06 - BLOCKER 5: DO_NOT_TOUCH Authority-Exclusion Removal

What the amendment requires

• DO_NOT_TOUCH may remain a hard-block label for out-of-scope unrelated objects only;
• DO_NOT_TOUCH cannot subtract from U_legacy;
• if an object collides with U_legacy and a boundary/hard-block, the result is fail-closed / design review required, not automatic exclusion.

What T1 patched

Subtraction removed from U_legacy (doc 02 §H.2/§H.4, doc 06 G-LEGACY-TARGET-CLOSED-DENOMINATOR)

The denominator formula lost its − DO_NOT_TOUCH term: U_legacy = rule1 ∪ rule2 ∪ rule3 (reverse write-effect closure ∪ effective-EXECUTE principals ∪ entry vectors), with no subtraction and no class-based exclusion. G-LEGACY-TARGET-CLOSED-DENOMINATOR now FAILS if any manual or class-based exclusion or subtraction is applied.

DO_NOT_TOUCH is a boundary label only (doc 02 §E/§H.5, doc 08 §A/§B)

The birth gateway (fn_birth_registry_auto + family + birth_registry + permit/ledger) and DOT-118/119 are out-of-scope hard-block boundaries, classified DO_NOT_TOUCH (boundary) in doc 08 §A/§B. They are not rows in the U_legacy mapping and are never subtracted. In practice they are not reached by the #11 closure from the QT001 protected_target roots (they are a different layer — birth event-truth, not QT001 control-plane protected targets).

Collision → fail closed (doc 02 §H.2/§H.4, doc 04 S13/S15 no-go, doc 06)

If the #11 closure ever reaches a protected-boundary object (the #26 gateway identity, the birth gateway, a frozen DOT, or any object that cannot receive the uniform end-state), the package FAILS CLOSED and requires a separate owner decision. This is now an explicit no-go in doc 04 S13/S15, a fail-closed branch in G-LEGACY-TARGET-CLOSED-DENOMINATOR, and a negative test in doc 06.

Birth-gateway overwrite protection unchanged

The birth gateway's overwrite protection remains DETECTION (G-BIRTH-NEUTRAL gateway norm-md5) + G-DOT-FROZEN (the DOT never runs) + the doc 08 §A "birth gateway modification" hard block — NOT owner-isolation (FIX7 never owns it). G-DOT-NOOVERWRITE owner-isolation protects only the qt001_cp control objects + the QT001 writer gateway. This is unchanged from prior passes; what changed is that the boundary is no longer expressed as a DO_NOT_TOUCH subtraction from U_legacy.

Where applied

doc 02 §E (DO_NOT_TOUCH not a row / not a disposition), §H.2 (no subtraction), §H.4 (denominator no subtraction), §H.5 (label mapping); doc 04 (denominator note + S13/S15 collision no-go); doc 06 (G-LEGACY-TARGET-CLOSED-DENOMINATOR + negative test); doc 08 §A/§B (boundary hard-block framing).

Self-check

PASS. DO_NOT_TOUCH no longer subtracts from U_legacy; it is a boundary/hard-block label for out-of-scope unrelated objects only; collisions fail closed for a separate owner decision rather than auto-excluding.