KB-19BD
T1 FIX7 Focused Review - 10 Zero/Disguised-Hardcode Scan (SUPERTRACK J)
5 min read Revision 1
QT001FIX7T1zero-hardcodesupertrack-j
10 - Zero-Hardcode / Disguised-Hardcode Scan (SUPERTRACK J)
Adversarial scan of all newly published artifacts against the macro's hardcode checklist. Verdict: DISGUISED_HARDCODE_RISK (not HARDCODE_FAIL - the design is fundamentally data-driven; the risks are unsealed roots and threshold literals, fixable by CP-03/CP-05/CP-06).
Checklist result
| Hardcode pattern | Result | Note |
|---|---|---|
| Fixed collection lists outside sealed manifests | PASS | Sets are sealed manifest rows; Directus authority is sealed PRIVILEGE_SET (doc 06), not handwritten. |
| Hidden CASE policy | PASS | "Policy never embedded as tier/gate/capability-specific CASE"; separation pairs/tiers are ACTIVE manifest rows evaluated generically (docs 02, 09). |
| Tier/verdict/action hardcoded in function logic | PASS | tier_manifest #17, authority_action_manifest #07; verdicts derived from sealed catalog (doc 08); BV05 "no verdict column." |
| Fixed gate count not sealed/hash-bound | PARTIAL-RISK | 14 is sealed via READINESS_MANIFEST_EXACT, but doc 03 should state the denominator is manifest.expected_item_count, not literal 14 (CP-05). |
| Manual inventory as authority | PASS | Authority-scope closure replaces manual inventory; privilege set is manifest-sourced. |
| Source-text/regex as authority | PASS | No regex/source-text authority in the published artifacts (a key FIX5/FIX6 lesson; PLANNER_NOT_CLONE uses source-hash + behavior corpus, not regex). |
| Function/view existence as proof | PASS | Gates require typed facts + fresh immutable evidence, not object existence (doc 03). |
| Arbitrary reviewer/approver/provenance strings | PASS | Reviewer = principal class + verified human identity (IdP assertion); free text diagnostic only (doc 09); BV04. |
| Free-text proof | PASS | Evidence is immutable typed/IdP-bound; "display/email/free text diagnostic only." |
| Runtime mutable denominator | PASS (mechanism) | BV06 sealed owner-only Q_CRITICAL_3; but the Q_CRITICAL_3 count itself must be manifest-sourced (CP-05). |
| Directus-editable authority | PASS (post-cutover) | Post-cutover Directus has no authority DML/DDL/execute; pre-cutover authority remains Directus-editable but readiness stays BLOCKED (acknowledged, that is the purpose of FIX7b). |
| Literal PASS/FAIL shortcuts | PASS | Dashboard verdicts sealed-catalog; "Literal/manual/dashboard-only PASS is SA15 FAIL." |
| MD5 / delimiter hash | PASS | SHA-256 only; delimiter concatenation forbidden (doc 04). |
| bool_and NULL-ignore | PASS | "no bool_and-alone"; NULL=false; NULL=JSON-null in hashes (docs 03, 04). |
| Routed-later without blocking-now | PASS | Bypass vectors all block now; set change gated by quorum; Level-B blocks now (OPERATOR_REQUIRED_UNVERIFIED). |
| Manifest row that is prose, not machine-enforced | RISK | The 27-child DDL is published as contract-level prose; the byte-level machine-enforced DDL is deferred to an unsurfaced artifact (CP-01) - until surfaced, the enforcement is asserted, not reviewable. |
Disguised-hardcode risks requiring correction
- Bootstrap code_catalog root (CP-03): the FK-bound "never CHECK literal" design moves authority to a catalog whose DDL/seal/ownership is unspecified. If the catalog is mutable/unsealed, authority is hardcode-by-another-name. This is the single most important disguised-hardcode root in the package.
- Threshold/denominator literals (CP-05): SCALE_SAFE 600000ms/1073741824 bytes, "exact 3 runs", gate count 14, hash count 7, Q_CRITICAL_3 - each must be a sealed manifest value with an explicit "no numeric policy literal in adapter" rule.
- Hash determinism (CP-06): unspecified bytea encoding is not hardcode per se but is a determinism hole that lets two implementations disagree on the canonical hash - it weakens every hash-seal that the anti-hardcode argument relies on.
- Contract-prose vs machine-enforced DDL (CP-01): until the byte-level DDL is surfaced/hash-bound, the "machine-enforced" claim for the 27 children is not independently verifiable.
Verdict
DISGUISED_HARDCODE_RISK. The intent and the overwhelming majority of mechanisms are genuinely zero-hardcode and represent the matured FIX4/FIX5/FIX6 lessons. But the unsealed code_catalog root, adapter threshold literals, and the contract-vs-byte-level DDL gap are disguised-hardcode risks that must be closed (CP-01, CP-03, CP-05, CP-06) before a zero-hardcode PASS can be asserted at implementation grade. This is NOT HARDCODE_FAIL.