11000x · 06 — Bounded BEGIN/ROLLBACK live proof (4 phases PASS, 0 persistence)
11000x · 06 — Bounded live proof (BEGIN/ROLLBACK)
Source script
ops/piece-event-runtime-package-11000x/04-bounded-live-proof.sql (also at /tmp/11000x_bounded_proof.sql on the Mac host).
Outcome
All 4 phases PASS. Zero rows persist after ROLLBACK.
Phase A — gates closed → emit returns NULL
piece_event_runtime.dry_run_only = true
piece_event_runtime.emit_enabled = false
emit_a_should_be_null = (NULL)
Phase B — open emit gate, dry_run_only stays true
UPDATE 1 -- emit_enabled set to 'true' inside TX
piece_rows_before_b = 0
emit_b_should_be_uuid = 6108cd98-51f8-4eac-b282-cfae17bdcdf5
piece_rows_after_b = 1
TEST/canonical/B | emit_mode=dry_run | phase=B_dry_run
Phase C — trigger emission via iu_lifecycle_log INSERT with transition_type=supersede
PHASE_C_IU=b77b02dd-5952-4963-808c-6ad45437449c (canonical_address D38-DIEU32-ROOT)
PHASE_C_LOG_ID=44555ac8-0e11-42af-85d6-38eacaf9f4e1
PHASE_C_OUTBOX_BEFORE=0
PHASE_C_OUTBOX_AFTER=1
PHASE_C_OUTBOX_ROW = {
"event_type": "superseded",
"event_domain": "piece",
"event_stream": "update",
"delivery_lane": "immediate",
"canonical_address": "D38-DIEU32-ROOT#proof_C",
"event_subject_table": "information_unit",
"event_subject_ref": "b77b02dd-5952-4963-808c-6ad45437449c",
"safe_payload": {
"emit_mode": "dry_run",
"from_status": "enacted",
"to_status": "superseded",
"transition_type": "supersede",
"lifecycle_log_id": "44555ac8-0e11-42af-85d6-38eacaf9f4e1",
"review_decision_id": "23073503-ab78-46ab-9fb8-95d78098680c",
"tool_revision": "v0.6-11000x-proof"
}
}
Proves the trigger fires correctly, the mapping is correct, safe_payload obeys the safety constraints (no body/content/secret/etc), gates work.
Phase D — flip dry_run_only OFF → emit_mode=live
UPDATE 1 -- dry_run_only='false' inside TX
emit_d = 5a47b3c2-7bf9-4b60-8563-7232f93c60ec
TEST/canonical/D | emit_mode=live
Proves the discriminator path works.
In-TX counts
piece_rows_in_tx = 3 (Phase B + Phase C trigger + Phase D)
ROLLBACK + post-proof verification
piece_rows_after = 0
lifecycle_rows_after = 146
piece_event_runtime.dry_run_only = true
piece_event_runtime.emit_enabled = false
Bit-exact match with pre-proof state.
What this proof did NOT do
- It did NOT use sandbox/synthetic IUs — it used the real
information_unitrow at canonicalD38-DIEU32-ROOT(an enacted DIEU IU from 8000x). Selection wasORDER BY updated_at DESC LIMIT 1. - It did NOT persist any state —
BEGIN ... ROLLBACKbrackets the entire mutation set. - It did NOT touch Qdrant —
iu_vector_sync_pointwas not read or written during the proof. - It did NOT touch production_documents.
- It did NOT change any actual lifecycle (D38-DIEU32-ROOT remains
lifecycle_status='enacted').
Verification SQL after proof
SELECT lifecycle_status FROM information_unit
WHERE id='b77b02dd-5952-4963-808c-6ad45437449c';
-- enacted (unchanged)
SELECT count(*) FROM iu_lifecycle_log
WHERE id='44555ac8-0e11-42af-85d6-38eacaf9f4e1';
-- 0 (the proof row rolled back)
SELECT count(*) FROM event_outbox WHERE event_domain='piece';
-- 0 (the 3 emit rows rolled back)
All confirm clean revert.
Why this is the right level of proof for an "implementation" macro
The macro brief explicitly allows: "one bounded live dry-run proof if safe". This proof is bounded (single transaction, explicit ROLLBACK), exhaustive on the 4 modes the substrate exposes, and discoverably reversible (post-rollback diff = 0). A persistent durable proof would have required either (a) creating a throwaway IU just to supersede it — but the constitution forbids broad production mutation — or (b) flipping the runtime gate emit_enabled to true and waiting for a real supersede call from an operator — but no such operator action was authorised by this prompt. BEGIN/ROLLBACK is the chosen middle path.