KB-73FD
XHigh Review - Hardcode / Disguised-Hardcode / PG-First-Native-Driven
4 min read Revision 1
fix7architecturexhigh-reviewhardcodepg-native
10 - SUPERTRACK J/K: Hardcode / Disguised-Hardcode / PG-First-Native-Driven Review
SUPERTRACK J - hardcode scan of the blueprint
| risk pattern | finding |
|---|---|
| fixed answers outside sealed manifest | NONE - all thresholds resolve to sealed manifest rows (#05/#06/#09/#10/#23) |
| policy-shaped CHECK | NONE - retention/archive policy is data-driven in #05 (RP-03 forbids CHECK literal); G-RETENTION-SEAL |
| boolean policy defaults | NONE - design forbids DEFAULT-false policy; CP-01 byte DDL has no policy default |
| numeric literals as authority | NONE - the only numerics in the blueprint are design invariants (27/11/14/7) and the birth anchor 1,210,928 used as a G-BIRTH-NEUTRAL baseline, not an authority value |
| unsealed threshold | NONE - thresholds sealed via #06 / storage_class #05 |
| fixed partition policy | NONE - partition bounds/cadence from sealed #05 row, not literals (doc 02 §C) |
| manual inventory as authority | XHJ-01 found + fixed - S00 classification clarified as diagnostic-only; authority is sealed #11/#20/#21 |
| regex/source-text as final authority | NONE - G-NOLEGACY is structural #11 closure + ACL, not regex (FIX5 lesson) |
| function/view existence as proof | NONE - guards test behavior/sets/recomputed hashes, not existence |
| arbitrary reviewer/approver/provenance string | NONE - identities are FK to principal_registry/human_identity_registry; evidence is FK to evidence_registry |
| MD5/delimiter hash | NONE - CP-06 SHA-256 hex/COLLATE C/UTC/total-order; G-HASHDET |
| mutable denominator | NONE - dashboard_export.denominator_set_sha256 sealed |
| "routed later" without blocking now | NONE - every routed item (apply/2.6B/permit/REAL_RUN/cutover/registry-pivot) is BLOCKED now (doc 03/08) |
| greenfield assumption hiding live legacy state | NONE - live legacy state fully inventoried; the green-field finding is about qt001_cp only, with legacy explicitly dispositioned |
XHJ-01 (P3) - manual-inventory-as-authority appearance
- S00 "classify all UNKNOWN_REQUIRES_REVIEW" plus the doc 01 inventory could be read as the
authority for "no legacy bypass." The binding authority must be the sealed
dependency_manifest#11 closure (+#20/#21), with the inventory as a diagnostic aid (this is precisely the FIX4->FIX5 lesson: a hand-maintained list is not authority; the structural closure is). - Fix: doc 04 S00 now states classification is "diagnostic/planning only; the binding non-legacy authority is the sealed #11 closure + #20/#21, never this inventory."
SUPERTRACK K - PG-first/native/driven
| requirement | verdict |
|---|---|
| truth in PostgreSQL | PASS - manifests/registries/runtime-evidence are PG tables; guards read PG catalog/data |
| enforcement via PG roles/ownership/FK/CHECK/constraints/functions/views | PASS - owner isolation, RESTRICT FKs, typed domains, SECURITY DEFINER writers, immutable triggers |
| behavior manifest/rule-driven | PASS - policy_rule #01 + operator_primitive #02 + sealed thresholds; no embedded policy |
| functions do not embed policy | PASS - writers consume sealed rows; G-NOHARDCODE/G-NODISGUISE |
| readiness exact-set sealed | PASS - 14 gates sealed in #09; G-GATES-14 |
| writer/apply path forced through control-plane | PASS - #26/#27 repoint + G-NOLEGACY (incl. executability) + G-DOT-NOOVERWRITE |
| Directus cannot mutate authority after cutover | PASS - PKG-G ownership/REVOKE |
| readiness blocked before cutover | PASS - doc 04 ordering note |
| no UI/app/manual state affects eligibility | PASS - eligibility derives from sealed manifests + measured runtime-evidence only |
Verdict
ZERO_HARDCODE_PASS (incl. disguised) and PG_FIRST_NATIVE_DRIVEN_PASS. One clarity fix (XHJ-01)
to ensure the inventory is never mistaken for authority. No hardcode/PG-native FAIL - the final
verdict is NOT blocked on this track.