06 — fn_birth_register Collision Hardening (Supertrack F)

Reproduced risk (Codex B6)

fn_birth_register decides idempotency with SELECT EXISTS(SELECT 1 FROM birth_registry WHERE entity_code = v_entity_code) — entity_code only, NO collection_name qualifier. birth_registry.entity_code is globally UNIQUE. So if collection A resolves to an entity_code already owned by collection B, the function returns result=skipped, reason=already_exists, idempotent=true — a cross-collection collision is silently masked as an idempotent skip.

Two-layer mitigation

1. Sanctioned writer fail-close (LIVE): fn_dot_birth_qt001_apply pre-checks each candidate code with EXISTS(... WHERE entity_code=v_code AND collection_name<>p_collection) and RAISEs (records actual_blocked, status failed) BEFORE calling fn_birth_register. The QT-001 apply path can never silently skip a collision. The planner also reports collision_count per collection.
2. Core patch (STAGED, NOT applied): v_birth_register_collision_patch_plan documents an optional CREATE OR REPLACE fn_birth_register so the conflict branch returns result=blocked, reason=cross_collection_collision when the existing row's collection_name <> p_collection. Deferred to an independent-review-approved hardening macro to avoid mutating a shared Stage-1 function here. No historical births are rewritten; entity_code stays globally UNIQUE.

Live state (v_birth_register_collision_risk, v_birth_register_collision_no_go_guard)

• Prospective cross-collection collisions in scope = 0 (Codex-confirmed zero current collision; reverified across all 13 eligible-with-delta collections — every collision_count=0).
• sanctioned_writer_failcloses_on_collision = pass · birth_registry_entity_code_globally_unique = pass.

Note: cross-collection collision (different collections, same code) is distinct from same-collection parity divergence (doc 05). Both are fail-closed in the writer.