dot-iu-cutter v0.3 / App-Tooling — Next-Phase Routing Note

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.2-planning/dot-iu-cutter-v0.3-app-tooling-routing-note-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: post-v0.2 ROUTING NOTE (planning pointer only — NOT a design, NOT a build)
status: no_runtime_work_authorized

⛔ No runtime / app / tooling / integration work is authorized yet. This note only routes what could come next for a future scoping decision. Every workstream below is gated on its own design → GPT review → dry-run → command-review → execution chain, plus an explicit User prompt. Agent self-advance to any of these is PROHIBITED.

---

§1 — Where We Are

schema_layer: DONE  (v0.2 structural schema complete — 12 cutter_governance
  tables, all empty, GPT-ratified 2026-05-16)
next_layer: app / tooling / integration DESIGN
runtime_authorized: false

The structural foundation (entry/backlog family, signing, change-set, verify, manifest, review_decision, canonical-address alias) exists and is empty. The next layer is the runtime that uses it — but that layer is design-first and unauthorized until reviewed.

§2 — Candidate Workstreams (unordered catalogue)

1. cutter_agent_write_path:
   the authorized agent path that creates cut_change_set / affected_row /
   decision_backlog_entry rows. First writer into the empty schema.
2. canonicalization_library_runtime:
   runtime that produces/resolves canonical_address + canonical_address_alias
   (alias coining, validity windows). Today alias table is empty.
3. signing_scheme_runtime:
   dot_pair_signature production/verification (executor/verifier pair,
   prior_signature lineage) — the dual-signature mechanism.
4. signal_routing:
   how backlog entries (decision_backlog_entry) are emitted, swept
   (decision_backlog_sweep_log), and chained (history / dependency).
5. directus_permissions_RLS_read_roles:
   expose the 12 tables safely — read roles, row-level security, no UI write
   path until governed. Currently NOT configured.
6. api_tooling_integration:
   external/tooling API surface over manifest + review_decision + verify_result.
7. integration_tests_and_dry_run_CUT_VERIFY:
   end-to-end CUT/VERIFY exercised in an isolated dry-run env (NEVER production)
   before any production CUT/VERIFY is ever proposed.

§3 — Explicit Authorization State

authorized_now: NOTHING in §2 (closeout only)
not_authorized:
  - production CUT
  - production VERIFY
  - data writes into cutter_governance
  - Qdrant / vector mutation
  - app / tooling deploy or integration
  - Directus permissions / RLS / UI changes
  - any further schema migration
  - self-advance to v0.3 or any runtime phase
each_workstream_gate: own design → GPT review → dry-run → command-review →
  production-execution chain + explicit User prompt + separate session

§4 — Recommended Next First Step

recommendation: begin with the LOWEST-RISK, read-side, reversible workstream:
  #5 directus_permissions_RLS_read_roles  (read-only exposure design)
why:
  - the schema is empty, so a read-role/RLS design carries no data risk
  - it unblocks safe inspection/observability of the new tables without any
    write path or runtime build
  - it is independent of the canonicalization / signing runtime decisions,
    which are heavier and should be scoped after the data model is observable
  - natural precursor to #6 (API/tooling) and #7 (integration tests)
deliverable_of_that_step: a DESIGN document only (no Directus change), authored
  for GPT review. Directus permission/RLS changes themselves remain forbidden
  until that design is reviewed and explicitly authorized.
alternative_if_user_prioritises_function_over_safety_ordering:
  #1 cutter_agent_write_path design (defines the first governed writer) — higher
  conceptual risk, still design-only, also acceptable as a starting scope.
agent_action_now: NONE. Await explicit User direction + GPT review before any
  workstream design begins. Self-advance PROHIBITED.

End of v0.3 / app-tooling next-phase routing note (no runtime authorized).