Incomex AI Portal
KB-1455

QT001 Ledger Contract Review

1 min read Revision 1
QT001ledgerresume

04 - Ledger Contract Review

Verdict

Ledger v2 prevents one narrow false-done case but does not provide reliable run recovery or durable failure evidence.

Good

FK to permit; unique run_id/collection_name/batch_id; status/non-negative actual counter checks; done requires actual_inserted=expected_delta.

Blockers

permit_id nullable; expected_delta lacks non-negative constraint; done does not require real_delta=actual_inserted, zero blocked, finish time, or consumed permit. No run-level header/terminal state. resume_marker is not a stable source key and is never consumed. Failure updates roll back. No stale-running monitor, heartbeat, retry, lease, recovery, monitoring indexes, permit-value linkage, or batch source range/checksum.

A done-with-zero record can be valid for rerun, but ledger does not prove zero came from an approved immutable plan.

Back to Knowledge Hub knowledge/dev/reports/architecture/codex-stage2-5-qt001-apply-runtime-hardcode-scale-reaudit-2026-06-06/04-ledger-contract-review.md