01 — Hardcode Audit

Score: Hardcode safety = 52/100. Counts are honestly labeled and there is no Nuxt math, but the axis topology itself is hardcoded into the central contract view, and several literal counts/verdicts exist.

Classification legend: HARD_BUG / ACCEPTABLE_TEMPORARY / MUST_REGISTRY_DRIVE / SAFE_IF_LABELED / DESIGN_DEBT.

H1 — Universal contract is a hardcoded 6-way UNION of axis literals — MUST_REGISTRY_DRIVE / DESIGN_DEBT (P1)

v_rp_universal_node_ui_contract (the view the UI is meant to render) is literally:

SELECT 'AX-BASE'  ... FROM v_registries_pivot_node_contract
UNION ALL SELECT 'AX-TOPIC'   ... FROM v_registries_pivot_axis_surface
UNION ALL SELECT 'AX-PROCESS' ... FROM wf_process_candidate
UNION ALL SELECT 'AX-PROCESS','job:cut', (SELECT count(DISTINCT job_kind) ... 'cut.%') ...   -- special-cased literal branch
UNION ALL SELECT 'AX-PROCESS' ... FROM workflows
UNION ALL SELECT 'AX-TRIGGER' ... FROM v_ax_trigger_surface
UNION ALL SELECT 'AX-PXT'     ... FROM v_process_trigger_actionability_ledger

• It never references axis_registry. The five axis codes are string literals per UNION branch. Adding a 6th axis = hand-editing this view + a new branch. This is the single biggest auto-scale blocker.
• Verified live: contract returns exactly the 5 hardcoded axes (AX-BASE 39 / AX-PROCESS 22 / AX-PXT 12 / AX-TOPIC 7 / AX-TRIGGER 7 = 87 nodes).

H2 — Hardcoded route prefixes per branch — MUST_REGISTRY_DRIVE (P2)

Each branch builds next_route from a literal: '/registries-pivot/node/AX-TOPIC/' || node_code, '.../AX-PROCESS/' || ..., '.../AX-PXT/' || .... Routes are not registry-derived; a new axis needs a new route literal. The route segment is keyed off the same hardcoded axis string as H1.

H3 — job:cut is a special-cased hardcoded branch — ACCEPTABLE_TEMPORARY / SAFE_IF_LABELED (P3)

A dedicated UNION branch hardcodes node_code='job:cut', label 'Cut Pipeline (sole verified process)', and an inline SELECT count(DISTINCT job_kind) FROM job_queue WHERE job_kind ~~ 'cut.%'. Acceptable while job:cut is the sole verified process (labeled VERIFIED / SOLE_OFFICIAL_READY), but it will need to become row-driven (from a verified-candidates register) once a 2nd process verifies — otherwise the "sole verified" special-case silently mis-frames the second.

H4 — Proof matrix v2 "blocked" branch hardcodes node list + literal verdict — HARD_BUG (misleading-proof) (P1)

v_rp_dynamic_drill_proof_matrix_v2's authority-blocked branch:

... 'PASS_WITH_EXPECTED_BLOCKER'::text AS verdict
FROM v_rp_universal_node_ui_contract c
WHERE c.node_code = ANY (ARRAY['PROC:official_rp','PROC:jobcut_verified'])

• The node set is a hardcoded 2-element array; the verdict is a literal 'PASS_WITH_EXPECTED_BLOCKER' — not computed. These 2 cases can never FAIL regardless of actual node state. A green proof for them is structurally guaranteed. This is the most dangerous hardcode because it lives inside a proof artifact. (The 22 PASS + 4 PASS_WITH_EXPECTED_BLOCKER live verdict was confirmed.)

H5 — AX-PXT counts are static ledger literals; ≥1 confirmed stale — DESIGN_DEBT / SAFE_IF_LABELED (P2)

AX-PXT node count_value comes from v_process_trigger_actionability_ledger.object_count, which the prior session itself flagged as static literals (LEDGER_LITERAL_STALE). Live evidence:

• PROC:residual_reconcile count_value=8 in the contract, but live residual (v4) = 2 → stale literal still surfaced.
• TRIG:* counts (db_dml 408, event_type 52, dot_cron 42, …) are ledger literals, not live count(*).
• Mitigation present: count_status='ledger_backed' labels them. So SAFE_IF_LABELED, but the value is not live and at least one is provably wrong.

H6 — Three of five axes are synthetic / unregistered — DESIGN_DEBT (P1)

axis_registry contains only AX-TOPIC=CANDIDATE and AX-PROCESS=CANDIDATE. AX-BASE, AX-TRIGGER, AX-PXT do not exist in axis_registry — they are synthesized by the contract's hardcoded UNION (H1). So 3/5 of the axes the UI shows are not governed objects at all. (See 06-birth-governance-rp-sync.md.)

H7 — Phantom pivots referenced but not built; test pivot in prod — DATA_DEBT (P2)

Live pivot_definitions PIV-3xx/MTX rows = MTX-L1-OVERVIEW, MTX-L2-ATOM, MTX-TEST, PIV-311, PIV-313. PIV-301/302/303/310 are referenced in prior surfaces but do not exist = phantom codes. MTX-TEST is test debt living in a production registry.

H8 — Internal inconsistency: NEEDS_GROUPING but drill_action=SHOW_SUBSTRATE — HARD_BUG (P1, see doc 05)

In the v1 contract AX-PXT branch, has_children=false and drill_action='SHOW_SUBSTRATE' are hardcoded literals even when grouping_status='NEEDS_GROUPING' and count_value=408. A node that needs grouping is told to show substrate. Conflicting hardcoded signals (detailed in 05-full-population-drill-risk.md).

What is NOT hardcoded (credit where due)

• No Nuxt math — UI routes are thin rpQuery() pass-throughs (confirmed in UI package doc 06). All business logic in PG. Aligns with the no_direct_PG_from_Nuxt / "PG renders business logic" constitutional guardrail.
• Census/coverage/grouping views recompute live (v_rp_pxt_grouping_surface is a live LEFT JOIN ... count(*) over v_pxt_grouped_children; node counts in node_contract are live).
• count_status / governance_status / owner_blocker are computed and honestly carried — divergences are labeled, not hidden.
• Status enums (pivot_backed, ok/drift, pending) are data-driven, not magic.

Summary table

ID	Finding	Class	Sev
H1	Contract = hardcoded 6-way axis UNION, ignores axis_registry	MUST_REGISTRY_DRIVE	P1
H2	Hardcoded route prefixes per axis	MUST_REGISTRY_DRIVE	P2
H3	job:cut special-cased branch	ACCEPTABLE_TEMPORARY	P3
H4	proof_matrix_v2 blocked branch = literal PASS verdict, hardcoded node array	HARD_BUG	P1
H5	AX-PXT static ledger literals, residual=8 stale vs live 2	DESIGN_DEBT/SAFE_IF_LABELED	P2
H6	AX-BASE/AX-TRIGGER/AX-PXT not in axis_registry (synthetic)	DESIGN_DEBT	P1
H7	Phantom PIV-301/302/303/310 + MTX-TEST in prod	DATA_DEBT	P2
H8	NEEDS_GROUPING node hardcoded to SHOW_SUBSTRATE	HARD_BUG	P1