dot-iu-cutter v0.2 — P0-6 + P0-5 Remainder Verification Plan
document_path: knowledge/dev/laws/dieu44-trien-khai/v0.2-ddl-authoring/dot-iu-cutter-v0.2-p0-6-p0-5-remainder-verification-plan-2026-05-16.md
revision: r2
supersedes: r1 (2026-05-16)
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.2 — P0-6 + P0-5-remainder DDL AUTHORING REVISION (verification plan r2; NOT executed)
a1_status: RESOLVED (decision_backlog_entry PK = entry_id uuid; r2 FKs target entry_id)
ddl_executed: false
queries_executed: false
dry_run_allowed: false (until GPT r2 review PASS)
production_migration_allowed: false
⛔ Queries authored for review, NOT executed. r2 aligns the FK/column
checks with the renamed entry_id-family child columns and the confirmed
live parent PK decision_backlog_entry(entry_id). r1 of this plan is
superseded. Run only after an authorized r2 DDL execution (GPT r2 PASS +
dry-run authorization + User prompt + separate session). All read-only.
§1 — A-1 Status & Verification Intent
a1_resolved: TRUE
finding (production read-only, 2026-05-16): decision_backlog_entry PK =
PRIMARY KEY (entry_id); entry_id uuid; no decision_id column.
r2 FKs now target decision_backlog_entry(entry_id) via child columns
entry_id / from_entry_id / to_entry_id.
intent: post-DDL, confirm exactly 4 empty tables, exactly 7 in-schema FKs
(entry_id-family targets), no forbidden object, no collateral change.
§2 — Pre-Execution Hard Gate (run BEFORE the r2 DDL)
| ID |
Check |
Query (read-only) |
Expected (r2) |
| V-DBE-PK |
decision_backlog_entry PK name+type |
SELECT a.attname, format_type(a.atttypid,a.atttypmod) FROM pg_constraint c JOIN pg_attribute a ON a.attrelid=c.conrelid AND a.attnum=ANY(c.conkey) WHERE c.contype='p' AND c.conrelid='cutter_governance.decision_backlog_entry'::regclass; |
exactly entry_id / uuid |
| V-ME-PK |
manifest_envelope PK |
same pattern |
envelope_id / uuid |
| V-MUB-PK |
manifest_unit_block PK |
same pattern |
(envelope_id uuid, unit_local_id text) |
hard_gate: if V-DBE-PK != (entry_id, uuid) OR V-ME/MUB-PK mismatch →
STOP. Do NOT execute r2 DDL. Re-rev again + fresh GPT review. No workaround.
§3 — Existence Checks (post-DDL)
| ID |
Check |
Query |
Expected |
| V-01 |
review_decision exists |
SELECT to_regclass('cutter_governance.review_decision'); |
non-NULL |
| V-02 |
decision_backlog_history exists |
SELECT to_regclass('cutter_governance.decision_backlog_history'); |
non-NULL |
| V-03 |
decision_backlog_dependency exists |
SELECT to_regclass('cutter_governance.decision_backlog_dependency'); |
non-NULL |
| V-04 |
decision_backlog_sweep_log exists |
SELECT to_regclass('cutter_governance.decision_backlog_sweep_log'); |
non-NULL |
| V-05 |
all four in cutter_governance |
information_schema.tables filter on the 4 names |
4 rows |
§4 — Empty-Table Checks
| ID |
Check |
Query |
Expected |
| V-06 |
review_decision rows |
SELECT count(*) FROM cutter_governance.review_decision; |
0 |
| V-07 |
decision_backlog_history rows |
SELECT count(*) FROM cutter_governance.decision_backlog_history; |
0 |
| V-08 |
decision_backlog_dependency rows |
SELECT count(*) FROM cutter_governance.decision_backlog_dependency; |
0 |
| V-09 |
decision_backlog_sweep_log rows |
SELECT count(*) FROM cutter_governance.decision_backlog_sweep_log; |
0 |
§5 — FK Surface Checks (exactly 7 in-schema FKs; entry_id-family targets)
| ID |
Check |
Query |
Expected (r2) |
| V-10 |
enumerate all FKs on the 4 new tables |
SELECT conname, conrelid::regclass child, confrelid::regclass parent, pg_get_constraintdef(oid) FROM pg_constraint WHERE contype='f' AND conrelid IN ('cutter_governance.review_decision'::regclass,'cutter_governance.decision_backlog_history'::regclass,'cutter_governance.decision_backlog_dependency'::regclass,'cutter_governance.decision_backlog_sweep_log'::regclass); |
exactly 7 rows (list below) |
| V-10a |
review→envelope |
within V-10 |
review_decision(manifest_id) → manifest_envelope(envelope_id) |
| V-10b |
review→unit_block composite |
within V-10 |
review_decision(manifest_id, manifest_unit_local_id) → manifest_unit_block(envelope_id, unit_local_id) |
| V-10c |
review self ×2 |
within V-10 |
prior_review_decision_id, superseded_by_review_decision_id → review_decision(review_decision_id) |
| V-10d |
history→entry (r2) |
within V-10 |
decision_backlog_history(entry_id) → decision_backlog_entry(entry_id) |
| V-10e |
dependency→entry ×2 (r2) |
within V-10 |
decision_backlog_dependency(from_entry_id) → decision_backlog_entry(entry_id) and (to_entry_id) → decision_backlog_entry(entry_id) |
| V-11 |
no cross-schema FK |
every confrelid namespace = cutter_governance |
0 cross-schema |
| V-12 |
sweep_log zero FK |
filter V-10 for sweep_log |
0 rows |
| V-13 |
composite FK shape + MATCH SIMPLE |
pg_get_constraintdef of review_decision_unit_block_fk |
matches; no MATCH FULL |
| V-14 |
self-FKs present |
filter V-10 child=parent=review_decision |
exactly 2 |
§6 — Forbidden-Object Checks
| ID |
Check |
Expected |
| V-15 |
no CHECK on the 4 |
0 rows |
| V-16 |
no trigger on the 4 |
0 rows |
| V-17 |
no column DEFAULT on the 4 |
0 rows |
| V-18 |
no new PG enum type in cutter_governance |
0 rows |
| V-19 |
no new lookup table (%lookup%/%_enum%/%dieu24%) |
0 rows |
| V-20 |
enum-class columns are text (governance_event_kind, review_scope, status, verdict, reviewer_class, risk_class_assessment, change_kind, dependency_kind, trigger_kind) |
all text |
| V-21 |
column set matches r2 DDL exactly |
review_decision=25, decision_backlog_history=9 (incl entry_id, NO decision_id), decision_backlog_dependency=6 (incl from_entry_id,to_entry_id, NO *_decision_id), decision_backlog_sweep_log=10 — exact, no extra/missing |
| V-21a |
r2 rename assertion |
decision_id absent from history; from_decision_id/to_decision_id absent from dependency; entry_id/from_entry_id/to_entry_id present |
| V-22 |
PKs as specified |
review=(review_decision_id), history=(history_id), dependency=(dependency_id), sweep_log=(sweep_id) |
§7 — No-Collateral-Change Checks
| ID |
Check |
Expected |
| V-23 |
v0.1 tables unchanged (decision_backlog_entry, cut_change_set, cut_change_set_affected_row, verify_result, dot_pair_signature) |
5 tables; column counts + row counts unchanged. Note: decision_backlog_entry keeps its 6 cols / PK entry_id — r2 adds no column/constraint to it |
| V-24 |
Phase α canonical_address_alias unchanged |
unchanged |
| V-25 |
P0-2 manifest_envelope/manifest_unit_block unchanged |
unchanged |
| V-26 |
cutter_governance table count |
pre = 8 → post = 12 |
| V-27 |
public.tac_logical_unit unchanged |
identical (no column add, no row, no updated_at bump) |
| V-28 |
sandbox_tac.logical_unit unchanged |
identical |
| V-29 |
schema DDL diff |
added = 4 tables + 4 PK + 7 FK, removed = 0, no ALTER on any pre-existing object (incl. decision_backlog_entry) |
§8 — Failure / Stop Criteria
hard_stop_if:
- V-DBE-PK != (entry_id, uuid) OR V-ME/MUB-PK mismatch (pre-exec — DO NOT execute)
- any V-01..05 missing / any V-06..09 != 0
- V-10 != exactly 7 FKs as enumerated (V-10a..e)
- V-10d / V-10e not targeting decision_backlog_entry(entry_id) (r2 fix not applied)
- V-11 any cross-schema FK / V-12 any FK on sweep_log
- V-15 CHECK / V-16 trigger / V-17 DEFAULT / V-18 PG enum / V-19 lookup table
- V-20 enum col not text
- V-21 column set != r2 DDL OR V-21a finds a residual *decision_id* name (r1 leak)
- V-23/24/25 collateral change / V-27 tac_logical_unit changed / V-28 sandbox changed
- V-26 != 8→12 OR V-29 removed != 0 / ALTER on pre-existing object
escalation: on any hard_stop → halt, no self-advance, report to GPT/User,
(if post-commit) execute the r2 rollback draft.
pass_condition: pre-exec gate = (entry_id,uuid) AND V-01..29 + V-21a all Expected.
§9 — Hard Boundaries
revision: r2
r1_superseded: TRUE
queries_executed: FALSE
ddl_executed: FALSE
mutation_performed: FALSE
dry_run_allowed: FALSE (until GPT r2 review PASS)
production_migration_allowed: FALSE
read_only_plan_only: TRUE
output_form: p0_6_p0_5_remainder_verification_plan_r2
End of P0-6 + P0-5-remainder verification plan (r2, A-1 resolved).