CF-M1 Health-only WorkerEvidence sample

Codex Control health-only route matrix

This page records the health-only Worker evidence boundary. Worker source validation passed locally, but unauthenticated route probes reached Cloudflare Access before Worker JSON.

Receipt

ProjectCodex Control
MilestoneCF-M1_DEPLOYMENT_RECEIPT_AND_ROUTE_MATRIX_SEAL
Viewer milestoneCF-M2_STATIC_EVIDENCE_VIEWER
Commit SHA7d66dd9ac77cbbcfdeacfd258b063e0dd0d0d272
Worker source sha256c05d273d24f5d8ae03db9f314a9ea5f1748ca61ff45a2b4b031729f2c4f23dfc
Config sha25630e8b28a9e6fa7fc055947d96498143cc2f836b4deaa31bb9d0041fab4d738bf
Validation commandpytest tests/test_cloudflare_worker_contract.py and full pytest suite in codex-control
PASS/FAIL gateFAIL_ACCESS_LAYER_BLOCKS_PUBLIC_ROUTE_MATRIX

Route matrix summary

Expected behaviorHealth-only Worker
Routes checked5 total
Passed0/5 routes passed
Access redirects5/5 Access redirects
VerdictFAIL_ACCESS_LAYER_BLOCKS_PUBLIC_ROUTE_MATRIX

Non-claims

Evidence caveat

All unauthenticated terminal probes returned Cloudflare Access 302 redirects before Worker JSON. This confirms the current external validation surface is Access-protected and should not be reported as unauthenticated public Worker availability.

Next milestone

CF-M3_R2_ARTIFACT_MANIFEST_VIEWER: add a manifest-backed artifact index only after static viewer validation remains clean and the public evidence boundary is reviewed.