KB-1D10
dot-iu-cutter v0.1 — P0 Cross-Cutting Resolution Plan
15 min read Revision 1
dot-iu-cutterimplementation-planningcross-cuttingresolutionp0no-executionno-ddlrev5d
dot-iu-cutter v0.1 — P0 Cross-Cutting Resolution Plan
Date: 2026-05-15 Status: IMPLEMENTATION PLANNING — Lane "resolution" Scope: PLANNING ONLY. No DDL, no SQL, no migration, no PG mutation, no execution. Master:
implementation-planning/dot-iu-cutter-v0.1-p0-implementation-planning-master-2026-05-15.md
1. Purpose
Resolve or plan resolution for the 7 planning-level cross-cutting decisions carried over from the Cross-Cutting Decision Register (X-1, X-2, X-3, X-4, X-6, X-7, X-8). X-A is already ratified (closed_with_notes) and is not repeated here.
For each decision: selected approach, rationale, affected P0 items, execution precondition, whether it blocks implementation execution, whether further ratification is required.
2. Source Inputs
risk-review/dot-iu-cutter-v0.1-p0-cross-cutting-decision-register-2026-05-15.md§3.2–§3.8risk-review/dot-iu-cutter-v0.1-dieu32-p0-risk-review-report-2026-05-15.md§6, §7.2, §7.3ratification/dot-iu-cutter-v0.1-x-a-source-span-drift-unit-ratification-2026-05-15.md- 6 P0 migration-design files
3. Scope
Planning-only. Each decision records a selected approach drawn from the recommendations in the Cross-Cutting Decision Register, plus a clear execution precondition and ratification status.
4. X-1 — Schema Placement
id: X-1
title: schema placement for new P0 objects (TAC vs new schema class)
selected_approach: new_schema_class_for_governance_and_manifest_family
schema_class_name_proposed: cutter_governance (working name; Đ33/Đ43 may rename)
schema_class_membership:
- manifest_envelope (P0-2)
- manifest_unit_block (P0-2)
- cut_change_set (P0-3)
- cut_change_set_affected_row (P0-3)
- verify_result (P0-4)
- dot_pair_signature (P0-3 + P0-4 shared)
- decision_backlog_entry (P0-5)
- decision_backlog_history (P0-5)
- decision_backlog_dependency (P0-5)
- sweep_log (P0-5)
- review_decision (P0-6)
canonical_address_p0_1_placement: stays on existing tac_logical_unit (TAC schema); only the field family is added
rationale:
- clean separation of concerns: TAC stays content-only; new schema class holds governance/manifest/cut/verify/review
- aligns with Đ44 family registry pattern
- matches Cross-Cutting Decision Register §3.2 recommendation
affected_p0_items: [P0-2, P0-3, P0-4, P0-5, P0-6]; P0-1 stays in TAC
execution_precondition:
- Đ44 family registry custodian sign-off on schema class name + membership
- Đ33/Đ43 schema authority sign-off on permission/role mapping
blocks_implementation_execution: true (sign-off required before execution authorization)
further_ratification_required:
- Đ44 sign-off
- Đ33/Đ43 sign-off
5. X-2 — Primary ID Form
id: X-2
title: primary ID form for new objects (uuid vs bigserial vs deterministic text)
selected_approach: uuid_with_human_aliases
default_primary_key: uuid (PG uuid type, generated by application or PG default)
human_aliases_where_useful:
- decision_backlog_entry.decision_id_human (P0-5)
- cut_change_set.rollback_key = "RBK-<change_set_id>" (P0-3 §6 — deterministic prefix + uuid backbone)
- canonical_address (P0-1) — content-driven; not a primary key
fk_references_follow_uuid_referent: true
rationale:
- global uniqueness; safe across replication/sharding
- matches Cross-Cutting Decision Register §3.3 recommendation
- human aliases satisfy reviewer / operator ergonomics
affected_p0_items: [P0-2, P0-3, P0-4, P0-5, P0-6]
execution_precondition:
- Đ44 family registry confirmation
- planning to specify whether uuid is generated by application or by PG (default uuid_generate_v4 / gen_random_uuid) — final choice deferred to execution-phase DDL authoring
blocks_implementation_execution: false (decision recorded; no Đ-level ratification needed)
further_ratification_required: none
6. X-3 — JSONB Validation Policy
id: X-3
title: JSONB validation policy across all P0 items
selected_approach: application_layer_v0_1_with_pg_jsonb_check_FUTURE
fields_affected:
- manifest_envelope.payload_summary (P0-2)
- manifest_envelope.report_summary (P0-2)
- manifest_unit_block.candidate_edges (P0-2)
- cut_change_set.payload_summary (P0-3)
- cut_change_set_affected_row.before_state_snapshot (P0-3)
- cut_change_set_affected_row.after_state_snapshot (P0-3)
- dot_pair_signature.payload_envelope (P0-3/P0-4)
- verify_result.findings (P0-4)
- verify_result.axis_1_drift_details (P0-4)
- verify_result.axis_2_advisory_findings (P0-4)
- decision_backlog_entry.closure_evidence (P0-5)
- review_decision.findings (P0-6)
v0_1_validation_form:
- JSON-schema validation at the application layer prior to write
- reject malformed payloads at the API boundary
- record which JSON-schema version was applied (a schema_version key in the JSONB itself)
future_pg_form:
- PG jsonb_check constraints (per-field schema enforcement) — deferred
- constraint rollout planned per item after v0.1 stabilizes
rationale:
- low v0.1 cost; matches Cross-Cutting Decision Register §3.4
- aligns with Đ44 A.6 #3 JSONB acceptance posture
- PG enforcement available as a tightening path FUTURE
affected_p0_items: [P0-2, P0-3, P0-4, P0-5, P0-6]
execution_precondition:
- JSON-schema documents for each field exist as design artifacts (planning lane; not in this file)
blocks_implementation_execution: false (application-layer is sufficient v0.1)
further_ratification_required: none for v0.1; FUTURE Đ32 review when migrating to PG jsonb_check
7. X-4 — Enum Implementation Strategy
id: X-4
title: enum implementation strategy (PG enum type vs Đ24 lookup FK)
selected_approach: dieu24_lookup_table_fk
enum_set_inventory_routed_to_dieu24:
- cut_change_set.state (pending / executing / committed / rolled_back / superseded / invalid_drift)
- cut_change_set_affected_row.operation_kind (create / update / supersede / link / unlink)
- cut_change_set_affected_row.target_table (tac_logical_unit / tac_unit_version / tac_publication / ...)
- dot_pair_signature.signature_kind (executor_cut / verifier_cut / executor_verify / verifier_verify)
- dot_pair_signature.validation_state (pending / valid / invalid / revoked)
- verify_result.verify_kind (axis_1_round_trip / axis_2_coverage / joint)
- verify_result.axis_1_status (not_run / running / pass / fail)
- verify_result.axis_2_status (not_run / running / pass / advisory_fail / not_applicable)
- verify_result.axis_1_drift_unit (byte / line / ast_node / canonical_token) — default canonical_token per X-A
- verify_result.verdict (PASS / FAIL / NEEDS_HUMAN)
- verify_result.state (pending / running / completed / superseded)
- review_decision.verdict (PASS / FAIL / NEEDS_HUMAN) — aligned with verify_result.verdict
- review_decision.reviewer_kind (ai / human / council)
- decision_backlog_entry.kind (sweep_overdue / dot_pair_drift / signature_failure / wrong_audience_result_event / vocabulary_gap / ...)
- decision_backlog_entry.status (open / in_progress / resolved / re_opened / closed)
- decision_backlog_entry.risk_class (per Đ32 enum — already Đ24-ratified)
- canonical_address.authority (per Đ0-G enum — already Đ24-ratified)
representation:
- lookup tables in cutter_governance schema (or Đ24-owned vocabulary schema, whichever Đ24 directs)
- lookup row id is the FK target; enum field on parent table carries the FK value (text or uuid per Đ24 convention)
rationale:
- vocabulary discipline preserved via Đ24
- allows enum evolution without ALTER TYPE pain
- matches Cross-Cutting Decision Register §3.5
affected_p0_items: [P0-2, P0-3, P0-4, P0-5, P0-6]
execution_precondition:
- Đ24 vocab owner ratification of each enum set listed above
- lookup tables populated (operational; not in this planning phase)
blocks_implementation_execution: true (Đ24 ratification + lookup table populated are execution preconditions)
further_ratification_required:
- Đ24 ratification per enum set (some sets already Đ24-ratified; some pending)
8. X-6 — dot_pair_signature Shape Final Polish
id: X-6
title: dot_pair_signature table shape final polish (shape designed in P0-3 §4.3; polished here)
selected_approach: shared_table_with_signature_kind_enum_and_cross_reference_fks
fields_carried_from_P0_3_§4_3:
- signature_id (uuid)
- signature_kind (FK to Đ24 lookup; see X-4)
- signer_dot_id (text)
- signer_tool_revision (text)
- payload_hash (text)
- payload_envelope (JSONB; validated per X-3)
- signature_payload (text; v0.1 = hash-based pseudo-signature)
- signed_at (timestamptz)
- cross_reference_change_set_id (FK to cut_change_set; nullable)
- cross_reference_verify_result_id (FK to verify_result; nullable)
- validation_state (FK to Đ24 lookup; see X-4)
polish_additions_for_planning:
- exactly-one cross-reference rule: planning expectation that an application-layer check enforces (cross_reference_change_set_id IS NOT NULL) XOR (cross_reference_verify_result_id IS NOT NULL) — never both, never neither — to match signature_kind semantics
- revoked_at (timestamptz, nullable) — populated when validation_state transitions to revoked
- revocation_reason (text, nullable) — populated on revocation
- revoked_by (text actor, nullable) — populated on revocation
- prior_signature_id (FK self-reference, nullable) — chains revocation history if a signature is re-issued
rationale:
- shared table per Đ44 Step 2 joint ratification
- polish supports criterion 28 audit and signature revocation lifecycle (per P0-3 §9 item 12)
- exactly-one cross-reference rule prevents ambiguous signature targeting
affected_p0_items: [P0-3, P0-4]
execution_precondition:
- G-4 DOT Registry Custodian sign-off on shape + revocation lifecycle
- signing scheme v0.1 (hash-based) implementation accepted
blocks_implementation_execution: true (G-4 sign-off required)
further_ratification_required:
- G-4 sign-off
- Đ44 confirmation of polish additions
9. X-7 — Canonicalization Rule Prose Ratification
id: X-7
title: canonicalization rule v0.1 full prose ratification (placeholder accepted at X-A)
selected_approach: dieu24_prose_ratification_via_canonicalization_rule_v0_1_planning_note
v0_1_placeholder_already_ratified_at_X_A:
- NFC unicode normalization
- LF line endings (normalize CR/CRLF to LF)
- trailing whitespace trim (per line)
- scope: markdown source_kind only
prose_to_be_authored_by_dieu24:
- explicit step ordering and idempotency claim
- handling of BOM
- handling of mixed line endings within a single document
- handling of trailing newline at file end
- handling of consecutive blank lines
- token boundary definition (what constitutes a canonical_token)
- byte-offset → canonical_token position mapping algorithm (prose)
- per-source_kind extension policy (markdown is v0.1 default; code = FUTURE ast_node; binary = FUTURE byte)
prose_artefact_location:
- dot-iu-cutter-v0.1-p0-canonicalization-rule-v0.1-planning-note-2026-05-15.md (this implementation-planning phase)
- full Đ24 ratification is a separate ratification step (post planning, pre execution)
rationale:
- placeholder bound at X-A is sufficient for the byte→token conversion structure
- full prose is required so multiple cutter runs agree on canonicalization; this is the gate against "ghost drift" (P0-4 §14)
affected_p0_items: [P0-4]; indirectly P0-2 (source_span unit conversion uses the rule)
execution_precondition:
- Đ24 full prose ratification recorded as a separate ratification file under ratification/
blocks_implementation_execution: true
further_ratification_required:
- Đ24 vocabulary owner ratification of the full prose
10. X-8 — Rollback Test Plan Authoring
id: X-8
title: rollback test plan documented + dry-run executed
selected_approach: authored_in_this_phase_dry_run_executed_before_execution
authored_artefact_location:
- dot-iu-cutter-v0.1-p0-rollback-test-plan-2026-05-15.md (this implementation-planning phase)
dry_run_execution_constraint:
- synthetic data only; no production data
- executed in a dry-run environment (per preflight plan)
- must occur AFTER planning package GPT review and BEFORE migration execution
scope_of_test_plan:
- rollback_key behavior (deterministic format; collision-free)
- cut_change_set state transitions including invalid_drift
- cut_change_set_affected_row before_state_snapshot fidelity
- verify_result.verdict triggering rollback
- dot_pair_signature validation and revocation
- rollback failure recovery path
- signature timeout race conditions
rationale:
- HIGH-risk binding: criterion 28 + rollback authority
- matches Cross-Cutting Decision Register §3.8 + Lane B joint review §5.6
affected_p0_items: [P0-3, P0-4]
execution_precondition:
- dry-run executed and signed off by Đ32 (HIGH-risk path) + G-4 Custodian
blocks_implementation_execution: true
further_ratification_required:
- Đ32 HIGH-risk dry-run sign-off
- G-4 Custodian dry-run sign-off
11. Aggregate Status of 7 Cross-Cutting Decisions
| ID | Title | Selected approach | Blocks execution | Ratification pending |
|---|---|---|---|---|
| X-1 | schema placement | new schema class for governance/manifest family (cutter_governance) | yes | Đ44 + Đ33/Đ43 |
| X-2 | primary ID form | uuid + human aliases | no | none |
| X-3 | JSONB validation policy | application-layer v0.1; PG jsonb_check FUTURE | no | none for v0.1 |
| X-4 | enum implementation strategy | Đ24 lookup FK | yes | Đ24 per enum set |
| X-6 | dot_pair_signature shape final polish | shared table + revocation lifecycle additions | yes | G-4 + Đ44 |
| X-7 | canonicalization rule prose | full prose Đ24-ratified before execution | yes | Đ24 |
| X-8 | rollback test plan | authored here; dry-run before execution | yes | Đ32 + G-4 |
total_planning_level_decisions_resolved_or_planned: 7
total_blocking_execution: 5 (X-1, X-4, X-6, X-7, X-8)
total_not_blocking_execution: 2 (X-2, X-3)
12. Explicit Confirmation
no_ddl_written: true
no_sql_written: true
no_create_table_or_alter_table_in_this_document: true
no_column_ddl_in_this_document: true
no_migration_script_written: true
no_migration_executed: true
no_pg_mutation: true
no_qdrant_mutation: true
no_directus_mutation: true
no_data_writes: true
no_implementation_execution: true
no_phase_prior_file_modified: true
output_form: cross_cutting_resolution_planning_only