Incomex AI Portal
KB-2053

dot-iu-cutter v0.4 PG-backed Dry-run Design Command Review — GPT Review

5 min read Revision 1
dot-iu-cutterreviewv0.4db-adapterpg-backed-dry-runpass-with-notesr2-required

dot-iu-cutter v0.4 — PG-backed Dry-run Design / Command-Review GPT Review

Date: 2026-05-17 Reviewer: GPT Reviewed package: 6-doc PG-backed dry-run design / command-review package under knowledge/dev/laws/dieu44-trien-khai/v0.4-db-adapter-dry-run/

Verdict

pg_backed_dry_run_design_command_review: PASS_WITH_NOTES
agent_revision_needed: true_small_r2
execution_authorized_now: false
reason_execution_not_yet_authorized: verification_row_count_matrix_must_be_exact_not_illustrative
production_connection_allowed: false
production_secret_read_allowed: false
cut_verify_production_allowed: false
deploy_allowed: false

The design is accepted in substance. Isolation, sysid guard, dry-run role strategy, secret boundaries, psycopg3 containment, false-negative defenses, and rollback/teardown model are sound.

Before execution, Agent must issue a small r2 correction to the verification plan and any referencing report/command-review section.

Accepted Design Decisions DR-1 → DR-8

DR_1_role_strategy: create_dry_run_equivalent_roles_with_dry_run_only_passwords
DR_2_harness_locus: ephemeral_python_3_12_slim_container_on_dedicated_bridge
DR_3_data_lifecycle: rollback_negative_scenarios_persist_happy_path_until_env_teardown
DR_4_idempotency_framing: find_before_write_dedup; 23505_only_PK_collision_path
DR_5_42501_proof: controlled_matrix_denied_raw_insert_capturing_server_SQLSTATE
DR_6_sslmode: disable_for_throwaway_dry_run_env
DR_7_backup_principal: workflow_admin_read_only_pg_dump
DR_8_retention: keep_sha_gated_redacted_logs_and_manifest; shred_dry_run_env_and_sensitive_backup_files

Accepted Safety Backbone

isolation:
  db_container: unique_postgres16_container
  network: dedicated_bridge
  published_port: none
  sysid_guard: DR_sysid_must_not_equal_PROD_7611578671664259111
  previous_dry_run_envs: exact_name_protected
secrets:
  production_secrets: not_used
  dry_run_passwords: generated_in_env_only
  dry_run_env_file: 0600_then_shredded
code:
  accepted_commit: 56d3732cb74d07546c938242180a434ed1067a9a
  mount: read_only
  code_change: forbidden
psycopg3:
  installed_only_in_throwaway_harness_context: true
rollback:
  no_DELETE_TRUNCATE_cleanup: true
  env_destruction_for_cleanup: true
false_negative_defense:
  structural_catalog_checks: true
  no_rendered_string_constraint_compare: true
  no_grep_c_double_zero_pattern: true

Required r2 Correction Before Execution

The verification plan currently contains an illustrative row-count matrix and a vague row:

(12th: manifest/aux per schema)

This is not acceptable for an execution gate. The matrix must name all 12 production tables explicitly and define expected counts after each scenario.

Required r2 changes:

files_to_update:
  required:
    - v0.4-db-adapter-dry-run/dot-iu-cutter-v0.4-pg-backed-dry-run-verification-plan-2026-05-17.md
  if_referenced:
    - v0.4-db-adapter-dry-run/dot-iu-cutter-v0.4-pg-backed-dry-run-command-review-2026-05-17.md
    - v0.4-db-adapter-dry-run/dot-iu-cutter-v0.4-pg-backed-dry-run-report-2026-05-17.md
changes:
  - replace_illustrative_matrix_with_exact_12_table_matrix
  - remove_vague_12th_row
  - state_expected_counts_for_each_scenario_or_scenario_group
  - include_canonical_address_alias_expected_zero_rows
  - include_decision_backlog_sweep_log_expected_behavior
  - define_final_happy_path_counts_and_negative_delta_zero_counts
  - keep_all_other_design_decisions_unchanged

The exact 12 tables to appear in the matrix:

cutter_governance_tables:
  - decision_backlog_entry
  - dot_pair_signature
  - cut_change_set
  - cut_change_set_affected_row
  - verify_result
  - canonical_address_alias
  - manifest_envelope
  - manifest_unit_block
  - review_decision
  - decision_backlog_history
  - decision_backlog_dependency
  - decision_backlog_sweep_log

Recommended final happy-path expectation:

happy_path_final_counts:
  decision_backlog_entry: 1
  decision_backlog_history: 4_or_more_if_sweep_status_is_recorded
  decision_backlog_dependency: 0
  decision_backlog_sweep_log: explicit_value_required_by_r2
  manifest_envelope: 1
  manifest_unit_block: at_least_1_exact_value_required_by_r2
  review_decision: 1
  dot_pair_signature: 2
  cut_change_set: 1
  cut_change_set_affected_row: 1
  verify_result: 1
  canonical_address_alias: 0

If Agent chooses a sweep_log row in MARK, r2 must say so and define the exact count. If no sweep_log row is written, r2 must define it as 0 and explain why.

Gate Effect

pg_backed_dry_run_design: accepted
DR_1_to_DR_8: closed
execution_prompt_ready: false_until_r2_review
r2_scope: verification_matrix_clarity_only
code_change_allowed: false
production_action_allowed: false

Next Step

Agent should author r2 for the verification matrix only, with no execution, no code change, no production connection, no secret read, no dry-run, no deploy.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/reviews/dot-iu-cutter-v0.4-pg-backed-dry-run-design-command-review-gpt-review-2026-05-17.md