Hardcode / PG-Native Self-Review
09 - Hardcode / PG-Native Self-Review
Codex recheck 5 marked HARDCODE_FINAL_NEEDS_FIX / PG_NATIVE_FINAL_NEEDS_FIX only because of the
document-seal defects (underspecified aggregate hash, omitted manifest fields, circular self-host hash,
mutable/unpinned anchor) — each a disguised mutable-authority path. The runtime PG-first/native/driven
design was unchanged and accepted. This patch closes the document-seal defects without adding any
runtime surface.
The disguised-hardcode test, applied to this patch
A "disguised hardcode" here would be a load-bearing authority value that is defined by mutable, hand- authored, or non-reproducible means rather than being content-addressed / PG-native. Checks:
| candidate | disguised hardcode? | why not |
|---|---|---|
active_corpus_membership_sha256 |
No | computed by FIX7-CANON-V1 over the full doc_ids; reproducible (shasum == hashlib); recomputed at verify time, not trusted as a literal |
| every other aggregate digest | No | each has a domain tag + record type + field order + sort key + reproducible command (doc 02); none is prose-only or unordered |
envelope_manifest_sha256 |
No | hashes the complete closed authority roster; an authority field outside it fails closed (doc 03) |
| doc 00 self-host content hash | No | normalized_active_content_sha256 excludes the envelope; not circular; full_document_sha256 is declared non-authority |
| the SEALED copy of record | No | Codex detached seal, pinned by revision + SHA-256 + MCP read-back; not trusted by path/name; not a hand-edited literal |
| the active corpus boundary | No | pinned by the sealed envelope + detached seal; mutable markers are necessary syntax but not sufficient authority (recheck-4, retained) |
PG-native runtime design: untouched
The patch is entirely construction-document content-addressing. It does not touch and does not
re-open any runtime mechanism: set separation (U_legacy_object / U_effective_privilege_principal /
U_entry_vector), PostgreSQL ownership/ACL semantics, sealed #20/#21, #11 closure, #26/#27,
control_epoch, activation state, or the evidence-only boundary. Codex's PG_NATIVE_FINAL /
INVARIANTS_BOUNDARY_FINAL_ACCEPTED substance is preserved; the verdicts were NEEDS_FIX only because
of the seal-encoding gap, which is now closed.
What was explicitly NOT added (Codex hard constraint)
No runtime authority surface, no readiness gate, no #20 column, no catalog family, and no eighth top-level runtime hash contract (H01..H07 stay 7). The canonical envelope + detached seal are a non-runtime construction-document content-address — a build-time integrity artifact over the documents being authored from, not a runtime DB object. 27/11/14/7 preserved.
Verdict
HARDCODE_FINAL_PASS (no disguised hardcode introduced; the patch removes mutable-authority paths) and
PG_NATIVE_FINAL_PASS (runtime design unchanged; no runtime surface added).