KB-3E2D
Codex Recheck Failure Matrix and T1 Re-Fix
5 min read Revision 1
fix7codex-recheck-patchfailure-matrix2026-06-08
01 - Codex Recheck Failure Matrix (A-K) and T1 Re-Fix
Codex recheck status under repair: FIX7_REFACTOR_BLUEPRINT_CODEX_RECHECK_FAIL_HARDCODE_OR_PG_NATIVE_GAP.
A-K recheck verdicts (Codex recheck doc 11) → T1 re-fix → post-fix self-verdict
| Codex recheck check | recheck verdict | T1 re-fix this pass | self-verdict |
|---|---|---|---|
| A legacy target authority | LEGACY_TARGET_AUTHORITY_NEEDS_FIX | closed PG-native denominator §H.4 + map to approved #20 cols; S09/S12-vs-S13 ordering resolved (set is authored read-only at S13/PKG-D, sealed at S09/S12 of the production-apply package, both before any cutover) | PASS_AFTER_FIX |
| B G-NOLEGACY phase | G_NOLEGACY_PHASE_FAIL | owner-transfer (S15.1) precedes REVOKE (S15.2) precedes POST (S15.3); POST is non-superuser non-owner effective EXECUTE = 0 | PASS_AFTER_FIX |
| C stub scope | STUB_SCOPE_NEEDS_FIX | classification roots/directions pinned (computed disposition over #20 facts + #11); STUB body restore = sealed evidence_registry artifact; REVOKE_ONLY owner-isolated at S15.1 |
PASS_AFTER_FIX |
| D rollback no mixed authority | ROLLBACK_NO_MIXED_AUTHORITY_NEEDS_FIX | G-NOMIXED tests the ACTIVE route fact (activated_at), not manifest existence; STAGED≠authoritative; activation after neutralization; rollback restores prior owner + evidence_registry body |
PASS_AFTER_FIX |
| E ACL snapshot | ACL_SNAPSHOT_ACCEPTED_WITH_EXECUTION_ORDER_DEPENDENCY | snapshot captured at S14 BEFORE the S15.1 owner transfer; effective-privilege verify after transfer+revoke; superuser dispositioned | PASS_AFTER_FIX |
| F writer gateway identity | WRITER_GATEWAY_IDENTITY_ACCEPTED | accepted; phase-owner table updated for the S15.1 transfer | PASS (carried) |
| G permit terminology | PERMIT_TERMINOLOGY_ACCEPTED_WITH_STORAGE_FIX_REQUIRED | operator_authorization_artifact bound to evidence_registry (non-authority evidence) + PG-native consuming decision |
PASS_AFTER_FIX |
| H zero hardcode | HARDCODE_NEEDS_FIX | closed denominator removes implementer-selectable "live-relevant"; disposition computed (no new typed vocabulary); set-hash governance resolved (manifest seal) | PASS_AFTER_FIX |
| I PG-first/native/driven | PG_NATIVE_DRIVEN_FAIL | final authority = approved manifest rows + catalog ownership/ACL + #11/#22 closure + manifest seal; owner-transfer obeys PG semantics; no name-pattern binding | PASS_AFTER_FIX |
| J cross-layer boundary | CROSS_LAYER_BOUNDARY_ACCEPTED_WITH_DOCUMENT_CONSISTENCY_FIX | stale "operator permit" replaced (doc 08); boundaries intact | PASS_AFTER_FIX |
| K authoring planning | AUTHORING_PLANNING_FAIL | coherent package sequence: PKG-A..D author/rehearse/read-only; PKG-E create+seal+stage; PKG-F atomic neutralize+activate+repoint; PKG-G remaining cutover; no DDL drift; ordering resolved | PASS_AFTER_FIX |
The 8 decisive recheck blockers (Codex's own numbering A-H) → fix doc
| blocker | fix | report doc | blueprint docs |
|---|---|---|---|
| A PG owner semantics / G-NOLEGACY | owner-transfer-first phase model + superuser disposition | 02 | 02,04,05,06,07,08 |
| B closed legacy denominator | U_legacy + G-LEGACY-TARGET-CLOSED-DENOMINATOR |
03 | 02,04,06,07 |
| C approved byte-DDL conflict | approved #20 columns; computed disposition; no new column/family/hash | 04 | 02,04,06,07 |
| D no-mixed vs S14 ACTIVE | STAGED activation; activate in atomic PKG-F | 05 | 04,05,06,07,08 |
| E rollback source artifact | sealed evidence_registry body artifact pinned by #27 |
06 | 02,04,05,06 |
| F operator_authorization / set-hash contract | evidence_registry non-authority evidence; set-hash eliminated |
07 | 02,04,07,08 |
| G permit wording | "operator permit" → operator_authorization; grep claim |
09 | 08 |
| H ACL snapshot order | snapshot at S14 before transfer; superuser dispositioned | 08 | 04,05,06,07 |
Codex's accepted items (preserved, not reopened)
PRE/POST guard concept; five-disposition concept (now COMPUTED, not a stored column); stub-all
contradiction removal; ACL snapshot completeness; pinned writer-gateway identity;
operator_authorization vs blocked permit separation. The recheck fixes strengthen each without
discarding what was accepted.
Invariant non-regression
27 authority surfaces · 11 runtime-evidence non-authority · 14 readiness gates (DATA) · 7 hash contracts (H01..H07) · 0 new authority surface · 0 new readiness gate · 0 new hash contract · 0 new #20 column · 0 new catalog family · production mutation 0. Guards 35 → 36 (+G-LEGACY-TARGET-CLOSED-DENOMINATOR; four guards tightened; guard-quality rule 5 added). All hard blocks intact.