Hardcode / PG-Native Self-Review (recheck-6)
09 - Hardcode / PG-Native Self-Review (recheck-6)
Codex recheck-6 H/I verdict: the only remaining disguised-hardcode risk was construction-document authority — prose-interpreted active scopes / field semantics and a circular anchor that permitted verifier-dependent authority. The fix had to be made without adding a runtime authority surface, readiness gate, #20 column, catalog family, or eighth runtime hash contract.
What this pass removed (disguised mutable-authority paths)
| risk | before | after (recheck-6) |
|---|---|---|
| "active scope" = prose | "whole except the fenced block …" free text per doc | controlled tokens (WHOLE_DOCUMENT / …_MINUS_SUPERSEDED_FENCES / …_MINUS_EXCLUDE_AND_SUPERSEDED) computed by one deterministic extractor; mismatch fails closed |
| field values uncontrolled | any bytes, TAB/LF could be injected | per-field whitelist grammar + REJECT of TAB/LF/CR/NUL/backslash/reserved tokens |
| manifest/seal records "interpreted" | prose "authority-bearing field" | closed per-record schema + closed envelope key-classification schema (every key bound / read-back / declared non-authority) |
| anchor "immutable by path/name" / circular | manifest binds checkpoint content hash; seal hashes its own checkpoint | acyclic graph; checkpoint anchored out-of-band by platform revision + read-back |
| free-text manifest fields | digest_algorithm / full_document_hash_policy prose |
fixed constants (exact-match grammar) |
Every load-bearing value is now content-addressed or PG/platform-native (document_id, kb_revision, SHA-256, enum token), never a prose judgement or a name pattern.
What this pass did NOT add (invariant preservation)
- No runtime authority surface — the envelope/extractor/DAG anchor a construction document, not a runtime object. Authority surfaces stay 27.
- No readiness gate — these are TEST/VERIFICATION guards, not the 14 sealed gate DATA rows.
- No #20 column, no catalog family — nothing added to the runtime schema.
- No eighth runtime hash contract — H01..H07 stay 7. FIX7-CANON-V1 + the seal hash graph are build-time integrity digests over blueprint documents, not a runtime hash contract.
- No name/owner/relkind/prokind/CASE policy reintroduced into runtime authority (typed-set separation intact).
Counts: 27 / 11 / 14 / 7 preserved; production mutation 0.
PG-first / native-driven
Runtime design is unchanged and was explicitly accepted by Codex recheck-6 as non-regressed. The
recheck-6 work is entirely in the construction-document content-addressing layer. Verdict:
RECHECK6_HARDCODE_PG_NATIVE_SELF_REVIEW_PASS — no disguised hardcode remains; no runtime surface added.