CP-05 Sealed Thresholds Review
05 - SUPERTRACK E — CP-05 Sealed Thresholds / Gates / Vectors Review
Source reviewed: doc 06-cp05-sealed-thresholds-gates-vectors.md (revision 1).
Verdict: CP05_VERIFIED
Checklist evidence
- No numeric threshold literal acts as authority in adapters — VERIFIED by rule. "No adapter/function/CHECK may contain a numeric policy literal... no number that decides readiness, capability, bypass, quorum, freshness, or eligibility. Numbers written in design documents are seed explanations only. Runtime code never compares against document numbers." Structural literals (0, one operand, 32-byte SHA length) are allowed only as datatype shape.
- Thresholds come from sealed contracts — VERIFIED. Each of the specific literals I flagged in CP-05 now maps to an existing sealed field:
- SCALE_SAFE performance (600000 ms / 1073741824 bytes) → typed operand columns of
capability_measurement_requirement. - capability "exact 3 runs" →
capability_artifact_requirement.minimum_countor a typed measurement operand. - gate count "14" → ACTIVE READINESS_GATE
manifest_set.expected_item_count. - hash count "7" → ACTIVE HASH_COMPONENT
manifest_set.expected_item_countplus exact component set. - quorum Q_CRITICAL_3 →
quorum_requirement_manifest.required_count("no literal CHECK"). - plus gate/vector/capability freshness →
*.max_age_seconds; approval age/deadline →activation_policy_manifest; analyzer freshness →analyzer_contract_manifest.max_age_seconds; workload size/collision →workload_profile_manifest.
- SCALE_SAFE performance (600000 ms / 1073741824 bytes) → typed operand columns of
- No extra threshold surface / no 28th table — VERIFIED as DESIGNED: "No new threshold child/table is introduced... preventing a hidden 28th authority surface." (But see RP-02 below: doc 09 reintroduces a sealed-retention-policy authority surface that is not one of the 27 — a coherence conflict with this very claim.)
- Threshold fields/units/source/provenance — VERIFIED (owner-controlled, versioned, exact-set sealed, item/payload SHA-256-bound, activation-quorum-bound, included in readiness/plan/control hashes; provenance = activation/evidence chain + item source-evidence hash).
- Changing/removing threshold fails readiness — VERIFIED (negative tests: mutate threshold without new activation, threshold literal in adapter, wrong unit/operator/type, missing/extra/NULL/stale row, Directus DML, omit threshold from hash, activate without quorum — each blocks readiness).
- SA15 enforcement — VERIFIED as a fail-closed blocker. SA15 parses adapter/function definitions and fails any numeric policy literal not classified structural in the sealed reference-contract catalog. Source-text scanning used to BLOCK (not to grant) is acceptable anti-hardcode defense; its classifier leans on reference-contract coverage → RP-04.
Residual (carried to RP-02 — coherence conflict)
Self-review item 8 replaced fixed monthly partitioning with an "ACTIVE sealed retention-policy interval/capacity" (doc 09). That interval and capacity threshold are numeric authority that decides partition-maintenance behavior, yet NO retention/storage-policy manifest exists among the exactly-27, and CP-05/self-review item 3 forbid an uncounted 28th authority surface. This is an internal contradiction Codex must reconcile (RP-02).
Conclusion
Every gate/vector/capability/quorum threshold is bound to a sealed manifest field with a literal-free adapter rule and reacting negative tests. CP05_VERIFIED; the retention-policy authority surface conflict is carried as the blocking RP-02.