dot-iu-cutter v0.5 fn_iu_create Canonical Path Redesign — GPT Ruling

Date: 2026-05-20 Reviewer / decision authority: GPT Reviewed phase: v0.5-fn-iu-create-canonical-path-survey-and-redesign

Verdict

macro_task_result: A_CANONICAL_FN_PATH_REDESIGN_READY
agent_behavior: PASS_CORRECT
production_mutation: NONE
canonical_path: fn_iu_create_SECURITY_DEFINER
bypass_trigger: rejected
ready_for_next_execution_package: true

The Agent correctly performed survey-first before redesign. The live gateway trigger and fn_iu_create() contract are now understood well enough to prepare a new canonical production CUT execution package.

Accepted findings

gateway:
  information_unit_and_unit_version_guarded: true
  trigger_path: trg_aa_iu_gateway_write_guard
  allowed_writers:
    - fn_iu_create
    - fn_iu_apply_edit_draft
  mode: enforced

fn_iu_create:
  security: SECURITY_DEFINER
  behavior: writes information_unit + unit_version(v1) + anchor
  rollback_only_test: PASS
  persistence_from_test: zero
  canonical_path_for_first_CUT: true

Rulings A-1..A-4

A1_canonical_GRANT_delta:
  ruling: APPROVED_FOR_COMMAND_REVIEW_AND_EXECUTION_GATE
  note: replace legacy direct table-write posture with EXECUTE on fn_iu_create path as specified in the canonical package. Do not bypass triggers.

A2_canonical_CUT_command_shape:
  ruling: APPROVED_FOR_NEXT_EXECUTION_PACKAGE
  note: use cutprod_canonical --mode production-leg-a-only-canonical; no direct INSERT.

A3_lifecycle_status_draft_vs_enacted:
  ruling: ACCEPT_DRAFT_FOR_FIRST_CANONICAL_CUT_WITH_EXPLICIT_POST_CUT_ENACTMENT_DECISION
  rationale: fn_iu_create does not expose lifecycle_status; forcing enacted now would bypass canonical path or require unratified function change. First CUT may create draft lifecycle rows if the canonical function does so. This must be surfaced in verification and followed by a separate enactment workflow/design if needed.

A4_publication_type_law:
  ruling: ADD_P_PUBLICATION_TYPE_LAW_DEFENSIVELY
  note: include p_publication_type='law' if function signature supports it; fail closed if signature differs.

Writer digest policy

writer_digest:
  prior_pin: d99a31d4...
  re_ratification_required: false_if_equivalence_fields_preserved
  equivalence_fields:
    - canonical_address
    - unit_kind
    - section_type
    - content_hash
    - idempotency_key
  requirement: execution report must prove equivalence fields remain preserved

GRANT state

legacy_GRANTs_from_failed_direct_insert_attempt:
  current_state: left_in_place_pending_redesign
  next_execution_package_requirement: explicitly decide whether to revoke, modify, or supersede them before canonical CUT
  preference: remove unnecessary direct table-write privileges if canonical EXECUTE path makes them obsolete, but only via approved command package

Authorized next macro-goal

next_phase: v0_5_first_controlled_CUT_canonical_execution_package
scope:
  - re-check live canonical function signature and trigger pins
  - prepare canonical GRANT/REVOKE package
  - retake fresh backup
  - execute canonical GRANT/REVOKE only if approved by this package and gates pass
  - execute first canonical leg-A CUT only if all gates pass
  - run immediate structural verification
  - stop before VERIFY and before post-CUT governed recording
production_write: authorized_only_inside_next_prompt_gates

Still forbidden until next prompt explicitly authorizes gated execution

forbidden_now:
  - execute production CUT
  - execute VERIFY
  - persist production rows
  - bypass gateway trigger
  - direct INSERT into information_unit/unit_version
  - deploy/restart
  - merge/push/tag
  - hard delete
  - unapproved GRANT/REVOKE

Final status

status: CANONICAL_PATH_READY__NEXT_CANONICAL_EXECUTION_PACKAGE
next_action: run_canonical_GRANT_plus_CUT_execution_macro_with_survey_first_gates