dot-iu-cutter v0.4 — Credential-Cycle Design GPT Review

Date: 2026-05-16
Reviewer: GPT
Files reviewed: v0.4 credential-cycle 8-doc design package
Scope: Credential design review + CD-1..CD-13 decision closure. No credential execution authorized by this review.

---

1. Verdict

v0_4_credential_cycle_design_status: PASS
agent_revision_needed: false
open_decisions_closed: true
credential_execution_allowed: false
production_role_creation_allowed: false
secret_creation_allowed: false
next_phase: credential_dry_run_authoring

The design is accepted. No role, GRANT, secret, .env edit, production connection, dry-run execution, CUT, VERIFY, code change, or deploy is authorized by this review.

---

2. Accepted Credential Model

writer_principals:
  cutter_exec:
    lane: MARK_SWEEP_REVIEW_CUT
    DOT: 991
  cutter_verify:
    lane: VERIFY_FORWARD_COMPENSATION_ESCALATION
    DOT: 992
read_principal:
  cutter_ro: unchanged_views_only_never_write
forbidden_runtime_writers:
  - workflow_admin
  - directus
  - postgres
SoD_layers:
  - distinct_DB_roles
  - distinct_secret_process_config
  - distinct_DOT_991_992_signing_identity

---

3. CD-1 → CD-13 Decisions

CD_1_UPDATE_posture:
  decision: column_scoped_UPDATE_grants
  allowed_UPDATE_columns:
    - decision_backlog_entry.status
    - review_decision.superseded_by_review_decision_id

CD_2_status_authority_split:
  decision: both_principals_get_UPDATE_status
  legality: enforced_by_code_state_machine_and_tests
  note: grant cannot distinguish transition semantics; agent logic must

CD_3_direct_grants_vs_security_definer:
  decision: direct_grants_for_v0_4
  reason: auditable, simpler, no function-owner escalation surface

CD_4_secret_substrate:
  decision: VPS_env_pattern_for_v0_4
  location_pattern: /opt/incomex/docker/.env
  note: GCP Secret Manager deferred until availability check and separate decision

CD_5_auth_method:
  decision: scram_sha_256_password_for_v0_4
  note: client certificate auth deferred

CD_6_dry_run_fake_credentials:
  decision: yes
  note: throwaway env-local credentials only; never real future secrets

CD_7_decision_backlog_sweep_log_SELECT_for_exec:
  decision: no_SELECT_write_only

CD_8_cutter_verify_INSERT_on_cut_change_set:
  decision: allow_for_forward_compensation_only
  note: no UPDATE on cut_change_set; verifier_signature_id remains NULL

CD_9_CONNECTION_LIMIT:
  decision: 2_per_writer_role
  note: allows one active worker plus one recovery/maintenance connection; revisit after real concurrency tests

CD_10_compensating_change_set_signer_lane:
  decision: DOT_992_verify_lane
  note: failure compensation is verifier-owned escalation, not executor re-cut

CD_11_single_shared_dot_pair_signature_table:
  decision: accept_code_crypto_lane_separation_for_v0_4
  note: no DDL split or DB row-level split in v0.4

CD_12_log_connections:
  decision: enable_for_writer_roles_if_role_specific_logging_is_available_without_cluster_wide_noise
  fallback: record auth events via app/audit ledger only; do not change global logging blindly

CD_13_dry_run_backup_source:
  decision: fresh_read_only_prod_pg_dump
  rejected: reuse_protected_existing_dry_run_envs

---

4. Accepted Privilege Matrix

schema: cutter_governance
canonical_address_alias: zero_access_both_principals
no_delete: true
no_truncate: true
no_DDL: true
no_GRANT_REVOKE: true
no_object_ownership: true
no_bypassrls: true
no_superuser: true
no_createdb_createrole: true
no_observe_view_grants_to_writers: true
cutter_ro_unchanged: true

GPT accepts the proposed table-by-table matrix, with these binding interpretations:

cutter_exec:
  may_write:
    - decision_backlog_entry
    - decision_backlog_history
    - decision_backlog_dependency
    - decision_backlog_sweep_log
    - manifest_envelope
    - manifest_unit_block
    - review_decision
    - cut_change_set
    - cut_change_set_affected_row
    - dot_pair_signature
  must_not_write:
    - verify_result
    - canonical_address_alias

cutter_verify:
  may_write:
    - decision_backlog_entry
    - decision_backlog_history
    - dot_pair_signature
    - cut_change_set
    - cut_change_set_affected_row
    - verify_result
  must_not_write:
    - canonical_address_alias
    - manifest_envelope
    - manifest_unit_block
    - review_decision
    - decision_backlog_dependency
    - decision_backlog_sweep_log

---

5. Risk Decision

credential_design_cycle_risk: none_to_production
future_credential_execution_risk: STANDARD_WITH_STRICT_GATES
reason:
  - empty schema
  - two bounded login roles
  - enumerated grants
  - no superuser/DDL/RLS
  - fully reversible
  - isolated dry-run required first

---

6. Next Gate

The next allowed phase is credential dry-run authoring, not production execution.

Allowed next package:

phase: credential_dry_run_authoring
allowed:
  - author dry-run SQL/commands only
  - define CREATE ROLE/GRANT/REVOKE scripts for isolated env
  - define catalog and behavioral verification harness
  - define rollback script
  - no execution unless separately prompted
forbidden:
  - production role creation
  - production GRANT_REVOKE
  - secret creation
  - .env edit
  - real credential use
  - production connection by runtime code
  - CUT_VERIFY
  - deploy

---

7. Status

v0_4_credential_design_review: PASS
CD_1_to_CD_13: closed
ready_for_credential_dry_run_authoring_prompt: true
ready_for_credential_execution: false
agent_self_advance: prohibited_without_explicit_prompt