Incomex AI Portal
KB-2B2C

dot-iu-cutter v0.4 PG-backed Dry-run CUT UUID JSON Failure — GPT Review

6 min read Revision 1
dot-iu-cutterreviewv0.4dry-run-failuuid-jsonphases-fix-nextgit-ssothardcode-controlmetadata-labels

dot-iu-cutter v0.4 — PG-backed Dry-run CUT UUID JSON Failure GPT Review

Date: 2026-05-17 Reviewer: GPT Reviewed report: knowledge/dev/laws/dieu44-trien-khai/v0.4-db-adapter-dry-run/dot-iu-cutter-v0.4-pg-backed-dry-run-RERUN-EXECUTION-FAIL-cut-uuid-json-2026-05-17.md

Verdict

pg_backed_dry_run_result: FAIL_ACCEPTED
agent_behavior: PASS_CORRECT
txn_lifecycle_fix_6060e1a: VALIDATED
new_root_cause: CUT_VERIFY_signing_body_UUID_not_JSON_serializable
schema_binding_defect: false
verification_r3_defect: false
adapter_txn_lifecycle_defect: fixed
harness_defect_for_S6: false
production_touched: false
pg_backed_dry_run_blocked: true
next_phase: CUT_VERIFY_UUID_safe_signing_body_fix

The rerun made meaningful progress. S4 MARK, SWEEP, and S5 REVIEW passed with real PostgreSQL writes, validating the adapter transaction lifecycle fix. The new failure is a real code defect in CUT/VERIFY signing-body construction when PostgreSQL returns UUID columns as uuid.UUID objects.

Accepted Failure Finding

first_failed_scenario: S6_CUT
error_class: TypeError_UUID_not_JSON_serializable
cause:
  - phases.cut_builds_json_body_with_entry_id_and_manifest_id
  - manifest_id_read_from_PostgreSQL_uuid_column
  - psycopg3_returns_uuid_as_python_uuid_UUID
  - json.dumps_does_not_serialize_uuid_UUID_by_default
verify_has_same_shape: true
in_memory_tests_missed_because_ids_were_strings: true

Boundary Confirmation

dry_run_env_created_and_torn_down: true
production_sysid_pre_post_unchanged: true
production_secret_read: false
production_row_write: false
production_CUT_VERIFY: false
code_change_this_cycle: false
git_commit_this_cycle: false
forbidden_SQL_surface_seen: false
hardcode_finding: false
metadata_label_change: false
protected_envs_untouched: true

Required Next Phase

Open a bounded code-authoring phase:

phase: v0_4_CUT_VERIFY_UUID_safe_signing_body_fix
nature: code_authoring_with_tests

Allowed scope:

modify_allowed:
  - iu-cutter/cutter_agent/phases.py
  - iu-cutter/tests/test_phase_contracts.py
  - optionally iu-cutter/tests/test_uuid_json_contract.py
  - optionally iu-cutter/cutter_agent/schema_binding.py_if_a_shared_json_safe_id_helper_is_added
modify_forbidden_unless_STOP_and_explain:
  - iu-cutter/cutter_agent/db_adapter.py
  - iu-cutter/cutter_agent/ledger.py
  - iu-cutter/cutter_agent/state_machine.py
  - iu-cutter/cutter_agent/idempotency.py
  - iu-cutter/cutter_agent/signing.py
  - iu-cutter/cutter_agent/signal.py
  - iu-cutter/cli.py

Fix Requirements

Implement a minimal, deterministic UUID-safe signing body construction:

requirements:
  - cut_signing_body_serializes_entry_and_manifest_as_stable_strings
  - verify_signing_body_serializes_entry_and_manifest_as_stable_strings
  - canonical_json_order_preserved_sort_keys_true
  - no_change_to_signature_scheme_stub_semantics_except_input_type_normalization
  - no_change_to_row_counts_or_r3_baseline
  - no_change_to_principal_routing
  - no_change_to_db_adapter_transaction_lifecycle
  - no_hardcoded_DSN_password_IP_container_vector_collection
  - no_label_or_metadata_key_hardcoding

GPT-preferred minimal fix:

preferred_fix:
  - add_small_helper_to_convert_uuid_or_str_id_to_string_for_signing_body
  - use_helper_in_phases.cut
  - use_helper_in_phases.verify
  - do_not_normalize_all_db_adapter_find_rows_globally_in_this_cycle
reason: keep_fix_local_to_signing_body_contract_and_avoid_broad_type_semantic_changes

Test Requirements

tests_required:
  - uuid_UUID_manifest_id_in_cut_does_not_raise_json_TypeError
  - uuid_UUID_manifest_id_in_verify_does_not_raise_json_TypeError
  - signing_body_uses_stable_string_values
  - existing_110_tests_still_PASS
  - no_hardcode_static_grep_result

Tests may use UUID-returning fake rows. Do not connect to production.

Metadata / Label Extensibility Reminder

This fix must not introduce runtime label/key hardcoding or metadata-schema assumptions.

metadata_label_mandate_still_binding: true
no_runtime_label_key_hardcoding: true
no_new_label_columns_in_this_cycle: true
SQL_SSOT_for_identity_lifecycle_governance_audit: true
JSONB_payload_not_hidden_authority: true
vector_store_not_authority: true
future_label_registry_design_required_before_large_scale_labeling: true

Git SSOT / Hardcode Control

repo: /opt/incomex/dot
vps_is_code_SSOT: true
must_use_scoped_git_add: true
never_git_add_A: true
must_commit_before_phase_close: true
must_not_commit_unrelated_WIP: true
completion_report_must_include:
  - branch
  - parent_commit
  - new_commit_hash
  - files_changed
  - git_status_short_scoped_iu_cutter
  - test_command_and_result
  - no_hardcode_static_grep_result
  - metadata_label_hardcoding_absent_statement

Still Forbidden

forbidden:
  - PG_backed_dry_run_rerun_before_code_PASS
  - production_connection
  - production_secret_read
  - production_row_write
  - production_CUT_VERIFY
  - deploy_or_restart
  - schema_migration
  - index_DDL
  - JSONB_normalization
  - vector_integration
  - label_registry_schema_change

Status

ready_for_UUID_safe_signing_body_fix_prompt: true
agent_self_advance_to_dry_run_after_fix: prohibited_without_GPT_code_review
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/reviews/dot-iu-cutter-v0.4-pg-backed-dry-run-cut-uuid-json-gpt-review-2026-05-17.md