Codex Recheck 2 Failure Matrix and T1 Disposition
01 - Codex Recheck 2 Failure Matrix and T1 Disposition
Codex recheck-2 status under repair:
FIX7_REFACTOR_BLUEPRINT_CODEX_RECHECK_2_FAIL_HARDCODE_OR_PG_NATIVE_GAP.
Codex recheck-2 check verdicts (recheck doc 12) → T1 disposition
| Codex check | recheck-2 verdict | T1 disposition this pass |
|---|---|---|
| A owner semantics / G-NOLEGACY | OWNER_SEMANTICS_NEEDS_FIX | PATCHED in-blueprint (owner-unreachable; doc 02) |
| B legacy denominator | LEGACY_DENOMINATOR_FAIL | PATCHED in-blueprint (independent root set; doc 03) |
| C approved DDL / no drift | DDL_NO_DRIFT_NEEDS_FIX | DESIGN_AMENDMENT_REQUIRED (doc 04) |
| D no mixed authority | NO_MIXED_AUTHORITY_NEEDS_FIX | PATCHED in-blueprint (forward-only; doc 08) |
| E rollback source | ROLLBACK_SOURCE_NEEDS_FIX | PATCHED in-blueprint (forward-only + rollback_evidence_id; doc 06); legacy STUB body restore rides on C |
| F operator authorization | OPERATOR_AUTHORIZATION_FAIL | PATCHED in-blueprint (typed PG model; doc 05) |
| G ACL snapshot order | ACCEPTED_WITH_OWNER_CONTROL_DEPENDENCY | owner control supplied by doc 02/07 |
| H permit terminology | PERMIT_TERMINOLOGY_ACCEPTED | unchanged (accepted) |
| I hardcode | HARDCODE_FAIL | resolved by removal — withdraw LEGACY_*/computed-disposition/evidence-as-authority (docs 02,04,05,10) |
| J PG-first/native/driven | PG_NATIVE_DRIVEN_FAIL | resolved for the patched blockers; the residual is a missing DESIGN surface (C), not a T1 PG-native gap (doc 10) |
| K cross-layer/scope | CROSS_LAYER_ACCEPTED | unchanged; re-verified (doc 11) |
| L authoring planning | AUTHORING_PLANNING_FAIL | PATCHED in-blueprint (seal order; doc 09) — but full authoring readiness still gated on the C amendment |
The 8 decisive recheck-2 blockers (prompt A–H) → disposition → fix/route doc
| blocker | Codex finding | T1 disposition | report doc | blueprint docs |
|---|---|---|---|---|
A qt001_cp_owner operational reachability |
owner role / login-superuser not separately controlled | PATCH | 02 | 04,06,08,12 |
B U_legacy independent PG-native root |
roots name/manual-shaped; circular | PATCH | 03 | 02,06,07,12 |
C computed disposition / LEGACY_* drift |
no sealed rule rows; free-text policy vocab; no approved home | AMENDMENT | 04 | 02,04,06,07,08,12 |
| D operator authorization typed PG inputs | approved_package_sha256/scope are unparsed external artifact |
PATCH | 05 | 04,06,07,08,12 |
E #27 rollback artifact evidence_id uniqueness |
#27 has only a non-unique hash, no evidence_id FK |
PATCH (fwd-only) + C-dependent residual | 06 | 02,04,05,06,07,12 |
F workflow_admin superuser/bypassrls control |
cannot be ACL-zeroed; not break-glass-gated | PATCH | 07 | 04,06,08,12 |
| G forward-only activation history | rollback clears/nulls activated_at |
PATCH | 08 | 02,04,05,06,07,12 |
| H author/rehearse/seal order | seal precedes authoring of load-bearing #11/#20/#26/#27 | PATCH | 09 | 04,06,07,12 |
What Codex accepted (preserved, not reopened)
directus owner-transfer before REVOKE/POST; S14 staged with activation moved after neutralization; ACL snapshot captured before transfer; source artifact required for body changes; permit terminology; cross-layer boundaries. The recheck-2 fixes strengthen each without discarding what was accepted.
The recurring pattern (why C is an amendment, not a third retrofit)
Across recheck 1 → recheck 2, T1 has bounced between two failure modes when trying to give the legacy neutralization layer a home in the approved design:
- Add typed columns (
disposition,expected_legacy_set_sha256,privilege_acl_hash) → rejected recheck 1 as unapproved byte-DDL drift. - Encode as computed/open-text/external-artifact (
object_type='LEGACY_*', COMPUTED classifier,operator_authorizationasevidence_registrycontent) → rejected recheck 2 as disguised hardcode / unparsed external authority.
Codex has, in both rechecks, explicitly named the third path: "obtain an explicit owner-level semantic design correction" / "declare design amendment required." For the blockers where the approved design does have the primitives (A, B, D, E-fwd, F, G, H), T1 binds to them and patches in-blueprint. For blocker C, where it does not, T1 stops and routes to the design owner — breaking the retrofit loop honestly.
Invariant non-regression
27 authority surfaces · 11 runtime-evidence non-authority · 14 readiness gates (DATA) · 7 hash contracts (H01..H07) · 0 new authority surface · 0 new readiness gate · 0 new hash contract · 0 new #20 column · 0 new catalog family · production mutation 0. Test/verification guards 36 → 40 (+G-OWNER-UNREACHABLE, +G-SUPERUSER-BREAKGLASS, +G-SEAL-AFTER-AUTHOR-REHEARSE, +G-OPERATOR-AUTH-PG-NATIVE; G-NOMIXED-AUTHORITY corrected forward-only; two disposition-dependent guards fail-closed pending the C amendment). All hard blocks intact.