KB-51C9
dot-iu-cutter v0.2 — P0-2 Dry-Run Execution Report (2026-05-16)
8 min read Revision 1
dot-iu-cutterdieu44v0.2p0-2dry-runpass-with-notesready-for-gpt-review
dot-iu-cutter v0.2 — P0-2 Dry-Run Execution Report
document_path: knowledge/dev/laws/dieu44-trien-khai/v0.2-dry-run/dot-iu-cutter-v0.2-p0-2-dry-run-execution-report-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
sovereign: User / anh Huyền
verifier: GPT (P0-2 dry-run review — PENDING)
phase: v0.2 — P0-2 DRY-RUN (isolated env only)
p0_2_dry_run_status: PASS_WITH_NOTES
ddl_executed_in_dry_run: true
production_ddl_executed: false
production_mutation: false
production_migration: false
deploy: false
cut_or_verify: false
self_advance_to_command_review: false
Scope: P0-2 DRY-RUN ONLY in a fresh isolated sibling environment. No production DDL / mutation / migration / deploy / CUT / VERIFY. Production was read-only (a single
pg_dump); state re-confirmed intact.
§1 — Authorization Basis
GPT P0-2 DDL-authoring review = PASS, P0_2_dry_run_allowed_after_explicit_prompt: true, production_migration_allowed: false. Explicit User prompt for the P0-2 dry-run received 2026-05-16. Controlling files: GPT DDL-authoring review + the 5-file v0.2-ddl-authoring package (DDL draft r1, verification plan, rollback draft, risk note, authoring report).
§2 — Dry-Run Environment
env_name: pg-dry-run-v0.2-p0-2-2026-05-16
posture: FRESH sibling container (preferred — safer than reuse)
image: postgres:16
volume: pg-dry-run-v0.2-p0-2-2026-05-16-data (dedicated, freshly created)
host_port: none (internal docker only; no external exposure)
db: directus user(bootstrap su): workflow_admin
dry_system_identifier: 7640333723208519724
prod_system_identifier: 7611578671664259111 # DISTINCT → proven NOT production
protected_envs_untouched:
- pg-dry-run-hb05-2026-05-15 (Up 18h, not targeted)
- pg-dry-run-v0.2-phase-alpha-2026-05-16 (Up 2h, not targeted)
isolation_guards: container-name guard, directus/prod refusal, dry-run-name
assertion, distinct system_identifier assertion, fresh-name (no clobber) guard
§3 — Restore Source (current production state: v0.1 + Phase α)
method: docker exec postgres pg_dump -U workflow_admin -d directus -Fc --no-owner --no-acl (READ-ONLY on prod)
backup_path: /root/p0-2-dryrun/prod-restore-source-2026-05-16.dump
backup_bytes: 64537613
backup_sha256: 69090bd7f96002b49fe42bfd46c1e423d3f092d2dec6c8fdab4b84827d49877a
restore: pg_restore -U workflow_admin -d directus --no-owner --no-acl (into fresh env)
restore_rc: 0
restore_stderr: empty (0 bytes)
§4 — Extracted Executable SQL Artefact
source_doc: knowledge/dev/laws/dieu44-trien-khai/v0.2-ddl-authoring/dot-iu-cutter-v0.2-p0-2-ddl-draft-2026-05-16.sql.md
extraction: verbatim §2 fenced SQL block → true .sql artefact
artefact_path: /root/p0-2-dryrun/dot-iu-cutter-v0.2-p0-2-r1.sql
artefact_bytes: 5257
artefact_sha256: 023a3be53c9d41c207cbfbae304f8e3d799f52bf90b951c20a625f9903e93eab
revision: r1 (confirmed)
content_proof: comment-stripped code = BEGIN; 2× CREATE TABLE; COMMIT;
zero forbidden tokens (no INSERT/DEFAULT/CHECK/TRIGGER/CASCADE/alias_ref/edge)
transfer_integrity: scp sha256 == local sha256 (verified both directions)
§5 — Preflight (all PASS)
| Check | Expected | Observed |
|---|---|---|
| dry DB identity ≠ prod | distinct sysid | dry 7640333723208519724 ≠ prod 7611578671664259111 ✓ |
| cutter_governance count | 6 | 6 ✓ |
| cutter_governance tables | 5 v0.1 + canonical_address_alias | canonical_address_alias, cut_change_set, cut_change_set_affected_row, decision_backlog_entry, dot_pair_signature, verify_result ✓ |
| manifest_envelope pre-DDL | ABSENT | ABSENT ✓ |
| manifest_unit_block pre-DDL | ABSENT | ABSENT ✓ |
| public.tac_logical_unit | draft / canonical-address-v1 / 86 | draft/canonical-address-v1/86 ✓ |
| sandbox_tac.logical_unit | NULL / canonical-address-v1 / 76 | NULL/canonical-address-v1/76 ✓ |
| production intact (read-only) | 6 cg tables | 6 ✓ |
§6 — DDL Execution (dry-run only)
command: docker exec pg-dry-run-v0.2-p0-2-2026-05-16 \
psql -U workflow_admin -d directus -v ON_ERROR_STOP=1 -f /tmp/p0-2.sql
transaction: single explicit BEGIN … COMMIT (artefact-internal)
on_error_stop: 1
psql_output: BEGIN / CREATE TABLE / CREATE TABLE / COMMIT
ddl_rc: 0
extra_sql_run: none (only verification SELECTs + the rollback-test DROP)
§7 — Verification & Rollback (summary; full grid in verification-results doc)
verification: ALL 20 checks PASS (V-01..V-20 + V-06n + PROD-INTACT)
rollback_test: PASS — drop manifest_unit_block then manifest_envelope (single tx, rc=0);
cutter_governance returned bit-identical to pre-P0-2 baseline (6 tables, same colcounts);
public.tac_logical_unit unchanged; production intact
two_pass_note: run 02 reported 3 COSMETIC fails (V-01/V-02/V-06) from a harness
expected-string bug (regclass renders schema-qualified); substance was correct
(table exists, FK correct, V-06n=1). Fixed in run 03 with corrected assertions;
DDL was NOT re-executed (already committed rc=0). Run 03 = 20/20 PASS.
§8 — Notes (PASS_WITH_NOTES — non-blocking, no DDL revision needed)
N1_column_count_erratum:
finding: manifest_unit_block has 13 columns in the executed DDL (and in the
unit-block design §3 field spec which lists 13 fields). The P0-2 DDL
authoring report §2/§3 and the GPT DDL-authoring review §2 prose stated 14.
authority: the executed DDL artefact (sha023a3b…, r1) and the live verified
schema are authoritative. "14" is a prose miscount, never present in any SQL.
impact: NONE on DDL correctness; column NAME-set matches design exactly.
recommendation: documentation erratum on the authoring report / review prose
(13, not 14). No DDL change. Surface to GPT.
N2_harness_assertion_bug:
finding: run-02 harness compared regclass output to unqualified names → 3
false-negative FAILs. Corrected in run-03 (schema-qualified expected values).
impact: NONE on DDL/schema; verification substance unchanged; 20/20 PASS.
N3_restore_ownership:
finding: pg_dump/pg_restore used --no-owner --no-acl; dry-run object ownership
differs from prod. Immaterial to structural verification (columns/constraints/
counts/state). Consistent with Phase α dry-run precedent.
§9 — Production Untouched Confirmation
prod_container: postgres (untargeted for any write; only pg_dump read)
prod_system_identifier_post: 7611578671664259111 (unchanged)
prod_cutter_governance_count_post: 6 (unchanged)
prod_manifest_envelope_post: ABSENT (P0-2 never reached prod)
prod_mutation: false prod_ddl: false prod_migration: false
deploy: false cut_or_verify: false
§10 — Verdict & Next Step
p0_2_dry_run_status: PASS_WITH_NOTES
verification: 20/20 PASS
rollback_test: PASS
production_remains_forbidden: true
self_advance_to_command_review: PROHIBITED
next_recommended_step: GPT review of this P0-2 dry-run package (execution report +
verification results + artefact index). Only after GPT PASS + explicit User
prompt may a production command-review lane open (separate session).
End of P0-2 dry-run execution report.