KB-E9B0

dot-iu-cutter v0.3 — Read-Observability View Projection Spec (per-table VISIBLE/REDACTED) (2026-05-16)

8 min read Revision 1

dot-iu-cutterdieu44v0.3ddl-authoringview-projectionredactiondesign-only

dot-iu-cutter v0.3 — Read-Observability View Projection Spec

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.3-ddl-authoring/dot-iu-cutter-v0.3-read-observability-view-projection-spec-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.3 — DDL AUTHORING (projection spec; authoring only)
status: authored_for_gpt_review
redaction_basis: ratified Agent list (B-2) + REVIEW fields default REDACTED

Column-exact projection for each of the 12 v_*_observe views. Base column counts taken from the read-only production inspection (2026-05-16). Every base column is classified VISIBLE (in the view) or REDACTED (omitted). Sum(VISIBLE)+Sum(REDACTED) == base column count for every table.

§1 — Redaction Rule Applied

redacted_by_default (B-2 ratified):
  crypto/integrity: signature_payload, payload_envelope, payload_hash
  control_tokens:   rollback_key, idempotency_key
  raw_state:        before_state_snapshot, after_state_snapshot
  identity_PII:     reviewer_identity, reviewer_independence_evidence
  arbitrary/large jsonb: decision_backlog_entry.payload, *.findings,
                    change_diff, source_span, payload_summary,
                    candidate_edges, report_summary
  REVIEW narrative (default REDACTED in v0.3): every `rationale`,
                    every `*_reason` narrative (rollback_reason,
                    revocation_reason), verdict_rationale, every `scenario_ref`
identity-ish kept VISIBLE (NOT narrative): rollback_initiated_by, revoked_by,
  created_by, swept_by, changed_by, decided_by, emitted_by, reviewer

§2 — Per-Table Projection

v_canonical_address_alias_observe  (base 9 → VISIBLE 7 / REDACTED 2)
  VISIBLE: alias_id, target_unit_id, alias_text, alias_kind, valid_from,
           valid_until, created_by
  REDACTED: rationale, scenario_ref

v_cut_change_set_observe  (base 24 → VISIBLE 19 / REDACTED 5)
  VISIBLE: change_set_id, manifest_id, manifest_version, review_decision_id,
           executor_tool_revision, verifier_tool_revision, tool_revision_match,
           executor_signature_id, verifier_signature_id, state, cut_started_at,
           cut_committed_at, rolled_back_at, affected_unit_count,
           rollback_initiated_by, decision_backlog_entry_id, emitted_by,
           version, risk_class
  REDACTED: rollback_key, payload_summary, rollback_reason, idempotency_key,
           scenario_ref

v_cut_change_set_affected_row_observe  (base 8 → VISIBLE 6 / REDACTED 2)
  VISIBLE: affected_row_id, change_set_id, target_table, target_row_id,
           operation_kind, applied_at
  REDACTED: before_state_snapshot, after_state_snapshot

v_decision_backlog_dependency_observe  (base 6 → VISIBLE 6 / REDACTED 0)
  VISIBLE: dependency_id, from_entry_id, to_entry_id, dependency_kind,
           created_at, created_by
  REDACTED: (none)

v_decision_backlog_entry_observe  (base 6 → VISIBLE 4 / REDACTED 2)
  VISIBLE: entry_id, kind, status, emitted_at
  REDACTED: payload, scenario_ref

v_decision_backlog_history_observe  (base 9 → VISIBLE 7 / REDACTED 2)
  VISIBLE: history_id, entry_id, entry_version_before, entry_version_after,
           change_kind, changed_by, changed_at
  REDACTED: change_diff, rationale

v_decision_backlog_sweep_log_observe  (base 10 → VISIBLE 9 / REDACTED 1)
  VISIBLE: sweep_id, swept_at, swept_by, trigger_kind,
           entries_evaluated_count, entries_re_surfaced_count,
           escalations_routed_count, mirror_regenerated_at, mirror_path
  REDACTED: findings

v_dot_pair_signature_observe  (base 16 → VISIBLE 11 / REDACTED 5)
  VISIBLE: signature_id, signature_kind, signer_dot_id, signer_tool_revision,
           signed_at, cross_reference_change_set_id,
           cross_reference_verify_result_id, validation_state, revoked_at,
           revoked_by, prior_signature_id
  REDACTED: payload_hash, payload_envelope, signature_payload,
           revocation_reason, scenario_ref

v_manifest_envelope_observe  (base 12 → VISIBLE 11 / REDACTED 1)
  VISIBLE: envelope_id, operation_kind, status, source_doc_ref, escalation_ref,
           cut_change_set_ref, created_by, created_at, reviewer, reviewed_at,
           superseded_by_envelope_id
  REDACTED: rationale

v_manifest_unit_block_observe  (base 13 → VISIBLE 9 / REDACTED 4)
  VISIBLE: envelope_id, unit_local_id, block_role, render_order,
           target_unit_id, proposed_canonical_address, proposed_authority,
           decision_backlog_ref, created_at
  REDACTED: source_span, payload_summary, candidate_edges, report_summary

v_review_decision_observe  (base 25 → VISIBLE 22 / REDACTED 3)
  VISIBLE: review_decision_id, governance_event_kind, manifest_id,
           manifest_version, review_scope, manifest_unit_local_id, status,
           verdict, reviewer_class, risk_class_assessment, escalation_ref,
           cut_change_set_ref, prior_review_decision_id,
           superseded_by_review_decision_id, decision_at, decided_by,
           tool_revision, review_duration_ms, cross_signed_by_dot_verifier,
           version, created_at, updated_at
  REDACTED: findings, reviewer_identity, reviewer_independence_evidence

v_verify_result_observe  (base 26 → VISIBLE 23 / REDACTED 3)
  VISIBLE: verify_result_id, change_set_id, manifest_id, manifest_version,
           review_decision_id, verify_kind, axis_1_status, axis_1_drift_count,
           axis_1_drift_unit, axis_2_status, verdict, executor_signature_id,
           verifier_signature_id, executor_tool_revision,
           verifier_tool_revision, tool_revision_match, escalation_ref,
           verified_at, state, rollback_triggered,
           rollback_change_set_id_triggered, prior_verify_result_id,
           canonicalization_rule_used
  REDACTED: findings, verdict_rationale, scenario_ref

§3 — Projection Arithmetic (must hold in verification)

View	Base cols	VISIBLE	REDACTED
v_canonical_address_alias_observe	9	7	2
v_cut_change_set_observe	24	19	5
v_cut_change_set_affected_row_observe	8	6	2
v_decision_backlog_dependency_observe	6	6	0
v_decision_backlog_entry_observe	6	4	2
v_decision_backlog_history_observe	9	7	2
v_decision_backlog_sweep_log_observe	10	9	1
v_dot_pair_signature_observe	16	11	5
v_manifest_envelope_observe	12	11	1
v_manifest_unit_block_observe	13	9	4
v_review_decision_observe	25	22	3
v_verify_result_observe	26	23	3
Total	164	134	30

invariant: for each view, count(view columns) == VISIBLE and every REDACTED
  name is ABSENT from the view (asserted in the verification plan).
no_redacted_jsonb_or_secret_leaks_via_alias: views select bare columns only;
  no expression re-exposes a redacted column.

§4 — Non-Scope

executed: NONE (spec only). No view created. Directus field perms NOT used
  (B-6 = PG views; Directus field permissions deferred). self_advance: PROHIBITED

End of v0.3 read-observability view projection spec.