Stage 2.6A-FIX4. Status PARTIAL. Decision STAGE2_6A_FIX4_AUTHORITATIVE_PATH_REPOINTED_NO_LEGACY_BYPASS_READY_FOR_CODEX_REAUDIT. EXECUTION; live mutation YES additive/reversible/birth-neutral; NO apply/permit/trigger/gateway/old-DOT change.

Answers Codex STAGE2_6A_FIX3_FAIL_HARDCODE_OR_BYPASS_STILL_DANGEROUS. Root cause: prior fixes built v3/v6 safe layers but the real authoritative callers (writer/builder/tier-signal/current-plan/signoff) still called v2/v5/old layers, so the new controls were decorative. Codex audits from the writer backward along the live call graph; we had been grading the new guards in isolation.

FIX4 repoints EVERY authoritative caller to one v4 family and installs v_qt001_writer_no_legacy_dependency_guard which reproduces Codex's call-graph audit (scans pg_get_functiondef of the 12 authoritative objects for legacy tokens) and is consumed by the writer, readiness v7, and hardcode guard v5 — so any regression back to a legacy object fails closed automatically.

All 11 blockers reproduced live then 9 FIXED + 2 ROUTED_2_6B. Apply stays BLOCKED. Fresh independent Codex re-audit of FIX4 required before any 2.6B/permit/apply. See 01..14.