06 — Hardcode Guard v6 (consumes structural callgraph + behavioral evidence)

v_qt001_hardcode_guard_v6 aggregates ONLY structural/behavioral controls (no manual inventory, no source-text-only diagnostics as authority): no_legacy_dependency (authoritative_legacy_dependency_guard), no_legacy_planner, planner_v2_sentinel_only, null_fingerprint_strict (v5), fingerprint_sensitive, capability_behavioral (no-function-exists), capability_neg_tests, no_tautology, current_plan_v5, no_v5_plan_hash, identities_controlled, tier_signal_v5_only, block_rule_fail_closed. LIVE pass=true.

v_qt001_hardcode_guard_v6_negative_tests — REAL proofs it would catch the FIX4 defects (read pg_get_viewdef of the guards):

• consumes_structural_callgraph_guard (def references authoritative_legacy_dependency_guard)
• consumes_no_legacy_planner_guard
• consumes_behavioral_capability_guard
• consumes_no_tautology_guard
• legacy_guard_fail_closed_on_unclassified (legacy guard def contains UNCLASSIFIED)
• planner_v2_currently_unreachable (roots_reaching_planner_v2=0) All pass.

This is the structural answer to "why Codex sees it and T1 doesn't": the guard is now wired to the same recursive callgraph closure Codex would compute, and fails closed on legacy/unclassified reach + on any false/tautological proof.