Verified local intake · not client work

06 / DATA INTAKE

Intake Ledger Lab

A dependency-free Python and SQLite reference that moves synthetic product rows through one exact CSV contract and leaves an accountable result for every source row.

Source rows
12
Final products
6
Automated tests
14

THE INTAKE RISK

A successful import is not the same as an accounted import.

CSV work becomes operationally risky when schema drift, malformed values, duplicate IDs, stale updates, partial writes, or unsafe spreadsheet content disappear into a generic success message. The lab requires every non-empty source row to become exactly one created, updated, unchanged, duplicate, rejected, or conflict outcome.

CONTROL PATH

Bind the source before the first destination write.

  1. 01
    Bound

    Accept one regular local file under fixed byte and row ceilings, strict UTF-8, and an exact versioned header.

  2. 02
    Validate

    Check identifiers, SKUs, minor-unit prices, currencies, booleans, timezone-aware versions, control characters, and spreadsheet-formula prefixes.

  3. 03
    Classify

    Apply first-valid-row duplicate handling plus explicit create, newer update, same-payload, stale-version, and SKU-conflict rules.

  4. 04
    Commit

    Write destination records, row outcomes, and hash-only quarantine evidence inside one SQLite transaction.

  5. 05
    Reconcile

    Bind source, outcome set, and report to SHA-256 evidence; replay the exact source without another mutation or roll back an unexpected fault.

VERIFICATION EVIDENCE

What was actually executed.

  • Native local runtimeThe committed fixtures ran on Python 3.12.13 and SQLite 3.50.4 with no third-party runtime dependency.
  • Initial six-row sourceThree records were created, two invalid rows were rejected, one duplicate was quarantined, and all six rows reconciled.
  • Correction and update sourcesTwo corrected products were created; the final source then produced one create, one newer update, one unchanged result, and one stale conflict.
  • Exact replay without a second writeThe repeated initial file returned the original run, source, outcome, and report fingerprints without adding a run, outcome, quarantine, or attempt row.
  • Rollback and recoveryAn injected fault after two valid rows left products, run, outcomes, and quarantine at zero. A bounded failed-attempt marker remained, and the same source then completed cleanly.
  • Database and action boundaryFinal SQLite integrity was ok with zero foreign-key violations, network actions, client-system actions, credentials, or real-data records.

HONEST LIMITS

This proves local intake semantics—not production readiness.

The source code and dated verification remain private and are not publicly released. The lab does not prove a named vendor, client delivery, lawful real-data access, authentication, encryption, tenant isolation, concurrent workers, queue behavior, backup or restore, retention compliance, production throughput, uptime, security posture, support result, ROI, or business impact. Those controls require an authorized destination sandbox and separately accepted operating design.

HAVE ONE INTAKE LANE?

Define what a correct run must prove.

Bring one authorized source, one destination, record identity, representative invalid cases, a safe test path, and an accountable acceptance owner. Do not send credentials or production records. Price and schedule remain separate owner-approved decisions.

Review the service boundary