T1-Max FIX7 Refactor Blueprint Final Independent Review - Readme First
00 - T1-Max FIX7 Refactor Blueprint Final Independent Review - Readme First
Date: 2026-06-08
Reviewer: T1-Max (final internal adversarial reviewer for Agent Data)
Macro: PROGRAM_REVIEW_MAX_FIX7_REFACTOR_BLUEPRINT_FINAL_ADVERSARIAL_AUDIT_AND_DIRECT_REVISION
Mode: READ-ONLY production. Direct-revision of blueprint KB docs allowed. No production mutation.
What this is
The final internal adversarial review + direct-revision pass over the FIX7 Existing-System
Refactor Execution Blueprint (t1-fix7-existing-system-refactor-execution-blueprint-2026-06-08/),
after the independent XHigh pass. The blueprint's embedded XHigh/Max self-review AND the separate
independent XHigh pass were treated as evidence only, NOT as final authority. Live production
evidence, the governing law, and document consistency decided each verdict. Worst-case-implementer
lens: every ambiguous sentence is assumed to be misread; every unlisted legacy object is assumed to
become a bypass; every "routed later" item is assumed unsafe unless blocked now.
Final status
FIX7_REFACTOR_BLUEPRINT_MAX_REVIEWED_AND_REVISED_READY_FOR_CODEX_CRITICAL_REVIEW
Not a blocker: no hardcode/PG-native FAIL, read path open, no invariant changed. 7 real defects were found and directly fixed in the blueprint docs; this report records what and why.
Live evidence gathered (read-only, DB directus, 2026-06-08)
- All 46 legacy
qt001_*functions +sp_dot_birth_qt001_applyhaveproacl=NULL= PUBLIC EXECUTE, and none is SECURITY DEFINER. The XHigh 4-function sample generalizes to the entire legacy function set: every one is directly callable by any role today. This is the load-bearing fact behind MB-01. - 0 triggers on
qt001tables; 0 triggers invoke aqt001function. There is no hidden trigger-based bypass vector in the legacy QT001 layer. - Counts confirmed exact: 20 tables, 46 functions, 196 directus-owned views (the 196 =
183
v_qt001_*+ 13 otherqt001-named views). The blueprint's "196 views" is correct (an initial narrow-prefix count of 183 was a query artifact; re-verified by relkind+owner). - Birth-gateway family is 10
fn_birth_*functions (doc 01 listed 5), including one SECURITY DEFINER (fn_birth_onboarding_full_scan) and one owned byworkflow_admin(fn_birth_gate); all are DO_NOT_TOUCH, none is a FIX7 control object.
Findings summary (7 findings; all fixed in-blueprint; 0 blockers)
| id | track | severity | one-line | fixed in |
|---|---|---|---|---|
| MA-01 | A integrity | P2 | post-XHigh top-line status still ..._READY_FOR_CODEX_CRITICAL_REVIEW (skipped the Max gate) |
doc 00, 12, checkpoint |
| MB-01 | B completeness | P1 | legacy neutralization scoped to a sampled "apply/writer" subset, not the complete set (all 46 fns PUBLIC-executable live) | doc 01, 02, 04, 05, 06, 07 |
| MB-02 | B completeness | P3 | birth-family inventory listed 5 of 10 live fn_birth_*; no trigger-vector evidence |
doc 01 |
| MC-01 | C feasibility | P1 | G-DOT-NOOVERWRITE led with "DOT bodies" (source-text) - risked source-text as final authority | doc 06, 08 |
| MD-01 | D rollback | (folded) | rollback bypass/gateway-overwrite re-open + atomicity made explicit | doc 04, 05 |
| ME-01 | E cutover | P2 | owner/ACL rollback snapshot not enumerated (concreteness gap before REVOKE) | doc 05, 07 |
| MG-01 | G packages | P2 | no fresh Codex re-audit before the two governance-change packages PKG-F/PKG-G | doc 07 |
| MH-01 | H guards | P2 | guard-quality rules missing (vacuous-pass, NULL-strict, source-text-as-authority) | doc 06 |
(MD-01 is recorded under SUPERTRACK D as a clarification folded into the MB-01/ME-01 fixes, not a separate numbered defect; counted within the 7 above are MA-01, MB-01, MB-02, MC-01, ME-01, MG-01, MH-01.)
Document map
| Doc | Track |
|---|---|
| 00 | This readme |
| 01 | A - source & checkpoint integrity |
| 02 | B - legacy-entrypoint completeness |
| 03 | C - G-DOT-NOOVERWRITE feasibility & authority |
| 04 | D - rollback reopens-bypass review |
| 05 | E - owner/ACL cutover snapshot & rehearsal |
| 06 | F - construction-order implementability |
| 07 | G - package split |
| 08 | H - test / guard |
| 09 | I/J - hardcode / disguised-hardcode / PG-native |
| 10 | K - cross-layer |
| 11 | L - direct revisions applied |
| 12 | final verdict |
Boundary
This is Max review only. Next step after PASS is Codex independent critical review. Implementation, Stage 2.6B, permit, REAL_RUN, QT001 apply, manifest activation, and owner/ACL cutover all remain BLOCKED. No production object was created, altered, owned, granted, revoked, or executed; the only writes were blueprint-doc revisions, this Max report, and the two checkpoints.