<!-- DOC_STATUS: ACTIVE_NON_AUTHORITY -->

T2 FIX7 P0 — Independent Bad-Input / Fail-Closed Probe Report (2026-06-11)

• Host: T2 / CLAUDE CODE / FABLE · Authority: REVIEW_NON_AUTHORITY
• Macro: FIX7_P0_T2_INDEPENDENT_DRYRUN_EXECUTION_READINESS_REVIEW_MACRO_2026_06_11
• Codex called: NO · Production mutation: NO · Implementation execution: NO · REAL_RUN/QT001/cutover: NO
• Machine form (byte-data): t2-fix7-p0-dryrun-independent-bad-input-probes-2026-06-11.json

Method (Codex-style; do not trust reports)

I fetched T1's dryrun_validator.py and all 11 evidence JSONs from KB by bytes, materialized them into a clean /tmp packet, and ran four independent suites. I did not rely on T1's recorded probe result; I re-executed everything.

(A) Positive control — validator on good data

python3 dryrun_validator.py → exit 0, all 11 gates PASS, emits DRYRUN_VALIDATOR_RESULT: PASS.

(B) Reproduced T1's 20 probes

python3 bad_input_probes.py → 20/20 fail-closed, controls_pass=True, any_fail_open=False, exit 0. T1's claim independently reproduced.

(C) 22 NEW T2 probes (beyond T1's harness)

Targeted gates T1 did not directly probe. 22/22 fail-closed, exit 0.

Probe	Defect injected	Gate fired
T2-1	seal: P7-alone authorizes impl	P7_ALONE_AUTHORIZES_IMPL
T2-2	seal: impl execution allowed now	IMPLEMENTATION_EXECUTION_CLAIMED_NOW
T2-3	seal: owner decision escalated past dry-run	OWNER_DECISION_NOT_DRYRUN_ONLY
T2-4	owner: default ≠ HOLD	DEFAULT_NOT_HOLD
T2-5	owner: option chosen but signature UNSIGNED	OWNER_APPROVAL_FABRICATED
T2-6	owner: execution AUTHORIZED in template	EXECUTION_AUTHORIZED_IN_TEMPLATE
T2-7	gov: canonical fold applied	CANONICAL_FOLD_APPLIED
T2-8	gov: object id collides w/ canonical max 224	OBJECT_ID_COLLISION:224
T2-9	gov: object id collides w/ reserved 388	OBJECT_ID_COLLISION:388
T2-10	gov: not via addendum (ungoverned)	OBJECTS_NOT_GOVERNED
T2-11	rollback: production rollback CLAIMED proven	PRODUCTION_ROLLBACK_CLAIMED
T2-12	rollback: not restored (before ≠ after_rollback)	ROLLBACK_NOT_RESTORED:RB-3
T2-13	review: verdict PRODUCTION_READY	REVIEW_VERDICT_INVALID
T2-14	review: production_ready=true	REVIEW_CLAIMS_PRODUCTION_READY
T2-15	review: production_rollback_proven=true	REVIEW_CLAIMS_PRODUCTION_ROLLBACK
T2-16	precond: BLOCKS_DRYRUN but dry-run proceeds	DRYRUN_PROCEEDS_DESPITE_BLOCKER:PC-2
T2-17	precond: execution_ready claimed	EXECUTION_READY_CLAIMED
T2-18	tkt: L4 IU traceability overclaim	TKT_BASE_OVERCLAIM:IU_TRACEABILITY_PASS
T2-19	tkt: L6 release bundle overclaim	TKT_BASE_OVERCLAIM:RELEASE_BUNDLE_PASS
T2-20	tkt: level_reached=L6 overclaim	TKT_BASE_LEVEL_NOT_L3
T2-21	iso: non-temp (production) workspace path	WORKSPACE_NOT_TEMP_PATH
T2-22	iso: connects to system_issues	ISOLATION_PROD_CONNECTION:connects_to_system_issues

(D) End-to-end tamper test

Flipped p7_digest → 0×64 in a copy and ran the full validator: exit 1, emits DRYRUN_VALIDATOR_RESULT: FAIL, and no PASS/seal/cert token leaked. Invalid input does not produce a PASS-like output.

(E) Hardening probe (the one gap) — T2-REC-ROLLBACK-HARDENING-1

Injected a rollback entry where after_apply_hash == before_hash (a vacuous/idempotent staged mutation). check_rollback_proof did not fire — it only requires before == after_rollback and restored_match, not that the apply actually changed anything.

Classification: NON-BLOCKING hardening gap. It is not a defect in T1's evidence — RB-3's real apply hash 91c520d9… is genuinely distinct from before/after 49c386a9…b734d0 (the P7 pin), so the rollback proof is real. The gap admits no PASS/cert/seal token and no execution/production/fabricated-authorization overclaim. Recommendation: add an after_apply_hash != before_hash check (or an explicit idempotent flag) to check_rollback_proof before the implementation-execution macro, where per-mutation rollback proofs carry production weight.

Summary

• Good data → PASS · T1 20/20 fail-closed · T2 22/22 fail-closed · tamper → no PASS leak.
• Any dangerous class fail-open: NO. Hardening gaps: 1, blocking: 0.