11 — Safety / No-Fake Audit

Forbidden actions — none taken

• No delete/truncate/cleanup of historical rows (0 deletes; all 1,210,724 births preserved).
• No global trigger disable (0 triggers dropped/disabled; E is staged-only).
• Executor NOT stopped (only H11a's fix action disabled via config row).
• No source IU edit.
• No fake owner/vote/official RP; no event activation; no REAL_RUN.
• No hiding of historical invalid births (classified, not hidden).
• Log/data noise never treated as managed object (the whole point of supertracks F/G).

Birth before==after

Every DDL step measured: 1,210,724 before == after (B config update; D rehearse+apply; C rehearse+apply; views creation). Rehearsal test inserts occurred only inside BEGIN..ROLLBACK. No net births from Agent work. (Codex's legitimate report-upload births are separate and pre-date this session.)

Reversibility

99_rollback.sql restores H11a row, original fn_birth_registry_auto, original fn_log_issue, and drops all added views. Each applied change is a single CREATE OR REPLACE / UPDATE with an exact inverse.

Other invariants

• trigger_guard_alerts untouched.
• OOM safe: all new views are thin base-table aggregates; no heavy contract-view composition in a single statement (per prior OOM gotcha).
• query_pg remained read-only; all mutation via ssh contabo → docker exec psql.

No-fake live anchors (unchanged)

official RP managed objects honest at 2,926 (not 1.2M); ownership/votes not fabricated; no REAL_RUN/event/emit flipped. The fixes are forward-only behavioral guards, not number-painting.