KB-B9C5
FIX4 Audit 11 PG Native Driven
1 min read Revision 1
codexauditqt001pg-firstpg-nativepg-driven
11 - PG-First / PG-Native / PG-Driven Audit
Verdict: PG_HOSTED_HARDCODE_REMAINS.
PG-first partial: truth is queried in PG, but Directus app-owner can mutate control plane and owns enforcement objects. PG-native partial: critical guarantees are source-text scans, booleans, naming conventions, and missing foreign keys rather than constraints/privilege boundaries. PG-driven fail: fixed lists/literals determine legacy detection, signals, capability requirements, readiness gates, and no-bypass proof. Scaling rules/capabilities/versions requires code edits and can escape fixed scanners.