From b5eb4ede344d2cf8dbf9a47da3e1fb52d384c616 Mon Sep 17 00:00:00 2001
From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com>
Date: Tue, 19 May 2026 19:44:58 +0100
Subject: [PATCH] docs(licence-policy): A6 named hard-exclusions + A7
 multi-SPDX FP ignore-list
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Records (and points enforcement at) licence-debt ledger rulings #2 and
#3/§C C1-C3. Additive — Rules 1-3 and A1-A5 unchanged. The A6
exclusions are enforced in rsr-template-repo spdx-policy-guard.yml,
not docs-only. Refs LICENCE-DEBT-LEDGER-2026-05-18.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 LICENCE-POLICY.adoc | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/LICENCE-POLICY.adoc b/LICENCE-POLICY.adoc
index 8370a7d..1b543aa 100644
--- a/LICENCE-POLICY.adoc
+++ b/LICENCE-POLICY.adoc
@@ -156,6 +156,46 @@ sentinel with `REPLACE-WITH-*`); `spdx-policy-guard.yml` hard-fails it
 as a real SPDX value (and surfaces A3 variants as non-failing
 warnings). Evidence: `LICENCE-DEBT-LEDGER-2026-05-18`.
 
+=== A6 — Named hard-exclusions (enforced, not docs-only)
+
+Two repos are permanently excluded from the SPDX policy guard
+(owner-ruled 2026-05-19). This is *enforced* in
+`rsr-template-repo/.github/workflows/spdx-policy-guard.yml` (a
+repo-name early-exit), not merely documented here:
+
+* **`palimpsest-license`** — it *defines* the PMPL / PLMP / PMLP
+  identifiers; its spec and legal text legitimately contain many SPDX
+  strings, so scanning it produces guaranteed false positives and
+  could corrupt the licence specification.
+* **`repos-monorepo`** — a 297-submodule aggregate superproject that
+  only mirrors the standalone source repos (and harbours `007`, see
+  A1). Every hit duplicates a source repo; licence fixes belong in the
+  source repos only, never here.
+
+=== A7 — Known multi-SPDX false positives (ignore-list)
+
+A small, named set of files legitimately carry more than one SPDX
+*string* without being a licence contradiction — the extra strings are
+documentation-fenced examples, UI string-literals, or codegen-emitted
+headers. These are owner-ruled false positives (2026-05-19, ledger §A +
+§C C1–C3) and the guard reports them as a non-failing `::notice`:
+
+[cols="2,2,3"]
+|===
+| File (repo-relative) | Repo | Why it is not a contradiction
+
+| `PALIMPSEST.adoc`  | standards     | SPDX ids appear inside doc example blocks
+| `README.adoc`      | llm-grace     | PMPL references are explanatory prose, not a header
+| `…/App.res`        | ephapax       | the second id (EUPL-1.2) is a UI string-literal
+| `…/state-utils.scm`| wp-resurrect  | the second id (AGPL) is a codegen-emitted header
+| `CONTRIBUTING.md`  | flatracoon    | extra SPDX ids are fenced documentation examples
+|===
+
+These remain *visible* (`::notice`, not silenced) so the list can be
+audited and tightened. Genuine contradiction §C-C4 (zotero-voyant-export
+`ECHIDNA_ARCHITECTURE_UPDATE_3LANG.md`) is **not** on this list — it is
+a real defect tracked for an owner-directed single-file fix.
+
 == See Also
 
 * `PALIMPSEST.adoc` (this directory) — full narrative