00 - FIX7 Existing-System Refactor Execution Blueprint - Readme First

Date: 2026-06-08 Author: T1 (production Agent for Agent Data) Macro: FIX7_EXISTING_SYSTEM_REFACTOR_MAPPING_EXECUTION_BLUEPRINT_WITH_INTERNAL_XHIGH_MAX_REVIEW Mode: READ-ONLY production. AUTHOR_MODE_ONLY. KB blueprint documents only.

What this package is

This is a construction blueprint for refactoring the existing production system onto the officially Codex-approved FIX7 design. It is NOT implementation, NOT live migration, NOT Stage 2.6B, NOT a permit, NOT REAL_RUN, NOT QT001 apply, NOT owner/ACL cutover, NOT manifest activation.

No production object was created, altered, dropped, owned, granted, revoked, or executed in authoring this package. The only writes performed are these KB documents and the checkpoint.

Design-approval source (confirmed)

• Official status: FIX7_DESIGN_OFFICIALLY_APPROVED_BY_CODEX_FOR_IMPLEMENTATION_PLANNING.
• Owner confirmation: codex-owner-confirmation-fix7-final-design-approval-2026-06-08/05-final-verdict.md (A MISROUTING_ACKNOWLEDGED, B T1_EVIDENCE_VALID, C CODEX_OWNER_APPROVES, D BOUNDARIES_CONFIRMED).
• T1 genuine final short-review: DESIGN_READY_FOR_CODEX_FINAL_APPROVAL, 0 blocking proposals.
• Design index: BIRTH_GATEWAY_DESIGN_INDEX.md rev 27.
• This approval authorizes implementation-planning/authoring only. Implementation and all live gates remain blocked.

Confirmed approved-design invariants (must be preserved by any refactor)

AUTHORITY_SURFACES                 = 27   (named child contracts #01..#27)
RUNTIME_EVIDENCE_TABLES            = 11   (non-authority)
NEW_READINESS_GATES                = 0    (14 gates are DATA rows in surface #09)
NEW_TOP_LEVEL_HASH_CONTRACTS       = 0    (7 contracts H01..H07 are DATA rows in surface #10)
PRODUCTION_MUTATION                = 0
STAGE_2_6B / PERMIT / REAL_RUN / QT001_APPLY = BLOCKED
OWNER_ACL_CUTOVER / MANIFEST_ACTIVATION      = BLOCKED_OPERATOR_GATED

The central refactor finding (verified live, read-only, 2026-06-08)

The FIX7 design is a parallel green-field control-plane schema qt001_cp. Live introspection confirms:

• qt001_cp schema: ABSENT (live schemas: cutter_governance, iu_core, public, sandbox_tac).
• qt001_cp_owner / qt001_cp_migrator / qt001_cp_reader roles: ABSENT.
• Legacy qt001_* objects in public, all owned by directus: 20 tables, 46 functions, 196 views (the FIX..FIX6 iteration objects that Codex repeatedly rejected as hardcode/bypass).
• Birth gateway (birth_registry, birth_admission_permit/_v2, birth_backfill_ledger/_v2, birth_gateway_release_registry, and 5 fn_birth_*): present, owned by directus.

Therefore the refactor is not "build FIX7 from nothing" and not "edit the legacy objects in place". It is:

1. ADD the whole qt001_cp control plane (roles, schema, domains, catalog root, anchors, 27 authority surfaces, registries, 11 runtime-evidence tables, sealed manifest DATA) - every item MISSING_ADD, all operator-gated, none authored-live by T1.
2. REPOINT the single authoritative apply/writer path from the legacy qt001_* world to the qt001_cp manifest-driven world atomically, proven non-reachable-to-legacy by dependency_manifest #11 + authority_scope_manifest #20 (this is what every prior FIX cycle failed to do, and what writer_repoint_manifest #27 + gateway_manifest #26 encode).
3. FREEZE then DEPRECATE the legacy qt001_* objects - never DROP them live; rollback is a new manifest version, not deletion.
4. DO_NOT_TOUCH the birth gateway and the two frozen dangerous DOTs (DOT-118 dot-birth-backfill, DOT-119 dot-birth-trigger-setup); birth-neutral row anchor preserved.
5. ROLE_CUTOVER_LATER: directus currently owns all control objects; ownership transfer to qt001_cp_owner + REVOKE of directus/PUBLIC authority is destructive and operator-gated.

Document map

Doc	Content
00	This readme
01	Live existing-system inventory (read-only)
02	Design-to-live mapping (every approved component -> live state + action)
03	Gap classification matrix (gap_id, severity, action)
04	Dependency-safe construction order
05	Rollback blueprint
06	Test / guard blueprint
07	Implementation package split
08	Hard blocks and do-not-touch list
09	XHigh adversarial review
10	Max adversarial review
11	Blueprint revisions from reviews
12	Final verdict

Classification vocabulary (used exactly, no vague labels)

EXISTS_OK · EXISTS_BUT_WRONG · MISSING_ADD · LEGACY_REPLACE · LEGACY_FREEZE · LEGACY_DEPRECATE · ROLE_CUTOVER_LATER · OPERATOR_GATED · DO_NOT_TOUCH · BLOCKED_UNTIL_AUTHORITY · UNKNOWN_REQUIRES_REVIEW.

Self-verdict (see doc 12)

FIX7_REFACTOR_BLUEPRINT_T1_PATCHED_AFTER_CODEX_FAIL_READY_FOR_CODEX_RECHECK (2026-06-08). Gate chain: authored → independent XHigh → independent Max → ..._MAX_REVIEWED_AND_REVISED_READY_FOR_CODEX_CRITICAL_REVIEW → Codex independent critical review FAILED it (7 blockers; A-K matrix) → T1 patched all 7 blockers directly in-blueprint (this pass) → the status above. Patch detail: t1-fix7-blueprint-patch-after-codex-critical-fail-2026-06-08/00..12. The seven fixes: sealed legacy-disposition set in #20 (no name-pattern authority); G-NOLEGACY split PRE/POST; five dispositions (stub only STUB_FAIL_CLOSED); atomic deactivation-first rollback + G-NOMIXED-AUTHORITY; complete effective-privilege ACL snapshot (incl. column ACL); pinned phase-explicit writer-gateway identity; operator_authorization separated from the BLOCKED qt001_backfill_permit. Guards 30 → 35 (all test/verification guards; readiness gates stay 14, hashes 7, surfaces 27, runtime 11). Implementation remains blocked until (1) Codex recheck passes, (2) an implementation-authoring package is separately authorized, (3) operator gates are explicitly authorized where required. Next after recheck PASS is Codex approval only - not implementation.