KB-7E51
dot-iu-cutter v0.2 — P0-6 + P0-5 Remainder Batch Design Master (2026-05-16)
13 min read Revision 1
dot-iu-cutterdieu44v0.2p0-6p0-5-remainderdesign-masterno-ddlpending-gpt-review
dot-iu-cutter v0.2 — P0-6 + P0-5 Remainder Batch Design Master
document_path: knowledge/dev/laws/dieu44-trien-khai/v0.2-design/dot-iu-cutter-v0.2-p0-6-p0-5-remainder-batch-design-master-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
sovereign: User / anh Huyên
verifier: GPT (P0-6 + P0-5-remainder design review — PENDING)
phase: v0.2 — P0-6 + P0-5-remainder DESIGN (LOGICAL ONLY; no DDL)
mutation_performed: false
ddl_written: false
dry_run_started: false
production_migration_allowed: false
predecessor_phase: P0-2 manifest design — GPT PASS, P0-2 LIVE (cutter_governance = 8 tables)
§1 — Objective
Produce the logical design of the remaining v0.2 schema items, as a single coordinated batch, so they can be GPT-reviewed together:
- P0-6 —
cutter_governance.review_decision(REVIEW-stage outcome SSOT; CUT pre-condition materialization;governance_eventumbrella sub-kind per Đ44 Step 3). - P0-5 remainder — the three companion tables of the Decision Backlog Registry whose
root (
decision_backlog_entry) is already live as a v0.1 table:cutter_governance.decision_backlog_historycutter_governance.decision_backlog_dependencycutter_governance.decision_backlog_sweep_log
This master coordinates six sibling documents (see §10). It re-casts the v0.1 migration
designs (migration-design/…-p0-6-… and …-p0-5-decision-backlog-entry-…) against the
now-live v0.2 reality and the v0.2 conventions established by the P0-2 set
(cutter_governance placement; in-schema FK only / soft uuid for cross-family;
empty-at-create; DROP-table rollback; STANDARD risk; GOV-gated DDL freeze).
§2 — Live Baseline (as of 2026-05-16, post P0-2 GPT-PASS)
cutter_governance_schema: LIVE
cutter_governance_table_count: 8 # all empty
v0.1 (5):
- decision_backlog_entry # ← P0-5 remainder parent (LIVE, empty)
- cut_change_set
- cut_change_set_affected_row
- verify_result
- dot_pair_signature
phase_alpha (1):
- canonical_address_alias # empty; P1 emits (INV-4)
p0_2 (2):
- manifest_envelope # ← P0-6 review target (LIVE, empty)
- manifest_unit_block # ← P0-6 unit-level review target (LIVE, empty)
rollback_executed: false
scope_expansion: false
public.tac_logical_unit:
canonical_address: SSOT (UNIQUE/NOT NULL/immutable; never written by cutter design)
authority: Phase α column {draft, enacted, runtime}
canonical_address_format_version: Phase α column (inherited only; INV-3)
Every parent this batch references is already LIVE and EMPTY in cutter_governance. No new parent table must be created first; this batch is purely additive empty tables into an existing live schema — the same operationally-proven posture as v0.1 (5-table create), Phase α (alias), and P0-2 (manifest pair).
§3 — Scope
in_scope:
- logical design of cutter_governance.review_decision (P0-6)
- logical design of cutter_governance.decision_backlog_history (P0-5 remainder)
- logical design of cutter_governance.decision_backlog_dependency (P0-5 remainder)
- logical design of cutter_governance.decision_backlog_sweep_log (P0-5 remainder)
- relationship-to-live-objects mapping (v0.1 / Phase α / P0-2)
- FK policy per table (in-schema FK only; soft uuid for cross-family)
- empty-at-create + rollback posture
- Đ32 risk-class ESTIMATE + future dry-run/verification planning note
- consolidated open-decision register (registration only; not resolution)
- design report + readiness-for-GPT-review statement
output_form: p0_6_p0_5_remainder_logical_design_set
§4 — Non-Scope
not_in_scope:
- any DDL / SQL / ALTER / CREATE / INSERT statement (logical field tables only)
- DDL-authoring lane (separate, gated on open-decision resolution + design review)
- dry-run / env provisioning
- production mutation / migration / deploy
- CUT / VERIFY execution
- alias writes (canonical_address_alias stays empty; P1)
- split/merge EXECUTION pipeline (P1)
- backfill of historical governance trail from KB closures into PG (P1/operational)
- re-opening P0-2 design (closed, LIVE)
- resolving any registered open decision (owners = councils/GPT; Agent does NOT self-close)
- self-advance to DDL authoring
§5 — Dependency Graph
LIVE & EMPTY (cutter_governance) THIS BATCH (design only)
──────────────────────────────── ────────────────────────────────────────
decision_backlog_entry ◄── in-schema FK ── decision_backlog_history (P0-5, #10)
◄── in-schema FK ── decision_backlog_dependency (P0-5, #11)
decision_backlog_sweep_log (P0-5, #12) [no FK]
manifest_envelope ◄── in-schema FK ── review_decision (P0-6, #9)
manifest_unit_block ◄── in-schema composite FK (nullable) ─┘
decision_backlog_entry ◄┄┄ soft uuid (escalation_ref) ┄┄┄┄┄┄ review_decision
cut_change_set ◄┄┄ soft uuid (P0-3 cross-link) ┄┄┄┄┄ review_decision
review_decision ◄── in-schema self-FK (re-review chain) ── review_decision
legend: ── in-schema FK (allowed; both ends in cutter_governance)
◄┄┄ soft uuid (no PG FK; cross-family decoupling, P0-2 precedent)
scope order: …Phase α (DONE) → P0-2 (DONE, LIVE) → P0-6 + P0-5-remainder (THIS, design)
post-create count (if both later enacted, gated): 8 → 9 (P0-6) → 12 (P0-5 remainder)
§6 — Schema Placement (resolved: cutter_governance)
All four tables are placed in cutter_governance. This is treated as resolved,
not re-opened:
- The v0.1 HB-01 X-1 schema-placement sign-off and the P0-2 set fixed the entire live
cutter family in
cutter_governance(8 live tables today). - Strong reason FOR co-location: the parents —
decision_backlog_entry(P0-5 root) andmanifest_envelope/manifest_unit_block(P0-6 targets) — are all already incutter_governance. Co-location is what makes the in-schema FK policy possible at all; placing these elsewhere would force every structural edge to be a cross-schema soft ref, weakening integrity for no benefit. - The v0.1 P0-5 design's "new
govschema" lean and P0-6's "TAC or new governance schema" lean are superseded by the v0.2 live reality. No strong reason otherwise exists; placement is not a blocking open decision in v0.2.
§7 — FK Policy (batch rule)
rule: prefer in-schema FK ONLY; soft uuid for cross-family / decoupling-sensitive refs
in_schema_FK_allowed_when:
- both ends physically in cutter_governance AND
- the edge is a tight structural parent-child within the SAME registry family
applied:
decision_backlog_history.decision_id -> decision_backlog_entry : in-schema FK
decision_backlog_dependency.from_decision_id-> decision_backlog_entry : in-schema FK
decision_backlog_dependency.to_decision_id -> decision_backlog_entry : in-schema FK
review_decision.manifest_id -> manifest_envelope : in-schema FK (lean; RD-1 open)
review_decision.(manifest_id,unit_local_id) -> manifest_unit_block : in-schema composite FK, NULLABLE (lean; RD-2 open)
review_decision.prior_review_decision_id -> review_decision (self) : in-schema self-FK (lean; RD-3 open)
soft_uuid_used_when: cross-family edge OR P0-2 decoupling precedent applies
applied_soft:
review_decision.escalation_ref ┄┄> decision_backlog_entry (matches P0-2 escalation_ref = soft)
review_decision.cut_change_set_ref ┄┄> cut_change_set (P0-3 cross-link; P0-3 not yet designed)
decision_backlog_sweep_log: NO entity FK at all (mirror_path is soft text)
no_cross_schema_FK: TRUE (no FK to public.* ; tac_logical_unit refs are soft uuid only)
§8 — Empty-at-Create & Rollback Posture (batch)
empty_at_create: TRUE for all four tables
- tables created with 0 rows
- NO seed data, NO DEFAULT-data, NO backfill in the create step
- historical governance trail currently lives in KB closure files +
(empty) decision_backlog_entry; PG backfill is a SEPARATE P1/operational task,
explicitly OUT OF SCOPE here
rollback_posture:
- rollback = DROP TABLE (empty) for each created table (v0.1 / Phase α / P0-2 proven)
- because tables are empty at create, rollback loses NO governance data
- the v0.1 P0-5 "history-preservation-across-rollback is HIGH-severity" concern
does NOT apply at create-time (nothing to preserve yet); it becomes a P1/operational
concern AFTER backfill — flagged for Đ32 attention, not a create-time risk
- rollback returns cutter_governance to its pre-state (8, or 9 intermediate)
§9 — Risk Class (estimate)
STANDARD for the whole batch (estimate; ratified later in the risk-review lane, not
here). Rationale: additive, empty tables into an existing live schema; no v0.1 / Phase α
/ P0-2 table touched; no CUT/VERIFY; no data mutation; only in-family in-schema FKs +
soft cross-family refs. Field-level HIGH-severity concerns inherited from the v0.1 P0-6
design (reviewer independence; cross_signed_by_dot_verifier silent omission) are
P1 / application-layer enforcement concerns, not create-time risks — surfaced for
Đ32 attention in File 6, not escalating the create risk class. Full surface table: File 6.
§10 — Sibling Documents (this set)
1 batch design master (this file)
2 dot-iu-cutter-v0.2-p0-6-review-decision-design-2026-05-16.md
3 dot-iu-cutter-v0.2-p0-5-decision-backlog-history-design-2026-05-16.md
4 dot-iu-cutter-v0.2-p0-5-decision-backlog-dependency-design-2026-05-16.md
5 dot-iu-cutter-v0.2-p0-5-decision-backlog-sweep-log-design-2026-05-16.md
6 dot-iu-cutter-v0.2-p0-6-p0-5-remainder-risk-and-dry-run-plan-2026-05-16.md
7 dot-iu-cutter-v0.2-p0-6-p0-5-remainder-design-report-2026-05-16.md
all in: knowledge/dev/laws/dieu44-trien-khai/v0.2-design/
§11 — Consolidated Open-Decision Register (registration only)
| ID | Topic | Owner | Agent lean | Blocks design review | Blocks DDL freeze |
|---|---|---|---|---|---|
| RD-1 | review_decision.manifest_id: in-schema FK vs soft uuid | GPT | in-schema FK | No | Yes |
| RD-2 | unit-level review FK: composite FK vs soft pair | GPT | nullable composite FK | No | Yes |
| RD-3 | re-review chain ref: in-schema self-FK vs soft uuid | GPT | in-schema self-FK | No | Yes |
| RD-4 | verdict enum elevation to Đ24 (cutter-local now) |
Đ24 + GPT | Đ24 confirm | No | Yes |
| RD-5 | findings 10-item completeness rule for verdict=PASS |
GPT + Đ44 | all-10-for-PASS | No | Yes |
| RD-6 | reviewer independence enforcement: app-only vs PG trigger | Đ32 + GPT | app-layer v0.1 | No | Yes |
| DBH-1 | history granularity (all fields vs status/version+critical) | GPT | status/version+critical | No | Yes |
| DBH-2 | change_kind enum: cutter-local vs Đ24 |
Đ24 + GPT | cutter-local v0.1 | No | Yes |
| DBD-1 | dependency-graph cycle detection: app vs PG trigger | GPT | app-layer v0.1 | No | Yes |
| DBD-2 | dependency_kind enum ownership |
Đ24 + GPT | cutter-local v0.1 | No | Yes |
| DBS-1 | sweep trigger_kind enum ownership |
Đ24 + GPT | cutter-local v0.1 | No | Yes |
| BATCH-1 | enum implementation: PG enum vs Đ24-lookup FK vs CHECK | Đ24 + GPT | Đ24-lookup FK | No | Yes |
schema_placement: NOT an open decision in v0.2 (resolved = cutter_governance, §6)
none_of_the_above: blocks_design_start_or_this_design_review
all_of_the_above: block_DDL_freeze
agent_self_close: FALSE (owners = councils/GPT; leans are for consideration only)
§12 — Blockers Summary (detail in File 6)
before_DDL_freeze:
- all §11 open decisions resolved/ratified by their owners
- this 7-doc batch GPT-reviewed PASS
- explicit User prompt opening the DDL-authoring lane
- (already satisfied) upstream parents LIVE: decision_backlog_entry, manifest_envelope,
manifest_unit_block — no schema prerequisite outstanding
before_dry_run:
- DDL frozen + authored + GPT-reviewed; fresh isolated env (sibling discipline,
NOT reusing protected dry-run envs); baseline backup; explicit prompt
before_production:
- dry-run 100% PASS -> HB-equivalent closure -> final-readiness review ->
command-review package -> GPT review -> fresh pre-backup (<60min) ->
explicit User production-execution prompt -> SEPARATE execution session
no_self_advance: TRUE
§13 — Hard Boundaries
no_DDL_written: TRUE
no_DDL_authoring_started: TRUE
no_SQL_executed: TRUE
no_CREATE_TABLE / ALTER / INSERT / UPDATE / DELETE: TRUE
no_dry_run: TRUE
no_dry_run_env_provisioned: TRUE
no_mutation: TRUE
no_migration: TRUE
no_production_touch: TRUE
no_CUT_or_VERIFY: TRUE
no_alias_writes: TRUE
no_backfill: TRUE
no_open_decision_self_closed: TRUE
no_existing_file_modified: TRUE
agent_self_advance: PROHIBITED
output_form: p0_6_p0_5_remainder_batch_design_master
End of P0-6 + P0-5-remainder batch design master.