KB-2A1F
Hardcode / PG-Native Self-Review
3 min read Revision 1
fix7t1recheck-4hardcode-pg-native2026-06-09
07 - Hardcode / PG-Native Self-Review
Codex recheck-4: HARDCODE_FINAL_NEEDS_FIX (authoring-time, not runtime) + PG_NATIVE_FINAL_ACCEPTED
(runtime unchanged). The recheck-4 patch removes a disguised hardcode (a mutable authoring-authority
denominator) by content-addressing it; it adds no runtime authority and no runtime surface.
| # | check | verdict | basis |
|---|---|---|---|
| 1 | runtime authority unchanged (PG ownership + sealed #20/#21 + #11 closure + #26/#27 + control epoch + manifest activation + evidence-as-evidence) | PASS | no runtime row/guard/order touched; Codex PG_NATIVE_FINAL_ACCEPTED preserved |
| 2 | no name/pattern/owner/CASE/relkind/prokind/source-regex/external-artifact runtime policy reintroduced | PASS | the patch is entirely about the construction-document corpus, not runtime authority |
| 3 | the ACTIVE authoring denominator is now content-addressed, not mutable | PASS | ACTIVE_AUTHORITY_APPROVAL_ENVELOPE pins revision + SHA-256; guard-quality rule 9 |
| 4 | the envelope is PG-/content-native, not prose | PASS | deterministic shasum -a 256 spec + real membership hash 916d6e11… + rehearsal f6b773f8…; the seal is a reproducible computation, not a claim |
| 5 | no fixed list is authority | PASS | membership is a content hash of the doc_id set (both-EXCEPT vs registry), not a hand-maintained list that can silently drift |
| 6 | the envelope is NOT a runtime surface / gate / #20 col / catalog family / runtime hash contract | PASS | explicitly a non-runtime construction-document content-address; H01..H07 stay 7; 14 gates, 27 surfaces, 11 runtime unchanged |
| 7 | no self-fabricated approval authority | PASS | per-doc hashes seal at the Codex recheck (the approver), not pre-written by T1 |
| 8 | drift fails closed, never silently continues | PASS | ACTIVE_AUTHORITY_ENVELOPE_MISMATCH blocks authoring; the only next step is Codex recheck (rule 9) |
| 9 | no self-reference loophole | PASS | EXCLUDE-region + Codex-checkpoint anchor + envelope_manifest_sha256 (doc 06 scenario 11) |
Verdict
HARDCODE_FINAL_FIXED / PG_NATIVE_FINAL_PRESERVED. The patch content-addresses the previously-mutable
authoring denominator (closing the disguised-hardcode), introduces no runtime authority, and keeps the
authority seal with the approver. Codex's PG_NATIVE_FINAL_ACCEPTED and INVARIANTS_BOUNDARY_FINAL_ACCEPTED
are preserved.