Codex Recheck 3 Failure Matrix
01 - Codex Recheck 3 Failure Matrix
Source: codex-fix7-blueprint-recheck-3-after-option-beta-patch-2026-06-08/ (00..09) + checkpoint,
status FIX7_REFACTOR_BLUEPRINT_CODEX_RECHECK_3_NEEDS_T1_FIX.
Codex per-check verdicts → T1 disposition
| Codex check (recheck-3 doc) | Codex verdict | T1 disposition this pass |
|---|---|---|
| A disposition removal (01) | DISPOSITION_MODEL_REMOVAL_NEEDS_FIX (consistency only — guard scope vs history) |
FIXED via the ACTIVE_AUTHORITY boundary (blocker 2); doc 07 |
B U_legacy uniform end-state (02) |
U_LEGACY_UNIFORM_ENDSTATE_NEEDS_FIX (mixed-type denominator) |
FIXED via the three typed sets (blocker 1); docs 02/03/04/05 |
| C STUB/body removal (03) | STUB_BODY_PATH_REMOVED_ACCEPTED |
accepted; preserved (no change) |
| D owner isolation / #21 (04) | OWNER_ISOLATION_21_CONTRACT_NEEDS_FIX (principal universe mixed into object denominator) |
FIXED — privilege is the object × principal tuple join (blocker 1); doc 03 |
E DO_NOT_TOUCH authority (05) |
DO_NOT_TOUCH_AUTHORITY_REMOVED_ACCEPTED |
accepted; non-PG DOT/scheduler moved to U_entry_vector (doc 04) |
| F hardcode (06) | HARDCODE_NEEDS_FIX (contract precision: mixed set + ambiguous guard input) |
FIXED via set separation + boundary; doc 08 |
| G PG-native (06) | PG_NATIVE_DRIVEN_NEEDS_FIX (same root) |
FIXED; doc 08 |
| H invariants/boundary (07) | INVARIANTS_BOUNDARY_ACCEPTED |
preserved (27/11/14/7; the new boundary is doc metadata, not a DB surface); doc 09 |
| I authoring planning (08) | AUTHORING_PLANNING_NEEDS_T1_FIX |
unblocked by the two fixes; doc 07/09 |
The two blocker classes (verbatim intent)
Blocker 1 — set separation. "U_legacy is a PG object set, but the denominator currently mixes
PG objects with principals and DOT/scheduler entry-vectors. This breaks the uniform end-state because
principals/DOT/scheduler cannot satisfy owner/body/#21 object-state proof." Required: three distinct
sets — object (U_legacy_object), principal (U_effective_privilege_principal), entry-vector
(U_entry_vector); object both-EXCEPT only over PG objects; privilege checks join object × principal;
bypass checks map entry-vector → object reachability, not object membership.
Blocker 2 — superseded-history boundary. "Guard no-disposition scans the entire blueprint, but
historical sections still contain old disposition/STUB instructions. These sections are history, not
active authority." Required: a machine-readable ACTIVE_AUTHORITY vs SUPERSEDED_NON_AUTHORITY
boundary; the no-disposition guard must scan ACTIVE_AUTHORITY, report (not fail on) fenced history,
fail on old terms in ACTIVE_AUTHORITY, fail if a future package references a superseded instruction,
and fail if the boundary is absent/ambiguous/Directus-editable.
What Codex explicitly accepted (not reopened)
- STUB / body-mutation path removed (legacy rollback = forward-only owner/ACL snapshot replay).
DO_NOT_TOUCHno longer subtracts from the legacy set (collisions fail closed).- 27 authority surfaces / 11 runtime-evidence tables / 14 readiness gates / 7 hash contracts intact.
- Implementation, Stage 2.6B, permit, REAL_RUN, QT001 apply, activation, repoint, cutover BLOCKED.
- Option Beta is the correct design and is not reopened or redesigned this pass.