exclude-region content hash — the blueprint checkpoint is NON_AUTHORITY and not checked here |
G-ACTIVE-AUTHORITY-CHANGE-FAIL-CLOSED |
delta set extended with canonical_encoding_version, envelope-manifest, manifest authority-field roster, and the Codex detached seal; either → ACTIVE_AUTHORITY_ENVELOPE_MISMATCH or ACTIVE_AUTHORITY_DETACHED_SEAL_MISMATCH |
G-NO-SUPERSEDED-CONSUMPTION |
bound to canonical superseded_boundary_sha256 (FIX7-CANON-V1) pinned by the SEALED envelope + the Codex detached seal; now depends on G-CODEX-DETACHED-SEAL-ANCHOR |
G-LEGACY-NO-DISPOSITION-AUTHORITY |
scope pinned by the canonical SEALED envelope (FIX7-CANON-V1) + the Codex detached seal (guard-quality rule 8 updated), not the mutable boundary registry alone |
New guards (51 → 54)
G-CANONICAL-ENCODING-CONTRACT—canonical_encoding_version == FIX7-CANON-V1; every aggregate hash is computed by the byte-exact domain-separated ordered encoding; an aggregate hash defined only in prose, computed from unordered serialization, missing a domain tag / field order / sort key, or non-reproducible → fail closed.G-ENVELOPE-MANIFEST-AUTHORITY-COMPLETE— the manifest binds the complete authority-field roster (doc 03); an authority field present in the live envelope but not in the roster, OR a roster field missing, OR an unknown/extra field treated as authority → fail closed.G-CODEX-DETACHED-SEAL-ANCHOR— a Codex-authored detached seal exists, is well-formed, is pinned by the Codex checkpoint revision + content SHA-256 read back via MCP, and liveenvelope_manifest_sha256==sealed_envelope_manifest_sha256; absent / unsealed / not Codex-authored / checkpoint changed / manifest mismatch →ACTIVE_AUTHORITY_DETACHED_SEAL_MISMATCH→ fail closed.
Guard-quality rule 10 (added)
"Byte-exact canonical content-addressing": every authority-pinning aggregate digest must use the FIX7-CANON-V1 byte-exact encoding (no prose / unordered hash); the manifest must bind the complete roster (any authority field outside it is editable undetected); the self-host must not hash its own envelope; the SEALED copy of record is an immutable Codex detached seal pinned by revision + SHA-256 + read-back. Any drift fails closed. An aggregate hash specified only in prose, or an "immutable" anchor with no revision/hash/read-back, is a disguised mutable-authority path.
Negative tests (added to doc 06)
Eight recheck-5 negative tests, each producing a real fail-closed mismatch: doc_id prefix change → membership mismatch; YAML field reorder → manifest stable (specified non-mismatch); trailing-LF removal / CRLF → specified behaviour; doc 00 envelope edit → detached-seal mismatch (no self-reference loop); authority field not in manifest roster → reject; blueprint checkpoint edit → no effect (NON_AUTHORITY); Codex checkpoint change after seal → detached-seal mismatch; prose/unordered aggregate hash → reject.
Where consumed
The authoring-entry gate, every PKG-A..I input, and S19 run these guards. PKG-A (doc 07) may not begin unless the envelope is SEALED, verified green under FIX7-CANON-V1, and the detached seal matches.