KB-5546
Birth Stage 2 QT-001 — 11 Safety Audit
3 min read Revision 1
birth-gatewaystage2safety-audit2026-06-06
11 — Safety Audit (Supertrack K)
| Audit item | Result |
|---|---|
| No dangerous DOT executed | PASS — dot-birth-backfill + dot-birth-trigger-setup still FROZEN (stage0 guard 5/5, frozen 2/2) |
| No old gateway restored | PASS — fn_birth_registry_auto byte-identical; no_go 4/4; norm_md5 unchanged; contract drift 0 |
| No trigger changed | PASS — tga 129 unchanged (no CREATE/ALTER/DROP TRIGGER); only CREATE VIEW + DML UPDATE/INSERT |
| No source data changed except permitted metadata | PASS — only collection_registry.birth_code_* (39 rows, reversible) + 5 ledger PLAN rows; no IU/source edits |
| No bulk backfill | PASS — 0 birth_registry rows committed by this macro; backfill rehearsed then ROLLBACK |
| birth before==after (DDL/DML/dry-run) | PASS — classification birth-neutral 1,210,868==1,210,868; views birth-neutral; rehearsal ROLLBACK left 1,210,868 |
| Macro net births to birth_registry | 0 (the only births in the window are background realtime QT-002, not from this macro) |
| trigger_guard_alerts unchanged | PASS — 129 == 129 |
| No owner/vote/official RP / REAL_RUN / event / UI | PASS — none touched; apr 42, authority P1 8/8, quorum 7/7 |
| No historical row delete | PASS — none deleted |
| No backfill for EXEMPT/DEFERRED/UNKNOWN | PASS — apply path fail-closed on policy + identity |
| No self-certify without rerun delta=0 | PASS — rerun-delta=0 proven; real apply still left for independent T2 |
| QT-002 live path not broken | PASS — stage1 QT compat 8/8; gateway unchanged |
| OOM safe | PASS — metadata DDL/DML only; dry-run over tiny tables (max knowledge_documents 6586); PG16.13; no heavy scan, no signal-9 |
| Rollback/compensation staged | PASS — 99_rollback_stage2.sql (revert 39 classify + delete 5 ledger + drop 25 views) |
Self-guarding apply mechanism
The classification commit ran inside a DO block that RAISEs EXCEPTION (aborting the whole tx) if birth_registry count changed — so any accidental birth would have rolled the metadata write back automatically. It reported birth-neutral and committed.
Audit verdict: clean. Every forbidden action avoided; every committed change additive + reversible + birth-neutral.