11 - Strict Zero-Hardcode And PG-First/Native/Driven Self-Review

Audit Scope

Reviewed the corrected package at three layers: prose/contract, SQL DDL/constraints, and seed/runtime authority. Searched direct literals, disguised policy CHECKs, hidden lists/CASE, mutable registries/denominators, free-text proof/identity, ambiguous FKs/hashes/grants, and unbounded scale behavior.

Defects Found And Corrected In This Prompt

1. Reproduced T1 CP-01..CP-07 and resolved them.
2. Removed disguised-policy DDL CHECKs forcing required, strict, side_effect_free, immutable_versioned, must_differ, grantable, fail_closed, and required_count. Those values remain typed/sealed rows evaluated by generic guards.
3. Rejected an intermediate separate threshold table because it would create an uncounted 28th authority surface. Thresholds now use existing sealed 27-contract fields.
4. Replaced generic cross-child reference ambiguity with named typed targets and a deterministic constraint rule.
5. Selected Directus base-table SELECT-only preservation explicitly; no view-migration ambiguity.
6. Pinned hash bytea, numeric, timestamp, collation, NULL, JSONB, and total-array order forms.
7. Removed implicit DEFAULT false authority decisions and the policy-shaped left_class_id<>right_class_id CHECK; callers must provide sealed boolean values.
8. Replaced fixed monthly partitioning with interval/capacity fields on counted ACTIVE sealed storage_class_manifest #05.
9. Embedded the exact H01..H07 key maps and removed the ambiguous prior-package dependency.
10. Corrected the Level-B DB-role binding to the actually defined principal_registry column.
11. Closed RP-01..RP-08 cross-impact gaps: 11 byte-defined non-authority runtime-evidence tables; retention in counted surface #05; family/input exact-set coverage; root retirement-evidence FK; consolidated deferred constraints; sealed Directus read contract.
12. Rejected two refinement implementation details that could reopen disguised authority: no separate runtime_evidence_object_set, and no free-form expected-constraint JSON payload. Both use typed rows in counted authority_scope_manifest #20.

Verdict Matrix

Dimension	Verdict	Basis
zero hardcode	ZERO_HARDCODE_PASS	no runtime fixed collection/policy/threshold/quorum/identity list; seed data is sealed authority
zero disguised hardcode	ZERO_DISGUISED_HARDCODE_PASS	catalog/thresholds/rules/evidence are owner-controlled, versioned, exact-set, hash/quorum bound
PG first	PG_FIRST_PASS	runtime truth, identity, policy, thresholds, evidence, hashes, epoch, privileges live in PG
PG native	PG_NATIVE_PASS_DESIGN_OPERATOR_GATED_LIVE	roles/owner/ACL/FK/CHECK/UNIQUE/index/locks/functions/views enforce; live cutover not executed
PG driven	PG_DRIVEN_PASS	generic engines read constrained sealed rows; no policy CASE/list/literal
feasibility	FEASIBILITY_PASS	valid PG16.13/pgcrypto design; deterministic hashes and typed FKs
scale	SCALE_SAFETY_PASS_DESIGN_EVIDENCE_PENDING	control-plane bounded, object-count-independent, no hot full scan/unbounded hash/recursion
no guess	NO_GUESS_IMPLEMENTATION_PASS_FOR_SHORT_REVIEW	RP blocking ambiguities closed; runtime facts, retention, input contracts, constraints, and root evidence FK fixed

Residual Operator-Gated Facts

Level-B environment/credential, live role/schema/owner/ACL, manifest activation, Directus smoke, writer repoint, and post-activation evidence are not verified/executed. Readiness remains false. These are execution gates, not unresolved design choices.

T1 short review remains mandatory. This self-review is evidence, not independent approval.