THE INTAKE RISK
A successful import is not the same as an accounted import.
CSV work becomes operationally risky when schema drift, malformed values, duplicate IDs, stale updates, partial writes, or unsafe spreadsheet content disappear into a generic success message. The lab requires every non-empty source row to become exactly one created, updated, unchanged, duplicate, rejected, or conflict outcome.
CONTROL PATH
Bind the source before the first destination write.
- 01Bound
Accept one regular local file under fixed byte and row ceilings, strict UTF-8, and an exact versioned header.
- 02Validate
Check identifiers, SKUs, minor-unit prices, currencies, booleans, timezone-aware versions, control characters, and spreadsheet-formula prefixes.
- 03Classify
Apply first-valid-row duplicate handling plus explicit create, newer update, same-payload, stale-version, and SKU-conflict rules.
- 04Commit
Write destination records, row outcomes, and hash-only quarantine evidence inside one SQLite transaction.
- 05Reconcile
Bind source, outcome set, and report to SHA-256 evidence; replay the exact source without another mutation or roll back an unexpected fault.
VERIFICATION EVIDENCE
What was actually executed.
- Native local runtimeThe committed fixtures ran on Python 3.12.13 and SQLite 3.50.4 with no third-party runtime dependency.
- Initial six-row sourceThree records were created, two invalid rows were rejected, one duplicate was quarantined, and all six rows reconciled.
- Correction and update sourcesTwo corrected products were created; the final source then produced one create, one newer update, one unchanged result, and one stale conflict.
- Exact replay without a second writeThe repeated initial file returned the original run, source, outcome, and report fingerprints without adding a run, outcome, quarantine, or attempt row.
- Rollback and recoveryAn injected fault after two valid rows left products, run, outcomes, and quarantine at zero. A bounded failed-attempt marker remained, and the same source then completed cleanly.
- Database and action boundaryFinal SQLite integrity was
okwith zero foreign-key violations, network actions, client-system actions, credentials, or real-data records.
HONEST LIMITS
This proves local intake semantics—not production readiness.
The source code and dated verification remain private and are not publicly released. The lab does not prove a named vendor, client delivery, lawful real-data access, authentication, encryption, tenant isolation, concurrent workers, queue behavior, backup or restore, retention compliance, production throughput, uptime, security posture, support result, ROI, or business impact. Those controls require an authorized destination sandbox and separately accepted operating design.