Incomex AI Portal
KB-2B22

dot-iu-cutter v0.4 PG-backed Dry-run RERUN#2 dot_pair_signature_check — GPT Review

6 min read Revision 1
dot-iu-cutterreviewv0.4dry-run-faildot_pair_signatureschema-contractcode-fix-nextgit-ssothardcode-control

dot-iu-cutter v0.4 — PG-backed Dry-run RERUN#2 dot_pair_signature_check GPT Review

Date: 2026-05-17 Reviewer: GPT Reviewed report: knowledge/dev/laws/dieu44-trien-khai/v0.4-db-adapter-dry-run/dot-iu-cutter-v0.4-pg-backed-dry-run-RERUN2-EXECUTION-FAIL-dot-pair-signature-check-2026-05-17.md

Verdict

pg_backed_dry_run_rerun2_result: FAIL_ACCEPTED
agent_behavior: PASS_CORRECT
orchestrator_hygiene_remediation: PASS
stale_dump_removal: PASS
uuid_json_fix_db4aa58: VALIDATED
new_root_cause: DOT_991_signature_missing_cross_reference_change_set_id
schema_binding_defect: partial_for_dot_pair_signature_write
deployed_schema_constraint: dot_pair_signature_check_XOR
harness_defect: false
production_touched: false
pg_backed_dry_run_blocked: true
next_phase: DOT_pair_signature_cross_reference_fix

The dry-run made further meaningful progress. The previous UUID JSON failure is gone and execution reached the dot_pair_signature INSERT. The new failure is a real server-enforced schema contract defect: DOT-991 executor signature row must populate cross_reference_change_set_id, while DOT-992 verifier signature row must populate cross_reference_verify_result_id.

Accepted Failure Finding

first_failed_scenario: S7_VERIFY
constraint: cutter_governance.dot_pair_signature_check
constraint_semantics:
  - exactly_one_of_cross_reference_change_set_id_or_cross_reference_verify_result_id_must_be_non_null
failing_row:
  lane: DOT-991_executor
  cross_reference_change_set_id: null
  cross_reference_verify_result_id: null_or_not_expected_for_executor
required_fix:
  DOT_991_executor_signature_must_reference_cut_change_set_id
  DOT_992_verifier_signature_must_reference_verify_result_id

Accepted Validations From This Run

orchestrator_ACCEPTED_pin_fixed: true
current_run_prod_dump_shredded_on_fail_path: true
stale_previous_prod_dump_removed: true
MARK_real_DB_write: passed
SWEEP_real_DB_write: passed
REVIEW_real_DB_write: passed
CUT_UUID_JSON_fix: passed_enough_to_reach_signature_insert
forbidden_SQL_surface: none_seen
hardcode_or_label_issue: none_new
production_sysid_unchanged: true
protected_envs_untouched: true

Required Next Phase

Open a bounded code-authoring phase:

phase: v0_4_DOT_pair_signature_cross_reference_fix
nature: code_authoring_with_tests

Allowed scope:

modify_allowed:
  - iu-cutter/cutter_agent/ledger.py
  - iu-cutter/cutter_agent/phases.py
  - iu-cutter/tests/test_schema_binding_contract.py
  - iu-cutter/tests/test_phase_contracts.py
  - optionally iu-cutter/tests/test_dot_pair_signature_contract.py
  - optionally iu-cutter/cutter_agent/schema_binding.py_if_shared_lane_reference_helper_needed
modify_forbidden_unless_STOP_and_explain:
  - iu-cutter/cutter_agent/db_adapter.py
  - iu-cutter/cutter_agent/state_machine.py
  - iu-cutter/cutter_agent/idempotency.py
  - iu-cutter/cutter_agent/signing.py
  - iu-cutter/cutter_agent/signal.py
  - iu-cutter/cli.py

Fix Requirements

requirements:
  - DOT_991_executor_signature_row_sets_cross_reference_change_set_id
  - DOT_991_executor_signature_row_leaves_cross_reference_verify_result_id_null
  - DOT_992_verifier_signature_row_sets_cross_reference_verify_result_id
  - DOT_992_verifier_signature_row_leaves_cross_reference_change_set_id_null
  - dot_pair_signature_check_XOR_satisfied_by_schema_contract_tests
  - no_change_to_row_counts_or_r3_baseline
  - no_change_to_principal_routing
  - no_change_to_db_adapter_transaction_lifecycle
  - no_change_to_signature_stub_semantics_except_reference_columns
  - no_hardcoded_DSN_password_IP_container_vector_collection
  - no_runtime_label_or_metadata_key_hardcoding

GPT-preferred fix:

preferred_fix:
  - thread_cut_change_set_id_from_CUT_result_to_DOT_991_signature_write_if_not_already_available
  - thread_verify_result_id_to_DOT_992_signature_write_if_not_already_available
  - keep_reference_selection_lane_explicit_and_schema_contract_tested
  - avoid_generic_magic_mapping_unless_centralized_in_schema_binding_with_tests

Test Requirements

tests_required:
  - DOT_991_signature_payload_has_change_set_reference_only
  - DOT_992_signature_payload_has_verify_result_reference_only
  - contract_test_enforces_dot_pair_signature_XOR_shape
  - full_MARK_SWEEP_REVIEW_CUT_VERIFY_inmemory_probe_still_15_rows
  - existing_117_tests_still_PASS
  - no_hardcode_static_grep_result

Tests may use InMemory rows and schema-contract fixture. Do not connect to production.

Metadata / Label Extensibility Reminder

metadata_label_mandate_still_binding: true
no_runtime_label_key_hardcoding: true
no_new_label_columns_in_this_cycle: true
SQL_SSOT_for_identity_lifecycle_governance_audit: true
JSONB_payload_not_hidden_authority: true
vector_store_not_authority: true
future_label_registry_design_required_before_large_scale_labeling: true

Git SSOT / Hardcode Control

repo: /opt/incomex/dot
vps_is_code_SSOT: true
must_use_scoped_git_add: true
never_git_add_A: true
must_commit_before_phase_close: true
must_not_commit_unrelated_WIP: true
completion_report_must_include:
  - branch
  - parent_commit
  - new_commit_hash
  - files_changed
  - git_status_short_scoped_iu_cutter
  - test_command_and_result
  - no_hardcode_static_grep_result
  - metadata_label_hardcoding_absent_statement

Still Forbidden

forbidden:
  - PG_backed_dry_run_rerun_before_code_PASS
  - production_connection
  - production_secret_read
  - production_row_write
  - production_CUT_VERIFY
  - deploy_or_restart
  - schema_migration
  - index_DDL
  - JSONB_normalization
  - vector_integration
  - label_registry_schema_change

Status

ready_for_DOT_pair_signature_cross_reference_fix_prompt: true
agent_self_advance_to_dry_run_after_fix: prohibited_without_GPT_code_review
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/reviews/dot-iu-cutter-v0.4-pg-backed-dry-run-rerun2-dot-pair-signature-check-gpt-review-2026-05-17.md