Codex Control health-only route matrix
This page records the health-only Worker evidence boundary. Worker source validation passed locally, but unauthenticated route probes reached Cloudflare Access before Worker JSON.
Receipt
ProjectCodex Control
MilestoneCF-M1_DEPLOYMENT_RECEIPT_AND_ROUTE_MATRIX_SEAL
Viewer milestoneCF-M2_STATIC_EVIDENCE_VIEWER
Commit SHA7d66dd9ac77cbbcfdeacfd258b063e0dd0d0d272
Worker source sha256c05d273d24f5d8ae03db9f314a9ea5f1748ca61ff45a2b4b031729f2c4f23dfc
Config sha25630e8b28a9e6fa7fc055947d96498143cc2f836b4deaa31bb9d0041fab4d738bf
Validation commandpytest tests/test_cloudflare_worker_contract.py and full pytest suite in codex-control
PASS/FAIL gateFAIL_ACCESS_LAYER_BLOCKS_PUBLIC_ROUTE_MATRIX
Route matrix summary
Expected behaviorHealth-only Worker
Routes checked5 total
Passed0/5 routes passed
Access redirects5/5 Access redirects
VerdictFAIL_ACCESS_LAYER_BLOCKS_PUBLIC_ROUTE_MATRIX
Non-claims
- No gateway.
- No Access or JWT gateway implementation.
- No Tunnel.
- No token handling in Worker.
- No MCP exposure.
- No local file exposure.
- No runtime-control exposure.
- Not production gateway readiness.
- This is not a public route-matrix PASS.
Evidence caveat
All unauthenticated terminal probes returned Cloudflare Access 302 redirects before Worker JSON. This confirms the current external validation surface is Access-protected and should not be reported as unauthenticated public Worker availability.
Next milestone
CF-M3_R2_ARTIFACT_MANIFEST_VIEWER: add a manifest-backed artifact index only after static viewer validation remains clean and the public evidence boundary is reviewed.