06 - SUPERTRACK F — CP-06 Canonical Hash Encoding / Order / Numeric Review

Source reviewed: doc 07-cp06-canonical-hash-encoding-order-numeric.md (revision 2).

Verdict: CP06_VERIFIED (encoding/canonicalization fully pinned; full byte-implementability of H04/H05/H06 gated on RP-01)

Checklist evidence

• bytea encoding pinned — VERIFIED. "bytea/SHA-256 in payload: encode(value,'hex'), lowercase, exactly 64 ASCII hex characters; implicit bytea text cast and base64 are forbidden." Exactly the universal rule my CP-06 requested. This closes the prior non-deterministic bytea-in-jsonb gap.
• H01..H07 key maps embedded — VERIFIED. All seven contracts (plan-content, control-state, readiness-manifest, signoff-binding, capability-evidence, dependency-manifest, activation) are present with exact ordered payload keys, removing the prior dependency on an external package.
• Domain tags explicit — VERIFIED ('domain' key + per-contract domain string e.g. incomex.qt001.plan-content.v1; envelope jsonb_build_object('domain',...,'schema_version',...,'payload',...)).
• Array ordering stable — VERIFIED. "every jsonb_agg has an explicit total unique ORDER BY ... COLLATE \"C\" ending in immutable UUID/item ID; no unordered aggregate," plus an explicit Total Orders list per object class.
• Numeric representation stable — VERIFIED, and this resolves a schema-driven concern: operand_numeric is non-integer, and doc 07 pins "numeric: trim_scale(value) then JSONB numeric form; NaN/infinity and floating types forbidden." trim_scale normalizes 1.10 vs 1.1. Integers use canonical integer form (no leading plus/zero, no exponent).
• Timestamp normalization — VERIFIED (to_char(value AT TIME ZONE 'UTC','YYYY-MM-DD"T"HH24:MI:SS.US"Z"')).
• JSONB canonicalization / NULL rule — VERIFIED ("explicit-key schema only; unknown/missing key fails; SQL NULL forbidden; optional value is JSON null; string \"NULL\" is ordinary text"). Determinism fixtures include JSON-null vs string-NULL.
• No implicit bytea text casts / no delimiter concatenation / no MD5 — VERIFIED (all three explicitly forbidden).
• Cross-version stability — VERIFIED as handled: "Canonicalizer source/signature hashes and PG major version are bound in the active canonicalizer/catalog contract. A PostgreSQL major upgrade blocks activation until cross-version fixtures reproduce all expected digests." This addresses my CP-06 ask to record the jsonb-text-stability assumption.

Note on jsonb key ordering: the envelope serializes via jsonb_build_object(...)::text, and PG jsonb stores keys in canonical (length, then bytewise) order — deterministic within a PG major and re-validated on upgrade. The "ordered keys" tables are the logical contract; physical order is jsonb-canonical. Acceptably bound.

Residual (carried to RP-01 — blocking completeness)

The encoding RULES are complete, but several H-contracts hash sub-payloads sourced from RUNTIME INSTANCE tables that are not byte-defined anywhere in the package:

• H04 signoff-binding keys (reviewer_principal_id, binder_principal_id, reviewer_human_identity_id, binder_human_identity_id, reviewer_evidence_hash, binding_evidence_hash, ...) → the per-activation signoff/binding instance table.
• H05 capability-evidence keys (run, measurements, artifacts, environment) → capability run/measurement/artifact instance tables.
• H06 dependency-manifest keys (roots, edges, source_hashes, analyzer_run, dynamic_targets) → dependency edge/root instance + dynamic-target observation. Without those tables' exact columns, an implementer cannot build H04/H05/H06 byte-identically — the same divergence risk CP-06 was meant to close, displaced to the instance layer. Resolve via RP-01.

Conclusion

Canonical scalar/array/time/bytea/collation/NULL/JSONB forms are fully and correctly pinned. CP06_VERIFIED; the instance-table inputs to H04/H05/H06 are carried as the blocking RP-01.