KB-424B

dot-iu-cutter v0.3 Read-Observability Design — GPT Review

4 min read Revision 1

dot-iu-cutterreviewv0.3read-observabilitydirectuspg-firstdesign-pass

dot-iu-cutter v0.3 — Read-Observability Design GPT Review

Date: 2026-05-16
Reviewer: GPT
Files reviewed: v0.3 Directus read-observability design package
Scope: Design review only. No PG/Directus change authorized by this review.

1. Verdict

v0_3_read_observability_design_status: PASS
agent_revision_needed: false
selected_model: MODEL_C_PG_first_views
risk_class: STANDARD
execution_authorized: false
next_step: blocker_closure_then_policy_authoring

The design is accepted. PG-first read views are the correct control plane because the 12 cutter_governance tables are not registered Directus collections, while PG privileges are the real enforcement point today.

2. Ratified Decisions

B_1_consumer_model: MODEL_C_hybrid_PG_first
B_2_sensitive_field_policy: accept_agent_redaction_list_with_REVIEW_items_default_REDACTED
B_3_read_audit_requirement: no_new_audit_for_v0_3_read_only; rely_on_pg_logs_or_future_audit_design
B_4_consumer_principal: cutter_ro_NOLOGIN_group_role; actual login/member_binding_deferred_to_execution_design
B_5_existing_directus_broad_SELECT: defer_tightening_to_separate_workstream
B_6_redaction_mechanism: PG_views_v_table_observe; Directus_field_permissions_deferred

3. Binding Permission Model

create_later_after_command_review:
  - PG role cutter_ro (NOLOGIN)
  - 12 PG read views v_<table>_observe
  - GRANT USAGE on cutter_governance to cutter_ro
  - GRANT SELECT on the 12 views only to cutter_ro
not_now:
  - Directus collection registration
  - Directus role/policy/permission changes
  - PG RLS
  - directus existing role tightening
  - cutter_ro_full

Base table SELECT for cutter_ro should be avoided unless a later authoring package proves it is required. The default posture is SELECT on views only.

4. Sensitive Field Policy

Accepted default: redact all fields Agent listed as REDACTED. Items marked REVIEW are also redacted by default for v0.3 unless an authoring package explicitly justifies visibility.

redacted_by_default:
  - signature_payload
  - payload_envelope
  - payload_hash
  - rollback_key
  - idempotency_key
  - before_state_snapshot
  - after_state_snapshot
  - reviewer_identity
  - reviewer_independence_evidence
  - arbitrary_or_large_jsonb_payloads
  - findings_jsonb
  - change_diff_jsonb
  - source_span
  - payload_summary
  - candidate_edges
  - report_summary

5. RLS Decision

PG_RLS_needed_for_v0_3: false
reason: requirement_is_read_all_rows_and_column_redaction_is_by_views
future_RLS_trigger: row_scoped_audience_or_tenant_partition_requirement

6. Gate Effect

policy_authoring_allowed_after_explicit_prompt: true
dry_run_allowed_now: false
production_permission_change_allowed_now: false

Agent may proceed to a policy/DDL authoring package only after explicit prompt. That package must still go through dry-run, command review, and production execution gates.

7. Status

PG_role_created: false
views_created: false
GRANT_executed: false
Directus_changed: false
RLS_changed: false
production_mutation: false