Incomex AI Portal
KB-1375

dot-iu-cutter v0.1 — User Decision Confirmation

16 min read Revision 1
dot-iu-cutterclosureuser-decision-confirmationgpt-confirmedrev5d

dot-iu-cutter v0.1 — User Decision Confirmation

Date: 2026-05-15 Status: CLOSURE RECORD — 7 decisions confirmed by GPT on behalf of User Trigger: GPT review of Governance + P0 Planning phase = PASS_WITH_NOTES Baseline: User Decision Pack (planning) + rev5d + 11 design deliverables + 4 Gate reviews Scope: CLOSURE RECORD ONLY. No code, no DDL, no migration, no PG mutation, no implementation planning.

1. Purpose

Ghi nhận chính thức 7 quyết định mà GPT đã chốt thay User cho dot-iu-cutter v0.1. Mỗi quyết định ghi: selected option, rationale, risk, affected deliverables, và liệu có cần thêm governance ratification trước implementation planning hay không.

Decisions 3 và 6 (audience definitions, wrong_audience_result handling) là HIGH risk class — defaults conservative đã được chọn, nhưng vẫn yêu cầu G-5 Access-Control Authority + Council ratification trước khi implementation planning được phép.

2. Hard Boundaries Honored

no_code: true
no_ddl: true
no_sql: true
no_migration: true
no_pg_mutation: true
no_qdrant_mutation: true
no_ui_build: true
no_implementation_planning: true
no_design_deliverable_modified: true
no_rev5d_modified: true
no_planning_file_modified: true
implementation_blocked: true

3. Confirmation Envelope

confirmation_recorded_by: GPT
confirmation_date: 2026-05-15
authority_basis: GPT review PASS_WITH_NOTES of Governance Closure + P0 Schema Planning phase
user_pass_design_phase: true (PASS_DESIGN_WITH_NOTES)
user_decision_pack_source: knowledge/dev/laws/dieu44-trien-khai/planning/dot-iu-cutter-v0.1-user-decision-pack-2026-05-15.md
decisions_recorded: 7
decisions_at_high_risk_held_pending_council: 2 (Decisions 3, 6)
decisions_at_standard_or_low_risk_confirmed: 5 (Decisions 1, 2, 4, 5, 7)
implementation_unblock_status: partial (governance gaps + Đ44 Family Registry still pending)

4. The 7 Confirmed Decisions

4.1 Decision 1 — Auto-Accept Thresholds (Semantic Threading)

Selected option: Balanced

  • confidence ≥ 0.75
  • ≥ 2 independent evidence signals
  • Allowlist-limited (starter set ≤ 2 domains; expand via Decision Backlog evidence)

Rationale:

  • Aligns with rev5d §13.1.5 spirit of risk-gated auto-accept.
  • Avoids reviewer fatigue (Option A) while preventing graph poisoning (Option C).
  • Allows positive recursion loop (P10) to close at v0.1 without compromising trust.
  • Thresholds tunable via D4 capability intake when evidence accumulates.

Risk class: Standard. Đ32 risk gate enforced at policy table level.

Affected deliverables:

  • D9 §4.4 (auto-accept gate) — operational policy values seeded.
  • D4 (capability intake) — D4 is the cycle through which thresholds tune.
  • D5 (backlog) — threshold entries are kind = threshold_tune.
  • D3 (health) — auto-accept performance feeds signal aggregation.

Further governance ratification required:

  • ❌ No further ratification required pre-implementation planning.
  • ✅ Re-evaluation cadence: every Self-Review cycle (cross-link Decision 8 / G-3 reviewer scope).
  • ✅ Allowlist domain expansion requires Decision Backlog entry + AI Council review.

4.2 Decision 2 — Retrieval Target Values

Selected option: Standard

  • thread_hit_rate ≥ 80%
  • fallback_vector_rate ≤ 15%
  • wrong_thread_rate ≤ 3%

Companion targets (per User Decision Pack §5 default):

  • context_sufficiency_rate ≥ 70%
  • agent_extra_search_rate ≤ 20%
  • user_reject_rate ≤ 10%

Strategic ambition ≥ 90% thread_hit_rate (rev5d §14.4) deferred to v0.2.

Rationale:

  • Matches rev5d §14.4 mature-target language.
  • Realistic for v0.1 + 1 production cycle.
  • Avoids Option A (strict) blocking retrieval indefinitely.
  • Avoids Option C (soft) diluting the thread-first retrieval value proposition.

Risk class: Standard.

Affected deliverables:

  • D11 §4.8 (retrieval metrics).
  • D3 (health) — retrieval-side health signals route into segmentation health.
  • D4 (capability intake) — target tuning via intake records.
  • D5 (backlog) — initial values become threshold_tune entries.

Further governance ratification required:

  • ❌ No further ratification required pre-implementation planning.
  • ✅ All metrics are requires_instrumentation — actual measurement gated by D11 instrumentation phase (a future P3 schema phase).
  • ✅ Re-evaluation cadence: every Self-Review.

4.3 Decision 3 — Audience Definitions ⚠️ HIGH RISK

Selected option: Conservative

  • 4 audience classes: AI-Agent / Employee / Partner / Customer
  • Default visibility: internal-only
  • Tiered visibility scheme: public / partner / employee / internal / restricted
  • Default readiness gate: published required for Customer & Partner

Rationale:

  • Clean 4-class model from rev5d §14.2.
  • internal-only default prevents accidental external exposure.
  • Tiered scheme supports nuance (partner ≠ employee ≠ customer).
  • Avoids Option B's loss of Partner/Customer distinction.
  • Rejects Option C's dangerous public-by-default-after-published rule.

Risk class: HIGH (security event class).

Affected deliverables:

  • D11 §4.10 (audience-scoped search).
  • D11 §4.11 (visibility/readiness/publication filters).
  • D7 §4.3 (G5 governance state fields).
  • D3 (health) — wrong_audience_result security path.
  • D10 (legal alignment) — Đ32 + Đ24 + G-5 surfaces.

Further governance ratification REQUIRED:

YES — Decision 3 is HIGH risk and defaults DO NOT auto-apply.

Required ratifications before implementation planning:

  1. G-5 Access-Control Authority must be named (Đ37 governance closure).
  2. Council ratification of:
    • 4 audience class vocabulary (Đ24 cross-law).
    • Tiered visibility scheme (Đ24 cross-law).
    • Default-internal-only rule.
    • Customer/Partner published-only gate.
  3. Đ32 risk approval of audience class semantics and enforcement boundary.
  4. Đ24 vocabulary ratification of: visibility, readiness, publication_state enums.

Implementation planning blocked until all 4 ratifications close.

4.4 Decision 4 — Backlog Scope

Selected option: Cutter-only v0.1

  • Decision Backlog Registry scoped to dot-iu-cutter producers only.
  • Federation deferred to future capability intake (D4) when needed.
  • Markdown mirror path: knowledge/dev/laws/dieu44-trien-khai/registry/.

Rationale:

  • Bounded scope; simpler PG schema; clear ownership in v0.1.
  • Aligned with v0.1 boundary (one DOT pair, one cutter).
  • Federation upgrade path documented as a future schema gap (D5 §8).
  • Avoids over-engineering for cross-DOT consolidation prematurely.

Risk class: Standard.

Affected deliverables:

  • D5 §4.1 (SSOT position) — scope confirmed cutter-only.
  • D5 §6 item 1 — decision_backlog_entry table scoped accordingly.
  • G-2 (Backlog custodian) — custodian responsibility scoped to cutter.

Further governance ratification required:

  • ❌ No further ratification required pre-implementation planning.
  • ✅ Federation upgrade path becomes a future D4 capability intake (not v0.1).
  • ✅ G-2 custodian closure (separate Đ37 step) consumes this scope decision.

4.5 Decision 5 — Per-Unit Block Shape

Selected option: Child rows as main model; JSONB only for flexible subfields

Specifically:

  • Core fields (canonical_address, source_span_start/end, title, section_type, unit_kind, parent_unit_id, hierarchy_depth, body_source_policy, render_order, semantic_role) → first-class columns on manifest_unit_block table.
  • Flexible / vocab-churn fields (edge_readiness_notes, review_flags, candidate_edges, C1A_rule_refs, three_question_test_result, cut_reason details) → JSONB columns on manifest_unit_block rows.

Rationale:

  • Hybrid recommendation in User Decision Pack §5 — pragmatic balance.
  • Stable axis-1 / axis-2 core fields stay queryable (Đ38 manifest-as-code, P14).
  • Vocabulary churn during Đ24 ratification absorbed via JSONB without DDL churn.
  • Diff materialized view (D2 §4.11) realizable at row level.
  • Aligns with Gate 2 §3.7 closure direction.

Risk class: Standard.

Affected deliverables:

  • D2 §4.2 (manifest field set) — child-row + JSONB hybrid model.
  • D2 §6 items 1, 2 (manifest_envelope + manifest_unit_block).
  • P0 Schema §5.2 (P0-2) — critical unblock: P0-2 migration design CAN proceed once Đ44 Family + Đ24 vocab ratify.
  • D6 (assembly axes) — axis-2 fields stay queryable.

Further governance ratification required:

  • ❌ No further ratification on shape itself.
  • ⏳ Đ44 Family Registry submission for manifest_envelope + manifest_unit_block families pending (cross-link with governance closure step 3).
  • ⏳ Đ24 vocabulary ratification for section_type, unit_kind, body_source_policy enums.
  • ✅ Decision unblocks P0-2 design work but P0-2 migration still requires Đ44 + Đ24 closures.

4.6 Decision 6 — wrong_audience_result Handling ⚠️ HIGH RISK

Selected option: Block + Log + Escalate, NO auto-rollback

Specifically:

  • Block response at retrieval boundary (do not deliver).
  • Log event to consumer_contract_log (D11 §5).
  • Emit wrong_audience_result event.
  • Route to Đ37 escalation queue + G-5 Access-Control Authority.
  • No auto-rollback of response (no recall-message attempt).

Rationale:

  • Stops information leakage immediately.
  • Preserves audit trail.
  • Routes through security owner (G-5), not search-quality channel — honors rev5d §14.2 guardrail.
  • Avoids Option D's auto-rollback risk (recall messages may amplify exposure).

Risk class: HIGH (security event class — always).

Affected deliverables:

  • D11 §4.10 (access-control guardrail).
  • D11 §5 (consumer_contract_log object).
  • D3 (segmentation health) — wrong_audience_result is a distinct security event, not a search-quality signal.
  • D8 §8 missing instrumentation #9 (auth-context propagation).
  • G-5 (Access-Control Authority) — owns event handling.

Further governance ratification REQUIRED:

YES — Decision 6 is HIGH risk and default DOES NOT auto-apply.

Required ratifications before implementation planning:

  1. G-5 Access-Control Authority must be named (Đ37 governance closure).
  2. G-5 Authority + Đ32 must approve handling runbook.
  3. Đ37 escalation queue must be wired to receive wrong_audience_result events (no parallel notification system; criterion 38).
  4. Council ratification of "no auto-rollback" rule (some teams may push for auto-recall; rejection of that path must be formal).

Implementation planning blocked until all 4 ratifications close.

4.7 Decision 7 — Context Pack Caching Policy

Selected option: Always fresh v0.1

Specifically:

  • Build Thread Context Pack on every query.
  • No caching layer in v0.1.
  • thread_context_pack_cache table (D11 §5) reserved but unimplemented.
  • Caching becomes a future D4 capability intake when retrieval load justifies AND CDC plumbing exists (missing instrumentation #5).

Rationale:

  • Simplest; matches D11 §8 recommendation.
  • No cache-invalidation bug class at v0.1.
  • Always reflects latest thread state (critical after F2 Split/Merge in D3).
  • Perf cost acceptable for v0.1; Qdrant + thread centroid pre-compute will mitigate.

Risk class: Low.

Affected deliverables:

  • D11 §4.4 (Context Pack).
  • D11 §5 (thread_context_pack_cache reserved-not-built).
  • D4 (future capability intake when caching is justified).
  • D8 §8 missing instrumentation #5 (CDC) — prerequisite for safe caching.

Further governance ratification required:

  • ❌ No further ratification required pre-implementation planning.
  • ✅ Future caching upgrade is a D4 capability intake — Đ32 risk review at that point.

5. Summary Table

# Decision Selected Risk Further ratification needed?
1 Auto-accept thresholds Balanced (conf ≥ 0.75, ≥ 2 signals, allowlist) Standard No (re-eval per Self-Review)
2 Retrieval targets Standard (hit ≥ 80%, fallback ≤ 15%, wrong ≤ 3%) Standard No (instrumentation gated)
3 Audience definitions Conservative (4 classes, internal-only, tiered 5-level) HIGH YES — G-5 Authority + Council + Đ24 + Đ32
4 Backlog scope Cutter-only v0.1 Standard No
5 Per-unit block shape Child rows + JSONB for flex Standard Đ44 Family + Đ24 vocab (separate closures)
6 wrong_audience_result handling Block + Log + Escalate, no auto-rollback HIGH YES — G-5 Authority + Đ32 + Đ37 escalation wiring + Council
7 Context Pack caching Always fresh v0.1 Low No

6. P0 Schema Unblock Status

P0 Item Unblocked by Decision 5? Other gates
P0-1 canonical_address Independent of D5 Đ24 format ratification
P0-2 manifest_envelope + manifest_unit_block YES Đ44 Family + Đ24 vocab
P0-3 cut_change_set + rollback_key Independent G-4 closure + Đ44 Family
P0-4 verify_result Independent G-4 closure + Đ44 Family
P0-5 decision_backlog_entry Independent G-2 closure
P0-6 review_decision Indirectly (via P0-2 FK) G-1 / G-3 closure

Decision 5 specifically unblocks P0-2 design work (subject to Đ44 + Đ24 closures still pending).

7. Implementation Planning Gate

implementation_planning_allowed: false
remaining_blockers:
  - G-1 Threading roles (Đ37 closure)
  - G-2 Backlog custodian (Đ37 closure)
  - G-3 Capability-intake reviewer (Đ37 closure)
  - G-4 DOT-pair signing authority (Đ37 closure)
  - G-5 Access-Control Authority (Đ37 closure) — BLOCKS Decisions 3, 6 ratification
  - Đ44 Family Registry ratification (4 new families)
  - Đ24 vocabulary ratifications (audience tiers, manifest enums, section_type/unit_kind)
  - Đ32 risk approval for Decisions 3 & 6
  - Council ratification for Decisions 3 & 6
  - P0 migration design (future separate phase)
decisions_confirmed_but_not_implemented: 7
implementation_blocked: true

8. Cross-References

Closure record / decision Cross-link
Decision 1 (Balanced thresholds) D9 §4.4; G-1 (Threading roles); D4 (capability intake)
Decision 2 (Standard targets) D11 §4.8; D3 (health); D4
Decision 3 (Conservative audiences) G-5; rev5d §14.2; D11 §4.10/§4.11; D7 §4.3; Đ24
Decision 4 (Cutter-only backlog) D5 §4.1; G-2
Decision 5 (Child rows + JSONB) D2; P0-2; Đ44 Family; Đ24 vocab
Decision 6 (Block + Log + Escalate) G-5; rev5d §14.2; D11 §4.10; D8 #9; Đ32 high-risk path
Decision 7 (Always fresh) D11 §4.4; D11 §5; future D4 intake; D8 #5 (CDC)

9. Closure Status

package_status: USER_DECISIONS_RECORDED_PENDING_HIGH_RISK_RATIFICATION
decisions_total: 7
decisions_standard_or_low_recorded_and_effective: 5 (1, 2, 4, 5, 7)
decisions_high_risk_recorded_pending_ratification: 2 (3, 6)
governance_gaps_unblocked_by_decisions: 0 (decisions clarify scope; closures still required)
p0_design_work_unblocked: P0-2 (subject to Đ44 + Đ24)
no_code: true
no_ddl: true
no_migration: true
no_pg_mutation: true
implementation_planning_allowed: false

10. Coverage of Review Findings

Review source Confirmation mapping
User Decision Pack §4 (Decision 1) §4.1
User Decision Pack §5 (Decision 2) §4.2
User Decision Pack §6 (Decision 3) §4.3
User Decision Pack §7 (Decision 4) §4.4
User Decision Pack §8 (Decision 5) §4.5
User Decision Pack §9 (Decision 6) §4.6
User Decision Pack §10 (Decision 7) §4.7
User Decision Pack §13 (HIGH risk held items) §4.3 + §4.6 explicitly held pending Council/Authority
User Decision Pack §11 (governance cross-links) §8
User Decision Pack §12 (P0 cross-links) §6
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/closures/dot-iu-cutter-v0.1-user-decision-confirmation-2026-05-15.md