dot-iu-cutter v0.1 — HB-06 Operational Seats Naming Closure

Date: 2026-05-15 Status: HB-06 CLOSURE RECORD — closed_with_notes Trigger: GPT review of Blocker Closure Program returned PASS (2026-05-15). User has explicitly authorized closure of HB-06 with the seat assignments below. Scope: CLOSURE RECORD ONLY. No code, no DDL, no SQL, no migration, no PG mutation, no Directus mutation, no Qdrant/vector mutation, no backup, no snapshot, no dry-run, no DOT-pair registration, no execution.

---

1. HB-06 Scope and Why It Is First

HB-06 is the closure that names the operational seats G-2, G-4, G-5 under Đ37 authority. Its scope is seat naming only — it does not perform any work that the named seats may later authorize.

HB-06 is the first closure because it is the root of the critical path. Per the blocker closure dashboard §6:

HB-06 G-4 named → HB-03 → HB-07 → CTE-04 → HB-05
HB-06 G-2 named → CTE-02 → HB-05
HB-06 G-5 named → PII boundary policy active for all P0 steps writing identifiers

HB-06 has no upstream dependency: Đ37 authority is sovereign for seat naming. Once HB-06 is closed, 6 downstream closures move from blocked to either ready_to_close (HB-03, HB-08, HB-09) or preparable (HB-07, CTE-02, CTE-04, depending on additional inputs).

hb_06_scope:
  in_scope:
    - name G-2 Backlog Custodian
    - name G-4 DOT-Pair Signing Authority
    - name G-5 Access-Control Authority
    - record seat purpose + occupants + scope + limitation per seat
  not_in_scope:
    - actually register DOT-pair (HB-07)
    - sign off X-6 dot_pair_signature shape (HB-03)
    - wire any signal channel (CTE-02)
    - implement signing scheme (CTE-04)
    - take any backup (HB-08)
    - take any snapshot (HB-09)
    - execute dry-run (HB-05)
    - issue PII boundary policy document (G-5 deliverable; separate session)
    - mutate any system
hb_06_first_action_rationale:
  - no upstream dependency
  - unlocks 6 downstream closures (HB-03, HB-07, HB-08, HB-09, CTE-02, CTE-04)
  - parallelizable with HB-01 / HB-02 / HB-04 in Workstream B
authority_for_hb_06_closure: Đ37 (sovereign for seat creation)

2. Source Inputs

• blocker-closure/dot-iu-cutter-v0.1-p0-blocker-closure-report-2026-05-15.md §3 (recommended sequence step 1)
• blocker-closure/dot-iu-cutter-v0.1-p0-blocker-closure-dashboard-2026-05-15.md §3 (HB-06 row) + §6 (critical path)
• blocker-closure/dot-iu-cutter-v0.1-p0-workstream-a-governance-seats-signoffs-2026-05-15.md §3 (HB-06 acceptance criteria) + §7-§8 (G-4 / G-5 responsibilities)
• final-readiness/dot-iu-cutter-v0.1-p0-final-readiness-blocker-register-2026-05-15.md §3.6 (HB-06 entry)
• reviews/dot-iu-cutter-v0.1-blocker-closure-program-gpt-review-2026-05-15.md (PASS)

3. Seat Assignment Table

Seat	Title	Primary occupant	Secondary / verifier	Backup / escalation	Scope	Limitation
G-2	Backlog Custodian	GPT	—	Backup: Opus; Human escalation: User / anh Huyên	monitor decision backlog, blocker follow-ups, sweep cadence, anti-forgetting registry	no schema mutation; no execution authority
G-4	DOT-Pair Signing Authority	Claude Code CLI / Agent (executor side); GPT (verifier side)	Opus (secondary reviewer)	Human escalation: User / anh Huyên	manage executor/verifier boundary, signature readiness, drift / signature_failure governance	does NOT register DOT-pair (HB-07 remains open); v0.1 application-layer enforcement only
G-5	Access-Control Authority	User / anh Huyên (final authority)	GPT (policy reviewer); Opus (risk reviewer)	Executor: Agent only after explicit prompt	audience/access-control policy, wrong_audience_result handling, fail-closed policy	no access-control implementation; no permission mutation; no external / customer-facing activation

3.1 Detailed Per-Seat Bindings

G-2_backlog_custodian:
  seat_id: G-2
  title: Backlog Custodian
  primary: GPT
  backup: Opus
  human_escalation: User / anh Huyên
  scope:
    - monitor decision_backlog_entry (P0-5) — when production rows begin
    - own blocker follow-ups (this lineage's HB / CTE / PEF)
    - own sweep cadence (sweep_log)
    - own anti-forgetting registry (decision_backlog_history)
    - receive signature_failure / dot_pair_drift / rollback_failed / migration_step_failed signals (channel wiring is CTE-02; G-2 is the receiver)
  limitation:
    - no schema mutation
    - no execution authority
    - no DDL / SQL authoring
    - no PG mutation
    - escalates HIGH-risk items to Đ32 / G-4
  capability_test_post_naming:
    - a synthetic signal posted to the G-2 backlog channel is observable by GPT (with Opus backup acknowledging if GPT unavailable)
    - capability test deferred to CTE-02 closure (channel wiring); HB-06 records seat ownership only

G-4_dot_pair_signing_authority:
  seat_id: G-4
  title: DOT-Pair Signing Authority (DOT Registry Custodian)
  executor_side: Claude Code CLI / Agent
  verifier_side: GPT
  secondary_reviewer: Opus
  human_escalation: User / anh Huyên
  scope:
    - manage executor / verifier boundary (P0-3 + P0-4 dual-signature surface)
    - manage signature readiness (CTE-04 v0.1 hash-based pseudo-signature)
    - manage drift / signature_failure governance (rule binding; channel emission point)
    - prepare X-6 dot_pair_signature shape sign-off (HB-03 — to be performed in a separate session)
    - prepare DOT-pair registration (HB-07 — to be performed in a separate session)
    - prepare Directus backup + restore test sign-off (HB-08 — to be performed in a separate session)
    - co-sign HIGH-risk rollback test plan dry-run with Đ32 (HB-05 — to be performed in a separate session)
  limitation:
    - HB-06 closure DOES NOT register DOT-pair; HB-07 remains OPEN
    - v0.1 enforcement of criterion 28 is application-layer; PG-constraint FUTURE
    - signing scheme is v0.1 hash-based pseudo-signature; cryptographic FUTURE
    - no production CUT may be authorized until HB-05 closes and execution authorization prompt is issued
  capability_test_post_naming:
    - executor side (Agent) can author DOT registry entry materials (test of capability; not the actual registration)
    - verifier side (GPT) can author signature verification materials and HIGH-risk reviews
    - Opus can author secondary review materials
    - HB-07 actual DOT registration is deferred to a separate explicit-prompt session

G-5_access_control_authority:
  seat_id: G-5
  title: Access-Control Authority
  final_authority: User / anh Huyên
  policy_reviewer: GPT
  risk_reviewer: Opus
  executor: Agent only after explicit prompt
  scope:
    - audience / access-control policy (Đ24 Step 2 ratification path; some items are P1+ scope)
    - wrong_audience_result handling (P1+ scope)
    - fail-closed policy (audience filter default to closed; explicit policy required to open)
    - PII boundary policy for reviewer_identity (P0-6) and owner_seat (P0-5) — role-seat identifiers acceptable as v0.1 placeholder; natural-person mapping held by G-5 final authority
    - markdown mirror generator scope (FUTURE; out of P0 execution scope)
  limitation:
    - no access-control implementation in this phase
    - no permission mutation
    - no external / customer-facing activation
    - role-seat identifiers acceptable for v0.1 P0; natural-person mapping kept outside cutter_governance schema
    - any access-control rule change requires User / anh Huyên explicit prompt
  capability_test_post_naming:
    - User / anh Huyên is recorded as final authority for access-control decisions
    - GPT can author policy review materials
    - Opus can author risk review materials
    - Agent acts only after explicit prompt

4. Acceptance Criteria

acceptance_criteria_for_hb_06:
  g_2_named:
    artefact: this closure record (recorded in agent-data under blocker-closure/)
    fields_recorded: title + primary (GPT) + backup (Opus) + human escalation (User / anh Huyên) + scope + limitation
    status: NAMED
  g_4_named:
    artefact: this closure record
    fields_recorded: title + executor side (Claude Code CLI / Agent) + verifier side (GPT) + secondary reviewer (Opus) + human escalation (User / anh Huyên) + scope + limitation
    status: NAMED
  g_5_named:
    artefact: this closure record
    fields_recorded: title + final authority (User / anh Huyên) + policy reviewer (GPT) + risk reviewer (Opus) + executor (Agent after explicit prompt only) + scope + limitation
    status: NAMED
  no_role_outside_dieu37:
    confirmation: all three seats are governance role-seats under Đ37 authority; no role exists outside Đ37
    status: confirmed
  no_execution_permission_granted:
    confirmation: NO seat has been granted execution authority (no DDL, SQL, migration, PG mutation, deploy, or production CUT authority)
    status: confirmed
  downstream_blockers_unlocked_not_closed:
    confirmation: HB-03 / HB-07 / HB-08 / HB-09 / CTE-02 / CTE-04 move from `blocked` to `ready_to_close` or `preparable`, but NONE are closed by this HB-06 closure
    status: confirmed
hb_06_acceptance_state: ALL THREE acceptance criteria satisfied; closure_with_notes
notes_carried_forward:
  - PII boundary policy document remains to be issued by G-5 in a separate session before any production reviewer_identity / owner_seat row is written
  - signal channel for G-2 backlog is NOT yet wired (CTE-02)
  - DOT-pair is NOT yet registered (HB-07)
  - X-6 polish is NOT yet signed (HB-03)
  - signing scheme is NOT yet implemented (CTE-04)
  - rollback test plan is NOT yet dry-run executed (HB-05)
  - Agent-as-executor-of-G-5 is gated on explicit user prompt; no implicit authority granted

5. Downstream Effects

downstream_effects_of_hb_06_closure:
  HB_03_x_6_dot_pair_signature_shape:
    status_before_hb_06: blocked (depended on G-4 named)
    status_after_hb_06: ready_to_close (G-4 named)
    next_action: open separate session for G-4 (Claude Code CLI / Agent + GPT) + Đ44 to sign off X-6 polish
    note: HB-03 is NOT closed by this closure

  HB_07_dot_pair_registration:
    status_before_hb_06: blocked
    status_after_hb_06: still blocked (depends on HB-03 first)
    next_action: wait for HB-03 closure; then open separate session for G-4 to register DOT-pair
    note: HB-07 is NOT closed by this closure; HB-07 remains OPEN

  CTE_04_signing_scheme_v0_1:
    status_before_hb_06: blocked
    status_after_hb_06: still blocked (depends on HB-03 + HB-07 planning)
    next_action: wait for HB-03 + HB-07; then open engineering session for signing scheme implementation
    note: CTE-04 is NOT closed by this closure

  CTE_02_signal_channel_wiring:
    status_before_hb_06: blocked
    status_after_hb_06: still blocked (depends on HB-07 — channel emission references registered DOTs)
    next_action: wait for HB-07; then open session for G-2 + G-4 to wire channel
    note: CTE-02 is NOT closed by this closure

  HB_08_directus_backup_restore_test:
    status_before_hb_06: blocked (depended on G-4 named)
    status_after_hb_06: ready_to_close (G-4 named)
    next_action: open separate session for G-4 + operational DBA to perform backup + restore test
    note: HB-08 is NOT closed by this closure

  HB_09_snapshots_dryrun_environment:
    status_before_hb_06: blocked (depended on G-2 named for artefact recording)
    status_after_hb_06: ready_to_close (G-2 named)
    next_action: open separate session for operational DBA + G-2 to take schema + row-count snapshots and provision dry-run environment
    note: HB-09 is NOT closed by this closure

  HB_01_x_1_schema_placement:
    status_before_hb_06: ready_to_close (independent of HB-06)
    status_after_hb_06: unchanged — still ready_to_close
    note: HB-06 does not affect HB-01

  HB_02_dieu24_enum_ratification:
    status_before_hb_06: ready_to_close (independent of HB-06)
    status_after_hb_06: unchanged — still ready_to_close
    note: HB-06 does not affect HB-02

  HB_04_canonicalization_prose:
    status_before_hb_06: ready_to_close (independent of HB-06)
    status_after_hb_06: unchanged — still ready_to_close
    note: HB-06 does not affect HB-04

  CTE_03_canonicalization_library_scaffolding:
    status_before_hb_06: blocked (depends on HB-04)
    status_after_hb_06: unchanged — still blocked
    note: HB-06 does not affect CTE-03 directly

  HB_05_rollback_test_plan_dry_run:
    status_before_hb_06: blocked (depends on multiple upstream)
    status_after_hb_06: still blocked (terminal node; LAST closure)
    note: HB-05 is NOT closed by this closure; HB-05 remains OPEN and is the terminal node before re-running Final Readiness Review

5.1 Status Map Delta

hard_blockers_status_delta:
  hb_01: ready_to_close → ready_to_close (unchanged)
  hb_02: ready_to_close → ready_to_close (unchanged)
  hb_03: blocked → ready_to_close (unlocked by HB-06)
  hb_04: ready_to_close → ready_to_close (unchanged)
  hb_05: blocked → blocked (still terminal; many upstream remain)
  hb_06: ready_to_close → closed_with_notes (THIS CLOSURE)
  hb_07: blocked → blocked (still waits on HB-03)
  hb_08: blocked → ready_to_close (unlocked by HB-06 G-4)
  hb_09: blocked → ready_to_close (unlocked by HB-06 G-2)

cte_status_delta:
  cte_01: planning_closed → planning_closed (unchanged)
  cte_02: blocked → blocked (still waits on HB-07)
  cte_03: blocked → blocked (still waits on HB-04)
  cte_04: blocked → blocked (still waits on HB-03)

hard_blockers_closed_total: 1 of 9
hard_blockers_ready_to_close_post_hb_06: 5 (HB-01, HB-02, HB-03, HB-04, HB-08, HB-09 — minus the one just closed)
hard_blockers_still_blocked: 3 (HB-05, HB-07; soft state for CTE waiting items)

6. Status

HB_06_status: closed_with_notes
HB_06_closure_authority: Đ37 (sovereign; per user prompt 2026-05-15)
HB_06_closure_signers:
  - User / anh Huyên (final authority for seat naming)
  - GPT (verifier review of closure record; PASS prior to this closure)
  - Opus / Agent (record-keeping side)

execution_authorized: false
implementation_allowed: false
ddl_allowed: false
migration_allowed: false

remaining_open_hard_blockers: 8 (HB-01, HB-02, HB-03, HB-04, HB-05, HB-07, HB-08, HB-09)
remaining_open_cte: 3 (CTE-02, CTE-03, CTE-04); CTE-01 planning-level closed
execution_gate_status: closed (unchanged)

closure_notes:
  - this closure NAMES the three operational seats and BINDS occupants
  - this closure does NOT register DOT-pair, sign off X-6, wire any channel, implement signing scheme, take any backup or snapshot, provision any environment, or execute any dry-run
  - PII boundary policy document remains a G-5 deliverable for a separate session
  - capability tests beyond paper assignment are deferred to the closure session of the downstream blocker that exercises the capability (HB-03 for G-4 sign-off capability; CTE-02 for G-2 channel capability; PII policy issuance for G-5 capability)

7. Hard Boundaries Confirmation

no_code_written: true
no_ddl_written: true
no_sql_written: true
no_migration_script_written: true
no_migration_executed: true
no_pg_mutation: true
no_qdrant_mutation: true
no_directus_mutation: true
no_data_writes: true
no_backup_taken: true
no_snapshot_taken: true
no_dry_run_executed: true
no_dot_pair_registered: true (HB-07 remains OPEN)
no_x_6_sign_off_in_this_file: true (HB-03 remains OPEN; now ready_to_close)
no_signal_channel_wired: true (CTE-02 remains blocked)
no_signing_scheme_implemented: true (CTE-04 remains blocked)
no_pii_boundary_policy_document_issued_in_this_file: true (separate G-5 session)
no_access_control_implementation: true
no_permission_mutation: true
no_external_or_customer_facing_activation: true
no_role_created_outside_dieu37: true
no_execution_permission_granted: true
no_implementation_anything: true
no_command_run: true
no_phase_prior_file_modified: true
output_form: hb_06_closure_record_in_markdown_only

8. Recommended Next Steps (NOT executed by Agent)

1. GPT review of this HB-06 closure record.
2. If PASS → open closure sessions for the now-ready-to-close hard blockers (any order; many can run in parallel):
   • HB-01 (Đ44 + Đ33/Đ43 sign-off — schema placement)
   • HB-02 (Đ24 enum ratification + lookup population)
   • HB-03 (G-4 + Đ44 sign-off — X-6 dot_pair_signature shape polish)
   • HB-04 (Đ24 + Đ44 ratification — canonicalization rule v0.1 prose)
   • HB-08 (G-4 + DBA — Directus backup + restore test)
   • HB-09 (DBA + G-2 — schema + row-count snapshots + dry-run environment)
3. After HB-03 closure → HB-07 (G-4 registers DOT-pair).
4. After HB-04 closure → CTE-03 (engineering scaffolds canonicalization library).
5. After HB-03 closure → CTE-04 (engineering implements signing scheme; G-4 oversight).
6. After HB-07 closure → CTE-02 (G-2 + G-4 wire signal channel).
7. After all upstream → HB-05 (Đ32 + G-4 — 26-scenario rollback test plan dry-run + sign-off).
8. Re-run Final Readiness Review.
9. Explicit user prompt to authorize execution.
10. Execution phase begins (FIRST DDL).

Each numbered step above is a separate phase or session.