00 — T1 FIX7 RP-Corrected Design Short Review (Readme First)

Date: 2026-06-08 Reviewer: T1 (production Agent for Agent Data) Mode: READ-ONLY production / AUTHOR_MODE_ONLY. No DB/role/grant/trigger/function/scheduler/UI mutation; no object creation; no live SQL; no manifest activation; no ownership/ACL change; no permit; no Stage 2.6B; no REAL_RUN; no QT001 apply; no Codex-doc edit. KB review artifacts only.

What was reviewed

Codex's latest corrected design package, applying T1's refined RP-01..RP-08: knowledge/dev/reports/architecture/codex-fix7-design-correction-from-t1-rp-refinements-2026-06-07/ (docs 00..10), against T1's refined proposals (t1-fix7-rp-proposal-refinement-cross-impact-2026-06-07/ docs 00..13) and the byte-level spec-artifact package it depends on (codex-fix7-spec-artifact-correction-from-t1-proposals-2026-06-07/ docs 02, 07, 09, 10).

Codex status claimed: FIX7_DESIGN_CORRECTED_FROM_T1_RP_REFINEMENTS_READY_FOR_SHORT_T1_REVIEW, with all six blocking RP resolved, exactly 27 authority surfaces, 11 non-authority runtime-evidence tables, zero new gates, zero new hash contracts, and ZERO_HARDCODE / PG_NATIVE / NO_GUESS passes.

Headline verdict

DESIGN_NEEDS_TARGETED_PROPOSALS_BEFORE_FINAL_APPROVAL

This is not a hardcode, PG-native, scale, or read-path failure. The design has advanced materially and is internally coherent. All six blocking RP are structurally resolved; RP-02, RP-03, RP-04, RP-05, RP-06, RP-07, RP-08 are clean. Codex's deviations from T1's literal asks are all in the safe direction (fewer surfaces): capability_environment folded into capability_run; the runtime-evidence object set enumerated via counted authority_scope_manifest #20 rather than a new runtime_evidence_object_set; RP-05 reuses counted dependency_manifest/ analyzer_contract_manifest instead of a new adapter_input_contract. Exactly 27 authority surfaces hold; zero new gates; zero new hash contracts.

The single residual is the one acceptance gate the T1 handoff named explicitly — "H04/H05/H02 byte-implementable; every sub-payload key resolves to a named table.column." Codex added a "Runtime-Evidence Column Bindings" section to the hash doc (good), and H05/H02 bindings are consistent with the new byte-level DDL — but three precision gaps remain in …/codex-fix7-spec-artifact-correction-from-t1-proposals-2026-06-07/07-cp06-…md that keep H04/H05/ H02 from being byte-implementable without guessing, which would re-admit the exact determinism/divergence loop RP-01 was created to close.

The three blocking precision proposals (all in CP-06 hash doc 07; all surgical)

• P-01 (LOW, blocking): H04 keys reviewer_evidence_hash / binding_evidence_hash are declared as "one-to-one named signoff_binding columns" — but those are hashes and the columns are reviewer_evidence_id / binding_evidence_id (uuid FKs). Pin the dereference to the unambiguous source evidence_registry.artifact_sha256. Internal contradiction; one-line fix.
• P-02 (MEDIUM, blocking): signoff_binding.scope_hash canonical composition is stated as a condition ("…only if scope_hash canonically includes quorum profile, principal class, slot ordinal, and action") but never pinned. Define its exact ordered key list — needed for a deterministic signoff write path, for H04's safe exclusion of slot keys, and for RP-06's slot-binding security argument.
• P-03 (MEDIUM, blocking): The "Total Orders" section omits the canonical aggregate order for the newly-bound runtime sets: H05 measurements (capability_measurement), H05 artifacts (capability_artifact), H02 capability_evidence_hashes (capability_run), H02 post_activation_verifier_state. The general "every aggregate needs a total order" rule guarantees an order exists, not which — two implementations can pick different orders → different digests.

One advisory (non-blocking)

• P-04 (ADVISORY): RP-03 expected-constraint check scopes strict failure to "authority-relevant" constraints; disposition of an extra benign non-authority index on a control-plane table is unspecified. T1's refinement left this to Codex's choice with default FAIL; ask Codex to state the benign-extra disposition explicitly (fail-closed or operator-quarantine) so there is no definitional gap.

Hard blocks unchanged

Stage 2.6B, permit, REAL_RUN, QT001 apply, implementation — all remain BLOCKED. Production stayed READ-ONLY. Next: Codex applies P-01..P-03 (P-04 optional) to CP-06 doc 07 → short T1 re-review → DESIGN_READY_FOR_CODEX_FINAL_APPROVAL → Codex final approval.

Document map

• 01 — Supertrack A: blocking-RP resolution matrix
• 02 — Supertrack B: RP-01 runtime-evidence review (the proposal driver)
• 03 — Supertrack C: RP-02 retention authority review
• 04 — Supertrack D: RP-03 consolidated DDL + expected-constraint catalog review
• 05 — Supertrack E: RP-04 catalog-family coverage review
• 06 — Supertrack F: RP-05 item_payload review
• 07 — Supertrack G: RP-06 same-human slot-scope review
• 08 — Supertrack H: RP-07 retirement-evidence FK review
• 09 — Supertrack I: RP-08 Directus read-contract review
• 10 — Supertrack J: cross-impact / non-regression review
• 11 — Supertrack K: zero-hardcode / disguised-hardcode final scan
• 12 — Supertrack L: PG-first/native/driven final scan
• 13 — Supertrack M: feasibility / scale final scan
• 14 — Supertrack N: proposal package (P-01..P-04)
• 15 — Supertrack O: final verdict