FIX6 08 — Self-Codex-audit + independent adversarial confirm (SUPERTRACK J)

The macro's central new discipline: run a Codex-style self-audit AFTER implementing and BEFORE reporting; fix any fail in-macro and re-run; do not report PASS/PARTIAL until the internal audit passes.

Internal self-audit

v_qt001_fix6_self_audit.self_audit_pass = TRUE — a 13-way AND of independently-derived flags: all_findings_handled(B1..B10)=t · must_not_proceed=t · hardcode_v7_sound=t · capability_no_false_green=t · callgraph_no_regex_authority=t · no_tautology=t · signoff_identity_ok=t · fixed_point_ok=t · readiness_null_strict_ok=t · signoff_neg_ok=t · capability_neg_ok=t · readiness_blocked=t · scorecard_verdict='PG_NATIVE_DRIVEN_PARTIAL_BLOCKED'.

T1 found + fixed 2 of its OWN defects in-macro (then re-ran self-audit)

1. no_bypass_v4 awkward literals — the "contained" vectors used ... AND NOT true / NOT(pass)=false, which read like disguised placeholders Codex would flag. Replaced with a real structural derivation: public_execute_uncontained = (public open) AND NOT (writer body contains the in-body readiness-v9 gate) → evaluates false because the writer genuinely enforces it. Re-ran: self_audit_pass stayed true, no_tautology true.
2. false_green_guard tautology — pass was un-falsifiable (satisfied is defined to require evidence, so "satisfied without evidence" can never be non-zero). Rewritten to a falsifiable invariant: with 0 verified evidence rows, NO capability may be satisfied (pass would be FALSE otherwise); switches to per-row evidence check once evidence exists. Re-ran: self_audit_pass true.

Independent adversarial read-only audit (subagent, Codex-style)

A separate read-only auditor was tasked to BREAK the guards (find false-green/false-pass/circular/tautology/source-text-authority/NULL-ignoring). Verdict: CONFIRM_SELF_AUDITED_PARTIAL_BLOCKED. All 10 claims PASS with quoted query evidence:

• content_hash pg_depend has NO signoff tables; control_hash does.
• writer EXECUTE path provably reaches readiness-v9/unclassified/content-hash/signoff-v6 before any permit/INSERT; dry-run returns first.
• hardcode_v7 AND includes system_apply_blocked → cannot pass while ready.
• no authoritative guard reaches the regex callgraph (authoritative_guards_reaching_regex=0).
• production no-worse (all counters 0; tga=129; gateway ok).
• No literal true AS in the FIX6 scorecard. It surfaced (not defects): plan_v5 is still a clone (honestly blocked, 2.6B re-author), native function-callgraph impossible in 2.6A (honestly blocked), and directus-owns-everything as the highest-leverage 2.6B work. The one actionable item (false_green tautology) had already been fixed above.

Residual known limitations (documented, not hidden)

• v_qt001_callgraph_no_regex_authority_guard uses hardcoded VALUES lists of authoritative + regex views (correct now; not self-extending — a future new authoritative consumer must be added to the list). 2.6B hardening note.
• locked/validated flags on the readiness registry are advisory (the registry is directus-editable); the REAL lock is the directus_mutation_contained required gate (=false) which keeps readiness blocked regardless.