CHECK F — Feasibility / Scale Final Acceptance
06 — CHECK F: Feasibility / Scale Final Acceptance
Verdict: FEASIBILITY_SCALE_FINAL_ACCEPTED
What CHECK F requires
Feasible on PG16.13 + pgcrypto; object-count-independent; no hot-path full scan; no row-by-row apply path; no unbounded hash over runtime object data; no unbounded dependency recursion; no production-blocking locks; rollback returns safe-blocked state; implementation can proceed later without guessing, after explicit authorization.
Evidence (T1 doc 08)
| Check | Finding | Result |
|---|---|---|
| Implementable on PG16.13 + pgcrypto | SHA-256 (pgcrypto digest), canonical jsonb, standard DDL / range partitioning / typed DOMAINs (qt001_cp.sha256, positive_bigint, nonnegative_bigint) |
ACCEPTED |
| Object-count-independent | hashes are over bounded membership (per run / per epoch), not over all objects | ACCEPTED |
| No hot-path full scan | membership scoped by run_id / control_epoch on FK columns; PK-terminated orders |
ACCEPTED |
| No row-by-row apply path introduced | micro-patch is hash-spec only; no new apply path | ACCEPTED |
| No unbounded hash over runtime object data | aggregates bounded by sealed requirement sets / ACTIVE required capabilities / per-epoch activations | ACCEPTED |
| No unbounded dependency recursion | none | ACCEPTED |
| No production-blocking locks | READ-ONLY; nothing applied | ACCEPTED |
| Retention/partitioning coherent | 7 high-volume event/result tables range-partitioned on immutable event time from sealed storage-class; identity anchors unpartitioned for stable inbound FK identity | ACCEPTED |
| Rollback returns safe-blocked state | new version / append-only; consolidated reverse order; all live steps remain blocked | ACCEPTED |
| Implementation can proceed later without guessing | every H04/H05/H02 sub-payload key, membership predicate, and order column resolves to a named table.column (DDL-grounded) | ACCEPTED |
On the P-04 fail-closed operational cost
Adding a performance index requires a sealed #20 manifest-version bump + quorum. T1 and Codex agree this is a deliberate operational trade-off for an immutable authority surface — a cost, not a scale risk. ACCEPTED.
Determination
The design is feasible on the target stack, object-count-independent, free of hot-path scans / row-by-row apply / unbounded hashing or recursion / blocking locks, rolls back to a safe-blocked state, and is byte-grounded enough that the later (separately authorized) implementation-planning phase can proceed without guessing.
Result: FEASIBILITY_SCALE_FINAL_ACCEPTED.