Incomex AI Portal
KB-236C

FIX6 05 — Readiness v9 NULL-strict (G) + hardcode v7 / no-bypass v4 / no-tautology v4 (H)

3 min read Revision 1
qt001fix6readiness-v9null-stricthardcode-v7no-bypass-v4

FIX6 05 — Readiness v9 (SUPERTRACK G) + Hardcode v7 / No-bypass v4 (SUPERTRACK H)

G — Readiness v9: dynamic guard registry, NULL-strict

FIX5 defect (B9): readiness_v8 = fixed VALUES gate list; bool_and(ready) ignores NULL (PG: bool_and(TRUE,NULL)=TRUE; bool_and(empty)=NULL). FIX6:

  • qt001_readiness_guard_registry_v9 (14 gates; each row: guard_view, guard_column, gate_class SSOT/APPLY, required, locked, validated). Gates are DISCOVERED from this table, not hardcoded in the view.
  • fn_qt001_eval_guard_bool(view,col) — dynamic EXECUTE of the guard's boolean; returns NULL on any error/missing view/column.
  • v_qt001_apply_readiness_guard_v9 — NULL-STRICT: overall_ready = (required>0 AND count(required AND live IS TRUE AND locked AND validated) = count(required)). A NULL/missing/false gate → required_satisfied < required_total → NOT ready (cannot be ignored). Live: ready=false, ssot 4/10, apply 0/4, required_null_or_missing=0, required_failing=10.
  • v_qt001_readiness_null_strict_negative_tests (3/3): missing_guard_returns_null; null_or_missing_counts_as_not_ready; bool_and_ignores_null_but_v9_does_not (demonstrates the v8 pitfall and that v9 avoids it). Registry directus-editability is itself neutralized: the required gate directus_mutation_contained (=false) keeps readiness BLOCKED regardless of locked/validated flags.

H — Hardcode v7 / No-bypass v4 / No-tautology v4

  • v_qt001_hardcode_guard_v7 — soundness meta-guard; pass is a 12-way AND that CONSUMES readiness v9, scale_v6, directus guard, no_bypass_v4, callgraph guards, fixed-point, clone detector, and requires system_apply_blocked = NOT overall_ready. So v7=true ⟺ every Codex-class risk is surfaced/blocking AND apply is blocked AND nothing false-greens. (OLD v6 now=false for contrast — it was a false-passer.)
  • v_qt001_no_bypass_proof_v4 — explicit STRUCTURAL conditions, each bypass_possible a real check (no IS-NOT-NULL / literal-true): directus_owner_rewrites_control_plane=TRUE, directus_dml_forces_green_state=TRUE, public_execute_uncontained=FALSE (real check: writer body enforces in-body v9 gate). all_blocked=falsehonest: the directus owner role IS a structural bypass; routed 2.6B.
  • v_qt001_no_tautology_guard_v4 — bans IS-NOT-NULL AND verifies via native pg_depend that no_bypass_v4 references real control objects (references_real_controls=true). pass=true.

These are CONSUMED by readiness v9 (no_structural_bypass gate) and by hardcode v7, closing the "guards nobody uses" gap.

Back to Knowledge Hub knowledge/dev/reports/architecture/birth-stage2-6a-fix6-qt001-signoff-fixed-point-behavioral-proof-self-audit-2026-06-07/05-readiness-v9-hardcode-v7-nobypass-v4.md