04 - 7 Hash Payload Key-Map Review (SUPERTRACK D)

Source: artifact 04 (full read, content_length 2499). Verdict: HASH_KEYMAPS_NEED_CORRECTION (one blocking determinism gap CP-06).

Count + per-hash check - PASS

Exactly 7: H01 plan_content, H02 control_state, H03 readiness, H04 signoff, H05 capability, H06 dependency, H07 activation. Each has: explicit domain tag (incomex.qt001.<name>.v1), an explicit ordered key list, named input source, stated array ordering, and a sensitivity-test obligation.

Verified strong

• Single canonical method: digest(convert_to(jsonb_build_object('domain',domain,'schema_version',1,'payload',exact_object)::text,'UTF8'),'sha256') - SHA-256 via pgcrypto, no MD5.
• Explicit keys required; "implicit row JSON forbidden" (no to_jsonb(row) column-order dependence); "unordered aggregation forbidden" (arrays require ORDER BY); "delimiter concatenation forbidden"; "floats forbidden" (avoids numeric canonicalization ambiguity).
• NULL discipline: "SQL NULL/unknown forbidden ... optional=JSON null" - NULLs explicitly represented, not omitted (closes the hashing analogue of bool_and NULL-ignore).
• Layered hash DAG is coherent and non-circular: H03/H06 feed H01; H01 feeds H02; H04/H05/H06-evidence feed H02; H07 is activation-scoped. "signoff changes H02/H04 not H01" / "epoch+ACL changes H02" / "drift changes H06/H02" / "gate change H03/H01/H02" / "activation input changes H07" - a complete sensitivity matrix.
• H01 excludes signoffs/lifecycle-times (correct: plan content must be stable under signoff/time churn).
• Domain tag + schema_version inside the hashed object - prevents cross-domain collision and versions the canonical form.

This is the strongest artifact in the package and a full satisfaction of prior correction #3 at the key-map level.

Blocking gap

D-1 bytea->text encoding for embedded SHA-256 values unspecified (CP-06)

Every payload embeds other SHA-256 values - bytea(32) - e.g. H01 keys readiness_manifest_hash and dependency_manifest_hash; H02 plan_content_hash, owner_acl_fingerprint, the binding/evidence hash arrays; H07 every *_sha256. But jsonb has no bytea type: a bytea placed into jsonb_build_object must first be cast/encoded to text, and PostgreSQL offers multiple encodings (encode(x,'hex'), encode(x,'base64'), or the bytea::text "\x..." form). The artifact does not specify which. Two correct implementers using hex vs base64 vs \x produce different canonical strings and therefore different SHA-256 - non-deterministic hash. Codex must mandate a single encoding (recommend encode(value,'hex'), lowercase, for all bytea embedded in any hash payload) and state it once in the universal rule.

Minor determinism notes (fold into CP-06, low severity)

• Pin numeric representation: only bigint/int counts appear (floats already forbidden) - state that all numeric payload values are integers serialized by jsonb's canonical integer form, no numeric/decimal.
• Make ORDER BY mandatory and total per array (a stable, unique sort key per element - e.g. ordinal then item_id) so jsonb_agg is deterministic even on ties. The doc lists order keys (ordinal, item_id/object_identity, type/version, etc.) - confirm each is a total order.
• Note cross-PG-major-version stability assumption for jsonb ::text (documented stable historically); record it as an explicit assumption so a future PG upgrade triggers re-validation rather than silent hash drift.

Scale check - PASS

Hash inputs are control-plane state (manifests, evidence rows, epoch), bounded by gate/manifest/edge counts, not by object count. Building+casting a bounded jsonb and digesting it is O(control-plane payload), object-count-independent. No unbounded runtime object data hashed. Consistent with SUPERTRACK L.

Verdict

HASH_KEYMAPS_NEED_CORRECTION. Domains, ordered keys, sources, NULL handling, no-MD5, no-delimiter, sensitivity matrix, and the hash DAG are all correct. The single blocking correction is to pin bytea->text encoding (and confirm total array orders + integer-only numerics) so the canonical hash is deterministic across any conforming implementation (CP-06).