KB-3781
T1 FIX7 Option Beta - Hardcode / PG-Native Self-Review
4 min read Revision 1
fix7t1option-betahardcodepg-nativeself-review2026-06-08
07 - BLOCKER 6: Hardcode / PG-Native Self-Review
Run after patching, per the amendment's checklist. Each item is a hard PASS condition.
| # | check | verdict | evidence |
|---|---|---|---|
| 1 | no disposition enum | PASS | 5-value enum removed from all load-bearing positions; survives only as non-authority English (doc 02 §H.5); G-LEGACY-NO-DISPOSITION-AUTHORITY |
| 2 | no legacy classifier | PASS | the computed-disposition classifier/truth-table is deleted; there is no classification step — one uniform end-state for every member (doc 02 §H.3) |
| 3 | no CASE policy | PASS | no CASE/branch decides an outcome; relkind/prokind select PG syntax only (doc 04 §S15, doc 06 rule 6) |
| 4 | no relkind/prokind policy branching | PASS | relkind/prokind = syntax selection only; all classes converge to the same end-state (doc 02 §H.3, doc 04 writer-gateway table) |
| 5 | no name/pattern/owner authority | PASS | membership = closure(#11, roots=#20 protected_target rows), hash-sealed; name/owner scans diagnostic only; G-PGNATIVE + G-LEGACY-TARGET-SEALED reject name-pattern binding; live name-fragility proof retained (doc 02 §H.1) |
| 6 | no item_payload loophole |
PASS | code_catalog_item.item_payload never operationally read (G-ITEMPAYLOAD, #24 input contract); unchanged |
| 7 | no external artifact policy | PASS | operator authorization = typed PG rows (G-OPERATOR-AUTH-PG-NATIVE); the only legacy evidence_registry use is the owner/ACL snapshot, evidence-only (doc 05) |
| 8 | no STUB / body mutation path | PASS | no body change/restore for any member; rollback = owner+ACL snapshot replay only (doc 04, doc 05) |
| 9 | no DO_NOT_TOUCH subtraction |
PASS | U_legacy has no subtraction; collisions fail closed (doc 02 §H.4, doc 06) |
| 10 | U_legacy sealed / hash-bound |
PASS | #20 roots hash-sealed by #26 protected_target_set_sha256; closure sealed by manifest seal + fresh analyzer_run; both-EXCEPT vs closed denominator (G-LEGACY-TARGET-SEALED, G-LEGACY-TARGET-CLOSED-DENOMINATOR) |
| 11 | end-state uniform and PG-native | PASS | owner=qt001_cp_owner (catalog ownership) + body unchanged (catalog def hash) + effective privileges == exact #21 (catalog ACL via pg_auth_members); G-U-LEGACY-OPTION-BETA-UNIFORM-ENDSTATE |
| 12 | #21 privilege contract is the authority for final effective privileges | PASS | closed-world sealed #21 is the desired-privilege authority; both-EXCEPT realized-vs-desired; absence authoritative only because #21 is complete/sealed/count-hash-bound (doc 05, doc 02 §H.3) |
Invariant counts (preserved)
AUTHORITY_SURFACES = 27 (unchanged; no new surface)
RUNTIME_EVIDENCE = 11 (non-authority; unchanged)
READINESS_GATES = 14 (DATA) (unchanged; 0 new gate)
HASH_CONTRACTS = 7 (H01..H07) (unchanged; 0 new top-level contract)
NEW_#20_COLUMNS = 0 (no `disposition`/`root_kind`/`expected_legacy_set_sha256`)
NEW_CATALOG_FAMILY = 0 (no `legacy_disposition` family)
TEST_GUARDS = 42 (40 -> 42: +G-U-LEGACY-OPTION-BETA-UNIFORM-ENDSTATE, +G-LEGACY-NO-DISPOSITION-AUTHORITY)
PRODUCTION_MUTATION= 0
Verdict
ZERO_HARDCODE_PASS and PG_NATIVE_DRIVEN_PASS. The patch REMOVES the disguised-hardcode constructs
(disposition enum/classifier/CASE/name-pattern/STUB/external-artifact policy/DO_NOT_TOUCH
subtraction) rather than adding any; final authority is PG ownership + sealed #20 roots + #11 closure
- closed-world #21 + #26/#27 + manifest activation. No disguised hardcode or PG-native gap was introduced.