dot-iu-cutter v0.4 — Credential Dry-Run Authoring GPT Review

Date: 2026-05-16
Reviewer: GPT
Files reviewed: v0.4 credential dry-run authoring package
Scope: Authoring review for isolated credential dry-run SQL/verification/rollback. No production credential action authorized.

---

1. Verdict

v0_4_credential_dry_run_authoring_status: PASS
agent_revision_needed: false
dry_run_execution_allowed_after_explicit_prompt: true
production_role_creation_allowed: false
production_GRANT_REVOKE_allowed: false
secret_creation_allowed: false
production_CUT_VERIFY_allowed: false

The 5-file credential dry-run authoring package is accepted. It correctly encodes the GPT-closed CD-1..CD-13 decisions and the accepted least-privilege model.

---

2. Accepted SQL Model

roles:
  - cutter_exec
  - cutter_verify
role_flags:
  LOGIN: true
  NOSUPERUSER: true
  NOCREATEDB: true
  NOCREATEROLE: true
  NOREPLICATION: true
  NOBYPASSRLS: true
  CONNECTION_LIMIT: 2
passwords: dry_run_throwaway_placeholders_only
schema_usage: cutter_governance_USAGE_only
security_definer: false
direct_grants: true
alter_default_privileges: false
rls_change: false
cutter_ro_change: false
public_schema_change: false
observe_view_grants_to_writers: false

---

3. Accepted Privilege Encoding

cutter_exec:
  decision_backlog_entry: SELECT_INSERT_UPDATE_status
  decision_backlog_history: SELECT_INSERT
  decision_backlog_dependency: SELECT_INSERT
  decision_backlog_sweep_log: INSERT_only
  manifest_envelope: SELECT_INSERT
  manifest_unit_block: SELECT_INSERT
  review_decision: SELECT_INSERT_UPDATE_superseded_by_review_decision_id
  cut_change_set: SELECT_INSERT
  cut_change_set_affected_row: INSERT_only
  dot_pair_signature: SELECT_INSERT
  verify_result: none
  canonical_address_alias: none

cutter_verify:
  decision_backlog_entry: SELECT_INSERT_UPDATE_status
  decision_backlog_history: SELECT_INSERT
  dot_pair_signature: SELECT_INSERT
  cut_change_set: SELECT_INSERT
  cut_change_set_affected_row: SELECT_INSERT
  verify_result: SELECT_INSERT
  manifest_envelope: SELECT
  manifest_unit_block: SELECT
  review_decision: SELECT
  decision_backlog_dependency: none
  decision_backlog_sweep_log: none
  canonical_address_alias: none

Column-scoped UPDATE is accepted. There are 2 updateable columns and 3 role/table/column UPDATE grant tuples:

updateable_columns:
  - decision_backlog_entry.status
  - review_decision.superseded_by_review_decision_id
update_grant_tuples:
  - cutter_exec -> decision_backlog_entry.status
  - cutter_verify -> decision_backlog_entry.status
  - cutter_exec -> review_decision.superseded_by_review_decision_id

This resolves the minor wording ambiguity in the verification plan; no revision is required.

---

4. Accepted Verification Discipline

verification_method: structural_catalog_set_equality
uses_aclexplode: true
fragile_string_comparison: false
checks:
  - role_flags
  - connection_limit_2
  - no_membership
  - no_object_ownership
  - exact_schema_usage
  - exact_table_privileges
  - exact_column_privileges
  - no_extra_update
  - no_destructive_privileges
  - no_observe_view_grants
  - no_alias_grants
  - no_out_of_schema_grants
  - cutter_ro_unchanged
  - directus_unchanged
  - rls_unchanged
  - password_encryption_scram_prefix_without_printing_hash_body
  - allow_probes
  - deny_probes_SQLSTATE_42501
  - rollback_verification
  - production_untouched_gate

---

5. Accepted Rollback Model

rollback_model: exact_inverse
revoke_all_blanket: false
cascade: false
steps:
  - no_login_estop
  - terminate_backends_in_dry_run_env_only
  - revoke_exact_grants
  - assert_memberless_and_owns_nothing
  - drop_roles_plain
  - verify_baseline_restored
protected:
  - cutter_ro
  - observe_views
  - base_tables
  - Directus
  - RLS

---

6. Gate Effect

credential_dry_run_authoring: closed_PASS
isolated_credential_dry_run: may_open_after_explicit_prompt
production_credential_execution: still_blocked
real_DB_adapter_design: still_blocked_until_credential_dry_run_result_review
production_CUT_VERIFY: still_blocked

---

7. Next Authorized Phase

GPT authorizes the next phase as isolated credential dry-run execution, provided it remains strictly non-production.

Allowed next phase:

phase: v0_4_credential_dry_run_execution
allowed:
  - fresh read_only_prod_pg_dump_source
  - isolated_ephemeral_postgres_env
  - throwaway_fake_passwords_inside_env_only
  - execute accepted credential SQL inside dry_run_env_only
  - run catalog_structural_verification
  - run allow_deny_behavioral_probes
  - run rollback
  - teardown_env
  - write KB dry_run reports
forbidden:
  - production_role_creation
  - production_GRANT_REVOKE
  - production_secret_creation
  - .env_edit
  - runtime_code_production_connection
  - CUT_VERIFY
  - deploy
  - changing accepted SQL without STOP_and_report

---

8. Status

ready_for_credential_dry_run_execution_prompt: true
agent_self_advance_without_prompt: prohibited