05 — Step 3: SB-10 Build Results — COMMITTED (keystone; auxiliaries DEFERRED)

sql/sb10_ddl.sql, sql/sb10_rollback.sql. Exact schema: impl-index doc 40 §40.4; rehearsal doc 60.

5.1 Object committed — governance_candidate_state (group-grain keystone)

PK (group_key, ruleset_version); FKs source_snapshot_ref→evolution_snapshots(id) and ruleset_version→governance_ruleset(ruleset_version); verdict columns (candidate_verdict CHECK ∈ {relevant,not_relevant,class_0,deferred_birth,retired,needs_input,unknown}); dirty/stale idiom (dirty,dirty_reason,dirtied_at,depends_on jsonb,stale_after,recompute_status); risk/coverage (risk_class,coverage_required,coverage_scan_ref); linkage (issue_ref,last_run_id,evidence_fingerprint,owner_scope,audit_ref); lifecycle_status CHECK ∈ {active,superseded,retired}; 3 indexes (partial dirty, stale_after, verdict). Empty at build.

5.2 Keystone anti-patterns proven absent (rehearsal)

• No checked-forever boolean: information_schema query for {is_governed,checked,is_checked,governed,checked_forever} → 0 rows. "Clean" is the decaying conjunction recompute_status='ok' AND NOT dirty AND now()<stale_after — rehearsal demo row returned clean_now=t, structurally decaying on snapshot drift / ruleset bump / TTL.
• Fail-closed FK: a candidate row with an unknown ruleset_version was rejected (foreign_key_violation) — verdicts cannot exist without a registered ruleset.
• Group-grain: PK is the group, not the row — design holds Δrows=0 at 10⁶ inherited children.

5.3 Commit + verify

Rehearsal entry==exit (post-rollback NULL). COMMIT: present, 0 rows, 0 checked-forever columns. No out-of-scope mutation.

5.4 Deferred (documented, NOT improvised)

• candidate_scan_run (scan run ledger) and governance_candidate_object (optional per-object materialization for the 4 §40.6 criteria) — exact literal DDL not present in retrieved docs. Building them would require improvising column types onto a live DB (forbidden by no-improvise discipline). They are not required for inert test substrate (no scanner runs in test-mode). The keystone is self-contained: last_run_id is a soft text ref (no FK to the deferred ledger).

5.5 Verdict

SB-10 keystone = BUILT + VERIFIED. Auxiliaries deferred to a follow-up step with exact-DDL retrieval.