06 — QT-001 Apply DOT (Supertrack F)

New gated writer path designed and kept fail-closed; old dot-birth-backfill (direct INSERT) stays FROZEN.

dot-birth-qt001-apply (source: 05_dot_birth_qt001_apply_SOURCE.sql)

Procedure sp_dot_birth_qt001_apply(p_collection, p_permit_id, p_batch=1000, p_execute=false):

• GATE 1: OPEN, unexpired birth_admission_permit scoped to the exact collection — else RAISE.
• GATE 2: v_birth_gateway_contract_integrity_dashboard.all_ok — else RAISE.
• GATE 3: identity ELIGIBLE (never backfill unclassified/exempt/deferred) + policy BIRTH_REQUIRED — else RAISE.
• GATE 4: dry-run unless p_execute=true (default false).
• Writes ONLY via fn_birth_register(...,p_dry_run=false) (idempotent ON CONFLICT entity_code). Batched per p_batch with COMMIT at batch boundaries (procedure) so a failure rolls back only the current batch; ledger records applied_rows, batch_tx_count, uncertified_count, finished_at, status=done.
• NEVER CREATE OR REPLACE FUNCTION fn_birth*; NEVER touches gateway or triggers; NEVER direct INSERT.

Deliberately NOT deployed live

The apply DOT is SOURCE ONLY this macro. No apply-capable function was added to production, so there is no surface that could backfill without (a) deploying the reviewed source and (b) an OPEN permit. This is the strongest fail-closed posture.

Readiness / no-go views

v_birth_qt001_apply_dot_readiness (5/5: plan ready, dry-run default, idempotent on_conflict, contract ok, register-not-direct-insert). v_birth_qt001_apply_no_go_guard — apply blocked now: 0 open permits, 0 unclassified in scope, no-self-certify requires T2, 0 committed done-ledger. v_birth_qt001_permit_status (0 permits). v_birth_qt001_backfill_ledger_status (5 planned / 0 done).

Proven safe end-to-end (rehearsal 03)

A real fn_birth_register(...,false) apply over all 5 delta collections inside BEGIN..ROLLBACK: applied_delta=137, rerun_delta=0 (idempotent), ROLLBACK restored birth count exactly. Committed nothing. This is the apply correctness proof; the live commit awaits T2 + permit.