strip: register submodel becomes a contract; data lives in Postgres

[raahulrahl]

The eu_trade_defence_measures_register submodel previously held its own data.measures[] array of hand-typed measures with source: provenance. Postgres now owns that data (see tighten/anti-dumping-china-register- delegation for the ingest layer). This branch finishes the job by removing the redundant YAML data and pointing the lookup contract at where the data actually lives.

Register submodel

• Drop the entire data.measures[] block (~590 lines: 20 hand-written measures + their per-measure source: provenance blocks).
• Keep the contract intact: schema.measure (the record shape), data_source (the ingestion contract), lookups (the API the engine consumes). Authors of this file declare what the engine needs from data, not the data itself.
• Rewrite metadata.todos: to point at Postgres + the v_* views that satisfy each lookup, instead of "autosync the missing measures."
• Add a "Data location" comment block explaining the split.

Regulation file

• Update prose comments + risk descriptions that talked about the "inlined measures table" or "the inlined measures are a fallback / sanity check." That table is gone; the engine queries Postgres directly via the lookup contract.
• Refresh metadata.todos: to reflect Postgres ownership of measure data and producer codes (3,100 codes × 23 languages already loaded).

Engine + tests

• Take eu/customs/anti_dumping_china_v1 off the engine allowlist in tools/run_tests.mjs and tools/coverage.mjs. The engine still calls runRegisterLookup against an empty register and would return zero measures, failing every fixture with "no measures found." Fixtures fall back to the rule_id presence check, which still validates that every asserted rule_id exists in the file. Restoring full engine evaluation comes back when the engine learns to query v_active_trade_defence_measures + v_producer_codes from Postgres.
• 30 fixtures, 30 fallback, 103 assertions, 0 failures.

Sync tooling cleanup

• Move three tools to tools/sync/_obsolete/ with a README explaining why each is retired and what replaces it now that data lives in Postgres: validate_register_provenance.mjs — replaced by per-row imported_at
  freshness_watchdog.mjs — replaced by SELECT MAX(snapshot_date)
  taric_check.mjs — replaced by SQL diff between snapshots
• Drop validate:provenance from npm run check + .github/workflows/
  validate.yml.
• Drop the freshness + taric-check jobs from .github/workflows/
  sync.yml; only the cellar-poll job remains (it serves a different
  purpose: real-time alerting on new IRs between TARIC snapshots).

Customs README rewrite

• Document the engine-allowlist note: anti_dumping_china_v1 sits out while the Postgres adapter is being built; coverage stays at 96% on the YAML side.
• Replace "Editing the register" section: there's nothing to edit in YAML any more. Adding a measure means waiting for the nightly TARIC cron, or running ingest manually against a fresh snapshot.
• Replace the live-results log: the EUR-Lex scrape numbers (5/12 verified, 4 cold-cache, 3 extraction misses) are obsolete; the new log shows the Postgres ingest summary (3 snapshots, INSERT/UPDATE/ DELETE markers preserved, real producer codes queryable).

What this PR changes

Regulation(s) touched

Source

Test fixtures

Reviewer checklist

• Every new rule has a citation block that resolves to the source.
• No duplicate rule IDs.
• At least one fixture covers the change.
• npm run check passes locally.
• If contract changed (input/output), the file's _vN was bumped.