11 — Safety Audit (Supertrack K)

Master guard v_qt001_not_safe_guard (7/7 pass) proves the macro did NOT apply and the Codex verdict still stands.

Invariant	Required	Live
no real backfill committed	yes	birth_registry 1,210,898 == start (DDL-neutral)
target_births	remains 8	8 (all apr_action_types, origin PG:sb1-gov-vocab)
target QT-001-apply-origin births	remains 0	0 (origin STAGE2.5:dot-birth-qt001-apply absent)
open_permits (v1)	0	0
open execute permits (v2)	0	0
done_ledgers (v1)	0	0
done_ledgers (v2)	0	0
birth before==after	yes except KB docs	DDL/rehearsal neutral 1,210,898; only KB report uploads add provenance births
trigger/gateway/source change	none	tga 129; gateway md5 c022f849; no trigger; no source-data edit
owner/vote/RP/REALRUN/event/UI	no mutation	none

Birth accounting

• Start anchor (macro begin): birth_registry = 1,210,898.
• All DDL (4 apply files), the function rehearsal, and the explicit BEGIN..ROLLBACK rehearsal: birth-neutral (verified before==after at each step).
• Snapshot refresh: writes only qt001_plan_snapshot (74 rows) — not birth_registry.
• The ONLY post-macro birth growth is KB report/checkpoint uploads (each knowledge_documents insert births 1 provenance row) — expected and accounted.

Forbidden-actions compliance

No QT-001 real apply · no permits opened · no 137 (or 274/779) births written · no dot-birth-backfill/dot-birth-trigger-setup execution (still frozen) · no trigger change · no gateway-body change · no source IU edit · no owner/vote/RP/REALRUN/event/UI deploy · no ledger marked done without matching delta (structurally impossible) · no pseudocode apply source (replaced) · no readiness PASS without a live procedure.

fn_log_issue note (out of scope)

The varchar(50) long-entity-code fn_log_issue INSERT issue is logged for a future hardening macro only; it does not block QT-001 hardening and was NOT modified here.