Incomex AI Portal
KB-19AA

dot-iu-cutter v0.5 Constitution Source Seed From Snapshot — GPT Command Review Ruling

6 min read Revision 1
dot-iu-cutterv0.5constitution-fixturesource-seed-from-snapshotcommand-reviewgpt-rulingrequired-patchsnapshot-bound-identitydieu442026-05-18

dot-iu-cutter v0.5 Constitution Source Seed From Snapshot — GPT Command Review Ruling

Date: 2026-05-18 Reviewer / decision authority: GPT Reviewed package: knowledge/dev/laws/dieu44-trien-khai/v0.5-constitution-source-document-seed-from-snapshot-authoring/

Reviewed files:

files:
  - dot-iu-cutter-v0.5-constitution-source-seed-from-snapshot-operational-framing-2026-05-18.md
  - dot-iu-cutter-v0.5-constitution-source-seed-from-snapshot-DML-draft-2026-05-18.sql.md
  - dot-iu-cutter-v0.5-constitution-source-seed-from-snapshot-rollback-draft-2026-05-18.sql.md
  - dot-iu-cutter-v0.5-constitution-source-seed-from-snapshot-verification-plan-2026-05-18.md
  - dot-iu-cutter-v0.5-constitution-source-seed-from-snapshot-authoring-report-2026-05-18.md

Verdict

source_seed_from_snapshot_authoring_package: PASS_WITH_REQUIRED_PATCH
agent_behavior: PASS_CORRECT
snapshot_bound_identity: PASS
forbidden_respected: true
DML_executed: false
execution_approved_now: false
reason_execution_not_yet_approved: DML_should_not_depend_on_DB_sha256_function_for_document_version_id

The package is directionally correct and should proceed after a small DML revision. It correctly binds source_document_version.content_checksum to the pinned snapshot artifact, not the mutable live page.

Accepted design choices

accepted:
  snapshot_artifact_path: knowledge/dev/laws/dieu44-trien-khai/snapshots/constitution/constitution-normalized-17660443e0f23e99.md
  snapshot_revision: 1
  content_checksum: 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c
  normalized_content_length: 17522
  marker_counts: "✅19 📋1 📝1 ⛔1"
  parser_profile_ref: nuxt-incomex-portal-constitution-v1
  parser_reference_implementation: nuxt-incomex-portal-constitution-v1.refimpl.r1
  source_document_ref: incomex-constitution
  address_docprefix: ICX-CONST
  supersedes_document_version_id: null
  live_url_role: discovery_only

The deterministic document version id rule remains unchanged:

document_version_id_rule: "icxconst- + left(sha256(content_checksum || '|' || source_document_ref), 32)"
expected_document_version_id: icxconst-008a06ace23a96ea6cd456146e805c97

Required patch before execution approval

The current DML computes document_version_id inside PostgreSQL using sha256((...)::bytea). This introduces an avoidable runtime dependency on a database function/extension, likely pgcrypto, which was not confirmed in this authoring phase.

For operational safety, the execution DML must use the precomputed literal value:

'text literal: icxconst-008a06ace23a96ea6cd456146e805c97'

and keep the deterministic derivation in comments/report/verification.

required_patch:
  replace_runtime_DB_sha256_computation: true
  use_literal_document_version_id: icxconst-008a06ace23a96ea6cd456146e805c97
  keep_derivation_in_comments: true
  keep_verification_check_that_literal_matches_rule: true

Reason:

reason:
  - avoids hidden dependency on pgcrypto/sha256(bytea)
  - deterministic id was already computed and documented
  - execution should not fail for an avoidable function availability issue
  - snapshot rehash remains the real integrity gate

Alternative allowed only if Agent proves sha256(bytea) exists in production during precheck, but GPT prefers the literal value to keep execution minimal and predictable.

Rulings on open decisions

OPEN_DECISION_1_version_status:
  ruling: USE_snapshot_captured
  reason: version identity is a pinned normalized snapshot artifact; this value is more accurate than fetched

OPEN_DECISION_2_retrieval_timestamp:
  ruling: USE_snapshot_capture_timestamp
  value: 2026-05-18T13:03:03Z
  reason: timestamp describes the capture event; not part of identity

OPEN_DECISION_3_source_format:
  ruling: USE_normalized_snapshot
  reason: content_checksum is the normalized snapshot region hash; upstream medium is recorded in provenance

Required revised package

Open a narrow revision phase:

next_phase: v0_5_constitution_source_seed_from_snapshot_DML_revision
nature: DML_revision_only__no_execution

Scope:

scope:
  - patch DML draft to use literal document_version_id
  - update verification plan to check literal == expected deterministic rule value
  - incorporate GPT rulings on version_status/retrieval_timestamp/source_format
  - preserve all snapshot rehash prechecks
  - preserve rollback plan

Do not execute DML in the revision phase.

Still forbidden

still_forbidden:
  - source_document INSERT execution
  - source_document_version INSERT execution
  - DML execution before revised command-review approval
  - checksum persistence/update into registry
  - Constitution dry-run
  - CUT
  - VERIFY
  - schema change
  - GRANT/REVOKE
  - Directus mutation
  - deploy/restart
  - git commit
  - self-advance to execution

Final status

status: SNAPSHOT_BOUND_SEED_PACKAGE_PASS_WITH_REQUIRED_DML_PATCH
next_action: revise_DML_to_use_literal_document_version_id_then_route_for_final_command_review
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/reviews/dot-iu-cutter-v0.5-constitution-source-seed-from-snapshot-command-review-gpt-ruling-2026-05-18.md