Incomex AI Portal
KB-143C

dot-iu-cutter v0.1 — P0 Production Execution Command Review Package (2026-05-15)

24 min read Revision 1
dieu44-trien-khaidot-iu-cutterexecutioncommand-reviewreview-onlyno-execution2026-05-15

dot-iu-cutter v0.1 — P0 Production Execution Command Review Package

document_path: knowledge/dev/laws/dieu44-trien-khai/execution/dot-iu-cutter-v0.1-p0-production-command-review-package-2026-05-15.md
revision: r1
date: 2026-05-15
author: Agent (Claude Code CLI, Opus 4.7 1M)
sovereign: User / anh Huyên
verifier: GPT (Đ32 HIGH-risk path)
secondary: Opus
phase: P0 execution — command-review (review-only, no execution)
preceding_artefact: knowledge/dev/laws/dieu44-trien-khai/final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-rerun-2026-05-15.md (verdict: authorize_with_conditions)
trigger: rerun condition (b) — production migration command review

§1 — Execution Scope (this package documents only; nothing is executed here)

scope_in:
  - production P0 schema migration (CREATE SCHEMA + CREATE TABLE only)
  - controlled lookup/bootstrap rows REQUIRED BY P0 schema integrity (none identified — see §6.4)
  - structural verification queries (read-only)
  - rollback DDL outline (DROP SCHEMA CASCADE on empty tables only)
scope_out:
  - production CUT operations               (no INSERT into cut_change_set)
  - production VERIFY operations            (no INSERT into verify_result)
  - production DOT-pair signature creation  (none)
  - any business-data migration             (none)
  - Qdrant mutation                         (none)
  - Directus collection/schema mutation via Directus API (none; PG direct only)
  - deploy of Nuxt / dot / agent-data application code (none unless separately approved)
  - backfill of canonical_address on tac_logical_unit  (planning §1; out of v0.1 execution)
  - markdown mirror generator                (FUTURE per P0-5 §4)

1.1 v0.1 production execution shipment — SCOPE RESTRICTION (new finding)

The dry-run artefact at /opt/incomex/backups/dieu44_hb05_2026-05-15/schema/cutter_governance_dryrun_v0.1.sql (4949 bytes; sha256 9eb032e2d40d51a1447ad07e5039db8b8b2f83d29b600fb6388c41ec342e4208) declares exactly 5 tables in the cutter_governance schema (per HB-05 closure record §3):

  1. cutter_governance.decision_backlog_entry (P0-5 subset)
  2. cutter_governance.dot_pair_signature (P0-3 / P0-4 shared)
  3. cutter_governance.cut_change_set (P0-3)
  4. cutter_governance.cut_change_set_affected_row (P0-3)
  5. cutter_governance.verify_result (P0-4)

The migration-sequence plan (file 3) and migration-design master call for additional tables/fields that are NOT in this dry-run artefact and have NOT been validated by the 26/26 PASS rollback dry-run:

not_in_dry_run_artefact:
  - cutter_governance.decision_backlog_history        (P0-5)
  - cutter_governance.decision_backlog_dependency     (P0-5)
  - cutter_governance.sweep_log                       (P0-5)
  - canonical_address field family on tac.tac_logical_unit  (P0-1)
  - canonical_address_alias                                  (P0-1)
  - cutter_governance.manifest_envelope                (P0-2)
  - cutter_governance.manifest_unit_block              (P0-2)
  - cutter_governance.review_decision                  (P0-6)

Consequence: the only DDL that has dry-run evidence is the 5-table set. Two execution-scope options are presented for GPT/User decision in §4 — the package itself remains review-only.

1.2 Status of P0 sequence items

P0 step P0 ID Tables in dry-run artefact? Production-executable in v0.1?
1 P0-5 partial — only decision_backlog_entry partial (only that table)
2 P0-1 none NO — deferred
3 P0-2 none NO — deferred
4 P0-6 none NO — deferred
5 P0-3 yes — all 3 tables YES
6 P0-4 yes — verify_result YES

§2 — Exact Production Command Plan (review-only; NOT executed)

All commands are quoted at planning fidelity. Connection strings, host secrets, and the precise database name are placeholders to be confirmed in the execution prompt against /opt/incomex/docker/.env. Per memory: run_pg must use < /dev/null not -i.

Conventions:

  • $VPS = 38.242.240.89 (per Memory Index)
  • $PG_CONTAINER = production postgres container (default expected: incomex-postgres)
  • $DB = Directus database name (default expected: directus)
  • $BACKUP_DIR = /opt/incomex/backups/dieu44_exec_2026-05-15 (NEW path; HB-08 backup is NOT reused)
  • $STAMP = $(date -u +%Y%m%dT%H%M%SZ) taken at backup time
  • $DRYRUN_DDL = /opt/incomex/backups/dieu44_hb05_2026-05-15/schema/cutter_governance_dryrun_v0.1.sql

2.1 Fresh production-bound backup (taken IMMEDIATELY before first DDL)

# C-01  fresh production-bound backup
ssh $VPS "mkdir -p $BACKUP_DIR && docker exec -i $PG_CONTAINER \
  pg_dump -U postgres -d $DB -F c -Z 6 \
  > $BACKUP_DIR/directus_full_${STAMP}.dump < /dev/null"

Rationale: matches the HB-08 pattern (pg_dump -F c -Z 6; restored cleanly with 236 tables). This package does NOT create this backup; the execution prompt does.

2.2 Checksum

# C-02  sha256 of fresh backup
ssh $VPS "cd $BACKUP_DIR && sha256sum directus_full_${STAMP}.dump | tee SHA256SUMS"

Abort if SHA256SUMS empty or sha256sum exit code != 0.

2.3 Schema snapshot (pre-migration)

# C-03  pre-migration schema snapshot
ssh $VPS "docker exec -i $PG_CONTAINER \
  pg_dump -U postgres -d $DB --schema-only \
  > $BACKUP_DIR/directus_schema_pre_${STAMP}.sql < /dev/null && \
  sha256sum $BACKUP_DIR/directus_schema_pre_${STAMP}.sql >> $BACKUP_DIR/SHA256SUMS"

2.4 Row-count snapshot (pre-migration)

# C-04  pre-migration row-count snapshot
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -F'|' -t -c \"\
SELECT schemaname||'.'||relname AS tbl, n_live_tup \
FROM pg_stat_user_tables ORDER BY 1\" \
  > $BACKUP_DIR/directus_rowcounts_pre_${STAMP}.psv < /dev/null && \
  sha256sum $BACKUP_DIR/directus_rowcounts_pre_${STAMP}.psv >> $BACKUP_DIR/SHA256SUMS"

2.5 Production-identity preflight (HARD ABORT GATE — runs BEFORE C-08)

# C-05a  database identity
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -t -c \"\
SELECT current_database(), inet_server_addr(), version()\" < /dev/null"

# C-05b  cutter_governance must NOT pre-exist
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -t -c \"\
SELECT count(*) FROM information_schema.schemata WHERE schema_name='cutter_governance'\" < /dev/null"
# Expected: 0   (>0 → ABORT per §8 gate G-5)

# C-05c  DOT-pair 991/992 present and active
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -F'|' -t -c \"\
SELECT id, name, status, tier, paired_dot FROM directus.dot_tools WHERE id IN (991,992) ORDER BY id\" < /dev/null"
# Expected exactly:
#   991|DOT-IU-CUTTER|active|B|DOT-IU-CUTTER-VERIFY
#   992|DOT-IU-CUTTER-VERIFY|active|A|DOT-IU-CUTTER
# Any deviation → ABORT per §8 gate G-6

2.6 DDL-source integrity check

# C-06  verify dry-run DDL artefact unchanged since HB-05 closure
ssh $VPS "cd /opt/incomex/backups/dieu44_hb05_2026-05-15/schema && \
  sha256sum -c <<<'9eb032e2d40d51a1447ad07e5039db8b8b2f83d29b600fb6388c41ec342e4208  cutter_governance_dryrun_v0.1.sql'"
# Expected: OK    (any FAILED → ABORT per §8 gate G-3)

2.7 Dry-run env reachability (must remain UP per rerun condition (d))

# C-07  dry-run env health
ssh $VPS "docker inspect -f '{{.State.Status}}' pg-dry-run-hb05-2026-05-15"
# Expected: running   (any other state → ABORT per §8 gate G-4)

2.8 Migration command sequence

The migration commands below are issued ONLY for steps whose tables exist in the dry-run artefact (§1.1). Steps 2/3/4 remain DEFERRED.

# C-08  Step 1 (partial) + Step 5 + Step 6 — apply dry-run DDL to production
# (single transactional psql session; the DDL file itself wraps schema creation in BEGIN/COMMIT)
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB \
  --single-transaction --set ON_ERROR_STOP=1 \
  -f - < $DRYRUN_DDL"

Notes on C-08:

  • --single-transaction + ON_ERROR_STOP=1 together: any error aborts the whole transaction with no partial state.
  • The DDL artefact creates the cutter_governance schema and the 5 tables. It contains no DML.
  • The artefact has already produced 26/26 PASS in dry-run against an identical restored Directus baseline.

2.9 Verification command sequence (read-only)

# C-09a  schema exists
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -t -c \"\
SELECT schema_name FROM information_schema.schemata WHERE schema_name='cutter_governance'\" < /dev/null"
# Expected: cutter_governance

# C-09b  5 tables exist, all empty
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -F'|' -t -c \"\
SELECT tablename, n_live_tup FROM pg_stat_user_tables \
WHERE schemaname='cutter_governance' ORDER BY tablename\" < /dev/null"
# Expected exactly 5 rows, each with n_live_tup = 0:
#   cut_change_set|0
#   cut_change_set_affected_row|0
#   decision_backlog_entry|0
#   dot_pair_signature|0
#   verify_result|0

# C-09c  structural diff vs dry-run reference
ssh $VPS "docker exec -i $PG_CONTAINER pg_dump -U postgres -d $DB \
  --schema-only --schema=cutter_governance \
  > $BACKUP_DIR/directus_schema_post_${STAMP}.sql < /dev/null && \
  diff <(grep -E '^(CREATE TABLE|ALTER TABLE|CREATE INDEX)' $DRYRUN_DDL | sort) \
       <(grep -E '^(CREATE TABLE|ALTER TABLE|CREATE INDEX)' $BACKUP_DIR/directus_schema_post_${STAMP}.sql | sort)"
# Expected: no diff output (exit 0)

# C-09d  post-migration row-count snapshot — unchanged on pre-existing tables
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -F'|' -t -c \"\
SELECT schemaname||'.'||relname AS tbl, n_live_tup \
FROM pg_stat_user_tables ORDER BY 1\" \
  > $BACKUP_DIR/directus_rowcounts_post_${STAMP}.psv < /dev/null && \
  diff $BACKUP_DIR/directus_rowcounts_pre_${STAMP}.psv $BACKUP_DIR/directus_rowcounts_post_${STAMP}.psv"
# Expected diff: ONLY the 5 new cutter_governance tables appear (added lines), all with 0 rows;
#                no other table line shows a count delta.

# C-09e  DOT-pair re-verified post-migration
# (re-run C-05c; must produce identical output)

2.10 Rollback command sequence

# C-10a  fail-safe rollback (executed only on validation failure of C-09a–e)
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB \
  --single-transaction --set ON_ERROR_STOP=1 -c 'DROP SCHEMA cutter_governance CASCADE'"
# Safe iff C-09b shows all 5 tables at 0 rows (no production rows ever inserted in this scope).

# C-10b  rollback verification
ssh $VPS "docker exec -i $PG_CONTAINER psql -U postgres -d $DB -A -t -c \"\
SELECT count(*) FROM information_schema.schemata WHERE schema_name='cutter_governance'\" < /dev/null"
# Expected: 0

# C-10c  schema diff vs PRE snapshot (post-rollback DB == pre-migration DB)
ssh $VPS "docker exec -i $PG_CONTAINER pg_dump -U postgres -d $DB --schema-only \
  > $BACKUP_DIR/directus_schema_rollback_${STAMP}.sql < /dev/null && \
  diff $BACKUP_DIR/directus_schema_pre_${STAMP}.sql $BACKUP_DIR/directus_schema_rollback_${STAMP}.sql"
# Expected: empty diff

2.11 Failure-stop command sequence

# C-11  on ANY failure of C-05a..e, C-06, C-07, C-08, C-09a..e:
#   1. STOP — do not retry, do not advance.
#   2. capture: ssh $VPS "cd $BACKUP_DIR && tar czf failure_${STAMP}.tar.gz ."
#   3. if C-08 failed mid-flight (extremely unlikely given --single-transaction + ON_ERROR_STOP=1):
#         run C-10a immediately, then C-10b + C-10c.
#   4. record an admin_fallback_log entry (deferred runtime path; manual entry via dot-apr-execute is acceptable).
#   5. notify Đ32 (HIGH-risk path) + G-4 Custodian.
#   6. open a new GPT review session; do NOT self-retry.

§3 — Migration Sequence (target order)

order_of_execution:  P0-5 → P0-1 → P0-2 → P0-6 → P0-3 → P0-4
v0.1_executable_subset_within_this_order:  partial-P0-5 → P0-3 → P0-4
v0.1_deferred_within_this_order:           full-P0-1, full-P0-2, full-P0-6, P0-5 (history/dependency/sweep_log)

The target order is preserved; v0.1 ships a subset because only that subset has dry-run evidence (§1.1). Subsequent versions complete the sequence after additional dry-run cycles.

§4 — Per-Step Plan

4.1 Step 1 — P0-5 (partial: decision_backlog_entry only)

operation_summary: create cutter_governance schema (idempotent IF NOT EXISTS) + create decision_backlog_entry table
script_path:       /opt/incomex/backups/dieu44_hb05_2026-05-15/schema/cutter_governance_dryrun_v0.1.sql  (single composite DDL file; this step's lines only)
expected_objects:
  - SCHEMA cutter_governance
  - TABLE  cutter_governance.decision_backlog_entry
verification_command: C-09a, C-09b (decision_backlog_entry row in result with n_live_tup=0)
rollback_condition:   any verification deviation in §2.9
transaction_wrapped:  yes (within C-08 single-transaction)
idempotent:           yes if DDL file uses CREATE SCHEMA IF NOT EXISTS / CREATE TABLE IF NOT EXISTS; OTHERWISE re-run will error and ROLLBACK via ON_ERROR_STOP=1 (no partial state)
expected_no_op_on_rerun: full no-op if idempotent forms used; full ROLLBACK with no state change if not
v0.1_deferred_remainder:
  - decision_backlog_history
  - decision_backlog_dependency
  - sweep_log
deferral_reason:      not present in dry-run DDL artefact; no 26/26 PASS evidence

4.2 Step 2 — P0-1 (canonical_address field family on tac.tac_logical_unit + canonical_address_alias)

operation_summary: DEFERRED — out of v0.1 execution scope
script_path:       NONE_AUTHORED
expected_objects:  none (deferred)
verification_command: n/a
rollback_condition: n/a (nothing applied)
transaction_wrapped: n/a
idempotent:          n/a
expected_no_op_on_rerun: n/a
deferral_reason: not present in dry-run DDL artefact; modifies tac.tac_logical_unit (HIGH-impact ALTER TABLE) — requires its own dry-run and joint review before production execution

4.3 Step 3 — P0-2 (manifest_envelope + manifest_unit_block)

operation_summary: DEFERRED — out of v0.1 execution scope
script_path:       NONE_AUTHORED
deferral_reason:   not present in dry-run DDL artefact

4.4 Step 4 — P0-6 (review_decision)

operation_summary: DEFERRED — out of v0.1 execution scope
script_path:       NONE_AUTHORED
deferral_reason:   not present in dry-run DDL artefact

4.5 Step 5 — P0-3 (cut_change_set + cut_change_set_affected_row + dot_pair_signature) [HIGH]

operation_summary: create dot_pair_signature, cut_change_set, cut_change_set_affected_row tables
script_path:       /opt/incomex/backups/dieu44_hb05_2026-05-15/schema/cutter_governance_dryrun_v0.1.sql  (this step's lines)
expected_objects:
  - TABLE cutter_governance.dot_pair_signature
  - TABLE cutter_governance.cut_change_set
  - TABLE cutter_governance.cut_change_set_affected_row
verification_command: C-09a, C-09b (all 3 tables present, all 0 rows), C-09c structural diff = empty
rollback_condition:   any verification deviation in §2.9; production CUT operations REMAIN OUT OF SCOPE here (only schema creation)
transaction_wrapped:  yes (C-08 single-transaction)
idempotent:           same as 4.1
expected_no_op_on_rerun: same as 4.1
risk_class:           HIGH (per joint review)
risk_treatment_for_this_step: scope restricted to empty-table creation; no CUT, no signature row, no FK to populated row beyond the 5-table set itself → rollback by DROP SCHEMA CASCADE is safe (empty)

4.6 Step 6 — P0-4 (verify_result) [HIGH]

operation_summary: create verify_result table
script_path:       /opt/incomex/backups/dieu44_hb05_2026-05-15/schema/cutter_governance_dryrun_v0.1.sql  (this step's lines)
expected_objects:
  - TABLE cutter_governance.verify_result
verification_command: C-09a, C-09b (verify_result present, 0 rows), C-09c structural diff = empty
rollback_condition:   any verification deviation in §2.9; production VERIFY operations REMAIN OUT OF SCOPE here (only schema creation)
transaction_wrapped:  yes (C-08 single-transaction; shared with Step 5)
idempotent:           same as 4.1
expected_no_op_on_rerun: same as 4.1
risk_class:           HIGH
risk_treatment_for_this_step: same as 4.5 — empty-table creation; rollback by DROP SCHEMA CASCADE is safe

§5 — DDL Source Provenance

ddl_source_path:    /opt/incomex/backups/dieu44_hb05_2026-05-15/schema/cutter_governance_dryrun_v0.1.sql
ddl_source_size:    4949 bytes
ddl_source_sha256:  9eb032e2d40d51a1447ad07e5039db8b8b2f83d29b600fb6388c41ec342e4208
ddl_source_origin:  identical to the artefact validated by HB-05 26/26 PASS rollback dry-run (recorded in HB-05 closure §3)
ddl_source_used_unchanged_for_production:  TRUE — bit-for-bit equality is required (C-06 sha256 -c gate)
ddl_modification_proposed:  NONE
ddl_regeneration_proposed:  NONE
ddl_for_deferred_steps_(P0-1,P0-2,P0-6,P0-5_remainder): NOT_AUTHORED; explicitly out of v0.1 execution scope

If GPT review requires DDL generation/regeneration for the deferred steps in this v0.1 execution, that triggers a NEW dry-run cycle + a NEW HB-05-equivalent 26/26 evidence run + a NEW final readiness rerun. This package recommends keeping v0.1 scope tight and shipping deferred items in v0.2.

§6 — Fresh Backup Requirement

fresh_backup_required: true
fresh_backup_taken_in_this_package: FALSE
fresh_backup_responsibility: execution-prompt session (not this package)
fresh_backup_window: < 60 minutes between backup completion (C-01 + C-02) and first DDL dispatch (C-08)
hb_08_backup_reuse: NOT_PERMITTED — HB-08 artefact (directus_full_20260515T102350Z.dump) establishes the pattern; the production-bound artefact must be a SEPARATE fresh take
fresh_backup_path_target: /opt/incomex/backups/dieu44_exec_2026-05-15/directus_full_${STAMP}.dump
fresh_backup_acceptance:
  - pg_dump exit 0
  - file size > 0
  - sha256 recorded
  - (optional but recommended) restore-test into pg-restore-test env reusing HB-08 pattern; result PASS before C-08 dispatched

This package does NOT create that backup; the execution prompt must.

§7 — Rollback Readiness

rollback_strategy: DROP SCHEMA cutter_governance CASCADE
rollback_safety_basis:
  - Steps in v0.1 execution scope produce only EMPTY tables (no DML executed)
  - rollback restores the database to the pre-migration schema snapshot (C-10c diff = empty)
  - 0 production rows are at risk because no CUT / VERIFY / signature DML is part of this scope
rollback_command_outline: C-10a → C-10b → C-10c (see §2.10)
rollback_triggers:
  - any verification deviation in §2.9 (C-09a..e)
  - any failure in §2.5/2.6/2.7 detected AFTER C-08 (unlikely, but covered)
rollback_what_cannot_be_automatically_rolled_back:
  - NOTHING in v0.1 execution scope (empty-table creation only)
  - if scope ever expands to include DML (e.g., bootstrap rows): different rollback strategy required and out of v0.1
rollback_approval_on_partial_failure:
  - Đ32 (HIGH-risk path) + G-4 Custodian joint approval
  - Sovereign User explicit acknowledgement before rollback dispatch if uncertainty exists
  - the rollback C-10a is itself a DDL; treat with same care as C-08 (but it does not require new backup since C-01/C-03 captured pre-state)
rollback_evidence_artefacts:
  - HB-05 logs/hb05_results.json   (sha256 75c2c1afdba3eb901694f63bd22792c15bd693e4da8b0c2ddc8432671e80e524)
  - HB-05 helpers/hb05_harness.py  (sha256 ba5f8313809ad8145088e6b4f33ca917eb65e490046bb9acd902c3a273ac208f)
  - HB-05 schema/cutter_governance_dryrun_v0.1.sql (the same DDL artefact)

§8 — Safety Gates (each is a HARD ABORT condition)

G-1  production_target_identity_mismatch:
     trigger: C-05a returns a db name != expected $DB, or inet_server_addr() returns an unexpected address
     action:  ABORT before C-08; investigate; do not retry without sovereign approval

G-2  backup_failure:
     trigger: C-01 exit != 0 OR backup file size = 0 OR C-02 missing sha256 OR > 60 min stale at C-08 dispatch
     action:  ABORT; retake backup; restart from C-01

G-3  checksum_missing_or_mismatch:
     trigger: C-02 absent OR C-06 sha256 -c reports FAILED
     action:  ABORT; do not dispatch C-08

G-4  dry_run_env_unavailable:
     trigger: C-07 reports anything other than "running"
     action:  ABORT (rerun condition (d) violated)

G-5  cutter_governance_schema_already_exists:
     trigger: C-05b returns count > 0
     action:  ABORT; investigate (production state did not match the "untouched" precondition); do not dispatch C-08

G-6  dot_pair_missing_or_changed:
     trigger: C-05c result deviates from the exact expected two-row output
     action:  ABORT; reconcile dot_tools 991/992 state with HB-07 closure record before proceeding

G-7  verification_failure:
     trigger: any of C-09a..e fails (missing schema, wrong table count, non-empty tables, structural diff non-empty, row-count diff outside expected new-tables-only delta)
     action:  ABORT and ROLLBACK via C-10a..c

G-8  ddl_dispatch_failure:
     trigger: C-08 exits non-zero
     action:  the single-transaction + ON_ERROR_STOP=1 ensures no partial state; capture artefacts via C-11; investigate before any retry; do NOT retry automatically

All eight gates are AND-coupled in the sense that ANY ONE firing aborts production execution.

§9 — Final Status

command_review_package_status: ready_for_gpt_review
production_execution_authorized: false
ddl_executed: false
migration_executed: false
pg_mutation: false
qdrant_mutation: false
directus_mutation: false
deploy_performed: false
backup_taken_in_this_phase: false
self_advance_to_execution: prohibited

new_findings_in_this_package:
  - SCOPE_GAP: dry-run artefact covers 5 tables only; full P0 sequence (Steps 2/3/4 + P0-5 remainder) requires a separate v0.2 cycle
  - RECOMMENDATION: v0.1 production execution ships partial-P0-5 + full-P0-3 + full-P0-4 only (3-table-group)
  - 0 new HARD blockers introduced; the scope gap is an EXECUTION-SCOPE RESTRICTION, not a blocker for the v0.1 subset

§10 — Next Steps

next_step_1: GPT review of this command-review package
next_step_1_inputs:
  - this file (path at top)
  - the 5 controlling files in the user prompt
next_step_1_expected_decisions:
  - accept/reject the v0.1 scope restriction (5 tables only)
  - approve or revise the C-01..C-11 command set
  - confirm Đ32 (HIGH-risk path) sign-off intent for Steps 5/6 at execution time
next_step_2_if_pass: separate explicit production execution prompt that references THIS package by path
next_step_2_prerequisites:
  - GPT command-review verdict = PASS (or PASS_WITH_CONDITIONS)
  - User issues explicit execution prompt in a separate session
  - Final-readiness §4 conditions (a)–(e) all satisfied at prompt time
  - fresh production-bound backup taken < 60 min before C-08 dispatch (C-01 + C-02)
agent_self_advance: PROHIBITED
agent_next_action: WAIT for GPT review of this package; do not dispatch any command against production.

§11 — Hard Boundaries (re-stated)

no_command_executed_in_this_phase: true
no_backup_created_in_this_phase: true
no_ddl_run_in_this_phase: true
no_migration_executed_in_this_phase: true
no_production_pg_mutation_in_this_phase: true
no_production_qdrant_mutation_in_this_phase: true
no_production_directus_mutation_in_this_phase: true
no_deploy_in_this_phase: true
no_self_authorization_in_this_phase: true
no_dry_run_env_teardown_in_this_phase: true
output_form: command_review_package_documentation_only

End of command review package.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/execution/dot-iu-cutter-v0.1-p0-production-command-review-package-2026-05-15.md