KB-5BC8
Stage 1 Report 10 — Safety Audit
3 min read Revision 1
birth-gatewaystage1reportsafety-audit2026-06-06
Stage 1 — 10 Safety Audit (Supertrack J)
Forbidden actions — NONE taken
| Forbidden | Status |
|---|---|
| dot-birth-trigger-setup / dot-birth-backfill execution | NOT executed; both active paths remain inert wrappers (md5 753dd26f, exit 3) |
| old gateway restored / CREATE OR REPLACE fn_birth_registry_auto from DOT | NOT done; live gateway byte-identical (norm-md5 c022f849) |
| trigger drop/apply / global trigger disable | NONE; tga 129→129; 0 CREATE/ALTER/DROP TRIGGER (event-guard tags never hit) |
| historical row delete / source IU edit | NONE |
| owner / vote / official RP / REAL_RUN / event activation / UI deploy / broad permission revoke | NONE |
| QT-001 bulk backfill | NONE; backfill_ledger empty |
Allowed actions taken (additive, reversible)
3 functions (fn_birth_policy_decision, fn_birth_resolve_identity, fn_birth_register — CREATE OR REPLACE, NEW; rollback = DROP), 3 tables (birth_gateway_release_registry + 5 seed rows, birth_admission_permit, birth_backfill_ledger), 19 views. Rollback staged: /opt/incomex/docs/mcp-writes/birth-stage1-2026-06-06/99_rollback_stage1.sql.
Birth-neutral
- DDL apply transaction: birth_count_at_apply_start == birth_count_at_apply_end == 1,210,851 (one transaction).
- Post-apply immediate: 1,210,851 (zero realtime drift in window).
- BEGIN..ROLLBACK register rehearsal: +1 then ROLLBACK → back to 1,210,851; 0 leaked.
- Subsequent deltas attributable ONLY to (a) the realtime birth worker and (b) KB report/checkpoint uploads (each new
knowledge_documentsdoc births 1 provenance row —knowledge_documentsis a BIRTH_REQUIRED collection). No Stage 1 DDL mutated birth_registry.
Invariants
| Invariant | Value |
|---|---|
| tga (trigger_guard_alerts) | 129 unchanged |
| apr (apr_approvals) | 42 unchanged |
| gateway norm-md5 | c022f849c2c7d57a720c4cc172789d70 unchanged |
| contract integrity all_ok | true |
| Stage 0 still enforced | 5/5 |
| OOM | PostgreSQL 16.13, container up 7 weeks (healthy), 50-day uptime, 0 restarts; apply did only metadata DDL (no heavy scan) |
Rollback posture
Every Stage 1 change is additive and DROP-able. The Stage 0 freeze remains in place (Stage 1 did not unfreeze anything). If Stage 1 must be reverted, run 99_rollback_stage1.sql — it drops views→tables→functions and reverts to the Stage 0 state with zero data loss.