KB-7B56
C1 Staging Codex R3 Fixes — Fix A: P3/P4/P5 DONE Atomicity
3 min read Revision 1
c1stagingcodex-r3-fixesready-for-r42026-06-23
03 — FIX A: P3/P4/P5 DONE ATOMICITY
Rule enforced
No DONE / ledger success row may be committed before the primitive's fatal gate has passed.
Each of P3/P4/P5 now follows: BEGIN; …work…; DO $g$ fatal gate (RAISE on failure) $g$; INSERT DONE ledger row (LAST write); COMMIT;. With ON_ERROR_STOP=1, a gate RAISE aborts psql at the gate statement,
the txn never reaches COMMIT, and PostgreSQL rolls it back on disconnect — so the DONE row, the work
tables, and (for P5) c1_test_results are all discarded. The DONE row's presence in a committed sandbox
therefore proves the gate passed.
P3 — sql/p3-vocab-build.sql (sha256 9614809d…)
- Gate
DO $g$(exact-set: count=3, no unexpected op, no missing op) now at the position before the facet-5c1_vocab_buildledger INSERT andCOMMIT. - DONE row now carries
'gate':'P3_GATE_OK'. - facet-7 readback (
\echo+ SELECT) stays after COMMIT (read-only display).
P4 — sql/p4-verify.sql (sha256 2aeba78d…)
- Gate
DO $g$(count=3, exact set, nvalid=3, field invariants) moved before thec1_verifyledger INSERT + COMMIT. DONE row carries'gate':'P4_GATE_OK'. Thec1_verify(...)UPDATE-to-validated runs before the gate (so the gate's nvalid=3 check is meaningful), inside the same txn.
P5 — sql/p5-bad-input-harness.sql (sha256 44cb64b8…)
- Gate
DO $g$(total=9, accepted=0, failed=0, passed=9, residue=3) moved before thec1_bad_input_harnessledger INSERT + COMMIT. DONE row carries'gate':'P5_GATE_OK'. The per-case readback (\echo+ SELECT) moved to after COMMIT (read-only).
Static ordering proof (see 05 for raw output)
| file | first BEGIN | gate DO $g$ |
DONE ledger INSERT | COMMIT | pre-gate COMMIT? |
|---|---|---|---|---|---|
| p3 | 10 | 70 | 85 | 86 | 0 |
| p4 | 9 | 27 | 45 | 46 | 0 |
| p5 | 15 | 54 | 68 | 69 | 0 |
For all three: gate < DONE < COMMIT and no COMMIT between the first BEGIN and the gate — i.e. the
gate and the DONE row are in the same transaction, the gate is first, and nothing is committed before it.
Forbidden patterns — confirmed absent
- INSERT P3/P4/P5_DONE before the gate: NO (ordering proof).
- commit success ledger then later validate: NO (gate precedes the ledger row in-txn).
- P6 trusting a DONE marker that can predate gate success: NO — and additionally P6 re-verifies facts (see 04), so even a hypothetical stray stamp cannot yield PASS.