Supertrack F — RP-05 item_payload Descriptive-Only Review
06 — Supertrack F: RP-05 item_payload descriptive-only review
Verdict: RP05_VERIFIED.
Codex delivered (doc 01): code_catalog_item.item_payload is descriptive-only; operational values
may come only from named typed columns/operands. Notably, Codex did not create a separate
adapter_input_contract table (which T1 had floated) — to avoid an uncounted authority surface —
and instead reused the counted dependency_manifest + analyzer_contract_manifest surfaces. This
is a safe-direction refinement that achieves the same fail-closed enforcement.
Checklist
| Criterion | Result | Basis |
|---|---|---|
item_payload cannot be read by adapters/readiness/gate/vector/capability for operational decisions |
✅ | "operational values may come only from named typed columns/operands"; any operational edge to item_payload blocks readiness |
input contract excludes item_payload |
✅ | expected adapter→column edges are sealed dependency_manifest rows; item_payload is not in the allowed set, so an observed edge to it is "observed-but-not-expected" |
| analyzer / SA15 fails closed if operational read detected | ✅ | analyzer observations must match expected edges in both EXCEPT directions; mismatch (incl. edge to item_payload) blocks readiness |
no hidden policy can live in item_payload |
✅ | descriptive-only + fail-closed detection of any operational read closes the "hidden policy in catalog payload" vector |
| H06 dependency hash captures the rule if needed | ✅ | analyzer_contract_manifest.allowed_input_set_sha256 binds the exact allowed-input set; H06 (dependency-manifest hash) is unchanged and its inputs were already byte-defined |
Equivalence check (reused surfaces vs proposed new table)
T1's refinement = "no adapter reads item_payload operationally (input-contract + SA15)." Codex's
mechanism = sealed dependency_manifest edges + allowed_input_set_sha256 + both-EXCEPT analyzer
match + unclassified-literal FAIL. Functionally equivalent and strictly better on the no-new-surface
axis. ✅
Conclusion
RP-05 fully resolved with no new surface; the latent "policy hidden in item_payload" risk is converted to a fail-closed readiness block. No proposal.