07 — Carry-Forward

Items deferred by this audit, packaged for later macros and process work.

1. TD-411 — dot_origin_whitelist table (canonical fix)

What. fn_validate_dot_origin has a hardcoded _whitelist array (DIRECTUS, LEGACY, MIGRATION) and a TODO comment: "TODO TD-411: move to dot_origin_whitelist table for meta-driven whitelist." Land this.

Why. The current hardcoded whitelist forces every non-DOT-tool origin (macros, ad-hoc scripts, future categories) to be tagged SUSPECT:. A dot_origin_whitelist table makes provenance categories declarative and extensible without function edits.

Sketch:

• New table dot_origin_whitelist (origin_pattern text PRIMARY KEY, kind text NOT NULL, rationale text, active boolean NOT NULL DEFAULT true, created_at timestamptz).
• Refactor fn_validate_dot_origin to: IF EXISTS (SELECT 1 FROM dot_origin_whitelist WHERE active AND NEW._dot_origin LIKE origin_pattern) THEN RETURN NEW;
• Seed DIRECTUS, LEGACY, MIGRATION, plus macro-label patterns (D__-Macro-_, D__-NVSZ-%, etc.).
• One DOT to manage the whitelist.

Independent of NVSZ. Schedule as a cross-cutting governance improvement, not a NVSZ blocker.

2. Macro-label family in dot_tools (Option B from report 06)

What. Add a macro-label category in dot_tools and register existing macro labels (D36-Macro-A, future D36-Macro-B, D37-Macro-A, …).

Why. Macros are a legitimate origin type — they coordinate multiple DOT tools and emit catalog INSERTs through the standard trigger chain. Today they have no place in dot_tools. Adding them clears the SUSPECT prefix at the source.

Combine with TD-411 (Option C) for the cleanest result; alone (Option B) it still requires a function-aware INSERT that respects the pipe format dot_code | suffix.

3. Birth Execution Plan pre-apply CI gate (Option D from report 06)

What. Encode [[feedback-birth-execution-plan-hard-gate-precedes-apply]] as a check in macro tooling: substrate apply is gated on the presence of <macro-folder>/01-birth-execution-plan.md with all 9 required sections and authored before substrate timestamp.

Why. Make the order rule mechanically enforced so no future macro repeats the NVSZ ordering issue.

Sections required (recap from the feedback memory):

1. Live evidence (pre-apply state)
2. Target species
3. Target codes (COL-NNN, SPE-, …)
4. Registry plan (entity_species + collection_registry + species_collection_map rows)
5. Birth behavior (which triggers will fire, expected birth_registry rows)
6. DOT plan (which DOT command names)
7. D9 delta (function/trigger/table count)
8. Rollback plan
9. Policy decision (governed/observed/excluded; vector_eligible; retention)

4. Macro B — Macro A's deferred items (recap from NVSZ Macro A carry-forward)

These are NOT this audit's responsibility but should remain on the next macro's backlog:

• Auto-birth-triggers / cleanup / unregister fns / DOTs.
• emit_event / event_outbox wiring for NVSZ proof flow.
• SSOT bumps (D9 surface).
• V6 Qdrant probe.
• Birth-gate regex widening.
• 8 live-vocab conflicts identified by Macro A (gate.mode, event_stream/lane vocabs, colreg 5 CHECK vocabs, "group" FK GRP-*, DOT category vocab).
• Birth Execution Plan before substrate (Option D above enforces it).

5. Inspection → certification stamps for COL-IUS-001/002 + SPE-NVS

What. All three birth_registry rows are status='born', certified=false, inspect_pen=null, inspect_stamp=null. Run dot-inspect-pen (per QT-001 step 5 / QT-002 step 5) to set pen → stamp → gate → flip certified=true via trg_birth_auto_certify.

Why. This is the normal next step in the birth lifecycle. Doing it doesn't depend on the SUSPECT prefix question. It just completes the lifecycle.

Scope. Not a fix, not a reconcile — just the routine inspection step that any new governed catalog row goes through.

6. Cross-reference

This audit links to:

• [[feedback-birth-execution-plan-hard-gate-precedes-apply]] — process rule that NVSZ Macro A violated.
• [[project-d36-nvsz-macro-a-substrate-birth-dot-healthcheck-partial-with-exact-gap-2026-05-25]] — the parent macro report.
• [[project-d36-no-vector-staging-zone-review-answers-freeze-2026-05-25]] — Q5 carry-forward (vector policy sidecar) which Macro A honored.

7. Audit-only items (no production work)

• ✅ This 8-report set uploaded to KB.
• ⏭ Optional: link the audit folder from MEMORY.md once the user confirms verdict accepted.
• ⏭ Optional: GPT review of the verdict prior to any Option A/B/C/D execution.