Expand description
Quarantined-closures derived view (RFC-0008 §6.4). Append-only: one
row per RollbackComplete event (RFC-0005 §4.2). The applier is the
sole writer; the triggering_event_log_seq FK proves the table is
re-derivable from event_log (walk RollbackComplete events, group by
(channel, target_closure_hash), write one row per group).
Trusted-input only: rows are written by the applier on
Effect::RemoteInsertQuarantine. Agent-emitted ClosureQuarantined
reports are NOT inserted here (they are unsigned and would let a
compromised host DoS the fleet by quarantining arbitrary SHAs).
triggering_event_log_seq is NULL-able under the v0.2.1 baseline
(RFC-0008 §6.1 item 3 + v0.2.1-followups #1).
Append-only under the v0.2 derived-view discipline: no clear,
no cleared_at. Operator-driven clearance would land as an
explicit event matching the OperatorClearance shape (RFC-0008 §4).