KB-4E7D
XHigh Review - Test / Guard Blueprint
3 min read Revision 1
fix7architecturexhigh-reviewtest-guard
07 - SUPERTRACK G: Test / Guard Blueprint Review
Reviewed all guards for coverage of the macro's required families, with two specific additions the macro demanded: "legacy entrypoint blocked, not merely unreachable" and "old DOT/gateway overwrite impossible."
Required-family coverage
| required family | guard | verdict |
|---|---|---|
| no hardcode | G-NOHARDCODE | covered |
| no disguised hardcode | G-NODISGUISE | covered |
| PG-first/native/driven | G-PGNATIVE | covered |
| 27 authority surfaces | G-AUTH-27 | covered |
| 11 runtime-evidence non-authority | G-RUNTIME-NONAUTH | covered |
| 14 readiness gates | G-GATES-14 | covered |
| 7 hash contracts | G-HASH-7 | covered |
| H04/H02/H05 hash determinism | G-HASHDET, G-H04-SCOPE | covered |
| constraint exact-set both-EXCEPT | G-EXACTSET-20 | covered |
| Directus read preflight | G-DIRECTUS-READ | covered |
| owner/ACL cutover guard | G-OWNER-CUTOVER, G-DIRECTUS-APP-INTACT | covered |
| item_payload no operational read | G-ITEMPAYLOAD | covered |
| catalog-family exact-set | G-CATFAMILY | covered |
| same-human slot-scope | G-SAMEHUMAN | covered |
| evidence FK integrity | G-EVIDENCE-FK | covered |
| retention authority seal | G-RETENTION-SEAL | covered |
| control_epoch TOCTOU | G-EPOCH-TOCTOU | covered |
| Level-B no manual SQL | G-LEVELB-NOSQL | covered |
| rollback safe-blocked state | G-ROLLBACK-SAFE | covered |
| legacy entrypoint blocked, not merely unreachable | G-NOLEGACY (executability clause) | covered after XH-2 |
| old DOT/gateway overwrite impossible | G-DOT-NOOVERWRITE | covered after XHB-01 |
| operand typing | G-OPERAND-TYPED | covered |
| legacy freeze | G-LEGACY-FROZEN | covered after XHI-02 |
Findings (fixed)
- XHI-02 (P1):
G-LEGACY-FROZENwas referenced but undefined -> defined in doc 06. - XHB-01 (P1): "old DOT/gateway overwrite impossible" had no guard -> added G-DOT-NOOVERWRITE.
- XHI-01 (P2): guard count corrected; doc 06 now states Total guards: 30.
Guard-quality spot checks (independent)
- G-NOLEGACY: PG-native (#11 structural closure +
pg_proc/ACL), not a name list - good (this is the FIX5 lesson). XHigh added the executability clause; liveproacl=NULLevidence shows the ACL half is necessary. - G-HASHDET: requires byte-identical digests across two independent recomputes under CP-06 encoding
- directly defends the FIX..FIX6 divergence loop. Adequate.
- Negative-test rule: "no negative test may be a literal PASS row" is preserved (doc 06 §) - defends the historical false-green pattern.
- No guard relies on function/view existence, regex, or manual inventory as final authority; S00 inventory is now explicitly diagnostic (XHJ-01), with authority in sealed #11/#20/#21.
Verdict
TEST_GUARD_PASS_AFTER_FIX - 30 PG-native guards; every macro-required family covered, including
the two the High draft under-covered; package split references the new guards (PKG-E/PKG-I/PKG-H).