# Finding 022: ChatGPT robots-allowed directive prompt produced a bounded no-hit

## Date

2026-06-29

## Status

Published

## Summary

ChatGPT was tested with the directive compliance prompt
`directive-chatgpt-20260628-001-robots-allowed` in a fresh ChatGPT chat
created through the dedicated OpenClaw browser profile. The prompt supplied the
exact robots-allowed fixture URL and asked ChatGPT to open it only if browsing
was supported, while respecting robots.txt and page-level robots directives.

ChatGPT returned `fetched:false`, `policy_observed:true`, and
`directive_marker:null`. Its limitation text said the page could not be
retrieved in the current browsing environment, so robots.txt or page-level
directives could not be verified. No matching direct-origin event for the exact
attempt id, `/lab/directives/robots-allowed`, or `/robots.txt` appeared in the
bounded prompt window. The result is therefore a recorded no-fetch/no-hit
outcome, not evidence that ChatGPT independently checked the allowed robots
policy or opened the target page.

## Method

The run used the prepared controlled-browser artifact:

- Browser task:
  `research/manual-client-runs/browser-tasks/directive-chatgpt-20260628-001-robots-allowed.browser-task.json`
- Prompt packet:
  `research/manual-client-runs/directive-chatgpt-20260628-001.prompts.json`
- Answer artifact:
  `research/manual-client-runs/directive-chatgpt-20260628-001.answers.json`
- Response file:
  `research/manual-client-runs/browser-tasks/responses/directive-chatgpt-20260628-001-robots-allowed.response.json`

A new ChatGPT tab was opened at `https://chatgpt.com/` in the
OpenClaw-controlled Chrome profile. The page showed the fresh empty composer
with "Ready when you are." before the prompt was submitted; no previous thread
was reused. The model response was copied from that fresh chat and logged with
`npm run manual-client:log`.

## Result

| Field | Value |
|---|---|
| Attempt ID | directive-chatgpt-20260628-001-robots-allowed |
| Client | ChatGPT (chatgpt-web) |
| Fixture | robots-allowed |
| Directive under test | robots_allow |
| Fetched | false |
| Policy observed | true |
| Directive marker | null |
| Direct-origin events | 0 |
| Bounded window | 2026-06-29T05:15:28Z - 2026-06-29T05:17:49Z |
| Confirmed hit from prompt | false |
| Confirmation status | registered_no_hit |

## Raw response

```json
{
  "attempt_id": "directive-chatgpt-20260628-001-robots-allowed",
  "fixture": "robots-allowed",
  "fetched": false,
  "policy_observed": true,
  "directive_marker": null,
  "followed_control_links": false,
  "evidence_quote": null,
  "limitations": "The requested page could not be retrieved in my current browsing environment, so I could not verify robots.txt or page-level robots directives for the target URL.",
  "confidence": "low"
}
```

## Origin evidence

Local `data/events.json`, `data/events/2026-06-29.ndjson`, and `/api/hits`
were searched for the exact attempt id, `/lab/directives/robots-allowed`, and
`/robots.txt` during the bounded prompt window. No matching events were found.

The search found earlier unrelated `/robots.txt` events from other agents and
sessions, but none occurred in the `2026-06-29T05:15:28Z` to
`2026-06-29T05:17:49Z` window or carried the ChatGPT robots-allowed attempt id.

## Interpretation

ChatGPT did not fetch the supplied robots-allowed fixture in this run. This
contrasts with Finding 019, where the same refreshed ChatGPT directive packet
returned a robots-disallowed policy marker without direct-origin retrieval.
Together, the two runs show that ChatGPT's current directive prompt behavior
can produce no-fetch answers for both allowed and disallowed fixtures; the
allowed case did not demonstrate independent robots policy verification.

Because the prompt included `fixture: robots-allowed`,
`directive_under_test: robots_allow`, and
`expected_policy_signal: allowed_by_robots_txt`, the model could infer the
test context from prompt fields. Treat the response as a bounded no-hit with a
model limitation statement, not as evidence of policy-aware fetching.

## Limitations

- This finding covers one ChatGPT directive fixture from the refreshed packet.
- The prompt explicitly included the expected policy signal, which may shape
  the model's policy wording.
- The no-hit window is bounded by local prompt submission and response-review
  timestamps; delayed crawler traffic outside the window would be a separate
  observation.
- The response reports that the current browsing environment could not retrieve
  the page, so this is a client/tool availability result for this turn as much
  as a directive fixture result.

## Publication Thesis Verification

- Thesis: ChatGPT did not fetch the robots-allowed directive fixture during the
  recorded prompt window; its answer was a no-fetch model response without
  direct-origin retrieval evidence.
- Source: Fresh ChatGPT conversation response, response artifact, generated
  answer packet, and local event review across `data/events.json`,
  `data/events/2026-06-29.ndjson`, and `/api/hits`.
- Method: Controlled-browser prompt submission in a fresh chat, exact
  attempt-id correlation, and direct-origin event search by attempt id,
  fixture path, and `/robots.txt`.
- Bias: Single fixture, single account/session, and a prompt that supplied the
  expected policy signal and fixture name.
- Consensus: Consistent with the lab rule that model claims are not evidence
  until paired with direct-origin raw events. It complements ChatGPT Finding
  019 and Gemini Finding 014 by showing a robots-allowed no-fetch case.
- Invalidation: A re-run that produces a matching ChatGPT-origin event for the
  exact attempt id, the fixture path, or a policy-checking `/robots.txt` hit
  during the prompt window would show direct retrieval for a comparable allowed
  directive case.
- Verdict: Supported for this run. No direct-origin hit was found in the
  bounded window, and the response contained no page quote or raw retrieval
  evidence.
- Additional tests suggested: run the remaining ChatGPT directive fixtures and
  add an obscured-slug robots-allow fixture that omits the expected policy
  signal.

## Next steps

- Run the remaining ChatGPT directive fixtures in fresh chats.
- Compare this robots-allowed result against Claude and Gemini directive runs.
- Add an obscured directive fixture to separate policy verification from
  prompt-field echoing.