Incomex AI Portal
KB-3F59

dot-iu-cutter v0.1 — P0 Final Readiness Blocker Register

23 min read Revision 1
dot-iu-cutterfinal-readinessblocker-registerp0no-executionno-ddlrev5d

dot-iu-cutter v0.1 — P0 Final Readiness Blocker Register

Date: 2026-05-15 Status: FINAL EXECUTION READINESS REVIEW — Lane "blocker register" Scope: REVIEW DOCUMENTATION ONLY. No code, no DDL, no SQL, no migration, no PG mutation, no execution. Master: final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md

1. Purpose

Enumerate every blocker that stands between today's state and the first DDL/migration execution for dot-iu-cutter v0.1 P0. Each blocker is classified:

  • hard_blocker — must be demonstrably closed BEFORE execution may be authorized.
  • condition_to_execute — must be true AT execution time; may be discharged inside the execution window (still required, but not pre-authorization).
  • post_execution_follow_up — does not block first execution; tracked separately for the lifecycle of dot-iu-cutter v0.1.

For each: id, title, classification, owner, source file, recommended resolution, whether it blocks the first DDL/migration execution.

2. Source Inputs

  • final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3–§5
  • implementation-planning/dot-iu-cutter-v0.1-p0-implementation-planning-report-2026-05-15.md §4
  • implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md
  • implementation-planning/dot-iu-cutter-v0.1-p0-preflight-and-backup-plan-2026-05-15.md
  • implementation-planning/dot-iu-cutter-v0.1-p0-rollback-test-plan-2026-05-15.md
  • implementation-planning/dot-iu-cutter-v0.1-p0-canonicalization-rule-v0.1-planning-note-2026-05-15.md
  • implementation-planning/dot-iu-cutter-v0.1-p0-operational-seat-naming-plan-2026-05-15.md

3. Hard Blockers (must close BEFORE execution may be authorized)

3.1 HB-01 — X-1 schema placement sign-off

id: HB-01
title: Đ44 + Đ33/Đ43 sign-off of cutter_governance schema class membership
classification: hard_blocker
owner: Đ44 family registry custodian + Đ33/Đ43 schema authority
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md §4
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.1
recommended_resolution: separate ratification session producing a sign-off file under knowledge/dev/laws/dieu44-trien-khai/ratification/
blocks_first_ddl_or_migration: yes (no table can be created until the schema class is approved)

3.2 HB-02 — X-4 Đ24 outstanding ratifications + lookup population

id: HB-02
title: Đ24 ratification of remaining enum sets + lookup table population
classification: hard_blocker
owner: Đ24 vocab owner (+ Đ44 cross-family confirmation)
enums_pending_ratification:
  - cut_change_set.state (extension: invalid_drift)
  - cut_change_set_affected_row.operation_kind (create / update / supersede / link / unlink)
  - cut_change_set_affected_row.target_table
  - dot_pair_signature.signature_kind
  - dot_pair_signature.validation_state
  - verify_result.verify_kind
  - verify_result.axis_1_status
  - verify_result.axis_2_status
  - verify_result.verdict (PASS / FAIL / NEEDS_HUMAN)
  - verify_result.state
  - review_decision.verdict (aligned with verify_result.verdict)
  - review_decision.reviewer_kind
  - decision_backlog_entry.kind (extension for new event kinds)
  - decision_backlog_entry.status
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md §7
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.2
recommended_resolution: Đ24 ratification of each remaining enum set + operational lookup-table population
blocks_first_ddl_or_migration: yes (every P0 step references at least one enum FK)

3.3 HB-03 — X-6 G-4 + Đ44 sign-off on dot_pair_signature shape

id: HB-03
title: G-4 DOT Registry Custodian + Đ44 sign off the shared dot_pair_signature shape + revocation lifecycle additions + exactly-one cross-reference rule
classification: hard_blocker
owner: G-4 DOT Registry Custodian (requires G-4 seat named) + Đ44
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md §8
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.3
dependency: cascades from HB-06 (G-4 seat naming) — cannot be signed off until G-4 is named
recommended_resolution: Đ37 names G-4 → G-4 + Đ44 record sign-off ratification artefact
blocks_first_ddl_or_migration: yes for Step 5 (dot_pair_signature created in Step 5)

3.4 HB-04 — X-7 Đ24 canonicalization rule prose ratification

id: HB-04
title: Đ24 ratifies full canonicalization_rule_v0.1 prose (placeholder is only NFC + LF + trim)
classification: hard_blocker
owner: Đ24 vocab owner (+ Đ44 family ratifier)
items_pending_in_prose:
  - identifier (e.g., canon-md-v0.1.0)
  - BOM handling explicit binding
  - mixed line endings binding
  - trailing newline at file end binding
  - consecutive blank lines binding
  - canonical_token boundary definition
  - byte-offset → canonical_token position mapping algorithm
  - per-source_kind extension policy (markdown v0.1; code FUTURE; binary FUTURE)
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-canonicalization-rule-v0.1-planning-note-2026-05-15.md §4-§5
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.4
recommended_resolution: separate Đ24 ratification session producing a ratification file under ratification/
blocks_first_ddl_or_migration: yes for Step 6 (verify_result.canonicalization_rule_used references the ratified identifier)

3.5 HB-05 — X-8 rollback test plan dry-run execution + Đ32 + G-4 sign-off

id: HB-05
title: 26-scenario synthetic-data rollback test plan dry-run executed; Đ32 (HIGH-risk path) + G-4 sign off
classification: hard_blocker
owner: Đ32 (HIGH-risk path) + G-4 Custodian
required_preconditions_to_run_dry_run:
  - dry-run environment provisioned (per HB-09)
  - canonicalization rule library scaffolding (placeholder) present (per CTE-03)
  - signing scheme v0.1 implementation present (per CTE-04)
  - DOT-pair registered (per HB-07)
  - signal routing wired to G-2 channel (per CTE-02)
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-rollback-test-plan-2026-05-15.md §4
  - implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md §10
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.5
dry_run_required_before_real_execution: TRUE (explicit binding)
recommended_resolution: discharge preconditions → execute the 26-scenario matrix in the dry-run environment → Đ32 + G-4 sign-off recorded as a closure artefact
blocks_first_ddl_or_migration: yes (dry-run-before-real-cut is binding from cross-cutting resolution plan §10)

3.6 HB-06 — Operational seats G-2, G-4, G-5 named (Đ37)

id: HB-06
title: Đ37 operational session names G-2 (Backlog Custodian), G-4 (DOT-Pair Signing Authority), G-5 (Access-Control Authority)
classification: hard_blocker
owner: Đ37 (exclusively)
per_seat:
  G_2: hard_blocker — owns signal channel; required from Step 1 onward
  G_4: hard_blocker — owns DOT-pair registration + X-6 sign-off + X-8 sign-off; required from Step 5 onward
  G_5: hard_blocker (per access-control surface check) — PII boundary; required from Step 1 onward whenever reviewer_identity / owner_seat are written
  G_3: soft_blocker — required only if a FUTURE capability is accepted into v0.1
  G_1: non_blocker for P0 — required only if a review_decision.reviewer_kind=council is recorded
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-operational-seat-naming-plan-2026-05-15.md §4 + §6
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.6
recommended_resolution: Đ37 operational session under Đ37 authority; planning phase does not create seats
blocks_first_ddl_or_migration: yes for G-2, G-4, G-5; no for G-3, G-1

3.7 HB-07 — DOT-pair registration

id: HB-07
title: G-4 registers executor (dot-iu-cutter) and verifier (dot-iu-cutter-verify) DOTs in the DOT registry; wires tool_revision drift handling
classification: hard_blocker
owner: G-4 DOT Registry Custodian (requires HB-06 G-4 named first)
artefacts_required:
  - executor DOT registry entry
  - verifier DOT registry entry
  - tool_revision drift detection rule active (state=invalid_drift on mismatch; dot_pair_drift signal emit)
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md (X-6, X-8 references)
  - migration-design/dot-iu-cutter-v0.1-p0-3-cut-change-set-rollback-key-migration-design-2026-05-15.md §7
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.7
recommended_resolution: after G-4 seat named → G-4 records registry entries + wires drift signal channel
blocks_first_ddl_or_migration: yes for Steps 5 + 6; signal channel wiring also needed earlier for any synthetic signal observed

3.8 HB-08 — Preflight directus backup + restore test

id: HB-08
title: Directus PG full backup taken < 60 min before execution; restore test passes in a separate environment
classification: hard_blocker
owner: G-4 Custodian + operational DBA (assigned via Đ37)
required_artefacts:
  - full pg backup
  - restore-test artefact in dry-run environment
  - acceptance: restored DB starts cleanly + sample query returns expected counts
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-preflight-and-backup-plan-2026-05-15.md §3
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.8
recommended_resolution: per preflight plan §3
blocks_first_ddl_or_migration: yes

3.9 HB-09 — Schema + row-count snapshots and dry-run environment

id: HB-09
title: pg_dump schema snapshot + per-table row-count snapshot taken alongside backup; dry-run environment provisioned
classification: hard_blocker
owner: operational DBA + G-2 (records snapshot artefact in backlog history)
required_artefacts:
  - pg_dump --schema-only of Directus DB
  - per-table row counts for all affected schemas
  - dry-run environment for HB-05 + end-to-end migration sequence dry-run
source_files:
  - implementation-planning/dot-iu-cutter-v0.1-p0-preflight-and-backup-plan-2026-05-15.md §4-§6
  - final-readiness/dot-iu-cutter-v0.1-p0-final-execution-readiness-review-2026-05-15.md §3.8
recommended_resolution: per preflight plan §4-§6
blocks_first_ddl_or_migration: yes

3.10 Hard Blockers Summary

ID Title Owner Blocks first DDL
HB-01 X-1 schema placement sign-off Đ44 + Đ33/Đ43 yes
HB-02 X-4 Đ24 outstanding ratifications + lookup population Đ24 yes
HB-03 X-6 G-4 + Đ44 sign-off G-4 + Đ44 yes (Step 5+)
HB-04 X-7 Đ24 canonicalization prose ratification Đ24 yes (Step 6)
HB-05 X-8 rollback test plan dry-run + sign-off Đ32 + G-4 yes
HB-06 Operational seats G-2, G-4, G-5 named (Đ37) Đ37 yes
HB-07 DOT-pair registration G-4 yes (Step 5+)
HB-08 Directus backup + restore test G-4 + DBA yes
HB-09 Schema + row-count snapshots + dry-run environment DBA + G-2 yes

Total: 9 hard blockers; all open.

4. Conditions to Execute (must be true AT execution time; not pre-authorization)

4.1 CTE-01 — Failure-stop rule actively enforced

id: CTE-01
title: failure-stop rule enforced during execution (per preflight plan §8)
classification: condition_to_execute
owner: G-4 Custodian + operational DBA
source_file: implementation-planning/dot-iu-cutter-v0.1-p0-preflight-and-backup-plan-2026-05-15.md §8
recommended_resolution: execution-phase tool/runbook honours failure-stop
blocks_first_ddl_or_migration: no (planning-level documented; enforcement at execution time)

4.2 CTE-02 — Signal routing wired (dot_pair_drift, signature_failure → G-2)

id: CTE-02
title: signal channels for dot_pair_drift and signature_failure wired to G-2 backlog channel
classification: condition_to_execute
owner: G-2 + G-4 (joint)
source_files:
  - migration-design/dot-iu-cutter-v0.1-p0-3-cut-change-set-rollback-key-migration-design-2026-05-15.md §7
  - implementation-planning/dot-iu-cutter-v0.1-p0-operational-seat-naming-plan-2026-05-15.md §4.2
recommended_resolution: post G-2 + G-4 seat naming → wire channels
blocks_first_ddl_or_migration: yes for HB-05 dry-run (scenarios S02–S05, S18 require channel observation); therefore CTE-02 is effectively a hard prerequisite for HB-05; for the FIRST DDL it is a strict execution-time condition
elevated_classification: in practice this is a hard prerequisite for HB-05; recorded here as CTE because the channel wiring may sit dormant during DDL Step 1

4.3 CTE-03 — Canonicalization rule library scaffolding (v0.1)

id: CTE-03
title: v0.1 canonicalization rule library scaffolding present (placeholder implementation per X-A binding + HB-04 prose)
classification: condition_to_execute
owner: G-3 (capability intake reviewer) — soft involvement; engineering implementation outside this Agent
source_file: implementation-planning/dot-iu-cutter-v0.1-p0-canonicalization-rule-v0.1-planning-note-2026-05-15.md §4
recommended_resolution: scaffold the rule (application-layer v0.1) per the Đ24-ratified prose
blocks_first_ddl_or_migration: yes for HB-05 (scenarios S13, S14, S19, S20 require the rule to produce identical token streams); effectively a hard prerequisite for HB-05

4.4 CTE-04 — Signing scheme v0.1 implementation

id: CTE-04
title: v0.1 hash-based pseudo-signature implementation present (per P0-3 §7 + X-6)
classification: condition_to_execute
owner: G-4 (signs off the implementation)
source_file: implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md §8 + §10
recommended_resolution: implement the hash-based scheme; G-4 sign-off
blocks_first_ddl_or_migration: yes for HB-05 (scenarios S01–S04 require signatures to be generated)

4.5 Conditions to Execute Summary

ID Title Owner Blocks first DDL
CTE-01 failure-stop rule enforced G-4 + DBA no (planning-level documented)
CTE-02 signal routing wired G-2 + G-4 effective yes (via HB-05)
CTE-03 canonicalization rule library scaffolding G-3 (oversight) + engineering effective yes (via HB-05)
CTE-04 signing scheme v0.1 implementation G-4 + engineering effective yes (via HB-05)

Total: 4 conditions to execute; all open. CTE-02 / CTE-03 / CTE-04 each cascade into HB-05 dry-run requirements.

5. Post-Execution Follow-ups (do NOT block first execution)

5.1 PEF-01 — Backfill canonical_address on legacy TAC rows

id: PEF-01
title: canonical_address backfill on existing tac_logical_unit rows (P0-1 §9 item 6 + step 2 plan)
classification: post_execution_follow_up
owner: G-2 + operational DBA
source_files:
  - migration-design/dot-iu-cutter-v0.1-p0-1-canonical-address-migration-design-2026-05-15.md §9 item 6 + §10
  - implementation-planning/dot-iu-cutter-v0.1-p0-migration-sequence-plan-2026-05-15.md §4.2 (Step 2)
recommended_resolution: batch backfill with reviewer audit post-deploy
blocks_first_ddl_or_migration: no (canonical_address nullable on legacy rows until backfill complete; NOT NULL enabled later)

5.2 PEF-02 — canonical_address NOT NULL constraint enabled post-backfill

id: PEF-02
title: enable NOT NULL on canonical_address only after backfill is complete (P0-1 §9 item 10)
classification: post_execution_follow_up
owner: operational DBA + G-2
source_file: migration-design/dot-iu-cutter-v0.1-p0-1-canonical-address-migration-design-2026-05-15.md §9 item 10
recommended_resolution: separate post-backfill migration step
blocks_first_ddl_or_migration: no

5.3 PEF-03 — PG-constraint enforcement of criterion 28 (dual-signature)

id: PEF-03
title: upgrade enforcement of criterion 28 from application-layer to PG-constraint (trigger or check)
classification: post_execution_follow_up
owner: G-4 + Đ32 (HIGH-risk path)
source_files:
  - migration-design/dot-iu-cutter-v0.1-p0-3-cut-change-set-rollback-key-migration-design-2026-05-15.md §7 + §12
  - migration-design/dot-iu-cutter-v0.1-p0-4-verify-result-migration-design-2026-05-15.md §15
recommended_resolution: D4 capability intake; subsequent migration step
blocks_first_ddl_or_migration: no (v0.1 application-layer accepted)

5.4 PEF-04 — Cryptographic signing scheme upgrade (FUTURE)

id: PEF-04
title: replace v0.1 hash-based pseudo-signature with cryptographic signing (Ed25519 / RSA / similar)
classification: post_execution_follow_up
owner: G-3 + G-4 + Đ32
source_file: migration-design/dot-iu-cutter-v0.1-p0-3-cut-change-set-rollback-key-migration-design-2026-05-15.md §9 item 2
recommended_resolution: D4 capability intake; subsequent migration step
blocks_first_ddl_or_migration: no

5.5 PEF-05 — Per-source_kind canonicalization extensions (FUTURE)

id: PEF-05
title: ast_node (code) and byte (binary) canonicalization extensions
classification: post_execution_follow_up
owner: Đ24 + G-3
source_file: implementation-planning/dot-iu-cutter-v0.1-p0-canonicalization-rule-v0.1-planning-note-2026-05-15.md §4.9
recommended_resolution: D4 capability intake; Đ24 ratification per extension
blocks_first_ddl_or_migration: no (v0.1 markdown-only)

5.6 PEF-06 — axis-2 elevation review

id: PEF-06
title: review whether axis-2 should be elevated from advisory to blocking (D4 capability intake)
classification: post_execution_follow_up
owner: G-3 + Đ32
source_file: migration-design/dot-iu-cutter-v0.1-p0-4-verify-result-migration-design-2026-05-15.md §15
recommended_resolution: after enough verify_result data accumulates, run D4 intake
blocks_first_ddl_or_migration: no

5.7 PEF-07 — Markdown mirror generator implementation

id: PEF-07
title: markdown mirror generator for decision_backlog_entry (and possibly other governance artefacts) per P0-5 §9 item 8
classification: post_execution_follow_up
owner: G-2 + Đ37 (audience scope)
source_file: migration-design/dot-iu-cutter-v0.1-p0-5-decision-backlog-entry-migration-design-2026-05-15.md
recommended_resolution: FUTURE phase
blocks_first_ddl_or_migration: no

5.8 PEF-08 — PG jsonb_check constraint roll-out

id: PEF-08
title: upgrade application-layer JSONB validation to PG jsonb_check constraints per X-3 FUTURE path
classification: post_execution_follow_up
owner: Đ44 + Đ24 + engineering
source_file: implementation-planning/dot-iu-cutter-v0.1-p0-cross-cutting-resolution-plan-2026-05-15.md §6
recommended_resolution: subsequent migration step after v0.1 stabilizes
blocks_first_ddl_or_migration: no

5.9 PEF-09 — DOT-pair separate execution context implementation

id: PEF-09
title: implement separate execution context for the DOT-pair verifier (G-3 D4 capability intake)
classification: post_execution_follow_up
owner: G-3 + G-4 + Đ32
source_file: migration-design/dot-iu-cutter-v0.1-p0-4-verify-result-migration-design-2026-05-15.md §10
recommended_resolution: D4 capability intake; subsequent implementation phase
blocks_first_ddl_or_migration: no (v0.1 application-layer independence enforcement acceptable)

5.10 Post-Execution Follow-ups Summary

ID Title Owner Blocks first DDL
PEF-01 canonical_address backfill G-2 + DBA no
PEF-02 canonical_address NOT NULL enable DBA + G-2 no
PEF-03 PG-constraint dual-signature enforcement G-4 + Đ32 no
PEF-04 cryptographic signing scheme G-3 + G-4 + Đ32 no
PEF-05 per-source_kind canonicalization extensions Đ24 + G-3 no
PEF-06 axis-2 elevation review G-3 + Đ32 no
PEF-07 markdown mirror generator G-2 + Đ37 no
PEF-08 PG jsonb_check rollout Đ44 + Đ24 + engineering no
PEF-09 DOT-pair separate execution context G-3 + G-4 + Đ32 no

Total: 9 post-execution follow-ups; none block first execution.

6. Register Totals

hard_blockers: 9 (HB-01 … HB-09); all open
conditions_to_execute: 4 (CTE-01 … CTE-04); all open; CTE-02 / CTE-03 / CTE-04 are de-facto prerequisites for HB-05 dry-run
post_execution_follow_ups: 9 (PEF-01 … PEF-09)
total_blockers_in_register: 22
first_ddl_blockers: 9 hard + (3 effective via HB-05) = 12 effective preconditions

7. Dependency Chains Worth Noting

dependency_chains:
  - HB-06 (G-4 seat named) → HB-03 (X-6 sign-off) → HB-07 (DOT-pair registration) → CTE-04 (signing scheme implementation) → HB-05 (rollback test plan dry-run + sign-off)
  - HB-04 (canonicalization rule prose) → CTE-03 (rule library scaffolding) → HB-05 (rollback test plan dry-run via canonicalization scenarios)
  - HB-06 (G-2 seat named) → CTE-02 (signal routing wired) → HB-05 (dry-run scenarios that observe channel)
  - HB-01 (schema placement) → all 6 step DDLs (schema must exist)
  - HB-02 (Đ24 enums + lookup tables) → all 6 step DDLs (FK references)
  - HB-08 + HB-09 (backup + snapshots) → first DDL

The critical longest chain is HB-06 → HB-03 → HB-07 → CTE-04 → HB-05. This drives the minimum lead time between today and execution authorization.

8. Explicit Confirmation

no_code_written: true
no_ddl_written: true
no_sql_written: true
no_migration_script_written: true
no_migration_executed: true
no_pg_mutation: true
no_qdrant_mutation: true
no_directus_mutation: true
no_data_writes: true
no_backup_taken: true
no_snapshot_taken: true
no_dry_run_executed: true
no_signature_generated: true
no_dot_pair_registered: true
no_seat_named: true
no_role_created: true
no_dieu37_mutation: true
no_phase_prior_file_modified: true
output_form: blocker_register_documentation_only
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/final-readiness/dot-iu-cutter-v0.1-p0-final-readiness-blocker-register-2026-05-15.md