Incomex AI Portal
KB-4C44

Codex FIX7 Legacy Disposition Amendment - Chosen Amendment

3 min read Revision 1
fix7codexdesign-amendmentchosenoption-beta

04 - Chosen Amendment

Owner ruling

Option Beta replaces the legacy-disposition concept in FIX7.

Removed from load-bearing design

  • Five-value disposition enum and any typed/untyped equivalent.
  • LEGACY_* #20 semantics.
  • Computed disposition, truth table, classifier, CASE branch, or external-artifact policy.
  • STUB_FAIL_CLOSED, legacy body mutation, and body-restore source.
  • DO_NOT_TOUCH subtraction from U_legacy.
  • Policy branching by relkind, prokind, object name, owner, pattern, or descriptive label.

Required uniform reconciliation

For exact U_legacy = closure(#11, roots=#20 protected_target rows bound to the candidate manifest):

  1. Prove the root set and analyzer output are sealed, exact, fresh, and fail closed on unsupported/dynamic/unresolved edges.
  2. Prove no unapproved exception/subtraction was applied.
  3. Capture the unique S14 owner/ACL rollback snapshot through existing manifest_activation.rollback_evidence_id.
  4. Transfer ownership of every supported member to approved qt001_cp_owner using structural adapters only.
  5. Reconcile every relevant principal/object privilege to exact sealed #21 rows using both-EXCEPT closed-world comparison. Absence is authoritative only because #21 is complete, sealed, expected-count/hash bound.
  6. Do not alter object bodies or definitions.
  7. Fail closed on unsupported object class, protected-boundary collision, incomplete #21 coverage, analyzer uncertainty, privilege mismatch, or rollback-evidence failure.

Guard contract

T1 must update existing legacy guards and may add verification guards, but this creates zero readiness gates and zero hash contracts:

  • G-LEGACY-TARGET-CLOSED-DENOMINATOR: exact #20 roots plus #11 closure; no manual exclusion; both-EXCEPT.
  • G-LEGACY-TARGET-SEALED: exact manifest binding/count/hash/fresh analyzer evidence.
  • G-LEGACY-UNIFORM-NEUTRALIZATION: every member has approved owner, unchanged definition hash, and exact #21 effective privileges.
  • G-LEGACY-NO-DISPOSITION-AUTHORITY: no enum, LEGACY_*, disposition field/rule/payload, label-driven branch, or STUB path.
  • G-NOLEGACY-POST: verifies the exact post-state and remains fail closed.
  • Existing G-OWNER-UNREACHABLE, G-SUPERUSER-BREAKGLASS, rollback, no-mixed-authority, and seal-order guards remain required.

Guard implementation may dispatch by PG object class only for syntax mechanics. All classes must converge to the same policy end-state.

Back to Knowledge Hub knowledge/dev/reports/architecture/codex-fix7-legacy-disposition-design-amendment-2026-06-08/04-chosen-amendment.md