READY-TO-ASSEMBLE-LEGO1-PATCH2 08 — Executable Test Fixtures T1–T20 Proof (B6) — 2026-06-22
READY-TO-ASSEMBLE-LEGO1-PATCH2 08 — Executable Test Fixtures T1–T20 Proof (B6) — 2026-06-22
Closes/holds Codex 5.7. Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations.
1. Codex residuals (reproduced)
PATCH1 T1–T20 were mostly prose ("dry-run admit…", "inject failure…"); fixtures/variables undefined; T1/T2 need a created schema (cannot be dry-run evidence); the invoked dot_iu_test_harness_run→fn_iu_bcf_harness_run is an IU axis-B/C/F tester (hardcoded p_c_root, p_b_expected_iu=16), not a C1 runner. Confirmed real.
2. Two tiers of test, separated honestly
- Tier A — read-only assertions runnable now against the live catalog (no C1 artifacts needed). These I can execute today via
query_pg. - Tier B — build-time fixtures that require the absent C1 schema/handlers/harness; they are executable specifications with exact command + deterministic assertion,
DEFINED_NOT_EXECUTED, runnable only after B1 artifacts exist.
3. Required C1 harness contract (Form B; absent today)
DOT_C1_TEST_HARNESS_RUN → fn_c1_vocab_harness_run(p_actor, p_idempotency_root, p_manifest_digest):
- Payload: actor, idempotency_root, expected
manifest_digest/count. - Response: per-test
{id, verdict, expected, actual, reject_code?}+overall_verdict+audit_run_ids. - Assertions: exact value/row/constraint-name/winner-count (no
count>0). - Reject codes: surfaced verbatim from the handler under test.
- Evidence: writes governed command-log rows (the
fn_dot_iu_command_logpattern); read-back by Codex. - Status: this harness does not exist (
fn_iu_bcf_harness_runis unrelated); it cannot be created under HOLD.
4. T1–T20 (exact command + deterministic assertion + tier)
| ID | Case | Command (exact) | Assertion | Tier |
|---|---|---|---|---|
| T1 | schema exists post-create | SELECT count(*) FROM information_schema.tables WHERE table_name='governance_canonical_operation_vocab' |
=1 (today =0) |
B |
| T2 | versioned PK | SELECT conname FROM pg_constraint WHERE conrelid='governance_canonical_operation_vocab'::regclass AND contype='p' |
PK=(operation_code,protocol_version) | B |
| T3 | dup (code,version) rejected | admit same (X,1.0.0) twice (DRY_RUN) |
2nd ⇒ unique-violation | B |
| T4 | same code across versions | admit (X,1.0.0),(X,2.0.0) |
both; distinct vocab_id |
B |
| T5 | one active per (code,act_type) | two active same (code,act_type) |
partial-unique violation | B |
| T6 | successor must exist | supersede→missing successor | composite-FK reject | B |
| T7 | no self/cycle successor | successor=self / cycle | self-link/DAG reject | B |
| T8 | retired fail-closed | new-use lookup of retired | RETIRED_FOR_NEW_USE (RBP-8) |
B |
| T9 | old version resolvable | exact (X,1.0.0) after supersede |
frozen semantics | B |
| T10 | no in-place re-meaning | UPDATE semantics_frozen |
write-once reject (RBP-5) | B |
| T11 | concurrent token | two executors run file 05 §3 | one CAS winner; other STOP | B |
| T12 | replay stale digest | verifier old manifest_digest |
0 rows fail-closed | A* |
| T13 | partial failure after schema | inject fail S2→S4 | halt COMP_SCHEMA; no orphan values |
B |
| T14 | retry idempotent | re-run same idempotency_root |
completed states skipped | B |
| T15 | forged provenance | admit value w/ governing_authority_ref not in apr_action_types._dot_origin |
UNGOVERNED_PROVENANCE |
A* |
| T16 | cser stable | serialize twice (reorder/whitespace/unicode) | identical SHA-256 (file 09) | A — runnable now |
| T17 | audit-write fail ⇒ no commit | inject audit fail | supersession+audit one txn ⇒ both roll back (RBP-9) | B |
| T18 | resolver determinism | run R_C1 twice |
identical row set + manifest_digest |
A — runnable now |
| T19 | real-run gate honored | SELECT gate_status FROM v_c1_realrun_preflight WHERE gate='OVERALL_VERDICT' |
must be GO before REAL_RUN (view absent today) | B |
| T20 | regression: no owner minted | SELECT count(*) FROM governance_object_ownership before/after |
unchanged at 0 | A — runnable now |
* T12/T15 become fully executable once the verifier/admit handlers exist; their logic is assertable against the spec now.
5. Honest status
cser/resolver/regression tests (T16/T18/T20) are runnable today; the rest require the absent C1 schema/handlers/harness. Classification: B6 PREPARATION_GAP — the C1 harness and the artifacts under test do not exist and cannot be created under HOLD.
6. Boundary attestation
Test specs only; nothing run that mutates. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations. Supersedes PATCH1 file 08 §2 (IU-BCF harness as C1 runner).