Incomex AI Portal
KB-7DDE

Supertrack A — P-01 H04 Evidence-Hash Dereference Review

4 min read Revision 1
fix7architecturet1-reviewcp06p01supertrack-a

01 — Supertrack A: P-01 H04 Evidence-Hash Dereference Review

Verdict: P01_VERIFIED

What P-01 demanded (T1 prior proposal)

State the dereference explicitly: reviewer_evidence_hash = evidence_registry.artifact_sha256 where evidence_registry.evidence_id = signoff_binding.reviewer_evidence_id; likewise binding_evidence_hash via binding_evidence_id. (artifact_sha256 = the unique content-hash column on evidence_registry.) Resolve the contradiction: the doc claimed evidence keys map 1:1 to signoff_binding columns while they are SHA-256 values and the columns are *_evidence_id uuid FKs (no *_evidence_hash column exists) — so an implementer could hash the UUID instead of evidence content.

What Codex delivered (patch doc 01)

  • reviewer_evidence_hash = signoff_binding.reviewer_evidence_id -> evidence_registry.evidence_id -> evidence_registry.artifact_sha256.
  • binding_evidence_hash = signoff_binding.binding_evidence_id -> evidence_registry.evidence_id -> evidence_registry.artifact_sha256.
  • The FK row must resolve; missing evidence invalidates signoff. UUIDs are identities, never evidence content hashes; H04 does not hash the evidence UUID. Fixtures reject UUID-as-content and missing evidence, and prove an artifact_sha256 mutation changes H04.

Verification against ground-truth DDL (design-correction doc 02 rev 2)

signoff_binding actually declares:

  • reviewer_evidence_id uuid NOT NULL REFERENCES qt001_cp.evidence_registry(evidence_id) ON UPDATE RESTRICT ON DELETE RESTRICT NOT DEFERRABLE
  • binding_evidence_id uuid NOT NULL REFERENCES qt001_cp.evidence_registry(evidence_id) ON UPDATE RESTRICT ON DELETE RESTRICT NOT DEFERRABLE
  • There is no reviewer_evidence_hash / binding_evidence_hash column — confirming the prior contradiction was real and the deref is the correct (and only coherent) resolution.

Checklist:

  • evidence_id NOT treated as content hash — PASS (explicit; UUID never hashed).
  • missing evidence_registry row fails — PASS (NOT NULL FK + ON DELETE RESTRICT make the referenced row always resolvable; an absent/deleted evidence cannot be referenced).
  • artifact-hash deref deterministic — PASS (for a given evidence_id there is exactly one artifact_sha256).
  • identity-as-separate-key — clean / N/A: the UUID identity is deliberately NOT a hashed key, so it cannot be confused with the content hash.

Non-blocking editorial observation (does NOT gate approval) — OBS-01

Patch doc 01's rationale aside — "equal artifact bytes with equal SHA-256 remain content-equivalent across registry UUIDs" — describes a case that a UNIQUE evidence_registry.artifact_sha256 (confirmed CP-08 doc 09) makes unreachable: one content hash ⇒ one row ⇒ one UUID. The substantive rule (H04 binds evidence CONTENT, not the UUID identity) is correct and deterministic regardless of uniqueness. No action required; deref byte-implementability is unaffected. Recorded only so Codex may optionally tighten the prose at promotion.

Result: P01_VERIFIED.

Back to Knowledge Hub knowledge/dev/reports/architecture/t1-fix7-final-short-review-after-cp06-patch-2026-06-08/01-p01-h04-evidence-dereference-review.md