T1-XHigh FIX7 Refactor Blueprint Independent Review - Readme First
00 - T1-XHigh FIX7 Refactor Blueprint Independent Review - Readme First
Date: 2026-06-08
Reviewer: T1-XHigh (independent high-rigor reviewer for Agent Data)
Macro: PROGRAM_REVIEW_XHIGH_FIX7_REFACTOR_BLUEPRINT_INDEPENDENT_AUDIT_AND_DIRECT_REVISION
Mode: READ-ONLY production. Direct-revision of blueprint KB docs allowed. No production mutation.
What this is
An independent XHigh adversarial review + direct-revision pass over the FIX7 Existing-System
Refactor Execution Blueprint (t1-fix7-existing-system-refactor-execution-blueprint-2026-06-08/).
The blueprint's own embedded "XHigh/Max" self-review was treated as evidence only, NOT as final
authority. Live production evidence and document consistency decided each verdict.
Final status
FIX7_REFACTOR_BLUEPRINT_XHIGH_REVIEWED_AND_REVISED_READY_FOR_MAX_REVIEW
Not a blocker: no hardcode/PG-native FAIL, read path open, no invariant changed. Real defects were found and directly fixed in the blueprint docs; this report records what and why.
Live evidence gathered (read-only, DB directus, 2026-06-08)
- Legacy/control functions
proacl = NULLforfn_dot_birth_qt001_apply,sp_dot_birth_qt001_apply,fn_qt001_plan_v5,fn_dot_birth_qt001_plan_v2,fn_birth_registry_auto. In PostgreSQL a NULL ACL means the defaultEXECUTE to PUBLIC- i.e. the legacy apply/writer entrypoints are PUBLIC-executable right now. This concretely substantiates the "legacy blocked, not merely unreachable" requirement and the gateway-overwrite risk; the blueprint's neutralization step is genuinely load-bearing. - Relations matching
qt001%/birth%(nov_prefix) owned bydirectus= 26 (= 20qt001_*tables + 6birth*relations); the 196 legacy views carry thev_qt001_*prefix. Consistent with the blueprint inventory; the "262 control objects" figure (cited from FIX6) is the broader functions+views+triggers count, not these 26 relations.
Findings summary (10 findings; all fixed in-blueprint; 0 blockers)
| id | track | severity | one-line | fixed in |
|---|---|---|---|---|
| XHI-01 | A integrity | P2 | guard count stale (26 stated, 28 actual after embedded review) | doc 06, 12 |
| XHI-02 | A integrity | P1 | G-LEGACY-FROZEN referenced (doc 04 S17, doc 07 PKG-H) but never defined |
doc 06 |
| XHB-01 | C bypass | P1 | no guard that frozen/old DOT or non-owner can overwrite gateway/control-plane | doc 06/04/07/08 |
| XHB-02 | C/F bypass | P1 | S15 rollback restores legacy EXECUTE - read as silent bypass re-open | doc 05/04 |
| XHD-01 | D directus | P2 | PKG-G no-go omitted app-table authority + unverified snapshot | doc 07 |
| XHO-01 | E order | P2 | regclass source_relation binding order implicit; S19 precond wrong (S16->S18) |
doc 04 |
| XHH-01 | I hard-block | P1 | missing hard-block rows: birth-gateway-modification, registry-pivot-repoint | doc 08 |
| XHL-01 | L cross-layer | P2 | no explicit OUT-OF-SCOPE for Đ43 / QT-006 / registry-pivot / raw-birth-as-truth | doc 08 |
| XHJ-01 | J hardcode | P3 | S00 classification could read as manual-inventory-as-authority | doc 04 |
| XHM-01 | B mapping | P2 | #26 mapping could read as replacing the birth gateway | doc 02 |
Document map
| Doc | Track |
|---|---|
| 00 | This readme |
| 01 | A - blueprint source integrity |
| 02 | B - refactor-vs-greenfield |
| 03 | C - legacy neutralization / bypass |
| 04 | D - Directus read-vs-authority cutover |
| 05 | E - dependency-safe construction order |
| 06 | F - rollback |
| 07 | G - test / guard |
| 08 | H - package split |
| 09 | I - hard blocks / do-not-touch |
| 10 | J/K - hardcode / PG-native |
| 11 | L - cross-layer impact |
| 12 | M - direct revisions applied |
| 13 | final verdict |
Boundary
This is XHigh review only. Next step after PASS is Max review. Implementation, Stage 2.6B, permit, REAL_RUN, QT001 apply, manifest activation, owner/ACL cutover all remain BLOCKED. No production object was created, altered, owned, granted, revoked, or executed.