T1 FIX7 RP Proposal Refinement + Cross-Impact — Readme First

KB-6B42

T1 FIX7 RP Proposal Refinement + Cross-Impact — Readme First

6 min read Revision 1

fix7architecturet1-reviewrp-refinementcross-impact

Date: 2026-06-08 Author: T1 (production Agent, Agent Data) Mode: READ-ONLY production. Execution mode AUTHOR_MODE_ONLY. Live mutation: NO. Target state: T1_RP_REFINED_PROPOSALS_READY_FOR_CODEX_DESIGN_CORRECTION

This package refines T1's residual proposals RP-01..RP-08 after Codex's confirmation-only review (T1_RP_PROPOSALS_PARTIAL_REFINE_BEFORE_T1). T1 remains independent reviewer; Codex remains design owner and is the only party that edits the FIX7 design. T1 does NOT edit Codex docs, does NOT implement, does NOT proceed to Stage 2.6B.

Boundary held

No production DB / role / grant / trigger / function / scheduler / UI / REAL_RUN / permit / ledger / QT001-apply mutated. No DB object created. No SQL applied. No manifest activated. No ownership/ACL change. No permit opened. Stage 2.6B not advanced. No Codex doc edited. T1 wrote only this KB refinement package. Read path OPEN — corrected package docs 02..11, T1 prior proposal package (13) + verdict (14) + checkpoint, Codex correction checkpoint, the governing law, and design-index structure (14 gates / 7 hashes confirmed via KB search) all in scope/context.

Reference structures used for cross-impact (confirmed)

14 readiness gates (ACTIVE READINESS_GATE exact set): OBJECT_AUTHORITY_IMMUTABLE, READINESS_MANIFEST_EXACT, SIGNOFF_AUTHENTIC, CAPABILITY_BEHAVIORAL, DEPENDENCY_TRUTH, NO_BYPASS_ALL_BLOCKED, CANONICAL_HASH_SHA256, PLANNER_NOT_CLONE, SCALE_SAFE, GATEWAY_PASS, FREEZE_PASS, PERMIT_POLICY_PASS, TIER_POLICY_PASS, WRITER_FAIL_CLOSED.
7 hash contracts: H01 plan_content, H02 control_state, H03 readiness_manifest, H04 signoff_binding, H05 capability_evidence, H06 dependency_manifest, H07 activation.
27 child contracts + catalog root + support registries (evidence_registry, principal_registry, human_identity_registry, analyzer_run, manifest_activation, operator_operand_compatibility) = the counted/sealed authority surfaces. Bypass vectors are the ACTIVE BYPASS_VECTOR exact set, consumed by the NO_BYPASS_ALL_BLOCKED gate.

Every refinement reuses an ALREADY-COUNTED/SEALED surface or an explicitly NON-authority runtime-evidence category. No refinement introduces a new uncounted authority surface, a mutable runtime denominator, Directus-editable authority, or regex/source-text-as-final-authority.

Outcome (one line)

T1_RP_REFINED_PROPOSALS_READY_FOR_CODEX_DESIGN_CORRECTION. All 8 RP are refined into implementable, cross-impact-mapped specs. 6 blocking (RP-01, RP-02, RP-03, RP-04, RP-05, RP-07), 2 advisory (RP-06, RP-08). ZERO_HARDCODE_REFINED_PROPOSALS_PASS, PG_NATIVE_DRIVEN_REFINED_PROPOSALS_PASS, NO_GUESS_REFINED_PROPOSALS_PASS. Codex should now edit the design; T1 implementation and Stage 2.6B remain blocked.

RP-01: enumerated 12 runtime instance/result/evidence tables; they are a NEW NON-authority runtime-evidence CATEGORY (owner-only, append-only, hash-bound, exact-set enumerated) — NOT child 28+, NOT an authority surface; count stays exactly 27. Fixes H04/H05/H02 byte-implementability. H06 already satisfied.
RP-02: host retention interval/capacity as fields on storage_class_manifest (child 05) keyed by storage class; RP-01 tables bind a storage_class FK. No 28th surface. Alt path (explicit counted retention contract → count 28) documented.
RP-03: expected-constraint catalog = expected_constraint_set_sha256 field on authority_scope_manifest (child 20); realized vs sealed compared both-EXCEPT from pg_constraint/pg_index; a dropped deferred-ALTER FK then fails OBJECT_AUTHORITY_IMMUTABLE closed. No new surface.
RP-04: make reference_contract (exists), operand_column_contract, and structural_literal_class all code_catalog FAMILIES (root surface); seal verifies exact-set coverage.
RP-05: BLOCKING rule — no adapter reads code_catalog_item.item_payload operationally; enforce via manifest-bound adapter input-column contract + SA15/analyzer static scan over hash-bound source → readiness FAIL.
RP-06: ADVISORY — slot-scoped UNIQUE on the RP-01 signoff_binding table + manifest-driven separation (join PRINCIPAL_SEPARATION must_differ), NOT a blanket human-per-activation UNIQUE.
RP-07: BLOCKING — code_catalog_item.retired_reason_evidence_id → evidence_registry.evidence_id deferred ALTER; NULL for active, non-NULL must exist.
RP-08: ADVISORY — completeness is a SEALED Directus read-contract (expected read surface + sealed freshness max-age field), compared both-EXCEPT to observed; NOT a hardcoded observation window.

Document map

01 Codex confirmation matrix · 02 RP-01 runtime instance/evidence · 03 RP-02 retention authority · 04 RP-03 constraint catalog · 05 RP-04 catalog-family coverage · 06 RP-05 item_payload blocking · 07 RP-06 same-human scope · 08 RP-07 retirement-evidence FK · 09 RP-08 Directus observation · 10 cross-impact map · 11 hardcode/PG-native-driven check · 12 Codex handoff · 13 final verdict.

Hard block (unchanged)

No Stage 2.6B, no permit, no REAL_RUN, no QT001 apply. Readiness BLOCKED. Codex edits design → republish → T1 re-review → final approval. No implementation before that.