F6 Pre-Activation Macro 02 — Large Ownership Rollback-Only Rehearsal (210→0)
02 — Large Ownership Rollback-Only Rehearsal (Objective A)
Mode: single BEGIN..ROLLBACK. NO COMMIT. Zero persistent mutation.
Script: sql/f6_large_ownership_rollback.sql. Verdict: PASS.
Design
Prove maximum achievable coverage at full scale, not a token subset. Containment is depth-1 and every governed collection belongs to exactly one of 5 groups, so anchoring each group across all 6 scopes (30 accountable anchor rows, is_inherited_anchor=true) inherits down to every one of the 35 collections × 6 scopes = 210 cells. Staged with savepoints to show the gap descend monotonically, then a direct-override proof, a scaled conflict, and 6 fail-closed negatives.
Results (live, in-transaction)
| Stage | Action | Gap | Covered | Note |
|---|---|---|---|---|
| ENTRY | — | 210 | 0 | own=0, eo=0, conflict=0 |
| 1 | anchor GRP-GOVERNANCE × 6 (16 children) | 114 | 96 | INSERT 0 6 |
| 2 | + GRP-REGISTRY × 6 (14 children) | 30 | 180 | INSERT 0 6 |
| 3 | + GRP-AI/BUSINESS/WORKFLOW × 6 (5 children) | 0 | 210 | INSERT 0 18; 30 anchors total |
Stage-3 cross-checks: eo_inventory_accountable = 210; resolution breakdown = inherited 210 (every inventory cell covered by inheritance, exactly as designed).
Stage 4 — direct-override precedence
- Target picked deterministically =
agents(groupGRP-AI). - Before direct seed:
agents/audit=GOV-DOT,inherited, depth 1, anchorGRP-AI. - After direct seed (
GOV-SIV,is_inherited_anchor=false):agents/audit=GOV-SIV,direct, depth 0, anchoragents. - Sibling
approval_requests/auditstayedGOV-COUNCILinherited⇒ override is local, not group-wide. - Gap stayed 0 (override replaces, does not add coverage).
- No unique conflict: group anchor (
object_type='group') and the collection override (object_type='collection') are distinct keys.
Stage 5 — scaled conflict (fail-closed)
Duplicate accountable anchor on (group, GRP-GOVERNANCE, policy) →
ERROR: duplicate key value violates unique constraint "uq_gov_obj_accountable". v_object_owner_conflict = 0 (prevented at the write layer, never reaches the detector view).
Stage 6 — six negatives, all rejected
| # | Attempt | Constraint fired |
|---|---|---|
| N1 | owner GOV-NOPE |
FK …_owner_gov_code_fkey |
| N2 | scope not_a_scope |
FK …_scope_fkey |
| N3 | owner_kind overlord |
CHECK …_owner_kind_check |
| N4 | delegated, no TTL | CHECK chk_delegated_ttl |
| N5 | lifecycle pending |
CHECK …_lifecycle_status_check |
| N6 | owner_gov_code NULL | NOT NULL violation |
Guards & rollback
- In-txn guard:
event_outboxgovernance = 0;system_issues= 199,455 (unchanged from entry). own_in_txn= 31 = 30 anchors + 1 override (every negative rolled back to its savepoint; none stuck).- Final in-txn gap = 0, then
ROLLBACK.
Entry == Exit (two-channel)
| Metric | Entry | Exit (write chan) | Exit (read chan query_pg) |
|---|---|---|---|
| ownership | 0 | 0 | 0 |
| gap | 210 | 210 | 210 |
| effective_owner | 0 | 0 | 0 |
| conflict | 0 | 0 | 0 |
| gov emit | 0 | 0 | 0 |
| system_issues | 199,455 | 199,455 | 199,455 |
| ospa | 0 | — | 0 |
| idle in txn | 0 | — | 0 |
Δ = 0 on every channel. Zero residue. (The governance_object_ownership_id_seq advanced to ~64 — a harmless non-transactional sequence gap, the only trace, with no row behind it.)
Finding
The entire Phase-1 coverage gap (210 cells) is closeable by 30 group-level accountable anchors. This is the maximally efficient ownership model the depth-1 containment affords; per-collection direct ownership is only needed where a collection must deviate from its group's owner (proven local and precedence-correct). This is the concrete shape a future ratified owner-seed COMMIT would take.