Incomex AI Portal
KB-5AD2

dot-iu-cutter v0.1 — P0 Blocker Closure Workstream A (Governance / Seats / Sign-offs)

12 min read Revision 1
dot-iu-cutterblocker-closureworkstream-agovernanceseatsg-2g-4g-5dot-pairno-executionno-ddlrev5d

dot-iu-cutter v0.1 — P0 Blocker Closure Workstream A — Governance / Seats / Sign-offs

Date: 2026-05-15 Status: BLOCKER CLOSURE PROGRAM — Workstream A Scope: CLOSURE PLANNING ONLY. No seat actually named, no role created, no DOT registered, no Đ37 mutation, no DDL, no SQL, no execution. Master: blocker-closure/dot-iu-cutter-v0.1-p0-blocker-closure-master-plan-2026-05-15.md

1. Purpose

Address the governance / seat / sign-off blockers for dot-iu-cutter v0.1 P0:

  • HB-06: operational seats G-2, G-4, G-5 named (Đ37)
  • HB-03: X-6 dot_pair_signature shape sign-off (G-4 + Đ44)
  • HB-07: DOT-pair registration (G-4)

Plus the cross-cutting governance responsibilities:

  • G-3 D4 capability intake (only if needed for v0.1 — none in scope)
  • G-4 authority responsibilities
  • G-5 access-control authority responsibilities
  • explicit Đ37 dependency

For each closure: acceptance criteria, dependency order, what is forbidden in this phase.

2. Source Inputs

  • final-readiness/dot-iu-cutter-v0.1-p0-final-readiness-blocker-register-2026-05-15.md §3.3, §3.6, §3.7, §4
  • implementation-planning/dot-iu-cutter-v0.1-p0-operational-seat-naming-plan-2026-05-15.md
  • implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md §8 (X-6)
  • Council Ratification Outcome §5.5 (G-1..G-5 ratified_with_notes)

3. Closure HB-06 — Operational Seats G-2, G-4, G-5 Named

closure_id: HB-06
title: Đ37 operational session names G-2 (Backlog Custodian), G-4 (DOT-Pair Signing Authority), G-5 (Access-Control Authority)
authority: Đ37 EXCLUSIVELY
not_in_scope: G-1 (P2+ scope; non-blocker for P0); G-3 (soft blocker; required only if FUTURE capability accepted into v0.1)

acceptance_criteria:
  G_2_backlog_custodian:
    artefact: Đ37-issued seat assignment for G-2 with role-seat identifier (not natural-person PII required at this stage)
    capability_proof: a synthetic signal emitted to the configured G-2 backlog channel is received and acknowledged by the seat holder (closes CTE-02 verifiability)
    closure_state: closed when artefact present + capability proof recorded
  G_4_dot_pair_signing_authority:
    artefact: Đ37-issued seat assignment for G-4 with role-seat identifier
    capability_proof:
      - seat holder can author a sign-off for X-6 polish (test of capability; not the actual X-6 sign-off — that is HB-03)
      - seat holder can author a DOT registry entry (test of capability; not actual DOT registration — that is HB-07)
    closure_state: closed when artefact present + capability proof recorded
  G_5_access_control_authority:
    artefact: Đ37-issued seat assignment for G-5 with role-seat identifier
    capability_proof:
      - seat holder can author the PII boundary policy mapping role-seat → natural person
      - seat holder can author audience-scope rules for the markdown mirror generator (FUTURE; planning prose acceptable)
    closure_state: closed when artefact present + PII boundary policy artefact present

dependency_order_inside_HB_06: parallel internally (G-2 / G-4 / G-5 can be named in any order; all three required to close HB-06 fully)

dependencies_for_HB_06_itself: none upstream (Đ37 authority is sovereign)

downstream_closures_unblocked_by_HB_06:
  G_2_named: CTE-02 (signal channel ownership) + HB-09 (G-2 records snapshot artefact)
  G_4_named: HB-03 + HB-07 + HB-08 (G-4 + DBA backup) + CTE-04 (G-4 oversees signing scheme)
  G_5_named: PII boundary policy active for reviewer_identity, owner_seat

4. Closure HB-03 — X-6 dot_pair_signature Shape Sign-Off

closure_id: HB-03
title: G-4 DOT Registry Custodian + Đ44 family registry custodian sign off the shared dot_pair_signature shape + revocation lifecycle additions + exactly-one cross-reference rule
authority: G-4 (primary) + Đ44 (cross-family confirmation)
prerequisite: HB-06 G-4 named

acceptance_criteria:
  artefact: a ratification file under knowledge/dev/laws/dieu44-trien-khai/ratification/ binding the polished shape:
    - fields per P0-3 §4.3
    - revocation lifecycle additions: revoked_at, revocation_reason, revoked_by, prior_signature_id
    - exactly-one cross-reference rule (cross_reference_change_set_id XOR cross_reference_verify_result_id)
    - validation_state enum lifecycle: pending → valid → revoked; pending → invalid
  closure_state: closed when ratification file present with G-4 + Đ44 signers recorded

downstream_closures_unblocked_by_HB_03:
  - HB-07 may proceed once shape is signed (DOT-pair registration uses the signed shape)
  - CTE-04 signing scheme v0.1 implementation can reference the signed shape

what_is_not_required_to_close_HB_03:
  - any DDL implementing the shape (DDL is a future execution-phase task)
  - any PG-constraint enforcement of exactly-one cross-reference (application-layer v0.1 acceptable)

5. Closure HB-07 — DOT-Pair Registration

closure_id: HB-07
title: G-4 registers executor (dot-iu-cutter) and verifier (dot-iu-cutter-verify) DOTs in the DOT registry; wires tool_revision drift handling
authority: G-4
prerequisites:
  - HB-06 G-4 named (required)
  - HB-03 signed off (recommended; the shape binding informs the registry record's reference)

acceptance_criteria:
  executor_dot_registry_entry:
    artefact: DOT registry record for dot-iu-cutter (role: executor)
    fields: dot_id, role=executor, tool_revision (current), responsible_seat (G-4 role-seat identifier)
  verifier_dot_registry_entry:
    artefact: DOT registry record for dot-iu-cutter-verify (role: verifier)
    fields: dot_id, role=verifier, tool_revision (current), responsible_seat (G-4 role-seat identifier)
  tool_revision_drift_handling:
    artefact: a documented binding that when executor_tool_revision ≠ verifier_tool_revision, state=invalid_drift on cut_change_set + dot_pair_drift signal emit
    note: signal-channel wiring proper is CTE-02 (G-2 channel); HB-07 binds the rule and its emission point
  closure_state: closed when all three artefacts are recorded

what_HB_07_does_NOT_close:
  - CTE-02 signal channel wiring itself (separate closure)
  - any actual signature generation (CTE-04 signing scheme implementation)
  - any actual production CUT (execution-phase only)

6. G-3 D4 Capability Intake — Cross-Cutting

g_3_d4_intake_scope_for_p0:
  current_v0_1_items_requiring_d4_intake_BEFORE_execution: none
  current_v0_1_items_requiring_d4_intake_FUTURE (not blocking P0):
    - PEF-04 cryptographic signing scheme upgrade
    - PEF-05 per-source_kind canonicalization extensions (ast_node, byte)
    - PEF-06 axis-2 elevation review
    - PEF-09 DOT-pair separate execution context implementation
g_3_seat_required_for_p0_execution: NO (soft blocker; only required if a FUTURE item is accepted into v0.1, which is not in scope)
g_3_planning_recommendation: G-3 seat naming is a parallel Đ37 operational item; not required to unblock HB-05 / first DDL

7. G-4 Authority Responsibilities

g_4_authority_in_p0_blocker_closure:
  ownership:
    - DOT registry (HB-07)
    - X-6 dot_pair_signature shape sign-off (HB-03, jointly with Đ44)
    - X-8 rollback test plan dry-run sign-off (HB-05, jointly with Đ32 HIGH-risk path)
    - Directus backup + restore test sign-off (HB-08, with operational DBA)
    - signing scheme v0.1 implementation oversight (CTE-04)
    - tool_revision drift rule binding (HB-07)
    - rollback authority for mid-cycle manual rollback (P0-3 §9 item 11)
  capability_test_post_seat_naming:
    - can author DOT registry entry
    - can author sign-off artefacts under ratification/
    - can co-sign with Đ32 for HIGH-risk dry-run sign-off
not_in_scope_for_g_4:
  - role creation outside Đ37 (Đ37 exclusive)
  - vocabulary ratification (Đ24 exclusive)
  - schema-class creation (Đ44 + Đ33/Đ43 exclusive)

8. G-5 Access-Control Authority Responsibilities

g_5_authority_in_p0_blocker_closure:
  ownership:
    - PII boundary policy (role-seat identifier vs natural-person mapping)
    - audience filter + visibility policy + wrong_audience_result_event (Đ24 Step 2 ratification path; some items are P1+ scope)
    - markdown mirror generator scope (FUTURE; out of P0 execution scope)
  P0_execution_scope_responsibilities:
    - PII boundary policy MUST be issued before any production reviewer_identity (P0-6) or owner_seat (P0-5) row is written
    - role-seat identifiers acceptable as v0.1 placeholder
  closure_artefact_minimum_v0_1:
    - issued PII boundary policy document binding role-seat naming convention
    - confirmation that natural-person mapping is held outside the cutter governance schema
not_in_scope_for_p0:
  - audience filter implementation (P1+ scope)
  - wrong_audience_result_event handling (P1+ scope; Đ24 Step 2 HIGH-risk path)
  - markdown mirror generator implementation (FUTURE)

9. Đ37 Dependency Restatement

dieu37_dependency:
  authority_for_seat_creation: Đ37 EXCLUSIVELY
  not_in_scope_for_workstream_a:
    - any role creation outside Đ37
    - any seat naming outside Đ37
    - any seat mutation outside Đ37
  workstream_a_can_propose:
    - seat purposes, responsibilities, acceptance criteria (this file does so)
    - role-seat identifier conventions
  workstream_a_cannot_perform:
    - the actual Đ37 operational session itself
    - the assignment of named occupants to seats
no_actual_seat_mutation_unless_explicitly_approved_later: true

10. Closure Order for Workstream A

order_internal_to_workstream_a:
  1: HB-06 G-2 named (in parallel with G-4 / G-5 namings within Đ37 session)
  2: HB-06 G-4 named (in parallel; required for HB-03 / HB-07)
  3: HB-06 G-5 named (in parallel; required for PII boundary policy)
  4: HB-03 (after G-4 named)
  5: HB-07 (after G-4 named; recommended after HB-03)
parallel_capability:
  - G-2, G-4, G-5 namings can all be performed inside a single Đ37 operational session
  - HB-03 and HB-07 are sequential after G-4 named
serial_constraint:
  - HB-07 should not begin before HB-03 signs because the registered DOT references the signed shape

11. Workstream A Acceptance Criteria — Aggregate

Closure Authority Acceptance Artefact Capability Proof
HB-06 G-2 Đ37 seat assignment record synthetic signal observed by seat holder
HB-06 G-4 Đ37 seat assignment record seat holder can author sign-off + DOT registry entry
HB-06 G-5 Đ37 seat assignment record + PII boundary policy role-seat identifier convention bound
HB-03 G-4 + Đ44 ratification file under ratification/ shape + revocation lifecycle + exactly-one rule bound
HB-07 G-4 DOT registry entries + drift rule binding executor and verifier DOTs registered; drift rule active

12. What Workstream A Does NOT Do

this_workstream_does_NOT:
  - name any seat (Đ37 authority)
  - create any role (Đ37 authority)
  - register any DOT (G-4 authority; performed in a separate session after G-4 named)
  - sign off X-6 polish (G-4 + Đ44 authority; performed in a separate session)
  - mutate any state
  - write any code / DDL / SQL / migration
  - emit any signal
  - take any action outside this markdown file

13. Explicit Confirmation

no_seat_named: true
no_role_created: true
no_dot_pair_registered: true
no_dieu37_mutation: true
no_x_6_sign_off_in_this_file: true
no_pii_policy_issued_in_this_file: true
no_ddl_written: true
no_sql_written: true
no_migration_executed: true
no_pg_mutation: true
no_qdrant_mutation: true
no_directus_mutation: true
no_data_writes: true
no_execution: true
no_phase_prior_file_modified: true
output_form: workstream_a_closure_planning_only
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/blocker-closure/dot-iu-cutter-v0.1-p0-workstream-a-governance-seats-signoffs-2026-05-15.md