14 - Final Verdict (SUPERTRACK N)

FINAL: DESIGN_NEEDS_CODEX_CORRECTION_WITH_PROPOSALS

Why not each alternative

• NOT DESIGN_READY_FOR_CODEX_FINAL_APPROVAL: four published artifacts still force an implementer to guess schema columns, FK targets, hash inputs, or thresholds - exactly the macro's guess-rejection triggers. The "Normative full DDL" (doc 02) is contract-level and defers the authoritative byte-level DDL to an unsurfaced artifact; inter-manifest FKs, the bootstrap code_catalog root, and the typed-operand CHECK columns are unspecified; gate/vector thresholds read as adapter literals; the hash bytea encoding is unpinned; the Directus base-table-vs-view read path is ambiguous. Confirming these unseen/under-specified artifacts would be a fake PASS (law: no_fake_PASS, no_hardcode_absolute).
• NOT DESIGN_FAIL_HARDCODE_OR_PG_NATIVE_GAP: no hardcode FAIL. The design is genuinely PG-first/native/driven - sealed hashed manifests, generic interpreters (no CASE), role/ownership/constraint/row-lock/session_user/IdP enforcement, REVOKE from Directus/PUBLIC. The hardcode risks (code_catalog root, threshold literals, hash determinism) are disguised-hardcode RISKS fixable by CP-03/05/06, not embedded policy. Verdict reserved for genuine hardcode/PG-hosted authority, which is absent.
• NOT DESIGN_FAIL_SCALE_OR_FEASIBILITY: valid PG16.13 + pgcrypto; readiness/hash/epoch/dependency are control-plane-bounded and object-count-independent at 100M+ scale; no hot-path full scans, row-by-row apply in the control plane, unbounded recursion, or production-writer-blocking locks; rollback returns safe-blocked. Scale-safe.
• NOT READ_PATH_BLOCKED: all 13 Codex artifacts + prior T1 go/no-go + both checkpoints + governing law read in full; design index consulted via search. Verdict rendered on evidence.

What is accepted (do not re-litigate)

• Decisions for all prior blockers remain sound (accepted in the prior T1 review).
• 4 of 8 corrections VERIFIED at implementation grade: 14 bypass vectors (E), Level-B operator packet (G), T1 self-audit dashboard (H), same-human quorum control (I).
• The 28->27 count correction is genuine and consistent. The hash key-map design (DAG + sensitivity matrix), the 14-gate both-EXCEPT/no-bool_and-alone design, and the fail-closed Level-B/dashboard discipline are strong and represent the matured FIX4/FIX5/FIX6 lessons.

Blocking corrections (7) - see doc 13

CP-01 surface byte-level 27-table DDL (or accept downscope + mandatory re-audit); CP-02 inter-manifest FK targets; CP-03 bootstrap code_catalog DDL+seal+ownership; CP-04 typed-operand columns+CHECK; CP-05 seal gate/vector thresholds (no adapter numeric literal); CP-06 pin hash bytea encoding + array order + numeric form; CP-07 resolve Directus base-table-vs-view read preservation. Advisory: CP-08 registry/evidence placement+retention; CP-09 Level-B identity/reviewer manifest binding.

Boundary that applies now (unchanged)

• No direct implementation yet. Next step is Codex correction of the doc-13 proposals (design owner), then a short T1 re-review.
• HARD BLOCK confirmed: No Stage 2.6B. No permit. No REAL_RUN. No QT001 apply. Readiness stays BLOCKED; scale stays NOT_SAFE-until-evidence; Level-B OPERATOR_REQUIRED_UNVERIFIED.
• Codex must NOT delegate authoring of the authoritative DDL/catalog to T1 without a subsequent Codex re-audit of what T1 authored (FIX..FIX6 divergence prevention).

One line

A genuine, substantial advance - 4/8 corrections fully met, design PG-native and scale-safe - but the 27-DDL byte-level/FK/catalog root, threshold sealing, hash bytea determinism, and Directus read-path ambiguity must be corrected by Codex first; resolve the 7 blocking proposals -> short re-review -> DESIGN_READY_FOR_CODEX_FINAL_APPROVAL.