KB-7DDC
T1-Max Review - Hardcode / Disguised-Hardcode / PG-First-Native-Driven
4 min read Revision 1
fix7architecturemax-reviewhardcodepg-native
09 - SUPERTRACK I/J: Hardcode / Disguised-Hardcode / PG-First-Native-Driven
SUPERTRACK I - hardcode / disguised-hardcode scan (post-XHigh + Max)
| risk pattern | finding |
|---|---|
| hardcoded object lists that should be manifest-driven | NONE-after-fix (MB-01) - the one residual (the "apply/writer" neutralization list) is now a catalog-derived S00-captured set, not a hand list |
| hardcoded counts not derived from approved design | NONE - 27/11/14/7 are design invariants verified by both-EXCEPT seal; 20/46/196 are live-derived facts (Max re-verified: 196 = 183 v_qt001_* + 13 other; tables 20; fns 46 - all exact) |
| fixed thresholds | NONE - thresholds resolve to sealed #05/#06 rows; G-NODISGUISE/G-RETENTION-SEAL |
| "temporary" bypass that can persist | NONE - legacy neutralization is permanent (REVOKE + freeze); no temporary grant left open |
| manual inventory as authority | NONE - S00 inventory is diagnostic-only (XHJ-01); binding authority is #11/#20/#21; MB-01's captured set is a derived catalog query, re-validated at PKG-D, not a maintained list |
| regex/source-text final authority | NONE-after-fix (MC-01/MH-01) - source-text is diagnostic-only by binding rule; final authority PG-native |
| path/url/image/artifact assumptions | NONE - no filesystem/URL authority; DOT-body reads are fail-closed diagnostics |
| hidden policy in comments | NONE |
| directus-owned mutable denominator | NONE - dashboard_export.denominator_set_sha256 sealed; qt001_cp is owner-isolated, never directus-owned |
| greenfield assumption hiding live legacy state | NONE - live legacy state fully inventoried (Max re-verified counts + all-PUBLIC EXECUTE + 0 triggers); green-field applies only to qt001_cp |
| "routed later" without a current block | NONE - apply/2.6B/permit/REAL_RUN/cutover/registry-pivot all BLOCKED now (doc 03/08); MG-01 adds re-audit gates so the governance changes cannot slip in mechanically |
SUPERTRACK J/K - PG-first/native/driven
| requirement | verdict |
|---|---|
| truth in PostgreSQL | PASS - manifests/registries/runtime-evidence are PG tables; guards read catalog/data |
| enforcement PG-native | PASS - owner-isolation, RESTRICT FKs, typed domains, SECURITY DEFINER writers, immutable triggers; MC-01 makes G-DOT-NOOVERWRITE's authority catalog-based |
| behavior manifest/rule-driven | PASS - policy_rule #01 + operator_primitive #02 + sealed thresholds |
| Directus cannot mutate authority after cutover | PASS - PKG-G ownership move + REVOKE; readiness derives from sealed manifests + measured evidence only |
| readiness blocked before cutover | PASS - doc 04 ordering note |
| legacy cannot bypass PG-native control plane | PASS-after-fix - G-NOLEGACY over the complete captured set (MB-01); blocked, not merely unreachable |
| Level-B is the only privileged-deploy route | PASS - G-LEVELB-NOSQL |
| no manual SQL path implicitly allowed | PASS - operator steps are explicit; MG-01 re-audit gates |
Verdict
ZERO_HARDCODE_PASS (incl. disguised) and PG_FIRST_NATIVE_DRIVEN_PASS. The Max fixes strengthen
this track: MB-01 replaces an adjective-described list with a catalog-derived set, MC-01/MH-01 make
source-text strictly diagnostic with PG-native final authority. No hardcode/PG-native FAIL - the
final verdict is not blocked on this track.