KB-6883
dot-iu-cutter v0.2 — P0-2 DDL Verification Plan (2026-05-16)
8 min read Revision 1
dot-iu-cutterdieu44v0.2p0-2ddl-authoringverification-plannot-executed
dot-iu-cutter v0.2 — P0-2 DDL Verification Plan
document_path: knowledge/dev/laws/dieu44-trien-khai/v0.2-ddl-authoring/dot-iu-cutter-v0.2-p0-2-ddl-verification-plan-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.2 — P0-2 DDL AUTHORING (verification plan; NOT executed)
ddl_executed: false
queries_executed: false
⛔ These queries are authored for review, NOT executed. They are the verification gate to be run only after an authorized P0-2 DDL execution (which itself requires GPT PASS + explicit User prompt + prior dry-run authorization). Nothing here has been run against any database.
§1 — Verification Intent
Post-DDL, confirm the migration created exactly the two intended empty
tables with exactly one in-schema FK and nothing else — no constraint
class that P0-2 forbids, and no collateral change to pre-existing objects
(v0.1 tables, Phase α objects, tac_logical_unit, sandbox_tac).
All checks below are read-only (SELECT against catalogs / zero-row
counts). None mutate.
§2 — Existence Checks
| ID | Check | Query (read-only) | Expected |
|---|---|---|---|
| V-01 | manifest_envelope exists |
SELECT to_regclass('cutter_governance.manifest_envelope'); |
non-NULL |
| V-02 | manifest_unit_block exists |
SELECT to_regclass('cutter_governance.manifest_unit_block'); |
non-NULL |
| V-03 | both in cutter_governance |
SELECT table_name FROM information_schema.tables WHERE table_schema='cutter_governance' AND table_name IN ('manifest_envelope','manifest_unit_block'); |
2 rows |
§3 — Empty-Table Checks
| ID | Check | Query | Expected |
|---|---|---|---|
| V-04 | envelope row count | SELECT count(*) FROM cutter_governance.manifest_envelope; |
0 |
| V-05 | unit_block row count | SELECT count(*) FROM cutter_governance.manifest_unit_block; |
0 |
§4 — Constraint-Surface Checks
| ID | Check | Query | Expected |
|---|---|---|---|
| V-06 | exactly one FK, and it is envelope→block | SELECT conname, conrelid::regclass, confrelid::regclass FROM pg_constraint WHERE contype='f' AND connamespace='cutter_governance'::regnamespace AND conrelid IN ('cutter_governance.manifest_envelope'::regclass,'cutter_governance.manifest_unit_block'::regclass); |
exactly 1 row: manifest_unit_block → manifest_envelope |
| V-07 | no cross-schema FK from either table | same query as V-06, asserting confrelid is in cutter_governance only |
0 cross-schema rows |
| V-08 | no CHECK constraint on either table | SELECT conname FROM pg_constraint WHERE contype='c' AND conrelid IN ('cutter_governance.manifest_envelope'::regclass,'cutter_governance.manifest_unit_block'::regclass); |
0 rows |
| V-09 | no trigger on either table | SELECT tgname FROM pg_trigger WHERE tgrelid IN ('cutter_governance.manifest_envelope'::regclass,'cutter_governance.manifest_unit_block'::regclass) AND NOT tgisinternal; |
0 rows |
| V-10 | no column DEFAULT on either table | SELECT table_name, column_name, column_default FROM information_schema.columns WHERE table_schema='cutter_governance' AND table_name IN ('manifest_envelope','manifest_unit_block') AND column_default IS NOT NULL; |
0 rows |
| V-11 | PKs as specified | SELECT conrelid::regclass, conname, pg_get_constraintdef(oid) FROM pg_constraint WHERE contype='p' AND conrelid IN ('cutter_governance.manifest_envelope'::regclass,'cutter_governance.manifest_unit_block'::regclass); |
envelope PK = (envelope_id); block PK = (envelope_id, unit_local_id) |
§5 — Forbidden-Object Checks
| ID | Check | Query | Expected |
|---|---|---|---|
| V-12 | no alias_ref column |
SELECT column_name FROM information_schema.columns WHERE table_schema='cutter_governance' AND table_name IN ('manifest_envelope','manifest_unit_block') AND column_name ILIKE '%alias_ref%'; |
0 rows |
| V-13 | no edge table introduced | SELECT table_name FROM information_schema.tables WHERE table_schema='cutter_governance' AND table_name ILIKE '%edge%'; |
0 rows |
| V-14 | column set matches design exactly | compare information_schema.columns for both tables against the design field lists (envelope = 12 cols, unit_block = 14 cols) |
exact match, no extra/missing |
§6 — No-Collateral-Change Checks (pre-existing objects unchanged)
| ID | Check | Query | Expected |
|---|---|---|---|
| V-15 | v0.1 tables unchanged | SELECT table_name FROM information_schema.tables WHERE table_schema='cutter_governance' AND table_name IN ('decision_backlog_entry','dot_pair_signature','cut_change_set','cut_change_set_affected_row','verify_result'); + column-count snapshot diff vs pre-DDL |
5 rows; column counts unchanged |
| V-16 | Phase α objects unchanged | canonical_address_alias still present, row count = 0, 4 indexes intact |
unchanged |
| V-17 | cutter_governance table count |
SELECT count(*) FROM information_schema.tables WHERE table_schema='cutter_governance'; |
pre = 6 → post = 8 (6 + 2 new); no other delta |
| V-18 | public.tac_logical_unit unchanged |
column-list + count(*) + max(updated_at) snapshot diff vs pre-DDL |
identical (no column add, no row touched, no updated_at bump — P0-2 has no backfill) |
| V-19 | sandbox_tac.logical_unit unchanged |
column-list + count(*) snapshot diff vs pre-DDL |
identical |
| V-20 | schema DDL diff | added = 2 tables + 2 PK + 1 FK, removed = 0, no ALTER on any pre-existing object |
matches expectation exactly |
§7 — Failure / Stop Criteria
Treat the verification as FAIL — STOP (do not proceed to any dry-run or production step; trigger rollback per the rollback draft if post-commit) if any of the following:
hard_stop_if:
- V-01 or V-02 NULL (table missing)
- V-04 or V-05 != 0 (table not empty — INSERT leaked)
- V-06 != exactly 1 envelope->block FK (wrong/extra/missing FK)
- V-07 finds any cross-schema FK (forbidden coupling)
- V-08 finds any CHECK (forbidden constraint class)
- V-09 finds any trigger (forbidden)
- V-10 finds any DEFAULT (policy breach)
- V-12 finds an alias_ref column (GOV-3 breach)
- V-13 finds an edge table (BR-6 overbuild breach)
- V-14 column set != design (shape drift)
- V-15 / V-16 show any pre-existing object changed (collateral mutation)
- V-18 shows tac_logical_unit changed OR updated_at bumped (SSOT touched)
- V-19 shows sandbox_tac.logical_unit changed
- V-20 schema diff has removed != 0 OR any ALTER on pre-existing object
escalation: on any hard_stop -> halt, do not self-advance, report to
GPT/User, and (if post-commit) execute the rollback draft.
pass_condition: ALL of V-01..V-20 meet Expected with zero hard_stop hits.
§8 — Hard Boundaries
queries_executed: FALSE
ddl_executed: FALSE
mutation_performed: FALSE
read_only_plan_only: TRUE
output_form: p0_2_ddl_verification_plan
End of P0-2 DDL verification plan.