Checkpoint - T1 FIX7 RP Proposal Refinement + Cross-Impact

Date 2026-06-08. Author T1 (production Agent, Agent Data). Mode READ-ONLY production; KB report writes only. Execution mode AUTHOR_MODE_ONLY. Live mutation NO.

Final status: T1_RP_REFINED_PROPOSALS_READY_FOR_CODEX_DESIGN_CORRECTION

Refinement macro after Codex confirmation-only review (T1_RP_PROPOSALS_PARTIAL_REFINE_BEFORE_T1) of T1's residual proposals RP-01..RP-08. T1 stays reviewer; Codex stays design owner and is the only party that edits the design. T1 did NOT edit Codex docs, did NOT implement, did NOT proceed Stage 2.6B.

Boundary held

No production DB/role/grant/trigger/function/scheduler/UI/REAL_RUN/permit/ledger/QT001-apply mutated. No DB object created. No SQL applied. No manifest activated. No ownership/ACL change. No permit opened. Stage 2.6B not advanced. No Codex doc edited. Read path OPEN (corrected package + prior T1 package + law in context; 14 readiness gates + 7 hashes confirmed via KB search).

Codex confirmation reconciled

RP-01 CONFIRMED_BLOCKING; RP-02 CONFIRMED_BLOCKING; RP-03 VALID_BUT_NEEDS_REFINEMENT→REFINED_BLOCKING; RP-04 CONFIRMED_BLOCKING; RP-05 advisory→BLOCKING; RP-06 advisory (refine scope); RP-07 advisory→BLOCKING; RP-08 advisory (refine sealed completeness). After refinement: 6 BLOCKING (01,02,03,04,05,07), 2 ADVISORY (06,08).

Refinement headlines (implementable, no-guess)

• RP-01 REFINED_BLOCKING: enumerated 12 runtime instance/result/evidence tables (signoff_binding; capability_run/measurement/artifact/environment; gate_fact_result; bypass_vector_fact_result; quorum_vote; denied_attempt_evidence; dashboard_export; level_b_packet_execution; post_activation_verifier_state). They are a NON-authority runtime-evidence CATEGORY (owner-only/append-only/hash-bound/exact-set runtime_evidence_object_set) → count stays EXACTLY 27, NO 28th authority surface. Fixes H04/H05/H02 byte-implementability. H06 already satisfied (dependency_manifest+analyzer_run+dynamic_sql_target all defined). Path A byte-DDL or path B downscope+re-audit.
• RP-02 REFINED_BLOCKING: host retention interval/capacity as fields on storage_class_manifest #05 (primary; RP-01 high-vol tables bind storage_class FK) → no new surface; alt = counted retention_policy_manifest #28 (update all "27"→"28").
• RP-03 REFINED_BLOCKING: expected-constraint catalog = expected_constraint_set_sha256 field on authority_scope_manifest #20 (inside counted surface); verify realized vs sealed both-EXCEPT from pg_constraint/pg_index (structural truth, not source-text); dropped deferred-ALTER FK → OBJECT_AUTHORITY_IMMUTABLE fail-closed. Plus one consolidated CREATE+deferred-ALTER order.
• RP-04 REFINED_BLOCKING: reference_contract(exists)+operand_column_contract+structural_literal_class as code_catalog FAMILIES (root surface, family count 16→18 data-driven); exact-set coverage at seal (every catalog-typed FK col/operand-type/numeric-literal has its row else FAIL).
• RP-05 REFINED_BLOCKING: no adapter reads code_catalog_item.item_payload operationally; enforce via manifest adapter_input_contract + SA15/analyzer fail-closed scan over hash-bound source → readiness FAIL.
• RP-06 REFINED_ADVISORY: slot-scoped UNIQUE(activation_id,quorum_profile_id,required_principal_class_id,slot_ordinal) on RP-01 signoff_binding/quorum_vote + manifest-driven separation join principal_separation_manifest must_differ; NOT blanket UNIQUE(activation,human).
• RP-07 REFINED_BLOCKING: code_catalog_item.retired_reason_evidence_id → evidence_registry.evidence_id deferred ALTER (in RP-03 order + expected-constraint set); NULL active / non-NULL must exist (existing CHECK stands).
• RP-08 REFINED_ADVISORY: sealed Directus read-contract (PRIVILEGE_SET #21 SELECT subset + read-pattern) + sealed freshness max_age, both-EXCEPT observed-vs-expected; NOT a hardcoded observation window.

Cross-impact (Supertrack J)

Net new AUTHORITY surfaces 0 (or +1 counted if RP-02 option ii). New readiness gates 0 (14 extended in behavior). New hash contracts 0 (7; flow through manifest_set/control-state). New non-authority runtime-evidence tables ≤12. Edit order: RP-04/05 → RP-01 → RP-06 → RP-02 → RP-07 → RP-03 LAST; RP-08 independent.

Design-level checks (Supertrack K)

ZERO_HARDCODE_REFINED_PROPOSALS_PASS; PG_NATIVE_DRIVEN_REFINED_PROPOSALS_PASS; NO_GUESS_REFINED_PROPOSALS_PASS. No new uncounted surface, no Directus-editable authority, no regex/source-text-as-authority (pg_constraint/pg_index = structural truth; SA15 = fail-closed blocker), no scale risk (control-plane-bounded + time-partitioned evidence; runtime scale evidence operator-gated/pending).

Status flags

Codex should edit design: YES. T1 implementation remains BLOCKED: YES (until 6 blocking RP resolved + re-reviewed). Stage 2.6B/permit/REAL_RUN/QT001-apply remain BLOCKED. Readiness BLOCKED.

GOTCHA

agent-data MCP had a ~60-90s connectivity outage mid-write (timeout then connect-refused); a write that returned "operation timed out" (RP-07 doc 08) had ACTUALLY PERSISTED — verify via list_documents before re-writing to avoid dupes; the connect-refused one (RP-08 doc 09) had NOT persisted and was re-written. Use background sleep + list-probe to ride out the blip (foreground sleep blocked).

Report path

knowledge/dev/reports/architecture/t1-fix7-rp-proposal-refinement-cross-impact-2026-06-07/ (00-readme-first .. 13-final-verdict).

NEXT

Codex edits FIX7 design per refinements (order: RP-04/05→RP-01→RP-06→RP-02→RP-07→RP-03 last; RP-08 anytime) → republish → short T1 re-review → DESIGN_READY_FOR_CODEX_FINAL_APPROVAL → Codex final approval. No implementation before that.