Supertrack D — RP-03 Consolidated DDL + Expected-Constraint Catalog Review
04 — Supertrack D: RP-03 consolidated DDL + expected-constraint catalog review
Verdict: RP03_VERIFIED (one non-blocking advisory: P-04).
What Codex delivered (doc 06)
A single normative 10-step creation order; five explicit deferred-constraint groups; and an
expected-constraint model embedded in the already-counted surface authority_scope_manifest #20
(Codex explicitly rejected a free-form expected-constraint JSON payload — matching T1's directive).
Checklist
| Criterion | Result | Basis |
|---|---|---|
| RP-03 authored last; enumerates final constraint set | ✅ | edit order had RP-03 last; doc 06 enumerates the 5 deferred groups (incl. RP-01/02/04/07 FKs) + the #20 expected-constraint model |
expected-constraint rows in authority_scope_manifest #20, not new surface |
✅ | per-constraint typed #20 rows; no new table/JSON authority (cross-impact doc 08 confirms) |
| typed rows, not free-form JSON | ✅ | each constraint/index = typed #20 row: object_identity, parent_object_identity, object_type, expected_definition_sha256; per-table expected_constraint_set_sha256 |
| pg_constraint / pg_index both-EXCEPT verification | ✅ | realized snapshot from PG16 pg_constraint + pg_index, canonicalized under CP-06; compare both EXCEPT directions (structural truth, not source-text) |
| missing deferred ALTER fails | ✅ | dropping any deferred FK in rehearsal → realized set MISSING it → OBJECT_AUTHORITY_IMMUTABLE fail-closed (the whole point of RP-03) |
| extra unknown constraint behavior specified | ⚠️ partial | "Missing/extra/changed authority-relevant constraints fail"; benign non-authority extra index disposition unstated → advisory P-04 |
| rollback / drop order coherent | ✅ | reversal = exact reverse order; drops only empty candidate-only objects; active/history never dropped |
| no silent integrity hole remains | ✅ | both-EXCEPT name+detail + dropped-FK-fails converts the prior silent hole into a fail-closed block |
Creation order (doc 06) — acyclicity check
Roles/schema/domains → catalog (set/family/item) → manifest_set/envelope → 27 children (4 forward child FKs deferred) → operator_operand_compatibility → registries + manifest_activation → 11 runtime-evidence tables → all deferred constraints → owner/ACL/immutable-trigger → exact-set verify then seal. Runtime-evidence FKs are inline because their anchors/children exist before group 7 (consistent with doc 02's inline REFERENCES). The forward/cycle FKs are correctly the deferred set. Acyclic given the ALTER split. ✅
Advisory P-04 (non-blocking)
T1's RP-03 refinement left extra-constraint handling to Codex's choice with default FAIL: "extra unknown constraint → FAIL for authority-relevant types …, or QUARANTINE/operator-review for benign non-authority index types — Codex to choose; default FAIL (fail-closed)." Codex scoped strict failure to "authority-relevant." For a clean fail-closed contract, ask Codex to state explicitly what happens to an extra benign non-authority index on a control-plane table (e.g., performance lookup index) — fail-closed, or explicit operator-quarantine — and to define which constraint classes count as "authority-relevant" (PK/UNIQUE/FK/CHECK). This removes a definitional gap but does not reopen a determinism loop; hence advisory, not blocking.
Conclusion
RP-03 is resolved: consolidated order published, expected-constraint catalog inside counted #20, both-EXCEPT structural verification, dropped-ALTER fail-closed. One small disposition clarification (P-04) recommended but not blocking.