KB-727A
READY-TO-ASSEMBLE-LEGO1-PATCH1 08 — [P1-5] Executable Test Suite — 2026-06-22
5 min read Revision 1
ready-to-assemble-lego1-patch1p1-5executable-testsfixturesconcurrencypartial-failureregistration-hold2026-06-22
READY-TO-ASSEMBLE-LEGO1-PATCH1 08 — [P1-5] Executable Test Suite — 2026-06-22
Closes Codex P1-5. Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations. Tests are executable specifications (exact command + deterministic assertion + output capture); DEFINED_NOT_EXECUTED until the Gate-B build runs them in DRY_RUN/VERIFY_ONLY.
1. Defect (reconstructed)
Prior file 07 was specification prose; count>0 and "by construction" are not evidence; missing cases: duplicate/version identity, successor cycles, concurrent token use, partial failure, retry, forged authority reference, ambiguous hash serialization, audit-write failure. SUPERSEDED.
2. Test harness
- Read-only assertions:
query_pg(directus, <SQL>)against governed guard views — deterministic boolean/row-count assertions with captured output. - DOT dry-run:
fn_process_agent_api_dispatch(p_dot_code, p_correlation_id, p_actor, p_mode=>'DRY_RUN', p_idempotency_root=>:root)— observation-only. - Verify: paired
*_VERIFYDOT (mode=VERIFY_ONLY). - Existing governed test command
dot_iu_test_harness_run(catalog: read, non-mutating) may run the suite.
3. Executable test table
| ID | Case | Command (exact) | Deterministic assertion | Maps |
|---|---|---|---|---|
| T1 | schema exists post-create | SELECT count(*) FROM information_schema.tables WHERE table_name='governance_canonical_operation_vocab' |
=1 |
P0-1/02 |
| T2 | versioned PK | SELECT conname FROM pg_constraint WHERE conrelid='governance_canonical_operation_vocab'::regclass AND contype='p' then assert columns {operation_code,protocol_version} |
PK = (operation_code,protocol_version) | P0-2/03 |
| T3 | duplicate (code,version) rejected | dry-run admit same (operation_code,protocol_version) twice |
2nd ⇒ unique-violation reject; rowcount stays | P0-2 |
| T4 | same code across versions allowed | dry-run admit (X,v1) and (X,v2) |
both present; distinct vocab_id |
P0-2 |
| T5 | one active per (code,act_type) | dry-run two active rows same (code,act_type) |
partial-unique violation | P0-2 |
| T6 | successor must exist | supersede with non-existent successor | composite-FK reject | 03/06 |
| T7 | no self/cycle successor | set successor = self / form a cycle | reject (self-link / DAG check) | 03/06 |
| T8 | retired fail-closed for new use | new-use lookup of retired value |
returns reject …_RETIRED_FOR_NEW_USE (RBP-8) |
03/06 |
| T9 | old-version still resolvable | exact lookup (code,old_version) after supersede |
resolves to frozen semantics | 03 |
| T10 | no in-place re-meaning | attempt UPDATE of semantics_frozen |
rejected (write-once) ⇒ RBP-5 path | 03 |
| T11 | concurrent token use | two executors run §05 lease+CAS concurrently | exactly one RETURNING winner; other STOPs |
P1-2/05 |
| T12 | replay stale digest | verifier with old manifest_digest/plan_revision |
0 rows ⇒ fail-closed | 05 |
| T13 | partial failure after schema | inject failure between S2 and S4 (dry-run harness) | state halts at COMP_SCHEMA; no orphan values; grant already consumed |
P1-3/06 |
| T14 | retry idempotent | re-dispatch with same idempotency_root |
completed states skipped; no duplicate rows | 06 |
| T15 | forged authority reference | admit value whose governing_authority_ref not in governed source |
rejected (provenance check vs apr_action_types._dot_origin) |
P1-1/04 |
| T16 | canonical serialization stable | serialize same record twice (key reorder, whitespace, unicode) | identical cser-v1 bytes ⇒ identical SHA-256 | P1-6/09 |
| T17 | audit-write failure ⇒ no commit | inject audit-insert failure | supersession + audit are one txn ⇒ both roll back ⇒ RBP-9 path | 06 |
| T18 | guard views | SELECT bool_and(pass) FROM v_birth_register_idempotency_guard; SELECT register_readiness FROM v_birth_register_readiness WHERE collection_name='governance_canonical_operation_vocab' |
idempotency all pass; readiness as expected | 02/07 |
| T19 | realrun gate honored | SELECT gate_status FROM v_dotkg_realrun_preflight WHERE gate='OVERALL_VERDICT' before apply |
must be GO before any REAL_RUN |
07 |
| T20 | regression: no owner minted | SELECT count(*) FROM governance_object_ownership before/after |
unchanged at 0 | base regression |
4. Assertion discipline
- No
count>0-only assertions: each test asserts an exact value/row/constraint name/winner-count. - Negative cases (T3,T5,T6,T7,T8,T10,T12,T15,T17) assert the exact reject code/constraint, captured from output.
- Concurrency (T11) and partial-failure (T13,T14,T17) require the transactional dry-run fixture, not a read against a populated table.
5. Boundary attestation
Executable specifications only; nothing run; no mutation. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations. Supersedes prior file-07 prose matrix.