Incomex AI Portal
KB-16BA

RP-05 item_payload Descriptive-Only → Blocking — Refinement

4 min read Revision 1
fix7architecturet1-reviewrp05item-payload

06 - SUPERTRACK F — RP-05 item_payload Descriptive-Only (UPGRADED → REFINED_BLOCKING)

Why blocking

code_catalog_item.item_payload jsonb NOT NULL is sealed, but if any readiness/gate/vector/capability/tier adapter READS it to make an operational decision, the jsonb becomes a hidden-policy channel: operational meaning encoded in jsonb and consumed by an adapter is disguised hardcode that the typed-column discipline was meant to eliminate. Sealing prevents mutation but does NOT prevent operational interpretation. Hence blocking.

Exact rule

No adapter, readiness gate, bypass vector, capability evaluator, tier evaluator, or generic rule engine may read code_catalog_item.item_payload for any operational/eligibility decision. item_payload is descriptive metadata only. All operational typed values come from named child columns and the typed-operand columns.

Enforcement (two independent layers, both fail-closed)

  1. Manifest-bound adapter input-column contract: define a sealed adapter_input_contract (recommended as a code_catalog family or a component of operator_primitive_manifest / analyzer_contract_manifest) listing, per adapter, the EXACT columns it is permitted to read. item_payload is excluded. Readiness FAILS if an adapter's declared/observed input set includes item_payload.
  2. SA15 / dependency-analyzer static scan over HASH-BOUND adapter source (operator_primitive_manifest.source_sha256, readiness/bypass fact_adapter sources): any reference to code_catalog_item.item_payload in an operational path → readiness FAIL. Because the source is hash-bound, the scan is over sealed text and is used to BLOCK (fail-closed), not to grant.

Cross-impact (required fields)

  • Affected docs: 04 (CP-03 catalog — declare item_payload descriptive-only + the input-contract), 06 (CP-05 SA15 scan), and the readiness/dependency analyzer spec.
  • Affected contracts/tables/manifests: code_catalog_item; operator_primitive_manifest / analyzer_contract_manifest (host the adapter_input_contract); analyzer_run (executes the scan).
  • Affected hashes: H06 dependency_manifest — if the dependency analyzer records adapter→catalog-column read edges, an adapter→item_payload edge would appear in dependency_manifest.edges and be caught; the adapter_input_contract is hashed into the relevant manifest item → control hashes.
  • Affected readiness gates: DEPENDENCY_TRUTH (analyzer detects the read edge), CANONICAL_HASH_SHA256 / READINESS_MANIFEST_EXACT indirectly; the SA15 numeric/column scan feeds the no-hardcode block.
  • Affected bypass vectors: "hidden policy in catalog payload" is exactly a disguised-hardcode bypass vector; this rule + scan blocks it. Recommend it be an explicit named bypass vector in the ACTIVE BYPASS_VECTOR set.
  • Affected rollback path: none new (rule is a guard).
  • Affected Directus/read path: none.
  • Affected PG-native enforcement: sealed input-contract (data) + analyzer over hash-bound source; pass/fail derived by generic guard.
  • Affected no-hardcode proof: converts supertrack-J latent risk C into an enforced fail-closed check; strengthens "catalog cannot become another hardcode registry."
  • Verification after Codex edits: an adapter authored to read item_payload operationally → readiness FAIL (both via input-contract mismatch and SA15 scan); a benign descriptive read in non-operational tooling is out of the adapter set and does not gate.

Refined verdict: REFINED_BLOCKING.

Back to Knowledge Hub knowledge/dev/reports/architecture/t1-fix7-rp-proposal-refinement-cross-impact-2026-06-07/06-rp05-item-payload-blocking-refinement.md