with & without veric
Same codebase, same AI-generated PR, two universes — one with veric on, one without.
feat(marketing): add email column to marketing export view
@@ models/marts/mart_marketing_export.sql @@WITH events AS (SELECT user_id, campaign_id, click_tsFROM {{ ref('int_marketing_events') }})- SELECT- e.user_id,- e.campaign_id,- e.click_ts+ SELECT+ e.user_id,+ u.email, -- needed for export.com integration+ e.campaign_id,+ e.click_tsFROM events e+ JOIN {{ ref('stg_users') }} u ON u.user_id = e.user_id
without veric
counterfactual / fabricated- ·t=1.00 s
PR #4127 opened
1 approval · cursor-bot
- ·t=2.50 s
CI passes
✓ 1,284 tests · 0 failures · existing tests don't cover the regression
- ·t=4.00 s
Deployed to prod
release-2026.05.04.r3 · all 7 dbt schedulers green
- ·t=9.00 s+ 2 days
Pagerduty: marketing-export anomaly
marketing_topic ingestion volume +312% over baseline
- ·t=11.50 s+ 2 days, 4h
Customer support ticket #88241
Enterprise customer: "why is my email visible to the marketing list?"
- ·t=14.50 s+ 2 days, 19h
Postmortem published
PII leaked into marketing topic via a derived view introduced in PR #4127. Root cause: `mart_marketing_export.email` joins `stg_users.email` with no PII gate. Action: rollback, add forbidden-flow rule, manual GDPR notification cycle.
downstream cost
GDPR notification, legal review, customer churn risk, on-call burnout. Postmortem closes; the underlying class of failure is unaddressed.
with veric
live timeline · dbt-warehouseAI annotation stream (primitive A)
Customer-rule status (primitive D)
- ·t=800 ms
PR opens
- ·t=1.50 s
AI swarm processes diff
- ·t=4.00 s
Annotation: mart_marketing_export.email tag {pii: true}
- ·t=5.50 s
Verifier accepts
- ·t=8.00 s
Rule pii !-> marketing_topic — REFUTED
- ·t=8.20 s
Counterexample path surfaced
- ·t=8.80 s
CI fails
- ·t=9.20 s
PR blocked
- ·t=9.70 s
Auto-comment posted on PR