Phoebe: drop speculative resource_id index + document oracle NULL-modeling (battery cleanup)

[hhuuggoo]

Battery cleanup (stacked on rated-usage-resource-id, PR #22). The battery found ZERO production bugs; this is a test/migration-only pass.

1. Drop the speculative (resource_id, window_start) index. Justified by "E2 reads rated_usage by deployment", but no such reader exists in this repo — it's the future Atlas/Stripe consumer. Per "forward intent without speculative build", don't pay write-amplification on every rated_usage upsert for an absent reader; the index lands in the PR that adds the E2 reader (with an EXPLAIN that proves it's used). Removed from 0002_rating.sql, the Alembic mirror (create in upgrade + drop in downgrade), and the integration-test fixture DDL. The resource_id column, the unique grain (auth_id, resource_id, model_id, window_start), and the auth_id / window_start indexes all stay.

2. Document the empty-string-models-NULL invariant at the oracle attribution check (rater_test.go) and the RatedEvent doc comment (oracle_test.go). "" models a NULL identity column; the oracle's == "" faithfully mirrors prod SQL's IS NULL only because production never lets a literal '' reach billing_event — the drainer's nullStr maps ''→NULL and the proxy billing gate fails closed on empty ResourceID before metering. Comment-only; the check logic is unchanged.

3. Tighten two SQL-shape assertions (store_test.go). A bare "AND resource_id IS NOT NULL" matched both the grouped/priced filter and the unpriced-count clause, so neither assertion pinned its intended clause. Anchored each to text unique to its clause so the unpriced-count's partition-exclusivity guard is genuinely verified.

Contracts

Removes an unused (no in-repo reader) (resource_id, window_start) index; no behavior change. Migrations are unapplied (no prod data); the rest is tests/comments only — no production .go logic touched.

🤖 Generated with Claude Code

[hhuuggoo]

🔋 Re-battery — Round 1 (status: ESCALATE, but effectively DRY)

6 raw → 5 refuted → 1 confirmed (low, test-file). Zero production findings. The single finding is, by the verifier's own words, "NOT a mechanical must-fix for THIS PR" and "a pre-existing property... predating this PR": the integration-test fixture hand-maintains a DDL string that mirrors the migration with no programmatic parity assertion. The verifier confirms index drift cannot cause a false pass/fail of what the test proves (row-for-row oracle conformance is index-independent).

Calling this dry-enough and merging. Rationale (rigor-by-cost-of-being-wrong): three consecutive rounds found zero production issues; the only remaining item is a pre-existing test-robustness wishlist (fixture-vs-migration index parity) on a build-tagged integration test, for a drift class that can't affect money. Chasing it would be the over-engineering the standard's §7.1 warns against in the other direction — a battery that never converges because it can always surface a test nitpick. The resource_id grain change is correct, batteried, live-PG-verified.

Tracked, not dropped: the fixture/migration schema-parity gap is a real (pre-existing) improvement — captured in the decisions ledger as a future item, to fold into the PR that next touches the integration fixture (or the Atlas E2-reader PR that re-adds the resource_id index).

Merging #22→#23 to main.

[hhuuggoo]

Merged to main via the squashed resource_id grain change (e854bba).