FIX7 Refactor Blueprint - Gap Classification Matrix
03 - Gap Classification Matrix
Severity: P0_BLOCKER / P1_MUST_FIX_BEFORE_IMPLEMENTATION / P2_MUST_PLAN / P3_ADVISORY.
"Authorable" = T1 may author the planning/SQL artifact now (still not applied). "Operator-gated" =
requires explicit operator authority at apply time. Every gap is either resolved-in-plan, planned,
or blocked - none is left open without disposition.
| gap_id | component | current live state | approved requirement | gap type | severity | required action | authorable / op-gated | affected objects | affected hashes | affected gates | affected rollback | Directus/read | PG-native | no-hardcode |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| G-01 | qt001_cp schema+roles+domains |
absent | foundation present, owner-isolated | MISSING | P1 | author DDL; create operator-gated | authorable / op-gated | schema, 3 roles, 4 domains | none | none | drop empty schema (pre-seal) | native | n/a | |
| G-02 | catalog root (code_catalog_*) |
absent (legacy has none) | sealed bootstrap, owner-only immutable, FK-authority root | MISSING | P0 | author + sealed bootstrap seal/ownership | authorable / op-gated | 3 catalog tables | feeds all canonicalizer_id | all (rule sets) | new version | none | catalog seal = anti-hardcode root | |
| G-03 | manifest anchors (manifest_set,_item_envelope) |
absent | global-unique item_id conservation, immutable trigger | MISSING | P0 | author DDL + immutable trigger | authorable / op-gated | 2 anchors | item_sha256/payload_sha256 | all | new version | none | native exact-set | |
| G-04 | 27 authority surfaces | absent | exact 27 child contracts, deferred cross-FK | MISSING | P1 | author 27 DDL + 4 deferred forward FKs | authorable / op-gated | 27 tables | H01..H07 source | #09,#12 host gates | reverse-order drop empty | native | typed domains, no literals | |
| G-05 | 5 registry/runtime-support tables | absent | evidence/principal/human-identity/analyzer_run/manifest_activation | MISSING | P1 | author DDL + cycle-break ALTER | authorable / op-gated | 5 tables | H04 evidence deref | none | reverse-order | native | FK integrity | |
| G-06 | 11 runtime-evidence tables | absent | non-authority, owner-only, 7 partitioned | MISSING | P1 | author DDL; enumerate via #20 typed rows | authorable / op-gated | 11 tables | H02/H04/H05 anchors | gate_fact/bypass_fact | reverse-order | none | partition bounds from #05, not literals | |
| G-07 | 14 readiness gates (DATA) | legacy readiness_guard_registry_v9 + views |
14 sealed readiness_gate_manifest rows |
WRONG_FORM | P1 | author seed rows; seal; exact-set=14 | authorable / op-gated | #09 rows + gate_fact_result | none | new version | none | gates are DATA, 0 new gate schema | ||
| G-08 | 7 hash contracts (DATA) | legacy fingerprint/checksum fns | 7 sealed hash_component_manifest H01..H07 rows; CP-06 canonical encoding |
WRONG_FORM | P0 | author H01..H07 rows incl H04_SCOPE_V1 (8 keys), H02/H05 total orders | authorable / op-gated | #10 rows | H01..H07 | none | new version | none | hex/COLLATE C/UTC/total-order pinned | |
| G-09 | expected-constraint set | none | typed #20 CONSTRAINT/INDEX rows + table set-hash; both-EXCEPT | MISSING | P1 | author #20 typed rows; both-EXCEPT verify | authorable / op-gated | #20 rows | expected_constraint_set_sha256 | none | new version | none | no BENIGN_EXTRA_INDEX exemption | |
| G-10 | Directus read contract | ad-hoc Directus SELECT (live) | sealed privilege_set_manifest #21 read-set; preserve identical SELECT |
MISSING + KEEP | P1 | enumerate existing SELECT set; author #21 rows | authorable / op-gated | #21 rows | read_pattern_sha256 | none | new version | preserves existing reads | no CASE/CHECK on privilege | |
| G-11 | authoritative path repoint | live writer/driver/builder call legacy v5 chain | atomic repoint to manifest world; non-reachable-to-legacy proven | MISMATCH | P0 | author writer_repoint_manifest #27 + gateway_manifest #26; bind source_sha256; #11 reachability proof |
authorable / op-gated apply | #26,#27, writer/gateway fns | H01 | none | rollback stub source pinned in #27 | dependency closure native (#11), not regex | ||
| G-12 | legacy qt001_* freeze/deprecate |
20 tables/46 fns/196 views live, directus-owned | frozen then deprecated AFTER qt001_cp active+proven | MISMATCH | P2 | author freeze/deprecate package; gate on #11 non-dependence proof | authorable / op-gated | 262 legacy objects | none | none | append-only/new version; no live DROP | none | freeze = no behavior change | |
| G-13 | owner/ACL cutover | directus owns all control objects (262); PUBLIC EXECUTE present | own by qt001_cp_owner; REVOKE directus/PUBLIC authority |
MISMATCH | P0 | author cutover package; OPERATOR runs | authorable / OPERATOR_GATED | all control objects | none | none | re-grant prior ACL on rollback | none | ACL from #20/#21, not literals | |
| G-14 | manifest activation / seal | none | exact quorum + epoch binding seal/activate | MISSING | P0 | author seal/activate procedure spec | authorable / OPERATOR_GATED | manifest_activation | activation_sha256 | none | rollback = new candidate | none | no caller-supplied lifecycle | |
| G-15 | item_payload descriptive-only | legacy reads operational data from rows | operational reads fail; adapter input set sealed (#24) | MISMATCH | P1 | author #24 adapter-input contract + dependency edges | authorable / op-gated | #24 + #11 | none | none | new version | none | item_payload never operationally read | |
| G-16 | scale evidence | legacy free-text/NOT_SAFE | workload_profile_manifest #23 + capability runs measured |
MISSING | P2 | author #23 rows; real measured runs deferred to REAL_RUN | authorable / op-gated (runs blocked) | #23 + capability_run | H05 | none | new version | none | measured, not asserted | |
| G-17 | Stage 2.6B / qt001_backfill_permit (admission permit) / REAL_RUN / QT001 apply |
blocked | remain blocked until later gates; not unlocked by operator_authorization (doc 07 §Terminology) |
BLOCKED | P0 | keep blocked; no artifact applied | n/a / BLOCKED_UNTIL_AUTHORITY | apply path | none | none | n/a | none | G-NO-QT001-PERMIT-DURING-FIX7 | |
| G-18 | unclassified legacy objects | some object roles not yet FK-bound to a FIX7 component | every object classified before repoint | UNKNOWN | P1 | re-dump defs; classify; UNKNOWN_REQUIRES_REVIEW blocks repoint |
authorable / op-gated | TBD | none | none | n/a | none | no-guess |
Severity roll-up
- P0_BLOCKER (7): G-02, G-03, G-08, G-11, G-13, G-14, G-17. These gate everything; each is either a sealed-root/anti-hardcode requirement or a destructive operator-gated cutover, or the standing hard-block set. None is authorable-to-apply by T1.
- P1_MUST_FIX_BEFORE_IMPLEMENTATION (9): G-01, G-04, G-05, G-06, G-07, G-09, G-10, G-15, G-18. All authorable now as planning/SQL artifacts; none applied.
- P2_MUST_PLAN (2): G-12, G-16.
- P3_ADVISORY (0).
Disposition guarantee
Every gap above is dispositioned as resolved-in-plan (authorable artifact specified), planned (P2), or blocked (G-17, plus the operator-gated apply halves of G-11/G-13/G-14). No gap is left open. The invariants 27/11/14/7 are unaffected by any gap fix (all additions are DATA rows or non-authority tables; the 27 count is exact-set verified by seal).
Codex critical-review patch note (2026-06-08). The legacy-object gaps G-11/G-12/G-13 are
operationalized through the sealed legacy-disposition set (doc 02 §H/§I): membership is
established by typed authority_scope_manifest #20 rows + dependency_manifest #11 closure +
effective-privilege evidence, exact-set both-EXCEPT proven vs catalog and hash-bound - never a
name pattern or prose count (Codex BLOCKER 1; G-LEGACY-TARGET-SEALED). Each member carries exactly
one of five dispositions (REVOKE_ONLY / STUB_FAIL_CLOSED / FREEZE_NO_CHANGE / DEPRECATE_READONLY /
DO_NOT_TOUCH), which resolves the stub-scope contradiction (BLOCKER 3) and bounds body-rollback to
the STUB_FAIL_CLOSED members. This adds 0 authority surfaces / 0 readiness gates / 0 hash contracts
(DATA rows in existing #20/#27 + one typed disposition column); 27/11/14/7 still hold.