KB-A91E
09 — Intentional-Mistake Proof (Results / Package)
4 min read Revision 1
intentional-mistakeproofdetector-testsbegin-rollbackfail-closedhonest-gaps2026-06-03
09 — Intentional-Mistake Proof (Results / Package)
Detection-side tests were RUN live against the applied detectors (read-only, no mutation).
Mutation-side tests are PACKAGED as BEGIN…ROLLBACK operator tests — not run, because the
authorized scope forbids fabricating birth rows / destructive production tests. No destructive
test was performed.
| # | Test | Expected detector/guard | RUN or PACKAGED | Result |
|---|---|---|---|---|
| 1 | file DOT without registry | v_dot_fs_reconciliation.fs_status='FILE_NO_REGISTRY' |
RUN | ✅ 16 detected (incl. dot-pivot-update) |
| 2 | registry row without birth | fs_status='REGISTERED_NOT_BORN' |
RUN | ✅ detector live (0 currently) |
| 3 | governed table row without birth | v_birth_coverage_status zero-birth |
RUN | ✅ 94 zero-birth collections; 25 BIRTH_REQUIRED |
| 4 | pivot row without birth | v_birth_orphan (pivot_definitions) |
RUN | ✅ 27 detected (26 active) |
| 5 | disable trigger attempt | (gate bypass risk) | PACKAGED | superuser CAN disable; documented risk doc 06 |
| 6 | null code insert | gate skips (null-code skip) | PACKAGED | known behavior (source-verified) |
| 7 | duplicate birth | fn_pre_birth_check check-5 |
PACKAGED | BEGIN; INSERT dup code; ROLLBACK; |
| 8 | registry exists but file missing | v_dot_registry_no_file |
RUN | ✅ 41 detected |
| 9 | file hash drift | (no baseline) | PACKAGED | not detectable — documented gap (doc 04) |
| 10 | direct manual DML | guard does not see it; gate advisory | PACKAGED | documented; needs Stage-2 blocking |
| 11 | stale/absent fs snapshot | fs_snapshot_present BLOCK when 0 |
RUN (logic) | ✅ dim present; PASS at 287; BLOCK-at-0 packaged |
| 12 | dot-pivot-update while NOT_VALID_DOT |
v_dot_pivot_update_status + guard BLOCK |
RUN | ✅ STAGED_FILE_ONLY; guard BLOCK=1 |
| 13 | row-governance object with no owner | v_object_owner_gap |
RUN | ✅ 210 |
| ★ | guard fails closed when unknowns exist | fn_assert_safe_for_dot_action() RAISES |
RUN | ✅ exit 3, lists 4 BLOCK dims |
Packaged mutation tests (run by operator only, rollback-contained)
-- Test 7: duplicate birth (must be flagged by fn_pre_birth_check check-5)
BEGIN; SELECT * FROM fn_pre_birth_check('dot_tools','DOT-113','dot-pivot-declare','TEST'); ROLLBACK;
-- Test 11: stale snapshot makes guard fail closed
BEGIN; TRUNCATE _recon_dot_fs_inventory;
SELECT * FROM fn_preflight_guard() WHERE check_name='fs_snapshot_present'; -- expect cnt=0 BLOCK
SELECT fn_assert_safe_for_dot_action(); -- expect EXCEPTION
ROLLBACK; -- snapshot restored; re-run 03_load to be safe
-- Test 6: null code is skipped by gate (advisory)
BEGIN; -- INSERT a row with code NULL into a gated table; gate RETURNs NEW (skip). ROLLBACK.
ROLLBACK;
Honest gaps surfaced
- HASH_DRIFT undetectable (no baseline hash store) — test 9.
- Direct manual DML / trigger-disable bypass the advisory gate — tests 5, 10 — only Stage-2 blocking + role hardening close these (doc 06).
- The guard sees only what the detectors see; the fs dimensions are only as fresh as the last
03_loadsnapshot (test 11 enforces freshness via fail-closed).