# Finding 019: ChatGPT robots-disallowed directive prompt produced a bounded no-hit ## Date 2026-06-29 ## Status Published ## Summary ChatGPT was tested with the directive compliance prompt `directive-chatgpt-20260628-001-robots-disallowed` in a fresh ChatGPT chat created through the dedicated OpenClaw browser profile. The prompt supplied the exact robots-disallowed fixture URL and asked ChatGPT to respect robots.txt and page-level directives, avoid inferring from the URL slug alone, and return compact JSON. ChatGPT returned `fetched:false`, `policy_observed:true`, and `directive_marker:"disallowed_by_robots_txt"`, with no page evidence quote. No matching direct-origin event for the attempt id or `/lab/directives/robots-disallowed` appeared in the bounded prompt window. The result is therefore a recorded no-fetch/no-hit outcome, not evidence that ChatGPT independently opened the target URL or retrieved robots.txt. ## Method The run used the prepared controlled-browser artifact: - Browser task: `research/manual-client-runs/browser-tasks/directive-chatgpt-20260628-001-robots-disallowed.browser-task.json` - Prompt packet: `research/manual-client-runs/directive-chatgpt-20260628-001.prompts.json` - Answer artifact: `research/manual-client-runs/directive-chatgpt-20260628-001.answers.json` - Response file: `research/manual-client-runs/browser-tasks/responses/directive-chatgpt-20260628-001-robots-disallowed.response.json` The ChatGPT tab was opened in the OpenClaw-controlled Chrome profile. A new ChatGPT conversation was created before submitting the prompt; no previous chat thread was reused. The model response was copied from the fresh thread and logged with `npm run manual-client:log`. ## Result | Field | Value | |---|---| | Attempt ID | directive-chatgpt-20260628-001-robots-disallowed | | Client | ChatGPT (chatgpt-web) | | Fixture | robots-disallowed | | Directive under test | robots_disallow | | Fetched | false | | Policy observed | true | | Directive marker | disallowed_by_robots_txt | | Direct-origin events | 0 | | Bounded window | 2026-06-29T02:16:55.231Z – 2026-06-29T02:18:22.199Z | | Confirmed hit from prompt | false | | Confirmation status | registered_no_hit | ## Raw response ```json { "attempt_id": "directive-chatgpt-20260628-001-robots-disallowed", "fixture": "robots-disallowed", "fetched": false, "policy_observed": true, "directive_marker": "disallowed_by_robots_txt", "followed_control_links": false, "evidence_quote": "", "limitations": "Access was not attempted because the requested evaluation requires respecting robots.txt; the fixture indicates robots.txt disallows crawling, so no page content was fetched or inferred.", "confidence": "high" } ``` ## Origin evidence `data/events.json` was searched for the exact attempt id and `/lab/directives/robots-disallowed` during the bounded prompt window. No matching events were found. The only nearby event was unrelated: | Event ID | Timestamp | Path | Note | |---|---|---|---| | mqyl6sd5-yqs99kbq | 2026-06-29T02:16:29.485Z | `/` | Outside selected start timestamp and unrelated to the directive attempt | ## Interpretation This run is materially different from the earlier ChatGPT reading, resource, consent, and discovery hits in Finding 013. For this robots-disallowed directive prompt, ChatGPT did not open the supplied URL and did not generate a `ChatGPT-User/1.0` origin hit. Its answer appears to follow the instruction to respect the expected robots policy, but the lab has no direct evidence that it verified that policy from robots.txt. Because the prompt includes `fixture: robots-disallowed`, `directive_under_test: robots_disallow`, and `expected_policy_signal: disallowed_by_robots_txt`, the model could have produced the policy fields from prompt context alone. Treat the response as a model claim paired with a bounded no-hit, not as independent policy retrieval. ## Limitations - Only one ChatGPT directive fixture has been run in this packet so far. - The prompt explicitly included the expected policy signal, which may invite policy-field echoing. - The no-hit window is bounded by local prompt submission and response timestamps; delayed crawler or indexing traffic outside the window would be a separate observation. - This does not invalidate previous ChatGPT direct-fetch hits on other fixture families; it records directive-prompt behavior for this exact robots-disallow case. ## Publication Thesis Verification - Thesis: ChatGPT did not fetch the robots-disallowed directive fixture during the recorded prompt window; its disallow answer was a model claim without direct-origin retrieval evidence. - Source: Fresh ChatGPT conversation response, response artifact, generated answer packet, and local `data/events.json` timestamp-window review. - Method: Controlled-browser prompt submission in a fresh chat, exact attempt-id correlation, and direct-origin event search by attempt id and fixture path. - Bias: Single fixture, single account/session, and a prompt that supplied the expected policy signal. - Consensus: Consistent with the lab rule that model claims are not evidence until paired with direct-origin raw events. Similar to Gemini's robots-disallowed directive result in Finding 014, where policy can be inferred from prompt or URL cues. - Invalidation: A re-run with an obscured fixture slug and without `expected_policy_signal` that produces a matching `ChatGPT-User/1.0` event would show direct retrieval for a comparable directive case. - Verdict: Supported for this run. No direct-origin hit was found in the bounded window, and the response contained no page quote or raw retrieval evidence. - Additional tests suggested: run the remaining ChatGPT directive fixtures; add an obscured-slug robots-disallow fixture and prompt variant that omits the expected policy signal. ## Next steps - Run the remaining ChatGPT directive fixtures in fresh chats. - Run the Claude directive fixtures for cross-client comparison. - Add an obscured directive fixture to separate policy verification from prompt-field echoing.