docs(licence-policy): A8 — explicit owner-sanctioned scoped carve-outs

LICENCE-POLICY.adoc

@@ -156,45 +156,32 @@ sentinel with `REPLACE-WITH-*`); `spdx-policy-guard.yml` hard-fails it
 as a real SPDX value (and surfaces A3 variants as non-failing
 warnings). Evidence: `LICENCE-DEBT-LEDGER-2026-05-18`.
 
-=== A6 — Named hard-exclusions (enforced, not docs-only)
-
-Two repos are permanently excluded from the SPDX policy guard
-(owner-ruled 2026-05-19). This is *enforced* in
-`rsr-template-repo/.github/workflows/spdx-policy-guard.yml` (a
-repo-name early-exit), not merely documented here:
-
-* **`palimpsest-license`** — it *defines* the PMPL / PLMP / PMLP
-  identifiers; its spec and legal text legitimately contain many SPDX
-  strings, so scanning it produces guaranteed false positives and
-  could corrupt the licence specification.
-* **`repos-monorepo`** — a 297-submodule aggregate superproject that
-  only mirrors the standalone source repos (and harbours `007`, see
-  A1). Every hit duplicates a source repo; licence fixes belong in the
-  source repos only, never here.
-
-=== A7 — Known multi-SPDX false positives (ignore-list)
-
-A small, named set of files legitimately carry more than one SPDX
-*string* without being a licence contradiction — the extra strings are
-documentation-fenced examples, UI string-literals, or codegen-emitted
-headers. These are owner-ruled false positives (2026-05-19, ledger §A +
-§C C1–C3) and the guard reports them as a non-failing `::notice`:
-
-[cols="2,2,3"]
-|===
-| File (repo-relative) | Repo | Why it is not a contradiction
-
-| `PALIMPSEST.adoc`  | standards     | SPDX ids appear inside doc example blocks
-| `README.adoc`      | llm-grace     | PMPL references are explanatory prose, not a header
-| `…/App.res`        | ephapax       | the second id (EUPL-1.2) is a UI string-literal
-| `…/state-utils.scm`| wp-resurrect  | the second id (AGPL) is a codegen-emitted header
-| `CONTRIBUTING.md`  | flatracoon    | extra SPDX ids are fenced documentation examples
-|===
-
-These remain *visible* (`::notice`, not silenced) so the list can be
-audited and tightened. Genuine contradiction §C-C4 (zotero-voyant-export
-`ECHIDNA_ARCHITECTURE_UPDATE_3LANG.md`) is **not** on this list — it is
-a real defect tracked for an owner-directed single-file fix.
+=== A8 — Explicit owner-sanctioned scoped carve-outs (2026-05-19)
+
+A2 forbids *automated/bulk* SPDX change as a standing default. The
+owner has issued the following **explicit, scoped, per-file-verified
+carve-outs** to discharge known licence debt. These are owner-directed
+remediation (A2's "manual, per-file, by the owner" — executed under
+explicit owner ruling, enumerated and verified, never a blind sweep),
+NOT a relaxation of A2's default:
+
+. *Suffix normalisation* — `PMPL-1.0` → `PMPL-1.0-or-later`. This is
+  *not a relicence* (identical licence; only the SPDX expression's
+  `-or-later` suffix is corrected — exactly the A3 debt). Authorised
+  estate-wide, per-repo PRs, owner-merged, diff = SPDX-value-only.
+. *Repo licence correction* — `idaptik` is wholly the owner's son's
+  work → `AGPL-3.0-or-later` (Rule 3); ledger ruling #1, ring-fenced by
+  `idaptik/SON-WORK.boundary`.
+. *Archive relicence* — `hyperpolymath-archive` files bearing `MPL-2.0`
+  that are verified 100% the owner's own authored content (no
+  third-party, no vendored, no licence-text) → `PMPL-1.0-or-later`.
+  Verified by read-only fan-out 2026-05-19. Genuine third-party /
+  vendored / licence-text files are never rewritten.
+
+Every carve-out PR is per-file enumerated, SPDX-only, draft for owner
+merge, and references `LICENCE-DEBT-LEDGER-2026-05-18`. Scaffold
+placeholder/variant leaks (A5) remain fixed by *regeneration*, not by
+these carve-outs.
 
 == See Also