06 - CP-05 Sealed Thresholds For Gates, Vectors, And Capabilities

No adapter/function/CHECK may contain a numeric policy literal. Structural literals such as zero, one populated operand, and SHA-256 byte length are allowed only where they define datatype shape, not readiness policy.

No new threshold child/table is introduced. Threshold authority uses the existing exact 27 contracts, preventing a hidden 28th authority surface.

Exact Authority Sources

Threshold/denominator	Existing sealed authority field
gate freshness	readiness_gate_manifest.max_age_seconds
vector freshness	bypass_vector_manifest.max_age_seconds
capability freshness	capability_manifest.max_age_seconds
performance/count/hash/boolean requirement	typed operand columns of capability_measurement_requirement
required artifact/run/page/checkpoint count	capability_artifact_requirement.minimum_count or typed measurement operand
readiness denominator	ACTIVE READINESS_GATE manifest_set.expected_item_count
bypass denominator	ACTIVE BYPASS_VECTOR manifest_set.expected_item_count
hash component/contract denominator	ACTIVE HASH_COMPONENT manifest_set.expected_item_count plus exact component set
quorum required count	quorum_requirement_manifest.required_count; no literal CHECK
approval age/deadline	activation_policy_manifest.approval_max_age_seconds and post_activation_deadline_seconds
analyzer freshness	analyzer_contract_manifest.max_age_seconds
workload size/collision count	workload_profile_manifest.row_count/collision_row_count
retention interval/partition capacity	storage_class_manifest.retention_interval_seconds/partition_capacity_rows
Directus observation freshness	privilege_set_manifest.observation_max_age_seconds on sealed Directus SELECT read-contract rows

Every threshold-bearing row is owner-controlled, versioned, exact-set sealed, item/payload SHA-256-bound, activation-quorum-bound, and included in relevant readiness/plan/control hashes. Directus/PUBLIC cannot edit it. Threshold provenance is the activation/evidence chain of its manifest and the item's source evidence hash.

Adapter Rule

Adapters receive facts only. Generic rule evaluation joins the active required row, resolves its sealed operator/type/unit/operand, and evaluates it. Adapter source may contain structural numbers needed by PostgreSQL syntax or datatype validation, but no number that decides readiness, capability, bypass, quorum, freshness, or eligibility.

Numbers written in design documents are seed explanations only. Runtime code never compares against document numbers.

Enforcement And Tests

SA15 parses hash-bound adapter/function definitions and fails any numeric literal not classified by an exact ACTIVE structural_literal_class catalog item. The dependency analyzer compares observed adapter input-column edges to the sealed expected dependency_manifest edge set in both EXCEPT directions. Any operational read of code_catalog_item.item_payload, unclassified numeric literal, or undeclared input column blocks readiness. Every result evidence row exposes consumed manifest/item IDs and their hashes.

Negative tests: mutate a threshold without new activation, put threshold literal in adapter, wrong unit/operator/type, missing/extra/NULL/stale row, Directus DML, omit threshold from hash, and activate threshold-bearing manifest without quorum. Each blocks readiness.