Checkpoint - Codex Stage 2.5 QT-001 Runtime / Hardcode / Scale Re-Audit

Date: 2026-06-06 Status: NOT_SAFE_NEEDS_FIX Scale: SCALE_NOT_SAFE Mode: READ-ONLY production audit; report files only.

Do not open permits and do not apply Tier1. Tier1 data valid 5 collections / 137 rows, but runtime is not authority-safe, genuinely resumable, fully automatic, or scalable.

Highest risk: writer checks no Tier/sign-off/readiness; does not enforce permit checksum/delta/approver/revocation; no real resume/keyset/watermark/locks; no QT001 DOT/monitor/cron; PUBLIC EXECUTE; literal false sign-off; fixed Tier1 list; wrong legacy delimiter; ~223,952-row plan took 5.079 seconds.

Initial live no-apply: birth_registry=1,210,914; Tier1 target births=8; QT001-origin=0; permits=0; done ledgers=0; gateway=5/5; dangerous old DOTs frozen=2/2.

Post-report-upload no-worse: birth_registry=1,210,928 (+14 authorized KB report births); Tier1 target births=8; QT001-origin=0; permits=0; done ledgers=0; cross-layer guard=9/9 PASS. MCP vector readback returned this decision and canonical reports.

Next macro: BIRTH_STAGE2_6_QT001_AUTHORITY_TIER_GATE_KEYSET_RESUME_AND_HARDCODE_ELIMINATION. Fresh independent re-audit required; no Stage 3.