KB-748F

T1 FIX7 Blueprint Patch - Hardcode / PG-Native Self-Review

3 min read Revision 1

fix7codex-patchself-reviewhardcodepg-native2026-06-08

09 - Self-Review: Hardcode / Disguised-Hardcode / PG-First-Native-Driven

T1 re-ran Codex's own checks 8 and 9 locally after patching.

Check 8 - Hardcode / disguised hardcode

PASS only if no operational authority uses a pattern/name/owner scan.

The legacy neutralize/freeze/cutover target is the sealed authority_scope_manifest #20 legacy-disposition set, established candidate→classified→exact-set-proven→sealed, hash-bound (source_sha256 per object + expected_legacy_set_sha256 roll-up). Name/owner scans are explicitly diagnostic candidates (doc 02 §H; S00 relabelled "candidate discovery = diagnostic only").
The fragility is live-proven (views 0/183/196 by literal; routines 45 fns + 1 proc), so the patch is grounded, not asserted.
Thresholds/intervals still dereference sealed #05/#06 rows (G-NOHARDCODE, G-NODISGUISE unchanged).
G-LEGACY-TARGET-SEALED fails any operational target derived from name pattern alone.

Verdict: PASS — no operational authority is pattern/name/owner-bound; all is sealed/manifest/hash-bound.

Check 9 - PG-first / native / driven

PASS only if final authority is PG-native / manifest-bound.

Final authority for the legacy set = sealed manifest rows (#20/#27) + catalog ownership/ACL + pg_depend/#11 structural closure + recomputed hash. Source-text/DOT-body scans remain diagnostic-only and fail closed (guard-quality rule 3, G-DOT-NOOVERWRITE).
G-PGNATIVE is extended to reject name pattern / owner filter / prose count as binding authority for any operational set (neutralize/freeze/cutover/repoint), not just guard internals.
ACL proof is now PG-native effective privilege (pg_auth_members expansion + aclexplode / has_*_privilege), not raw ACL rows alone.
Gateway identity is regprocedure + source_sha256 + catalog owner, not a name.

Verdict: PASS — final authority is PG-native and manifest-bound throughout; the patch strengthens PG-native discipline (it replaces the last name-pattern binding with a sealed exact-set).

Anti-false-green discipline retained

Guard-quality rules (no vacuous pass / NULL-strict aggregates / source-text-diagnostic-only / no-existence-only) still bind all 35 guards; rule 1 now names G-NOLEGACY-PRE/POST, G-LEGACY-TARGET-SEALED, G-NOMIXED-AUTHORITY. The negative-test requirement (no literal PASS row) is unchanged.

Invariant re-verification

27 authority surfaces / 11 runtime-evidence / 14 readiness gates (DATA) / 7 hash contracts — all preserved. 0 new authority surface, 0 new readiness gate, 0 new hash contract. New guards are TEST/VERIFICATION guards (35 total), not readiness gates. The sealed legacy-disposition set is DATA in existing #20/#27 + one typed disposition column.