01 - Codex Failure Matrix (A-K) and Blocker Resolution

Codex final status under review: FIX7_REFACTOR_BLUEPRINT_CODEX_CRITICAL_REVIEW_FAIL_HARDCODE_OR_PG_NATIVE_GAP.

A-K verdicts (Codex doc 11) → patched state

Codex check	Codex verdict	T1 patch	post-patch self-verdict
A scope/refactor model	PASS_WITH_BLOCKING_EXECUTION_DETAILS	execution details fixed in B-H below; model (parallel qt001_cp + repoint + freeze) unchanged and not reopened	PASS
B MB-01 legacy neutralization	FAIL_NEEDS_T1_FIX	sealed #20 legacy-disposition set + dispositions (BLOCKER 1+3); exact identity by regprocedure/prokind	PASS_AFTER_FIX
C MG-01 re-audit gates	NEEDS_T1_FIX	machine-checkable operator_authorization artifact (approved hash, reviewer, scope, epoch, both-EXCEPT); permit separated; fresh re-audit before PKG-F/PKG-G	PASS_AFTER_FIX
D DOT no-overwrite / PG authority	HOLD_NEEDS_IDENTITY_AND_PHASE_FIX	pinned #26 gateway identity + phase-explicit owner table (gateway born qt001_cp_owner, no transition) (BLOCKER 6)	PASS_AFTER_FIX
E rollback/cutover safety	FAIL_NEEDS_T1_FIX	atomic deactivation-first rollback + G-NOMIXED-AUTHORITY; symmetric body rollback bounded to STUB_FAIL_CLOSED (BLOCKER 3+4); CR-E3 restore-mechanism distinction	PASS_AFTER_FIX
F owner/ACL snapshot	NEEDS_T1_FIX	+column ACL (pg_attribute.attacl) + effective role-membership privilege (pg_auth_members) + all classes + hash + both-direction verify (BLOCKER 5)	PASS_AFTER_FIX
G guard quality	FAIL_NEEDS_T1_FIX	G-NOLEGACY split PRE/POST removes deadlock; non-vacuity rules retained; PKG-D runs PRE only (BLOCKER 2)	PASS_AFTER_FIX
H hardcode / disguised hardcode	FAIL	sealed/hash-bound target, not name pattern; live-proven fragility (views 0/183/196) (BLOCKER 1)	PASS_AFTER_FIX
I PG-first/native/driven	FAIL	G-PGNATIVE extended to reject any name-pattern/owner/prose binding authority; final authority = manifest + catalog + pg_depend + recomputed hash (BLOCKER 1)	PASS_AFTER_FIX
J cross-layer/boundaries	PASS_WITH_TERMINOLOGY_FIX_REQUIRED	operator_authorization separated from blocked qt001_backfill_permit; +G-NO-QT001-PERMIT-DURING-FIX7 (BLOCKER 7)	PASS_AFTER_FIX
K authoring-planning readiness	NOT_READY	all 7 doc-10 minimum acceptance conditions addressed; resubmitted	READY_FOR_RECHECK

Codex's 7 minimum acceptance conditions (doc 10) → status

1. Replace name-pattern final authority with typed PG-data-driven classification/exact-set proof — DONE (doc 02 §H; G-LEGACY-TARGET-SEALED).
2. Reconcile S15/PKG-F stub scope; symmetric rollback for every mutation — DONE (doc 02 §I dispositions; doc 05).
3. Make G-NOLEGACY phase-correct and non-deadlocking — DONE (PRE/POST split).
4. Atomic rollback that cannot leave both new and legacy paths executable — DONE (G-NOMIXED-AUTHORITY; deactivation-first sequence).
5. Add column ACL and effective-role privilege coverage — DONE (doc 05 invariant 3; G-OWNER-CUTOVER).
6. Writer/gateway identity and owner expectation explicit per phase — DONE (doc 04 §Writer-gateway-identity; G-WRITER-GATEWAY-IDENTITY).
7. Rename permit to a distinct operator-authorization artifact; preserve blocked boundaries — DONE (doc 07 §Terminology; G-NO-QT001-PERMIT-DURING-FIX7).

Codex sub-finding coverage (CR-* IDs)

• CR-B1 (name-pattern authority) → doc 02 §H, G-LEGACY-TARGET-SEALED.
• CR-B2 (stub-scope contradiction) → doc 02 §I dispositions.
• CR-B3 (exact 46 fns + 1 proc, bind by signature/OID) → live-corrected to 45 fns + 1 proc; bound by regprocedure+prokind+OID in #20; count made non-load-bearing (sealed exact-set is authority).
• CR-E1 (rollback reopens PUBLIC EXECUTE) → deactivation-first + G-NOMIXED-AUTHORITY.
• CR-E2 (stub/body rollback incomplete) → body-rollback bounded to STUB_FAIL_CLOSED (pinned #27).
• CR-E3 (pinned hash is not a restore mechanism) → doc 04/05: gateway never CREATE-OR-REPLACEd; STUB legacy body restored by authorized operator function-replacement (different object class).

Invariant non-regression

27 authority surfaces · 11 runtime-evidence non-authority · 14 readiness gates (DATA) · 7 hash contracts (H01..H07) · 0 new authority surface · 0 new readiness gate · 0 new hash contract · production mutation 0. Guards 30 → 35 (TEST/VERIFICATION guards only; readiness gates unchanged at 14). The sealed legacy-disposition set is DATA rows in the existing surface #20 (+ #27 bindings) and one typed disposition column — not a new surface.