status(redfix): harden B-redfix-8 close-criteria — e3b0c44298fc1c14 is the empty-input tell, not a rotation

Wake #39 (2a61c09) carried no VETO/finding/inbox and nothing to advance, but it did surface a
false-close hazard in STATUS's own operator instructions: "A different digest => rotated => close
B-redfix-8" licensed closing an open HIGH public-credential exposure on a broken probe.

/srv/cc-ci/.testenv lives on the ORCHESTRATOR, not cc-ci. Run over `ssh cc-ci` the sentinel command
hashes empty input and prints sha256("")[:16] = e3b0c44298fc1c14 — a different digest with no rotation.

STATUS now states where to run the probe, names e3b0c44298fc1c14 as the empty-input tell that must NOT
close the item, and disambiguates the three conflated digests: 3fcea78925015fc9 = sha256(credential
value) = the only rotation sentinel; 1994fd8d… = sha256(whole served blob), immutable; e3b0c44298fc1c14
= sha256(empty), a broken probe. Also records the exposure is now confirmed at VALUE level (the live
push-capable password appears verbatim in the public body), stronger than prior blob-equality.

Verified independently before writing: printf '' | sha256sum => e3b0c442…; ssh cc-ci ls .testenv =>
absent; orchestrator sentinel => 3fcea78925015fc9 (still UNROTATED).

Terminal condition unchanged: ## DONE, M1+M2 PASS, no VETO. B-redfix-8 stays OPEN/HIGH/operator-only.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01M7ZrNUJscccinFq5CM5VmP
This commit is contained in:
2026-07-09 07:35:20 +00:00
parent 2a61c09503
commit 697959daa3
2 changed files with 52 additions and 2 deletions

View File

@ -1631,3 +1631,41 @@ verdict change: M1+M2 PASS stand, `## DONE` stands, no VETO. B-redfix-8 stays OP
I cannot rotate a Class-A1 input (§4.4) and cannot rewrite published history (`--force` forbidden), so
rotation by the operator is the only thing that revokes the exposure. `main.go` still untracked, still not
mine to delete. Loop stops again.
## Builder wake — 2026-07-09, watchdog ping on `review(redfix)` wake #39 (`f65dfe7`)
Pulled and read the verdict. **Nothing to advance:** no standing VETO (the sole `## VETO` heading is the
CLEARED F-redfix-4), no new finding, no `BUILDER-INBOX.md`, no gate CLAIMED, `## DONE` intact, M1+M2 PASS.
Wake #39 is a re-confirmation, not a verdict against me.
**But it exposed a false-close hazard in my own STATUS text**, so the ping was not a no-op. STATUS said,
flatly: "A different digest ⇒ rotated ⇒ close B-redfix-8." The Adversary then documented that a probe run
over `ssh cc-ci` cannot open `/srv/cc-ci/.testenv` (it lives on the **orchestrator**), hashes empty input,
and prints `e3b0c44298fc1c14`*a different digest, with no rotation*. My own instructions therefore
licensed closing an open HIGH public-credential exposure on the strength of a broken probe. Given that a
rebooted loop or the operator reads STATUS (not REVIEW) for the remedy, that is a live risk of silently
declaring a still-live, push-capable, publicly-served credential "inert."
Verified all three digest claims myself before writing them down (no "should work"):
$ printf '' | sha256sum | cut -c1-16
e3b0c44298fc1c14 # the empty-input tell
$ ssh cc-ci 'ls /srv/cc-ci/.testenv'
ls: cannot access '/srv/cc-ci/.testenv': No such file or directory # absent on cc-ci, as claimed
$ python3 -c '...sha256(GITEA_PASSWORD)[:16]...' # on the orchestrator
3fcea78925015fc9 # still UNROTATED
So STATUS now (a) says where to run the probe, (b) names `e3b0c44298fc1c14` as the empty-input tell that
must NOT close the item, (c) disambiguates the three digests that have been conflated twice now
(value sentinel `3fcea789…`, whole-blob `1994fd8d…`, empty `e3b0c442…`), and (d) records that the exposure
is confirmed at *value* level — the live push-capable password appears verbatim in the public body, which
is a stronger claim than the blob-equality prior wakes established.
This is the one edit worth making. I did **not** manufacture a re-confirmation commit: the phase is
terminal and re-asserting an unchanging state on a 10-minute cadence is the churn both loops stood down
from. B-redfix-8 stays OPEN/HIGH/operator-only; sole close path is a *correctly computed* sentinel that
differs from `3fcea78925015fc9`.
**Unrelated, surfaced not touched:** an untracked `main.go` (281 B, Go hello-world HTTP server on :8080)
sits at the repo root of this clone. Not mine, foreign to this Nix repo, absent from git and from
`origin/main`. Left in place — not committed (would pollute the repo), not deleted (not mine to destroy).

View File

@ -40,12 +40,24 @@ must equal object size):
An unauthenticated fetch of the raw URL returning **HTTP 200 / 33408 bytes** is the leak, not an error page.
**HOW to confirm it is still the live credential** (commits to the value without republishing it):
**HOW to confirm it is still the live credential** (commits to the value without republishing it).
Run this **on the orchestrator**`/srv/cc-ci/.testenv` lives there, **not** on `cc-ci`:
python3 -c 'import hashlib,re;v=re.search(r"^GITEA_PASSWORD=(.*)$",open("/srv/cc-ci/.testenv").read(),re.M).group(1).strip().strip(chr(34)).strip(chr(39));print(hashlib.sha256(v.encode()).hexdigest()[:16])'
**EXPECTED.** Prints `3fcea78925015fc9` while still unrotated. **A different digest ⇒ rotated ⇒ `14c7dee`
is inert ⇒ close B-redfix-8.**
is inert ⇒ close B-redfix-8***but only if the probe was sound.* Two known-bad probes yield a different
digest without any rotation, and must NOT be used to close this item:
- **`e3b0c44298fc1c14` is the empty-input tell, not a rotation.** Running the command over `ssh cc-ci`
fails to open `.testenv`, hashes the empty string, and prints `sha256("")[:16]` = `e3b0c44298fc1c14`
(check: `printf '' | sha256sum`). Fix the probe; do not close B-redfix-8.
- **Do not conflate the three digests.** `3fcea78925015fc9` = sha256(credential *value*)[:16] — the only
rotation sentinel. `1994fd8d…` = sha256(the whole served *blob*) — immutable, changes never.
`e3b0c44298fc1c14` = sha256(empty) — a broken probe.
Exposure confirmed at **value level** (Adversary, 2026-07-09T07:34Z): the currently-valid, push-capable
password appears **verbatim** in the publicly served body, not merely "a blob that once held a secret."
**REMEDY (operator).** Rotate the Gitea bot password, then update `/srv/cc-ci/.testenv`. The credential is a
Class-A1 external infra input (plan §4.4) — the Builder must not rotate or invent it. History rewrite is not