F-2 Rollback-Only Coverage Dry-Run — 05 Negative Tests
05 — Negative Tests (FK / CHECK / UNIQUE rejection)
Live output of N1–N6. Each is isolated in its own
SAVEPOINT … <failing insert> … ROLLBACK TO SAVEPOINT, so the expected error never aborts the transaction.ON_ERROR_STOPis toggled off for this block, then back on. Objective 7 (invalid row rejected) — exceeded: 6 distinct rejections proven.
5.1 Results
| # | Constraint exercised | Insert attempted | Server error (verbatim DETAIL) | Verdict |
|---|---|---|---|---|
| N1 | partial-UNIQUE uq_gov_obj_accountable |
2nd active accountable for approval_requests/policy |
duplicate key value violates unique constraint "uq_gov_obj_accountable" · Key (object_type, object_ref, scope)=(collection, approval_requests, policy) already exists. |
rejected |
| N2 | FK …_owner_gov_code_fkey |
owner GOV-PHANTOM (not in registry) |
violates foreign key constraint "governance_object_ownership_owner_gov_code_fkey" · Key (owner_gov_code)=(GOV-PHANTOM) is not present in table "governance_registry". |
rejected |
| N3 | FK …_scope_fkey |
scope nonexistent_scope |
violates foreign key constraint "governance_object_ownership_scope_fkey" · Key (scope)=(nonexistent_scope) is not present in table "governance_responsibility_scope". |
rejected |
| N4 | CHECK …_owner_kind_check |
owner_kind='owner' (not in enum) |
violates check constraint "governance_object_ownership_owner_kind_check" |
rejected |
| N5 | CHECK chk_delegated_ttl |
owner_kind='delegated', effective_to=NULL |
violates check constraint "chk_delegated_ttl" |
rejected |
| N6 | FK …_ruleset_version_fkey (candidate fail-closed) |
governance_candidate_state with ruleset_version='RULESET-DOES-NOT-EXIST' |
violates foreign key constraint "governance_candidate_state_ruleset_version_fkey" · Key (ruleset_version)=(RULESET-DOES-NOT-EXIST) is not present in table "governance_ruleset". |
rejected |
5.2 What each proves
- N1 — the one-accountable-per-(object,scope) invariant is enforced by the partial-unique index; a second accountable owner cannot be created. This is why the conflict view (doc 04 §4.5) returns 0 on the real store.
- N2/N3 — ownership cannot reference a non-existent governance actor or a non-existent responsibility scope; the owner taxonomy and scope set are closed.
- N4 —
owner_kindis restricted to {accountable, supporting, delegated, exception}; arbitrary roles are rejected. - N5 — a delegated owner must carry an expiry (
effective_to); delegation cannot be perpetual — TTL is structurally mandatory. - N6 — fail-closed candidacy: a candidate verdict cannot exist without a registered ruleset version. Verdicts are always anchored to a known ruleset (the decaying-candidacy design depends on this).
5.3 Transaction survived all six
After each ROLLBACK TO SAVEPOINT the transaction remained alive and the subsequent step ran normally (the INTX_OUT_OF_SCOPE and INTX_TRANSIENT_PERSISTED probes after the negative block both returned, doc 06). No negative-test row persisted (final ROLLBACK + independent census confirm governance_object_ownership=0, governance_candidate_state=0).
5.4 Negative-test verdict
PASS (exceeded). 6 of 6 invalid rows rejected by the exact constraint intended — UNIQUE, two FKs, two CHECKs, and one fail-closed candidate FK. The substrate's integrity rails are live and enforced.