gate: item python#15 RC_ORACLE production-leak standing assertion

SonicField · SonicField · commit 9cbf41370802 · 2026-04-21T20:14:12.000-07:00
Per supervisor 2026-04-22 03:06:55Z + theologian 03:07:12Z + pythia python#58: push 44 introduces the W3 R4 oracle dispatcher in compiler.cpp behind #ifdef RC_ORACLE. The push-44 nm production-binary check is one-shot — need a STANDING gate assertion so future compiler.cpp edits cannot silently leak RC_ORACLE dispatch into production. Failure mode caught: Any future commit that drops, inverts, or accidentally hard-defines the #ifdef RC_ORACLE guard would leak the C++ rc_oracle dispatch path (linked from libphoenix_rc_oracle.a) into the production python binary. Without this assertion, the leak is invisible until the next manual nm audit. Same silent-failure class as the cp-||-true loophole (catch python#4, push 38) — accepted bad state silently. Implementation (5 LOC after BINARY_MATCH (clean) ✓): RC_ORACLE_LEAK=$(nm $PYTHON | grep -c 'rc_oracle') if [ $RC_ORACLE_LEAK -ne 0 ]; then echo BINARY_RC_ORACLE_LEAK_DETECTED ... exit 1 fi echo BINARY_RC_ORACLE_OK: production binary clean (0 rc_oracle symbols) Verbatim wording per gatekeeper item python#15 (03:07:25Z): - PASS: 'BINARY_RC_ORACLE_OK: production binary clean (0 rc_oracle symbols)' - FAIL: 'BINARY_RC_ORACLE_LEAK_DETECTED' + FATAL + exit 1 - Mirrors BINARY_DIRTY discipline (catch silent failure structurally) Verification (compile-clean pre-commit): bash -n scripts/gate_phoenix.sh: SYNTAX OK Inserted at line 120 (immediately after BINARY_MATCH block at line 119). Bundled into push 44 (rather than standalone push 45) because the dispatcher lands in this push — the leak-check guards it from day 1 instead of leaving a one-push window where item python#15 isn't enforced. Push 44 batch grows 3 → 4 commits: THIS COMMIT — gate item python#15 (RC_ORACLE leak assertion) 63568c0 — W3 Step 5 expansion (4 injection classes + invariant python#7) 4f591a1 — W3 Step 5 v1 (rc_oracle_self_test.sh) a99db92 — W3 Steps 1-4 (scratch lib + dispatcher) ABBA cap usage: 17 → 18 (4 commits this push).
diff --git a/scripts/gate_phoenix.sh b/scripts/gate_phoenix.sh
@@ -118,6 +118,23 @@ if echo "$GATE_BINARY_LONG_VERSION" | grep -q -- "-dirty"; then
 fi
 echo "BINARY_MATCH: gate binary reports $COMMIT_HASH (clean) ✓" | tee -a "$RESULTS_FILE"
 
+# Step 1a-2: RC_ORACLE production-leak check (gatekeeper item #15)
+# Per supervisor 2026-04-22 03:06:55Z + theologian 03:07:12Z + pythia #58:
+# the W3 R4 oracle dispatcher in compiler.cpp is #ifdef RC_ORACLE guarded.
+# Production builds MUST contain ZERO rc_oracle symbols. A standing assertion
+# in the gate transcript catches the silent failure mode where a future
+# compiler.cpp edit accidentally drops or inverts the #ifdef guard, leaking
+# RC_ORACLE dispatch into production undetectably. Mirrors BINARY_DIRTY
+# discipline — catch silent failures structurally, not via memory.
+RC_ORACLE_LEAK=$(nm "$PYTHON" 2>/dev/null | grep -c 'rc_oracle' || echo 0)
+RC_ORACLE_LEAK=$(echo "$RC_ORACLE_LEAK" | tr -d '[:space:]')
+if [ "${RC_ORACLE_LEAK:-0}" -ne 0 ]; then
+    echo "BINARY_RC_ORACLE_LEAK_DETECTED: production binary contains $RC_ORACLE_LEAK rc_oracle symbols" | tee -a "$RESULTS_FILE"
+    echo "FATAL: RC_ORACLE leaked into production build (review #ifdef RC_ORACLE guards in Python/jit/compiler.cpp)" | tee -a "$RESULTS_FILE"
+    exit 1
+fi
+echo "BINARY_RC_ORACLE_OK: production binary clean (0 rc_oracle symbols)" | tee -a "$RESULTS_FILE"
+
 # Step 1b: _reg usage policy gate (no-FS DeoptBase factories banned in simplify_c.c)
 echo "" | tee -a "$RESULTS_FILE"
 echo "--- Step 1b: _reg Usage Policy ---" | tee -a "$RESULTS_FILE"
