KB-6566
Pre-Birth Pilot Rehearsal — 13 Final Summary
4 min read Revision 1
pre-birthdot_toolsfinal-summary2026-06-03
13 — Final Summary
Macro: PRE_BIRTH_PILOT_DOT_TOOLS_PERMIT_AND_COMPOSITE_UNIQUE_ROLLBACK_REHEARSAL
Status: PASS. Live verification complete; all five rehearsals completed inside reversible transactions; 0 live mutation; entry state == exit state.
What was asked vs. what was proven
| Workstream | Question | Result |
|---|---|---|
| A | Can an additive, reversible birth_admission_permit table enforce the invariants? |
PROVEN — 7-state model, CHECK, idempotency unique, single-active partial-unique, expiry, consumed-reuse all tested |
| B | Can (entity_code, collection_name) replace UNIQUE(entity_code) safely? |
COMPOSITE_READY — 0 violations across 1.12M rows, 0 FK deps, 0 null collections; defect & fix both reproduced |
| C | Can fn_birth_registry_auto's conflict target be patched without breaking 166 triggers? |
PROVEN — CREATE OR REPLACE keeps OID 39232; 166 triggers stay bound; rollback restores exact md5 |
| D | Can a dot_tools permit-consuming BEFORE gate block birth without a permit? |
PROVEN — no-permit/expired blocked, valid succeeds + consumes; no fn_birth_gate change, no prod lock |
| E | Can finalize-at-commit confirm birth only if the row survives the transaction? | PROVEN — DEFERRABLE constraint trigger (live layer2 pattern), CONSUMED→FINALIZED at boundary, vanished row fails |
| F | Sequential DOT entrypoint to remove operator memory burden | SPEC COMPLETE — dot-birth-admit state machine, idempotency, retry, break-glass, stop-conditions |
| G | Keep governance decoupled but integrable after BORN | DESIGN CLEAR — cursor-tail CDC, 0 new tables, capture-only until OSPA ≥ 1, no-lost-handoff |
| H | Superuser bypass reality | DESIGN COMPLETE, DETECT_ONLY — 5 baselines + break-glass ledger, fail-closed via gate_drift BLOCK dim |
| I | Apply packet | COMPLETE — ordered, reversible, owner-approval checklist, one-way-door flagged |
Headline findings
- The model is technically ready to apply for the
dot_toolspilot. No engineering blocker remains; every blocker is authority (owner DDL, registrar creds, scheduler, OSPA). - Composite unique is trivially clean — already satisfied by 100% of live data; the only nuance is that dropping
UNIQUE(entity_code)becomes a one-way door once a second-collection code is born (sequence the pivot births separately). - The 166-trigger risk is not real —
CREATE OR REPLACEis OID-stable; it's a one-line body swap, not a trigger rewrite. - The finalize pattern already exists in production (
trg_iu_birth_gate_layer2) and was reused verbatim in shape. - A DDL-guard event trigger already fires in prod — the drift-monitor substrate partly exists.
- The hardcoded
^[A-Z]+-[0-9]+$code rule (infn_pre_birth_check) must become registry-driven, ordot_toolskeeps a 47% rejection rate — this is on the apply checklist.
Honesty / forbidden-action compliance
- No DDL/DML committed;
birth_registry,dot_tools, all functions byte-identical (doc 11). - No composite unique added live; no
fn_birth_gateflip; no permit table created; no trigger permanently attached; no production DOT registered;dot-pivot-updatenot executed; RP cleanup not continued (NO-GO); OSPA not faked (still 0). - Birth-first is NOT claimed achieved. This is rehearsal only.
Live state at exit (unchanged from entry)
birth_registry 1,126,728 rows · dot_tools 309 (unborn 0) · BLOCK dims 59 / 6 / 16 / 1 · OSPA 0 · handoff.object_born active=false · bypass GUC unset.
Next
PRE_BIRTH_PILOT_DOT_TOOLS_APPLY_PERMIT_AND_COMPOSITE_OWNER_GATED — apply the doc-10 packet under owner approval, with a hard STOP before dropping the single-column unique.