Rule out fixed infrastructure policy row as child header

2026-04-18 14:17:47 -07:00 · 2026-04-18 14:17:47 -07:00 · 1a0296ddd1
commit 1a0296ddd1
parent 3c09482b71
3 changed files with 32 additions and 3 deletions
--- a/docs/control-loop-atlas/runtime-roots-camera-and-support-families.md
+++ b/docs/control-loop-atlas/runtime-roots-camera-and-support-families.md
@ -2960,6 +2960,12 @@ The low helper strip beneath that shared family is tighter now too: `0x0052ecd0`
  is no longer whether `0x55f2` is a fixed-format child lane; it is which of those two dword
  triplets correspond to the later child-count / primary-child restore state and which only seed
  published anchor or position bands.
+  That split is now explicit too: direct disassembly of `0x00530720/0x0052e8b0` shows the first
+  restored triplet landing in `[this+0x1e2/+0x1e6/+0x1ea]` while the second lands in
+  `[this+0x4b/+0x4f/+0x53]`, with the companion setter forcing bit `0x02`. So the remaining
+  infrastructure question is no longer whether the fixed `0x55f2` row hides the child count or
+  saved primary-child ordinal at all. Those values now have to live outside the fixed row, most
+  likely in the surrounding payload-stream header or compact-prefix regime above `0x0048dcf0`.
  The child loader family is explicit now too: local `.rdata` at `0x005cfd00` proves the
  `Infrastructure` child vtable uses the shared tagged callback strip directly, with
  `+0x40 = 0x00455fc0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`. So the remaining