02 — CHECK B: CP-06 Hash Micro-Patch Acceptance

Verdict: CP06_PATCH_ACCEPTED

What CHECK B requires

P-01 H04 evidence-hash dereference, P-02 eight-key H04_SCOPE_V1, P-03 H05/H02 total orders, and P-04 extra-index disposition are accepted.

Cross-validation: T1's reading vs the patch text

Codex re-read the CP-06 patch (…/codex-fix7-cp06-hash-micro-patch-from-t1-proposals-2026-06-07/00..06) and confirms T1's verification matches the patch verbatim. No divergence.

P-01 — H04 evidence-hash dereference — ACCEPTED

• Patch doc 01: reviewer_evidence_hash = signoff_binding.reviewer_evidence_id → evidence_registry.evidence_id → evidence_registry.artifact_sha256; binding_evidence_hash likewise via binding_evidence_id. FK row must resolve; missing evidence invalidates signoff; UUID is never hashed as content.
• T1 verified both *_evidence_id are real uuid NOT NULL FKs with ON DELETE RESTRICT NOT DEFERRABLE, that no *_evidence_hash column exists (the prior contradiction was real), and that the deref is the only coherent resolution. P01_VERIFIED.
• Acceptance: the deref resolves the SHA-256-value-vs-uuid-column contradiction; an implementer can no longer hash the UUID. ACCEPTED.

P-02 — eight-key H04_SCOPE_V1 scope hash — ACCEPTED

• Patch doc 02: domain incomex.qt001.signoff-scope.v1, exactly 8 ordered keys (activation_id, target_manifest_id, plan_content_hash, quorum_profile_id, required_principal_class_id, slot_ordinal, action_id, control_epoch), all from the same signoff_binding row, all required; defines the existing scope_hash sub-payload, not a new top-level contract; H01..H07 remain the exact set.
• T1 mapped all 8 keys 1:1 to real signoff_binding NOT NULL columns (DDL doc 02 rev 2), confirmed the closed set, the canonical JSONB + CP-06 encoding, and consistent consumption by the slot UNIQUE + H04 + RP-06. Stronger than T1's 4-key minimum; answers the open target/plan-inclusion question; adds replay protection. P02_VERIFIED.
• Acceptance: scope composition is byte-pinned and deterministic; RP-06 slot-binding is strengthened. ACCEPTED.

P-03 — H05/H02 membership + total orders — ACCEPTED

• Patch doc 03 pins five aggregates (H02 signoffs; H05 measurements; H05 artifacts; H02 capability hashes; H02 post-activation state) with explicit membership predicates and canonical PK-terminated orders; UTC, COLLATE "C", required order fields NOT NULL, missing/extra fail, empty only when the source set is empty.
• T1 verified each order ends-in or contains the table PK (total order, no ties), membership is scoped/bounded (run_id / control_epoch), tier_id NULLS FIRST is the only nullable order column, and finalized_at is non-NULL within the "finalized runs" membership. P03_VERIFIED.
• Two in-patch corrections (alias target_id → real target_manifest_id; defined "expected verifier set") are improvements within existing runtime-evidence tables, not new surfaces. ACCEPTED.

P-04 — extra-index disposition — ACCEPTED

• Patch doc 04: every extra PK/UNIQUE/FK/CHECK/exclusion/partial/expression/performance index always fails OBJECT_AUTHORITY_IMMUTABLE; no runtime BENIGN_EXTRA_INDEX exemption; a desired index must first become an expected typed #20 INDEX row in a new sealed/quorum manifest version; names/labels/operator judgment cannot exempt it; reuses counted surface #20.
• T1 confirmed this is the strictest disposition, closes the definitional gap, removes a disguised-hardcode/bypass vector, and exceeds the advisory ask. P04_VERIFIED.
• Acceptance: fail-closed for all extras; promotion forced through sealed #20 + quorum. ACCEPTED.

Determination

All four proposals are resolved exactly as the patch states and as T1 verified against the ground-truth DDL. The single FIX7 acceptance gate — "H04/H05/H02 byte-implementable; every sub-payload key resolves to a named table.column" — is MET.

Result: CP06_PATCH_ACCEPTED.