KB-46FD

Supertrack D — P-04 Extra-Index Disposition Review

3 min read Revision 1

fix7architecturet1-reviewcp06p04supertrack-d

04 — Supertrack D: P-04 Extra-Index Disposition Review

Verdict: P04_VERIFIED

What P-04 demanded (advisory)

State the disposition of an extra benign non-authority index on a control-plane table (fail-closed vs operator-quarantine) and the authority-relevant constraint classes, so the constraint contract has no definitional gap.

What Codex delivered (patch doc 04)

EVERY extra PK/UNIQUE/FK/CHECK/exclusion/partial/expression/plain-performance index or constraint ALWAYS fails OBJECT_AUTHORITY_IMMUTABLE.
NO runtime BENIGN_EXTRA_INDEX exemption.
A desired performance index must FIRST be added as an expected typed #20 INDEX row in a NEW candidate manifest version → pass review/seal/quorum → activate; only then may it be created, at which point it is expected (not extra).
Names, source allowlists, operator judgment, ad-hoc labels CANNOT exempt it.
Reuses counted surface #20; no hidden authority or exception path.

Assessment

Codex chose the strictest possible disposition — fail-closed for ALL extras, no quarantine, no benign class. This eliminates the definitional gap entirely (the uniform answer is "FAIL until expected") and removes a disguised-hardcode/bypass vector (no name/label/operator judgment can whitelist an object). Promotion of a legitimate index is forced through the sealed #20 manifest + quorum path, so an extra index can never silently acquire or alter readiness/authority semantics.

Checklist:

unknown extra FK/UNIQUE/CHECK/index fails — PASS.
no broad BENIGN_EXTRA_INDEX exemption — PASS.
desired index becomes expected only via a sealed #20 manifest version — PASS.
no hidden authority surface introduced — PASS (reuses #20).
extra performance index cannot alter readiness/authority semantics — PASS.

Note: this EXCEEDS the advisory ask (resolves it as a hard fail-closed contract). The operational cost — adding a performance index needs a manifest version bump + quorum — is the deliberate, correct trade-off for an immutable authority surface; a feasibility cost, not a design defect (see doc 08).

Result: P04_VERIFIED.