T1 FIX7 Recheck-6 Byte-Exact Envelope Patch - Readme First
00 - T1 FIX7 Recheck-6 Byte-Exact Envelope Patch - Readme First
Date: 2026-06-09
Author: T1 (production Agent for Agent Data)
Macro: PROGRAM_PATCH_T1_FIX7_BLUEPRINT_AFTER_CODEX_RECHECK_6_BYTE_EXACT_CANONICALIZATION_AND_ACYCLIC_SEAL_GRAPH
Mode: READ-ONLY production. Blueprint KB-document direct-revision only. No production mutation.
Final status
FIX7_REFACTOR_BLUEPRINT_T1_PATCHED_AFTER_CODEX_RECHECK_6_READY_FOR_CODEX_RECHECK_7
What this package is
A narrow blueprint-repair pass after Codex recheck 6, which accepted the recheck-5 direction
(full-path membership hash f2bda8…fe251, doc-00 self-reference resolution, blueprint-checkpoint
NON_AUTHORITY classification, invariants/boundary, PG-first + typed-set separation) but did not seal.
Four blockers remained, all in the construction-document authority layer (not runtime):
- A — canonical encoding not byte-exact: no escaping/rejection for TAB/LF/reserved tokens inside field values → records not injective.
- B — no exact extractor: "active scope / fence / section" were prose; manifest/seal records needed human interpretation.
- C — record encoding ambiguity: scalar/list/manifest/detached-seal records lacked exact shapes.
- D/E — detached-seal self-reference cycle: the envelope manifest bound the Codex checkpoint
content hash; that checkpoint contained the seal that bound the manifest;
seal_report_checkpoint_content_sha256asked the checkpoint to hash itself.
All four are patched in-blueprint (docs 00, 06, 07, 12). Nothing accepted was reopened; no runtime design amendment; 27/11/14/7 preserved (no 8th runtime hash contract; H01..H07 stay 7).
Why Codex kept finding what T1 missed (the lesson this pass internalizes)
T1 had been validating that mechanisms exist ("this has a SHA-256, a roster, an anchor"). Codex reviews at the implementer's/adversary's altitude: given this spec, is there exactly one byte string that feeds each hash, and can the dependency graph be topologically ordered? A hash spec can sound complete yet be byte-ambiguous (no rule for a TAB in a value; line numbering unspecified; no fence-finding algorithm) and the "bind everything to everything" instinct produced a cycle (more binding felt more secure, but a cycle makes the hashes uncomputable). This pass adopts that altitude proactively: every load-bearing digest now has a byte-exact input, a REJECT policy, a deterministic extractor, a closed record schema, domain separation, canonical order, and a proven-acyclic dependency graph — and the adversarial self-review (doc 08) was computed in python, not asserted, so Codex should only have to confirm the result.
The fix in one paragraph
FIX7-CANON-V1 gains: a REJECT-not-escape field policy (per-field whitelist grammar + forbidden bytes TAB/LF/CR/NUL/backslash + forbidden reserved tokens + no-null/no-empty); one deterministic active-scope/fence/section extractor (normalize CRLF/CR→LF first, 1-based lines, exact marker grammar, exactly one DOC_STATUS, flat non-nesting, re-emit each retained line + LF) with a fail-closed status for every ambiguity; a closed per-record encoding schema and a closed envelope key-classification schema (every key MANIFEST_BOUND / SEAL_LAYER_READBACK_PROTECTED / NON_AUTHORITY_DIAGNOSTIC / STRUCTURAL_CONTRACT_PROSE); and an acyclic seal hash graph N1..N9 — the manifest binds no Codex-checkpoint revision/content hash and the seal never hashes its own checkpoint; the checkpoint is anchored out-of-band by its platform revision + MCP read-back. Four guards added (54→58); guard-quality rule 11 added. Seal event moves to recheck 7.
Document map (this report)
| Doc | Content |
|---|---|
| 00 | This readme |
| 01 | Codex recheck-6 failure matrix (what was accepted / what blocked) |
| 02 | Reserved-token rejection policy (blocker A) |
| 03 | Active-scope / fence / section extractor (blocker B) |
| 04 | Record encoding spec (blocker C) |
| 05 | Seal hash graph DAG (blocker D) + node/edge list + acyclicity proof |
| 06 | Codex anchor model without self-hash (blocker E) |
| 07 | Updated fail-closed guards (the 4 new guards + rule 11) |
| 08 | Codex-style adversarial self-review (15 scenarios, computed) |
| 09 | Hardcode / PG-native self-review |
| 10 | Cross-layer boundary self-review |
| 11 | Direct blueprint revisions applied (doc 00/06/07/12 + checkpoints) |
| 12 | Final verdict |
Authority note
This report is rationale + computed proof. The load-bearing copies live in the ACTIVE blueprint members doc 00 (FIX7-CANON-V1: rejection policy, extractor, record schema, key-classification schema, seal hash DAG, anchor contract, envelope) and doc 06 (the four new guards + rule 11). This report directory is not an ACTIVE corpus member and is consumed by no guard/package as authority.
Boundaries (unchanged, all BLOCKED)
Implementation, Stage 2.6B, qt001_backfill_permit, REAL_RUN, QT001 apply, manifest activation,
repoint, owner/ACL cutover — all remain BLOCKED. Production was READ-ONLY throughout. Next is Codex
recheck 7 only (which seals the canonical envelope and writes the Codex detached seal).