77 — SB-2 governance_object_ownership Rehearsal (R3, BEGIN..ROLLBACK, PASS, owner-per-scope + 5 neg tests, 2026-06-01)
77 — SB-2 governance_object_ownership Rehearsal (R3)
Doc: 77. Role: R3 of the SB-2 owner-line rehearsal — author-mode
BEGIN..ROLLBACKof the ownership table keystone (doc 17 §2). Status: PASS. ZERO COMMIT, ZERO residue. Channel: operatorssh contabo → docker exec -i postgres psql -U workflow_admin -d directus. Date: 2026-06-01.
77.1 What R3 rehearses
governance_object_ownership = the authoritative store of one owner link per (object × scope) of a given owner_kind, time-boxed and lifecycled — the missing fourth leg of relational ownership (object/axis → owner-agency) that governance_relations cannot express. Rehearsed with the full doc-17 §2 column contract, the partial-UNIQUE that enforces one accountable owner per scope, all four owner_kind roles, supersession, and five integrity negative tests. The scope reference (R2) is recreated in the same transaction as the FK parent.
Column contract rehearsed (20 columns)
id (bigserial PK), object_type, object_ref, scope (FK→governance_responsibility_scope), owner_kind (CHECK∈{accountable,supporting,delegated,exception}), owner_gov_code (FK→governance_registry(code)), is_inherited_anchor, effective_from, effective_to, lifecycle_status (CHECK∈{active,superseded,revoked,expired}), approval_ref, audit_ref, rollback_ref, source_law_ref, source_design_ref, supersedes_id (self-FK), created_at/by, updated_at/by. Plus CONSTRAINT chk_delegated_ttl CHECK (owner_kind<>'delegated' OR effective_to IS NOT NULL) — delegation must be TTL-bounded (doc 17 §2/§9).
Indexes rehearsed
uq_gov_obj_accountable= partial UNIQUE(object_type,object_ref,scope) WHERE owner_kind='accountable' AND lifecycle_status='active'→ one accountable owner per scope at write time.ix_gov_obj_resolve(object_type,object_ref)for resolution.
77.2 Results
| # | Assertion | Result |
|---|---|---|
| R3.entry.governance_relations / registry | before | 8 / 9 |
| R3.entry.ownership_present | greenfield | false |
| R3.ddl.column_count | full contract | 20 |
| R3.rows_after_smoke | 1 accountable + 2 supporting + 1 delegated + 1 exception | 5 |
| R3.owner_kinds_present | all four roles exercised | accountable,delegated,exception,supporting |
| R3.neg_dup_accountable | second active accountable for same (object,scope) | PASS-one-accountable-per-scope-enforced (unique_violation) |
| R3.supersede_one_active | end-date old + insert new accountable in one tx | 1 active (supersession, not parallel) |
| R3.neg_fk_owner | owner_gov_code='GOV-PHANTOM' |
PASS-phantom-owner-rejected (FK) |
| R3.neg_fk_scope | scope='no_such_scope' |
PASS-bad-scope-rejected (FK) |
| R3.neg_chk_owner_kind | owner_kind='owner-typo' |
PASS-bad-kind-rejected (CHECK) |
| R3.neg_delegated_ttl | delegated without effective_to |
PASS-delegation-requires-TTL (CHECK) |
| R3.exit.governance_relations / registry | after | 8 / 9 (== entry) |
Post-ROLLBACK (same session): governance_object_ownership present = false; governance_responsibility_scope present = false; idle_in_transaction = 0.
77.3 Proven
- Owner-per-scope uniqueness is enforced at write time — a second active accountable owner for the same
(object,scope)is rejected by the partial unique index. The correct mutation is supersession (end-date prior +supersedes_id+ insert new) within one transaction, which leaves exactly one active accountable (R3.supersede_one_active=1). This realizes the doc-17 §4 rule and the C-1 "one accountable owner per scope." - All four
owner_kindroles coexist on one object:accountable(≤1 active per scope),supporting(many allowed),delegated(TTL-bounded),exception(scoped to own object). Supporting/delegated/exception do not masquerade as accountable — they are separate rows under separate kinds and the unique index ignores them. - FK integrity (stronger than live
governance_relations): phantom owner agency and bad scope are both rejected — no orphan owner link, no island. - CHECK integrity: bad
owner_kindrejected; unbounded delegation rejected (delegation must carry a futureeffective_to). - Additivity / no-migration-risk: the 8
governance_relationsedges and 9 registry agencies are unchanged; the new table is greenfield, trigger-less (no birth/emit side effects), and fully removed byROLLBACK.
77.4 R3 verdict
PASS. Ownership keystone rehearsed end-to-end; uniqueness + supersession + all owner_kinds + 5 negative integrity tests green; entry==exit; zero residue; zero COMMIT. Proceed to R4 (doc 78).