dot-iu-cutter v0.2 — Phase α Post-Execution Backup Verification (2026-05-16)
dot-iu-cutter v0.2 — Phase α Post-Execution Backup Verification
Path: knowledge/dev/laws/dieu44-trien-khai/v0.2-execution/dot-iu-cutter-v0.2-phase-alpha-post-execution-backup-verification-2026-05-16.md
Date: 2026-05-16
Scope: BACKUP VERIFICATION ONLY — read-only on production (backup read), isolated restore test.
Companion: dot-iu-cutter-v0.2-phase-alpha-production-handoff-status-2026-05-16.md
1. Objective
Take a fresh post-Phase-α production backup (the existing
phase_alpha_prod_20260516T022657Z.dump is a pre-migration backup, taken 2 s before
C-07, so it does not contain Phase α schema state) and prove it captures the new
Phase α schema state and is restorable.
2. Method
Executed via script artefact (per VPS-script-artefact discipline; no inline heredoc):
- Script:
/opt/incomex/backups/dieu44_phase_alpha_postexec_verify_kit/scripts/01_post_alpha_backup_verify.shsha256d0298428210533a678f00ba8828bcd3a95bcc6ede763213e7b7838b98dd10d3b - Artefact dir:
/opt/incomex/backups/dieu44_phase_alpha_postexec_verify_20260516T030821Z/(SUMMARY.txt, SHA256SUMS, logs, schema, dump) - Identity guards: production container
postgres, DBdirectus, roleworkflow_admin(rolsuper = true), PG 16.13. Restore-test container asserted distinct from production and from both protected dry-run envs before any action.
3. Fresh Post-Phase-α Production Backup
| Field | Value |
|---|---|
| Backup path | /opt/incomex/backups/dieu44_phase_alpha_postexec_verify_20260516T030821Z/phase_alpha_postexec_20260516T030821Z.dump |
| SHA256 | 213663c5739e3736b956953bc1dedfc67b847978a3e1a577744c8866ff127902 |
| Size | 64,598,945 bytes |
| Format | PostgreSQL custom (pg_dump -F c -Z 6) |
| Backup role | workflow_admin (rolsuper — the role that owns cutter_governance + sandbox_tac; directus app role lacks privilege to dump the full DB) |
| TOC entries | 2727 |
| Schema-only dump | schema/postexec_schema_20260516T030821Z.sql sha256 2c82842d1ed49ea72e0c6ee6f009b38ad8e9df09f71c4e82515a3018c23e49d5 |
4. Does the Backup Include the Phase α Objects?
Confirmed by two independent methods: (a) grep of the fresh schema-only dump,
(b) full restore into an isolated container then information_schema introspection.
| Object | In schema dump | In restored DB | Row / value check |
|---|---|---|---|
cutter_governance.canonical_address_alias |
✅ present | ✅ exists | rows = 0 (as authorized) |
public.tac_logical_unit.authority |
✅ present | ✅ column exists | draft = 86 |
public.tac_logical_unit.canonical_address_format_version |
✅ present | ✅ column exists | canonical-address-v1 = 86 |
sandbox_tac.logical_unit.authority |
✅ present (table) | ✅ column exists | (sandbox: all null = 76) |
sandbox_tac.logical_unit.canonical_address_format_version |
✅ present (table) | ✅ column exists | canonical-address-v1 = 76 |
object_presence_missing = 0. The fresh backup fully captures Phase α schema state.
5. Restore Test
Performed: YES — result PASS.
| Field | Value |
|---|---|
| Restore-test container | pg-restore-test-postalpha-20260516T030821Z |
| Volume | pg-restore-test-postalpha-20260516T030821Z-data |
| Image | postgres:16 |
| Published host port | none (fully isolated, no inbound exposure) |
| Identity | Brand-new ephemeral env created by the verification script; NOT a protected dry-run env, NOT production |
pg_restore exit code |
1 (tolerated — see §6) |
pg_restore error lines |
1 |
| Object + row verification | PASS (all 9 introspection checks: 5 object-existence + 4 row/value counts) |
| Teardown | Ephemeral container + volume removed by the script after verification. Both protected dry-run envs confirmed still UP. |
6. Restore Error — Benign, Explained
The single pg_restore error:
pg_restore: error: could not execute query: ERROR: role "directus" does not exist
This is an expected, benign artefact of restoring into a fresh container that has no
directus application role. The restore ran with --no-owner --no-privileges; one
ownership/GRANT statement referencing the directus role could not apply. It has zero
impact on schema or data — all schema objects and all row/value checks restored
correctly. It does not indicate backup corruption or data loss. The restore test is
therefore graded PASS by object/row evidence, not by pg_restore exit code.
7. Production Integrity
- Read-only probe taken before and after all backup/restore activity.
diff(pre_probe, post_probe)= IDENTICAL (production_untouched = YES).- Production state unchanged:
pub_authority draft=86,pub_cafv v1=86,sbx_authority null=76,sbx_cafv v1=76,alias_rows=0,cg_table_count=6,pub_max_updated_at = 2026-05-16 02:27:27.789235+00. - The only operation performed against production was a read-only backup
(
pg_dump). No DDL, no migration, no data mutation, no CUT/VERIFY, no alias writes.
8. Backup Verification Status
backup_verification_status = PASS
- Fresh post-Phase-α backup created and SHA256-pinned.
- Backup proven to contain full Phase α schema state (2 independent methods).
- Backup proven restorable in an isolated, port-less ephemeral environment.
- Production confirmed untouched except read-only backup.
- Protected dry-run envs untouched.