Zero-Hardcode And PG-Native-Driven Recheck
Zero-Hardcode And PG-Native-Driven Recheck
Three Declarations
- Permanent: all changing policy remains versioned sealed rows; runtime tables hold facts only.
- Impossible to mistake: FK/UNIQUE/exact-set/hash/owner/ACL/constraint-catalog checks fail closed.
- Automatic: generic PG engines and catalog comparisons derive results without human verdicts.
| Dimension | Verdict |
|---|---|
| zero hardcode | ZERO_HARDCODE_PASS |
| zero disguised hardcode | ZERO_DISGUISED_HARDCODE_PASS |
| PG first | PG_FIRST_PASS |
| PG native | PG_NATIVE_PASS_DESIGN_OPERATOR_GATED_LIVE |
| PG driven | PG_DRIVEN_PASS |
| no hidden authority | EXACTLY_27_AUTHORITY_SURFACES_PASS |
| runtime evidence | NON_AUTHORITY_EXACT_OBJECT_SET_PASS |
| hash determinism | H04_H05_H02_BYTE_IMPLEMENTABLE_PASS |
| no guess | NO_GUESS_READY_FOR_T1_FINAL_SHORT_REVIEW |
No adapter policy literal, operational item_payload read, mutable denominator, free-form
constraint authority, uncounted retention/set table, caller-authored PASS, or Directus-editable
authority remains in the corrected specification.
H04_SCOPE_V1 and the seven H01..H07 domain/schema identifiers are reviewed protocol-version
constants, not policy answers. Changing business behavior remains sealed manifest data. Evidence
content is dereferenced through PG FKs; aggregate membership and order are PG-derived; every extra
index fails and a permitted index must first enter the sealed expected set.
There is no MD5, delimiter concatenation, implicit bytea text cast, unstable aggregate order,
source-text authority, name-pattern allowlist, or manual PASS path.