00 — Readme First — BIRTH_STAGE2_QT001_APPLY_DOT_HARDEN_PERMIT_LEDGER

Date: 2026-06-06 · Status: PASS · Mode: EXECUTION (principal-delegate) · Live mutation: YES — additive + reversible + birth-neutral. No real QT-001 backfill. No permits opened. No trigger/gateway-body change. p_execute defaults FALSE everywhere.

Purpose

Codex independent review returned NOT_SAFE_NEEDS_FIX. This macro makes the QT-001 apply runtime real, fail-closed, resumable, auditable, and impossible to false-pass / false-done — then prepares a fresh independent re-audit. It does NOT apply births.

What moved

From QT001_IDENTITY_CLASSIFIED + 137_VALID_DELTA_BUT_NOT_SAFE_TO_APPLY to QT001_APPLY_RUNTIME_HARDENED + PERMIT_LEDGER_CONTRACT_SAFE + FALSE_DONE_IMPOSSIBLE + READY_FOR_INDEPENDENT_REAUDIT.

Live objects added (all additive/reversible)

• Tables: birth_admission_permit_v2 (expiry/max_rows/expected_delta/mode/one-use ENFORCED), birth_backfill_ledger_v2 (run/batch scope + actual_* counts + status CHECK + FK + structural false-done CHECK), qt001_apply_rehearsal_audit, qt001_plan_snapshot.
• Functions: fn_dot_birth_qt001_plan_v2(text) (metadata-driven single-collection plan), fn_qt001_plan_all() (whole-scope plan, no hardcoded list), fn_dot_birth_qt001_apply(...) (REAL fail-closed bounded writer, p_execute default false), fn_qt001_run_rehearsal(text,boolean) (self-rolling-back rehearsal), fn_qt001_refresh_plan_snapshot().
• Procedure: sp_dot_birth_qt001_apply(...) (production per-batch COMMIT driver, gated, p_execute default false).
• Views: 19 v_qt001_* + 3 v_birth_register_collision_* + 2 REPAIRED (v_birth_stage2_qt001_readiness_dashboard stale-gate, v_birth_qt001_apply_dot_readiness false-pass).

Key result — the hardened metadata-driven planner surfaced a real finding

The old hardcoded plan enumerated 39 collections → 5 targets / 137. The metadata-driven planner iterates all 74 BIRTH_REQUIRED and reproduces every hardcoded delta exactly (shared-set mismatch = 0), but surfaces 13 eligible collections / 779 delta and a parity-divergence hazard the hardcoded view hid:

• TIER1 (Codex-validated, apply-safe): 5 / 137 — dot_domain_rules 67, apr_approvals 42, normative_relations 18, apr_action_types 6, field_type_equivalences 4.
• TIER2 (metadata-consistent, unvalidated, apply-safe): 2 / 137 — measurement_registry 132, law_catalog 5.
• TIER3 (parity-divergent, MUST reclassify before apply): 6 / 505 — law_dot_enforcement 272, approval_requests 160, law_jurisdiction 43, table_registry 20, governance_relations 8, workflows 2. Their existing births do NOT reconcile with the classified identity (existing_births ≠ src_rows − expected_delta), so a naive backfill would create duplicates. The writer FAIL-CLOSES on this (parity-divergence RAISE).

Apply gate

v_qt001_apply_readiness_dashboard_v2.apply_gate = BLOCKED_PENDING_INDEPENDENT_REAUDIT_AND_OWNER_PERMIT. All 7 hardening gates pass; independent_reaudit_signed_off = false (cannot self-certify). open_execute_permits = 0, done_ledgers = 0.

How to read the guards (fast)

Run SELECT fn_qt001_refresh_plan_snapshot(); then query any guard view (sub-second). Individual guards are the authoritative checks; meta-dashboards aggregate them.

SQL artifacts (VPS)

/opt/incomex/docs/mcp-writes/birth-stage2-apply-harden-2026-06-06/ — 01_apply_harden.sql, 02_parity_guard_patch.sql, 03_template_dashboard_fix.sql, 04_plan_snapshot.sql, 99_rollback_harden.sql.

Docs in this set

01 blocker-reverification · 02 apply-procedure · 03 permit · 04 ledger · 05 metadata-plan · 06 collision · 07 rollback-rehearsal · 08 readiness-guard-v2 · 09 independent-reaudit-packet · 10 cross-layer · 11 safety-audit · 12 final-summary · 13 mcp-readable-checkpoint.