Incomex AI Portal
KB-5505 rev 8

FIX7 Refactor Blueprint - Final Verdict

13 min read Revision 8
fix7architecturerefactor-blueprintverdict

12 - Final Self-Verdict

Verdict

FIX7_REFACTOR_BLUEPRINT_T1_PATCHED_AFTER_CODEX_FAIL_READY_FOR_CODEX_RECHECK

Status history: authored ..._READY_FOR_CODEX_CRITICAL_REVIEW -> independent XHigh pass -> ..._XHIGH_REVIEWED_AND_REVISED_READY_FOR_MAX_REVIEW -> independent Max pass -> ..._MAX_REVIEWED_AND_REVISED_READY_FOR_CODEX_CRITICAL_REVIEW -> Codex independent critical review FAILED it (..._CODEX_CRITICAL_REVIEW_FAIL_HARDCODE_OR_PG_NATIVE_GAP, 7 blockers, A-K matrix) -> T1 patched all 7 blockers directly in-blueprint this pass (2026-06-08) -> the line above. The earlier Max top-line is superseded by the patch pass. Implementation, Stage 2.6B, qt001_backfill_permit, REAL_RUN, QT001 apply, activation/repoint/owner-ACL cutover all remain BLOCKED. Next is Codex recheck only, not implementation.

Codex critical-review patch pass (2026-06-08) - 7 blockers fixed in-blueprint

T1 acted on PROGRAM_PATCH_T1_FIX7_REFACTOR_BLUEPRINT_AFTER_CODEX_CRITICAL_FAIL (READ-ONLY production; blueprint KB-doc direct-revision only; no production mutation). Each Codex blocker was patched and self-checked; full detail in the patch report t1-fix7-blueprint-patch-after-codex-critical-fail-2026-06-08/00..12.

# Codex blocker fix docs self-check
1 legacy target = disguised hardcode (owner+name pattern) sealed legacy-disposition set in authority_scope_manifest #20 (typed identity + source/priv hash + exact-set both-EXCEPT vs catalog); name/owner scan = diagnostic candidate only; +G-LEGACY-TARGET-SEALED; G-PGNATIVE extended. Live proof of name-pattern fragility: views 0/183/196 by literal; routines 45 fns + 1 proc 01,02,03,04,06,07,08 PASS - target sealed/manifest/hash-bound, not pattern-bound
2 G-NOLEGACY phase-deadlock split into G-NOLEGACY-PRE (gates PKG-F, no EXECUTE-revoked requirement) + G-NOLEGACY-POST (verifies PKG-F) 04,06,07 PASS - PRE gates, POST verifies; deadlock removed
3 stub-scope contradiction ("stub all" vs "apply/writer only") 5 dispositions (REVOKE_ONLY/STUB_FAIL_CLOSED/FREEZE_NO_CHANGE/DEPRECATE_READONLY/DO_NOT_TOUCH); stub only STUB_FAIL_CLOSED; body-rollback bounded to those (pinned #27) 02,04,05,06,07,08 PASS - one disposition per object; symmetric rollback
4 rollback may reopen PUBLIC EXECUTE with new plane present atomic deactivation-first rollback (supersede new path → verify BLOCKED → verify no route → restore per disposition → verify no-mixed); +G-NOMIXED-AUTHORITY 04,05,06,07 PASS - mixed old+new authority impossible
5 ACL snapshot incomplete +column ACL (pg_attribute.attacl) +effective role-membership privilege (pg_auth_members) +sequence/default/PUBLIC/Directus/cp grants +snapshot hash; both-direction effective-privilege rollback verify 05,06,07 PASS - column ACL + effective privilege covered
6 writer gateway identity/owner ambiguous at S15/S16 pinned #26 identity (regprocedure+source_sha256+owner), phase-explicit owner table (gateway born qt001_cp_owner, no transition); +G-WRITER-GATEWAY-IDENTITY; fn_birth_registry_auto = DO_NOT_TOUCH, not the gateway 02,04,06,07,08 PASS - identity/owner/hash/binding pinned per phase
7 "permit" ambiguous vs operator authorization operator_authorization (package execution, machine-checkable artifact) vs qt001_backfill_permit (BLOCKED) vs REAL_RUN_authority (BLOCKED); +G-NO-QT001-PERMIT-DURING-FIX7; law §4G citation corrected 03,04,07,08,12 PASS - separated; QT001 permit stays blocked

A-K verdict alignment (Codex doc 11 → patched state)

Codex check Codex verdict patched state
A scope/refactor model PASS_WITH_BLOCKING_EXECUTION_DETAILS execution details fixed (B-H below); model unchanged
B MB-01 legacy neutralization FAIL_NEEDS_T1_FIX FIXED - sealed set + dispositions (BLOCKER 1+3)
C MG-01 re-audit gates NEEDS_T1_FIX FIXED - machine-checkable operator_authorization; permit separated (BLOCKER 7)
D DOT no-overwrite / PG authority HOLD_NEEDS_IDENTITY_AND_PHASE_FIX FIXED - phase-explicit gateway identity (BLOCKER 6)
E rollback/cutover safety FAIL_NEEDS_T1_FIX FIXED - atomic no-mixed-authority + symmetric body rollback (BLOCKER 3+4)
F owner/ACL snapshot NEEDS_T1_FIX FIXED - column ACL + effective privilege (BLOCKER 5)
G guard quality FAIL_NEEDS_T1_FIX FIXED - G-NOLEGACY PRE/POST; non-vacuity rules intact (BLOCKER 2)
H hardcode / disguised hardcode FAIL FIXED - sealed/hash-bound target, not name pattern (BLOCKER 1)
I PG-first/native/driven FAIL FIXED - G-PGNATIVE rejects name-pattern binding authority (BLOCKER 1)
J cross-layer/boundaries PASS_WITH_TERMINOLOGY_FIX_REQUIRED FIXED - permit terminology separated (BLOCKER 7)
K authoring-planning readiness NOT_READY all 7 minimum acceptance conditions (doc 10) addressed; resubmitted for Codex recheck

The construction blueprint for refactoring the existing production system onto the officially Codex-approved FIX7 design is complete. The internal XHigh and Max adversarial reviews both ran, found real defects, and the blueprint was revised inside this macro until both passed. No fake PASS, no production mutation, no hardcode, no PG-native gap, no read-path block.

Why not the other verdicts

  • Not FIX7_REFACTOR_BLUEPRINT_NEEDS_MORE_T1_WORK: all six review findings (XH-2/3/4, MX-1/2/3) are revised and re-checked to PASS; every gap is resolved-in-plan, planned, or blocked; rollback and guards are complete.
  • Not FIX7_REFACTOR_BLUEPRINT_BLOCKED_BY_READ_PATH: all required source docs and the live system were readable (read-only); the Directus read path is preserved by #21 + G-DIRECTUS-READ and the capture artifact (MX-1).
  • Not FIX7_REFACTOR_BLUEPRINT_FAIL_HARDCODE_OR_PG_NATIVE_GAP: every threshold resolves to a sealed manifest row; every guard is PG-native (catalog/data/recomputed-hash/both-EXCEPT); G-NOHARDCODE, G-NODISGUISE, G-PGNATIVE all required-for-PASS.

Track summary

track status
existing-system inventory (doc 01) COMPLETE - live read-only; qt001_cp absent; 20 tables/46 fns/196 views legacy (directus-owned); birth gateway + DOTs catalogued
design-to-live mapping (doc 02) COMPLETE - 27/11/14/7 + foundation + legacy disposition mapped; traceability note added
gap classification (doc 03) COMPLETE - 18 gaps; 7 P0 / 9 P1 / 2 P2 / 0 open
construction order (doc 04) COMPLETE - S00..S19, dependency-safe, operator gates marked
rollback blueprint (doc 05) ROLLBACK_BLUEPRINT_COMPLETE
test/guard blueprint (doc 06) COMPLETE - 35 guards (30 prior + G-NOLEGACY-PRE/POST split, G-LEGACY-TARGET-SEALED, G-NOMIXED-AUTHORITY, G-WRITER-GATEWAY-IDENTITY, G-NO-QT001-PERMIT-DURING-FIX7 from the Codex patch pass); G-PGNATIVE/G-OWNER-CUTOVER tightened; all 35 are TEST/VERIFICATION guards, NOT readiness gates (readiness gates stay 14 DATA; hashes 7; surfaces 27; runtime 11)
package split (doc 07) COMPLETE - PKG-A..I, sequenced, gated, no-go each
hard blocks / do-not-touch (doc 08) COMPLETE
XHigh review (doc 09) 3 findings + 1 advisory -> revised -> re-checks PASS
Max review (doc 10) 3 findings -> revised -> re-checks PASS
revisions (doc 11) COMPLETE - all findings closed; invariants non-regressed

Verdicts on required dimensions

  • Zero-hardcode: PASS (incl. disguised; G-NOHARDCODE/G-NODISGUISE).
  • PG-first/native/driven: PASS (G-PGNATIVE; all guards native).
  • Authority surfaces = 27: PRESERVED (G-AUTH-27 exact-set).
  • Runtime-evidence = 11 non-authority: PRESERVED (G-RUNTIME-NONAUTH).
  • Readiness gates = 14 (DATA): PRESERVED (G-GATES-14); new gates = 0.
  • Hash contracts = 7 (H01..H07): PRESERVED (G-HASH-7); new contracts = 0.
  • Rollback: COMPLETE and safe-blocked-preserving.
  • Dependency-safe order: COMPLETE (cycles deferred; linear package sequence).

Explicit asks for Codex critical review

  1. Confirm the central refactor framing: FIX7 is a parallel green-field qt001_cp control plane + authoritative repoint + legacy freeze, not an in-place edit.
  2. Confirm the two operational dispositions flagged in doc 02 §G / MX-2 (S15 legacy-entrypoint neutralization; S17/S18 legacy freeze/deprecate) - these extend beyond the literal approved design and need owner confirmation.
  3. Confirm the package gating, especially that legacy neutralization belongs in PKG-F (not PKG-G) and that ACL cutover is scoped to control objects only.
  4. Confirm the Max-pass operationalizations (Max MB-01 / MG-01): that S15/PKG-F neutralization covers the COMPLETE legacy-entrypoint set (all 46 fns + the apply procedure, not just "apply/writer"), and that a fresh Codex re-audit is required before PKG-F and PKG-G (the two governance-change packages).

Independent XHigh pass (2026-06-08)

An independent T1-XHigh review (separate from the embedded review) audited this blueprint, verified it against live evidence (legacy apply/writer fns confirmed proacl=NULL = PUBLIC EXECUTE), and directly revised it: +G-DOT-NOOVERWRITE (old/frozen DOT cannot overwrite gateway/control-plane), +G-LEGACY-FROZEN (fixed a dangling guard reference), rollback-bypass clarification (doc 05 note 5), hard-block rows for birth-gateway-modification + registry-pivot-repoint, cross-layer OUT-OF-SCOPE boundaries (Đ43 / QT-006 / registry-pivot), guard-count correction (26->30), and several consistency fixes. No blocker; no invariant changed. Status advanced to FIX7_REFACTOR_BLUEPRINT_XHIGH_REVIEWED_AND_REVISED_READY_FOR_MAX_REVIEW. Report: t1-xhigh-fix7-refactor-blueprint-review-2026-06-08/00..13.

Independent Max pass (2026-06-08)

An independent T1-Max review (separate from the embedded Max review and from the independent XHigh pass) audited the XHigh-revised blueprint against live production and the governing law, found 7 real defects (3 P1, 3 P2, 1 P3), and directly revised the blueprint; no blocker, no hardcode/PG-native FAIL, no invariant changed. Fixes:

  • MB-01 (P1): legacy neutralization widened from a sampled "apply/writer" subset to the COMPLETE S00-captured legacy-entrypoint set - live evidence shows ALL 46 qt001_* functions + the apply procedure are proacl=NULL / PUBLIC EXECUTE, none SECURITY DEFINER - so S15/PKG-F REVOKE and G-NOLEGACY now cover the whole set, closing the activation->freeze window.
  • MC-01 (P1): G-DOT-NOOVERWRITE re-grounded on PG-native owner-isolation (nspacl + ownership) as final authority, with DOT-body scanning demoted to a fail-closed diagnostic (DOTs are not pg_proc); birth-gateway overwrite is detection (G-BIRTH-NEUTRAL) + DOT-frozen + policy.
  • MA-01 (P2): stale top-line status corrected (Verdict section above).
  • ME-01 (P2): the owner/ACL rollback snapshot made concrete - ownership + table/view/function/ sequence ACLs + schema nspacl + default privileges (doc 05 invariant 3, doc 07 PKG-G).
  • MG-01 (P2): fresh Codex re-audit gates added before the two governance-change packages PKG-F and PKG-G (aligned with governing-law section 4G: a governance/authority change must be explicit and independently re-reviewed, never mechanical).
  • MH-01 (P2): guard-quality rules added to doc 06 (no vacuous pass for "=0"/empty guards; NULL-strict aggregates not bool_and NULL-ignore; source-text diagnostic-only, never authority).
  • MB-02 (P3): birth-family inventory completed (10 fn_birth_*, all DO_NOT_TOUCH) and the 0-trigger bypass-vector evidence recorded.

Invariants 27/11/14/7 preserved; 30 guards unchanged (tightened, none added/removed). The MB-01 neutralization-set widening and the MG-01 re-audit gates are added to the §G / explicit-asks set for Codex confirmation. Report: t1-max-fix7-refactor-blueprint-review-2026-06-08/00..12; checkpoint checkpoint-t1-max-fix7-refactor-blueprint-review-2026-06-08.md.

Blocking status (unchanged)

Implementation remains BLOCKED. This macro produced only the construction blueprint. Before any implementation: (1) Codex critical review of this blueprint must pass; (2) an implementation- authoring package (PKG-A..) must be separately authorized; (3) operator gates must be explicitly authorized for PKG-E..H. Stage 2.6B, permit, REAL_RUN, QT001 apply, manifest activation, and owner/ACL cutover all remain blocked. Production was READ-ONLY throughout; no object was created, altered, owned, granted, revoked, or executed.

Back to Knowledge Hub knowledge/dev/reports/architecture/t1-fix7-existing-system-refactor-execution-blueprint-2026-06-08/12-final-verdict.md