F-2 Rollback-Only Coverage Dry-Run — 07 Findings & Threshold Corrections
07 — Findings & Threshold Corrections
Honest reporting per the governing principle (no overclaim). What F-2 newly proved, plus corrections to fold into the next macro / F-4 authorization.
7.1 F2-1 — seam inventory must cast collection_name::text (type-compat)
Finding. The live seam views are typed text; collection_registry.collection_name is varchar(255). CREATE OR REPLACE VIEW forbids changing a column's data type, so wiring the inventory seam onto collection_registry fails unless collection_name is cast to text.
Impact. Non-semantic but load-bearing for F-4: the ratified F-4 wiring DDL must cast cr.collection_name::text AS object_ref (and any other varchar source columns), or the CREATE OR REPLACE will error. Caught and fixed here at zero cost; must not be rediscovered at COMMIT time.
Action. Fold the cast into the F-4 seam-wiring SQL spec.
7.2 F2-2 — F-DR-1 per-scope ceiling re-confirmed against the real view object
The pre-ownership gap was exactly 18 (3 × 6) produced by the wired view (F-1 reached 18 only via inline SQL). The per-scope ceiling (subset 18 / full 210) is now empirically the live view's behavior, not an inference. The next macro's in-flight abort gate should use 210 (full) / 18 (3-subset), not the superseded 38.
7.3 F2-3 — recursive inheritance works end-to-end against real view objects
Direct (depth 0) and inherited (depth 1, via the is_inherited_anchor containment climb) resolution both fired correctly with a single seeded owner row; the gap view honored the inherited coverage (18→16, not 18→17). This is the first time the recursive v_object_effective_owner + v_object_owner_gap pair has been exercised with the seams as live objects over a real source inside a transaction. The decaying-candidacy / honest-under-coverage design is fully exercisable; only persistence/emit remain gated.
7.4 F2-4 — integrity rails are live and fail-closed
Six independent rejections (UNIQUE, 2×FK, 2×CHECK, candidate-ruleset FK) confirm the substrate cannot accept: a second accountable owner, a phantom owner, a phantom scope, an out-of-enum owner_kind, a perpetual delegation, or a candidate without a ruleset. The one-accountable invariant and fail-closed candidacy are enforced by the schema, not by application code.
7.5 F2-5 — zero-emit / zero-issue / zero-activation boundary held perfectly
event_outbox (governance) = 0, system_issues = 198,442, governance event types active = 0, worker cursor = 0, dot_tools = 309, os_proposal_approvals = 0 — all unchanged. The coverage findings existed only as in-transaction SELECT output and the log lines in this package; nothing was emitted, persisted, routed, or activated.
7.6 F2-6 — missing GPT-review artifact (carried from F-DR-6, unresolved)
The mission named gpt-review-f1-readonly-dry-run-pass-go-f2-rollback-only-2026-06-02.md as a state-recovery input. It does not exist on disk or in the KB architecture path (same as F-DR-6's missing gpt-review-operational-readiness-…). The GO is grounded in the published F-1 package (doc 07 = GO — F-2 rollback-only). No authorization gap — a documentation/reconciliation item for the operator: the parallel GPT review may be pending or filed under another name.
7.7 F2-7 — governing law file empty/absent
knowledge/dev/laws/prompt-muc-tieu-mo-for-claude-code.md is empty/absent on disk. Immaterial to F-2 (the governing principles — honest reporting, no hardcode, fail-closed, no hidden island, ratification-gated activation — are internalized and honored), but flagged for the operator to restore the canonical law text.
7.8 Corrected thresholds (for the next macro)
| Threshold | Old | Corrected (use this) |
|---|---|---|
| 3-subset gap ceiling | "≤3" | 18 (3 × 6 scopes) |
| Full Phase-1 gap ceiling | 38 | 210 (35 × 6 scopes) |
| Seam wiring DDL | collection_name AS object_ref |
collection_name::text AS object_ref |
| Owner-resolution rows (subset, ≥1 owner) | n/a | bounded by object×scope = 18 |
7.9 What F-2 still did NOT (and could not) prove
- Object-grain (
birth_registry, ~10⁶) — collection grain only; NO-GO for a first run (SB-13 cursor required). - Persistence / emit / activation — F-4..F-7, ratification-gated; correctly not performed.
- Axis / assignment / topic coverage —
axis_registry/axis_assignment/coverage_ruleABSENT ⇒ fake/test-only; NO-GO (unchanged from F-DR-4). - Real containment source — the containment edge here was a deliberate 1-edge fixture inside the txn; the ratified containment source (pivot/IU parent refs, acyclic) is an F-4-class decision, not exercised against production catalogs.
- Performance at scale — 3 collections, sub-second; says nothing about 35/210 or object-grain cost.
7.10 Findings verdict
BOUNDED, EXPLAINABLE, HONEST. One load-bearing fix for F-4 (F2-1 cast), one ceiling re-confirmation (F2-2), one end-to-end recursive-coverage proof (F2-3), one integrity-rail proof (F2-4), the zero-emit boundary held (F2-5), and two documentation items to reconcile (F2-6 missing review, F2-7 empty law).