KB-5CBA

BLOCKER C - Approved Byte-Level DDL Conflict Resolution

5 min read Revision 1

fix7codex-recheck-patchddl-conflict2026-06-08

04 - BLOCKER C: Approved Byte-Level DDL Conflict Resolution (no amendment needed)

Codex recheck finding

The prior T1 patch added a disposition column and an expected_legacy_set_sha256 (plus a privilege_acl_hash) into authority_scope_manifest #20, while PKG-A requires exact match to the already-approved byte-level DDL. This is an unapproved design/DDL change. Also: the five disposition values were embedded as a new typed column vocabulary without an FK binding to the sealed code catalog. (Codex recheck CHECK_C NEEDS_FIX / HARDCODE point 2 / AUTHORING_PLANNING.)

Ground truth - the approved #20 DDL already has every field needed

From the approved byte-level DDL (codex-fix7-spec-artifact-correction-.../02 CP-01 §2.3 #20), authority_scope_manifest is:

CREATE TABLE qt001_cp.authority_scope_manifest (
  manifest_id uuid ..., item_id uuid ..., PRIMARY KEY ..., FOREIGN KEY ... envelope,
  object_identity   qt001_cp.nonempty_text NOT NULL,   -- regprocedure / regclass text
  object_type       qt001_cp.nonempty_text NOT NULL,   -- OPEN text, NOT a CHECK enum
  parent_object_identity text NULL,
  protected_target  boolean NOT NULL,                   -- "writes protected state?"
  entrypoint        boolean NOT NULL,                   -- "directly callable entrypoint?"
  expected_owner_role name NOT NULL,                    -- owner-isolation target (phase-explicit)
  expected_acl_sha256 qt001_cp.sha256 NOT NULL,         -- the privilege/ACL fingerprint
  source_sha256     qt001_cp.sha256 NOT NULL,           -- body fingerprint
  expected_constraint_set_sha256 qt001_cp.sha256 NULL,
  expected_definition_sha256 qt001_cp.sha256 NULL,
  UNIQUE(manifest_id,object_identity));

Every legacy-set field the prior patch tried to ADD already exists as an approved column. The legacy object is simply one #20 row of object_type = 'LEGACY_FUNCTION' | 'LEGACY_PROCEDURE' | 'LEGACY_TABLE' | 'LEGACY_VIEW'.

The resolution - Codex BLOCKER-C option 1 (move to approved fields), no amendment

prior invented column	approved column used instead
`object_kind` enum	`object_type` (open `nonempty_text`)
`object_ref`/`oid_at_capture`	`object_identity` (regprocedure/regclass text)
`privilege_acl_hash`	`expected_acl_sha256`
(owner)	`expected_owner_role`
`disposition` column	COMPUTED (not stored)
`expected_legacy_set_sha256` column	eliminated - integrity = existing manifest seal

Disposition is computed, not stored. A sealed deterministic classifier reads only sealed PG-native facts (#20 object_type/protected_target/entrypoint + #11 reachability + effective-privilege) and emits exactly one of the five actions. No disposition column, and no new legacy_disposition code-catalog family (the bootstrap families are a sealed exact set per CP-03 and are NOT extended). This dissolves the "new typed vocabulary without catalog FK" sub-finding - there is no stored vocabulary.
Set integrity = the existing manifest seal. The sealed legacy subset is protected by manifest_set.payload_sha256 + per-row manifest_item_envelope.item_sha256 over those #20 rows, plus the both-EXCEPT proof vs U_legacy. No expected_legacy_set_sha256 column; no 8th hash contract (the 7 H01..H07 are unchanged).
STUB restore source is a sealed evidence_registry artifact (BLOCKER E), not a new #20/#27 column.

Result: 0 new column, 0 new catalog family, 0 new hash, 0 new surface

PKG-A's "exact match to approved byte DDL" now holds: no column is added to #20. The only design-level item is the semantic-scope extension - hosting LEGACY_* object_type rows in #20 extends the surface's enumerated object set (CP-01 §2.7 lists TABLE/CONSTRAINT/INDEX/runtime-evidence) but adds no column/constraint/hash/family. This is option 1 ("move into an already-approved field if the DDL supports it"); it is flagged for Codex design-owner CONFIRMATION but requires no byte-DDL amendment - so the blueprint is not classified DESIGN_AMENDMENT_REQUIRED.

Why not DESIGN_AMENDMENT_REQUIRED

Codex's BLOCKER-C decision tree: (1) move to an approved field if the DDL supports it; ... (4) only if a new contract is unavoidable, classify DESIGN_AMENDMENT_REQUIRED. Path (1) is available and taken - the approved #20 columns (object_type open text, protected_target, entrypoint, expected_owner_role, expected_acl_sha256, source_sha256, expected_definition_sha256) cover the legacy set exactly. No new contract is unavoidable.

Self-check

PASS only if the blueprint adds no column to approved byte-level DDL without an explicit amendment. PASS - 0 new #20 column; disposition computed; set-hash eliminated; the only flagged item is a semantic-scope confirmation that needs no DDL change.