13 — MCP-Readable Checkpoint (GPT/Codex)

Macro: BIRTH_STAGE2_QT001_APPLY_DOT_HARDEN_PERMIT_LEDGER_AND_FALSE_DONE_PREVENTION · Date: 2026-06-06 · Status: PASS · Live mutation: YES additive/reversible/birth-neutral · No apply / no permits / p_execute default false.

State move: 137_VALID_BUT_NOT_SAFE → APPLY_RUNTIME_HARDENED + PERMIT_LEDGER_SAFE + FALSE_DONE_IMPOSSIBLE + READY_FOR_REAUDIT.

Codex 8 blockers all reverified (reproduced) then hardened: B1 real writer fn+proc (was pseudocode/absent); B2 structural CHECK bbl2_no_false_done + writer RAISE; B3 readiness_guard_v2 + dot_readiness patched; B4 permit_v2 expires_at/max_rows/expected NOT NULL + CHECKs; B5 ledger_v2 run/batch UNIQUE+FK+status enum+resume_marker; B6 writer cross-collection fail-close + staged core patch; B7 per-batch ledger+COMMIT+failed/rolled_back; B8 gate recomputed from live unclassified(4).

Rehearsal (both function + explicit BEGIN..ROLLBACK): applied 137 (67/42/18/6/4), rerun_delta 0, false_done_blocked true, rollback_clean true, birth before==after 1,210,898.

Metadata-driven plan finding: 13 eligible/779; reproduces hardcoded exactly (shared-set mismatch 0); tiers TIER1 5/137 validated apply_safe, TIER2 2/137 (measurement_registry 132, law_catalog 5) consistent-unvalidated, TIER3 6/505 (law_dot_enforcement 272, approval_requests 160, law_jurisdiction 43, table_registry 20, governance_relations 8, workflows 2) parity-divergent → writer fail-closes (would duplicate).

Objects: tables birth_admission_permit_v2, birth_backfill_ledger_v2, qt001_apply_rehearsal_audit, qt001_plan_snapshot; fns fn_dot_birth_qt001_plan_v2, fn_qt001_plan_all, fn_dot_birth_qt001_apply, fn_qt001_run_rehearsal, fn_qt001_refresh_plan_snapshot; proc sp_dot_birth_qt001_apply; 22 views (+2 repaired).

All-guards rollup 13/13 true. Apply gate BLOCKED_PENDING_INDEPENDENT_REAUDIT_AND_OWNER_PERMIT. Invariants: open_permits 0, done_ledgers 0, target_births 8, qt001-apply-origin births 0, gateway md5 c022f849, tga 129, apr 42, Stage0/1 guards pass.

Reaudit: refresh snapshot then query v_qt001_codex_blocker_reverification / v_qt001_apply_runtime_status / v_qt001_permit_contract_status / v_qt001_ledger_contract_status / v_qt001_false_done_guard / v_qt001_metadata_scope_tiers / v_qt001_plan_vs_hardcoded_diff / v_qt001_rerun_delta0_rehearsal_guard / v_qt001_apply_readiness_dashboard_v2 / v_qt001_not_safe_guard. Packet: BIRTH_STAGE2_QT001_APPLY_REAUDIT_PACKET.md.

Next: independent reaudit → if PASS, owner-gated TIER1-only apply; parallel TIER3 reclassify. SQL: /opt/incomex/docs/mcp-writes/birth-stage2-apply-harden-2026-06-06/{01..04,99}.sql.