KB-26DB
Stage 2.6A — Safety Audit
3 min read Revision 1
QT001stage2.6Asafety-audit
09 — Safety Audit (SUPERTRACK I)
All forbidden actions were avoided; all invariants hold.
Anchors (live, post-apply + post-report-upload)
| Anchor | Baseline | Now | Verdict |
|---|---|---|---|
| birth_registry total | 1,210,928 | 1,210,937 | +9 = authorized KB report births only (provenance); DDL/DML birth-neutral |
| qt001-apply-origin births | 0 | 0 | no real apply |
| Tier1 target births | 8 | 8 | unchanged (no backfill) |
| open execute permits | 0 | 0 | no permit opened |
| done ledgers | 0 | 0 | no false-done |
| trigger_guard_alerts (tga) | 129 | 129 | no trigger change / no ALTER TABLE |
| apr_approvals (apr) | 42 | 42 | no authority/vote mutation |
| gateway norm-md5 (fn_birth_registry_auto) | c022f849 | c022f849 | gateway body unchanged |
| Stage 0 dangerous-DOT freeze | PASS 2/2 | PASS 2/2 | danger DOTs still frozen |
Forbidden-actions checklist
- No QT-001 real apply — qt001-apply-origin births 0; writer p_execute default false; must-remain-blocked guard pass.
- No permit opened — open execute permits 0.
- No birth_registry writes except KB/report docs — the only delta is +9 knowledge_documents provenance births from this macro's report uploads.
- No trigger changes — tga 129 unchanged; no CREATE TRIGGER; no ALTER TABLE (all v2.6A constraints inline; PKs/FKs inside CREATE TABLE).
- No gateway function body change — norm-md5 c022f849 unchanged.
- No old DOT unfreeze — Stage 0 freeze PASS 2/2.
- No owner/vote/RP/REALRUN/event/UI mutation — apr 42 unchanged; no Directus/UI/deploy actions.
- No writer execute-path enablement — writer not modified; enforcement contract
enforced_in_writerall false. - No broad permission changes — none made.
- No "mark safe" literal — signoff is registry data with verdict NOT_SAFE; readiness v3 stays BLOCKED.
OOM / scale safety
All new objects are metadata-sized (≤ 13 plan rows, ≤ 74 snapshot rows, ≤ 11 inventory rows). The build function calls the existing snapshot refresh (~5s) once via the ssh psql channel (statement_timeout 0). No heavy birth_registry scan beyond the existing planner. PG16 stable; no OOM risk.
Rollback
Full revert staged at /opt/incomex/docs/mcp-writes/birth-stage2-6a-2026-06-06/99_rollback.sql — drops 18 views, 1 function, 5 tables in dependency order. Does not touch Stage 0/1/2/2.5 objects. Verified during the BEGIN..ROLLBACK rehearsal (apply then ROLLBACK; birth before==after 1,210,928; no error).