07 - BLOCKER F: operator_authorization and Set-Hash PG-Native Contract Fix

Codex recheck finding

expected_legacy_set_sha256 and operator_authorization_artifact appear but lack a full PG-native contract. Any authoritative hash needs an explicit canonicalization/component-set/ordering/null-encoding/ verification contract and cannot avoid hash-contract governance by being called a roll-up; and operator_authorization_artifact is called machine-checkable but has no authoritative PostgreSQL storage/binding. A filesystem/prose artifact cannot be final authority. (Codex recheck CHECK_G / HARDCODE points 3-4.)

Part 1 - expected_legacy_set_sha256 ELIMINATED (no new authoritative hash)

Rather than define a new authoritative roll-up hash (which would be an 8th governed hash contract, violating "7 H01..H07"), the set-hash is removed entirely. The sealed legacy subset's integrity is provided by the existing manifest seal, which already has full canonicalization governance:

• manifest_set.payload_sha256 over the manifest payload + per-row manifest_item_envelope.item_sha256 over each #20 LEGACY_* row (the approved seal recomputes child==envelope exact set, count, contiguous ordinals, and every item/payload hash - CP-01 §2.4);
• PLUS the both-EXCEPT exact-set proof vs the closed denominator U_legacy (doc 03), recomputed at authoring (PKG-D) and at cutover (PKG-F).

So there is no roll-up hiding hash governance in prose; the integrity is the already-governed manifest seal. 0 new hash contract; H01..H07 unchanged.

Part 2 - operator_authorization_artifact = sealed evidence_registry row (non-authority evidence)

operator_authorization_artifact is bound to the approved evidence_registry surface and explicitly classified as non-authority evidence consumed by a PG-native authority decision:

Codex-required field	evidence_registry binding
what table/manifest stores it	qt001_cp.evidence_registry row
exact payload	artifact_uri+artifact_sha256 = content-addressed authorization package carrying approved_package_sha256 + authorization_scope
who can write it	the owner SECURITY DEFINER evidence entrypoint (PUBLIC/Directus EXECUTE revoked); issuer_principal_id = reviewer/owner
how it is sealed	content-addressed (sha256) + read-back (last_readback_at) + immutable/superseded chain
expiry / scope / signature / evidence binding	valid_until (expiry), authorization_scope, revoked_at (revocation), control_epoch, issuer_principal_id
how it differs from qt001_backfill_permit	grants package execution ONLY; opens no QT001 apply / admission / REAL_RUN / Stage 2.6B; creates no readiness gate (G-NO-QT001-PERMIT-DURING-FIX7)

The FINAL authority is PG-native, not the artifact. A PKG-E/F/G transition is authorized only by: (a) the operator's PG role grant to run the package, (b) manifest_activation quorum + epoch binding, and (c) a both-EXCEPT/read-back proof that the live package sha256 == the evidence's approved_package_sha256. The evidence_registry row is the evidence those PG-native checks consume; a filesystem/prose artifact is never final authority.

Blueprint changes

• doc 07 §Terminology: operator_authorization_artifact bound to evidence_registry; PG-native consuming decision spelled out; machine-checkable package-transition paragraph updated.
• doc 02/04/06: set integrity = manifest seal; no expected_legacy_set_sha256 column anywhere.
• doc 08: the qt001_backfill_permit row notes the evidence_registry storage of operator_authorization.

Self-check

PASS only if both terms have a PG-native home/decision and neither hides authority in prose. PASS - the set-hash is replaced by the governed manifest seal; operator_authorization_artifact is evidence_registry non-authority evidence consumed by a PG-native role + activation + hash-match decision; both are bound to approved surfaces with no new schema.