03 — Safety Traps (live check)

#	Trap	Live check	Verdict
1	action='add' auto-approve risk	Pending approval_requests by action: modify 2, review 17, add 0. PROC-OWN-01..05 all use action='review'. Auto-approve fires only on action='add' → not armed.	✅ PASS
2	Background birth drift	birth_registry = 1,194,821; +31 vs prior T2 (1,194,790), +94 vs T1 authority-independent (1,194,727). All engineering collections (approval_requests 230 · axis_assignment 25 · dot_tools 309 · pivot 39 · event_type 52 · ownership 0) unchanged. Drift is entity_labels/system_issues/KB background only.	✅ PASS (BENIGN)
3	Event activation risk	process.* = 7 rows, all active=false (0/7); emit disabled. Nothing activated.	✅ PASS
4	REAL_RUN risk	process_run_observation REAL_RUN = 0; v_dotkg_realrun_preflight= NO_GO with 5 BLOCK gates (owner, contract, dry_run_only, execute_enabled, real_run_enabled). invariant_real_run_count_zero=GO.	✅ PASS
5	Trigger canon risk	AX-TRIGGER absent from axis_registry; census surfaces are read-only views, not faked into canon.	✅ PASS
6	UI divergent git risk	No ssh/git/read_file channel reaches the Nuxt repo. Branch feat/process-axis-dashboard unpushed per T1; main pristine per T1. Divergence ahead17/behind13 carried from checkpoints.	⚠️ UNVERIFIED_THIS_RUN
7	Source-IU edit risk	No write channel exercised against any source IU; this run is RO + KB-only.	✅ PASS (NONE)

Notes

• Trap 1 is the one live mutation hazard in the system; it remains disarmed because the officialization requests deliberately use review, not add.
• Trap 6 is the only item this read-only channel cannot positively confirm; treat the T1 checkpoint claim (branch unpushed, main pristine) as the source of truth until an ssh/git channel re-verifies it.

Safety-trap verdict: PASS (one UNVERIFIED_THIS_RUN on UI-git, no FAIL).