03 - BLOCKER B: Closed PG-Native Legacy Denominator Fix

Codex recheck finding

live-relevant is not a closed PG-native predicate. Forward dependency_manifest #11 closure from the new entrypoints proves the new path reaches no legacy object, but it cannot by itself discover a directly callable legacy routine that writes protected legacy/QT001 state and is not reachable from the new path. Without a closed reverse/write-effect relevance universe, the both-EXCEPT denominator can still be selected by implementer judgment - disguised hardcode. (Codex recheck CHECK_A NEEDS_FIX / CHECK_H / CHECK_I.)

The fix - closed PG-native denominator U_legacy (blueprint doc 02 §H.3/§H.4; doc 06 new guard)

The denominator is now the smallest set closed under catalog/manifest-derived rules, then minus the sealed DO_NOT_TOUCH exclusion. No name pattern defines membership; name/owner scans may only WIDEN candidate discovery.

U_legacy = ( reverse_write_effect_closure
           ∪ effective_executable_principals
           ∪ entry_vector_reachable_writers )
           − DO_NOT_TOUCH

1. Reverse write-effect closure. From the protected resources (20 legacy qt001_* tables, birth_registry + permit/ledger/release, the QT001 apply objects), the transitive set of routines that write them - from pg_depend where native, PLUS sealed dependency_manifest #11 edges and dynamic_sql_target_manifest #22 rows for PL/pgSQL body calls and dynamic SQL that pg_depend cannot see (sealed analyzer output). These get protected_target = true in #20. This is the component that closes the forward-closure blind spot Codex named: it works backward from the protected state, so a directly-callable writer is found even if the new path never reaches it.
2. Effective-executable principals. Every legacy routine with effective EXECUTE to PUBLIC / directus / any non-qt001_cp role (proacl expanded via pg_auth_members). These get entrypoint = true.
3. Entry vectors. Every legacy routine reachable from a trigger (pg_trigger), event trigger (pg_event_trigger), scheduler entry, or frozen DOT. Live read-only evidence 2026-06-08: 0 trigger bypass vector over the qt001 set; the rule persists so a future trigger cannot silently add a writer.
4. Minus DO_NOT_TOUCH. The birth-gateway family + DOT-118/119, excluded by sealed object identity, never by name.

Exact-set proof against the closed universe

The sealed #20 LEGACY_* set is both-EXCEPT compared against U_legacy: sealed − U_legacy = ∅ AND U_legacy − sealed = ∅, with count(UNKNOWN_REQUIRES_REVIEW) = 0. A candidate a name scan missed but a rule reaches MUST be classified before seal; a name hit no rule reaches is excluded with a recorded reason.

New guard (doc 06): G-LEGACY-TARGET-CLOSED-DENOMINATOR

Fails if the denominator is name-pattern-defined or vacuous, or if a directly-callable legacy writer of protected state is outside the sealed set, or if either both-EXCEPT direction is non-empty. Non-vacuity: each closure proves its roots (protected resources, effective-EXECUTE principals, entry vectors) are present and the traversal is non-empty. The denominator is manifest-bound (#11/#22/#20/ #26/#27), sealed, integrity-bound by the manifest seal, PG-native, and not name-pattern authority.

Answers to Codex's six questions

• Which legacy routines are in scope? → exactly U_legacy.
• Which can write protected state? → rule 1, protected_target = true.
• Which can call writers/apply/backfill/approval paths? → rule 1 transitive closure.
• Which are callable by PUBLIC/directus? → rule 2, entrypoint = true.
• Which are diagnostic only? → name/owner scans (S00 candidate discovery), explicitly non-binding.
• Which are in the sealed authority target set? → the sealed #20 LEGACY_* rows == U_legacy.

Self-check

PASS only if the operational target denominator is closed/manifest-bound/hash-bound, PG-native, and not name-pattern. PASS - U_legacy is derived only from catalog/manifest facts, sealed, manifest-seal-integrity-bound, both-EXCEPT-proven, and enforced by G-LEGACY-TARGET-CLOSED-DENOMINATOR.