KB-1CB8
Supertrack K — Zero-Hardcode / Disguised-Hardcode Final Scan
4 min read Revision 1
fix7architecturet1-reviewhardcode-scansupertrack-k
11 — Supertrack K: zero-hardcode / disguised-hardcode final scan
Verdict: ZERO_HARDCODE_VERIFIED.
| Hardcode pattern scanned | Found? | Basis |
|---|---|---|
| fixed answer outside sealed manifest | No | all policy in versioned sealed rows; runtime tables hold facts only |
| policy-shaped CHECK | No | runtime CHECKs are structural (num_nonnulls=1, time ordering, NOT NULL); no policy CHECK / no DEFAULT-false |
| boolean policy default | No | evaluated_pass/evaluated_blocked are NOT NULL, owner-guard-derived, no default |
| hidden CASE/list policy | No | enforcement via FK/UNIQUE/exact-set/both-EXCEPT |
| numeric literal threshold as authority | No | CP-05 thresholds sealed; structural_literal_class classifies every adapter literal (unclassified → FAIL) |
| extra authority surface | No | exactly 27; RP corrections reuse #05/#20/#21/catalog-root/dependency_manifest |
| fixed partition policy | No | partition interval/capacity from ACTIVE sealed storage_class_manifest #05 row, never source literals |
| free-text operand authority | No | typed operand columns + operand_column_contract; item_payload descriptive-only |
| unsealed code catalog | No | sealed root; one-active index; RP-04 families inside it; count via expected_family_count |
| Directus-editable authority | No | Directus SELECT-only on listed business objects; no control-plane DML; read-contract sealed (#21) |
| mutable denominator | No | dashboard_export.denominator_set_sha256 must equal the sealed denominator (ACTIVE manifest expected_item_count); compute-your-own → FAIL |
| manual inventory as authority | No | realized truth from pg_constraint/pg_index/pg_class, compared both-EXCEPT to sealed #20 |
| regex / source-text as authority | No | literal scan + analyzer edges are fail-closed DETECTORS; the authority is the sealed catalog/edge set (detector-not-authority — same pattern accepted for CP-05/SA15 and FIX5 callgraph) |
| function/view existence as proof | No | proof is sealed manifest rows + evidence + hash recompute, not object existence |
| arbitrary reviewer/approver/provenance string | No | reviewer/binder = principal_registry + human_identity_registry FKs; no CI string (CP-09) |
| MD5 / delimiter hash | No | CP-06 forbids MD5 and delimiter concatenation; SHA-256 over explicit-key JSONB |
| bool_and NULL-ignore | No | payloads forbid SQL NULL; readiness uses exact-set/count-match both-EXCEPT, not NULL-tolerant aggregates |
| routed-later without blocking-now | No | all six blocking RP fail-closed now; CP-08 retention "becomes blocking before any retention action" is a scale-gated maintenance escalation with values sealed now, not deferred authority |
| image/URL/path hardcode if operational | No | evidence_registry.artifact_uri/artifact_sha256 are evidence data, not operational policy |
Disguised-hardcode specific note
The one item worth naming: the numeric-literal source scan (structural_literal_class/SA15). It is
NOT source-text-as-authority because the decision rule is total classification ("every literal must
map to a sealed class; any unclassified → FAIL"), with the catalog as the sole authority. This is a
completeness gate, not a policy-from-text. Consistent with the project's established accepted
pattern. No disguised hardcode found.
Conclusion
ZERO_HARDCODE_VERIFIED and no disguised-hardcode risk. (The H-binding precision gaps in
Supertrack B are a no-guess/byte-implementability completeness issue, NOT a hardcode issue.)