dot-iu-cutter v0.3 — Read-Observability Dry-Run Execution Report

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.3-dry-run/dot-iu-cutter-v0.3-read-observability-dry-run-execution-report-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
sovereign: User / anh Huyền
verifier: GPT (PENDING)
phase: v0.3 — read-observability DRY-RUN (isolated ephemeral env)
dry_run_status: FAIL_HARNESS_FALSE_NEGATIVE
honest_disclosure: DDL + rollback PROVEN CORRECT; 4 harness-assertion
  false-negatives (NOT DDL/projection/grant/rollback faults). NOT marked
  PASS_WITH_NOTES (per "if any fail, do not mark PASS").
production_touched: read-only only (sysid 7611578671664259111 unchanged)
self_advance: PROHIBITED — awaiting GPT review

⚠️ The proposed v0.3 SQL executed flawlessly in the isolated env (DDL rc=0; 1 role + 12 views + 13 grants; every substantive check green; rollback rc=0 restoring baseline; env torn down; production never touched). However the dry-run harness produced 4 false-negative assertions (wrong expected literal, a PostgreSQL-default fact, a multi-statement output parse bug, and an over-broad ownership guard). Per the rule "if any fail, do not mark PASS", dry_run_status = FAIL_HARNESS_FALSE_NEGATIVE. This is the [[feedback-pg-constraintdef-schema-qualified]] class — disclosed honestly, NOT papered over, NOT self-advanced.

---

§1 — Environment & Artefacts

dry_run_env: pg-dryrun-v0.3-readobs-2026-05-16  (postgres:16, ephemeral,
  NO published port, sysid 7640511494105550893 ≠ prod 7611578671664259111)
  status: torn down (docker rm -f; volume pruned; confirmed absent)
work_dir: /opt/incomex/backups/dieu44_v0_3_readobs_dryrun_20260516T152620Z/
restore_source (fresh read-only prod pg_dump):
  path: …/prod-directus-20260516T152620Z.sql
  size_bytes: 658597092
  sha256: 81542b43be06dc44b872810b6a674a13050eabd1bf52712f82ee0721ea10dcb2
extracted_DDL_sql:
  path: …/v0_3_read_observability.sql
  sha256: 065ee6d3f1aac760715cb6cc1bc8aa243d680fa20128a3c05e2b679f318e3b04
  source: verbatim from GPT-PASSed ddl-draft §3 (canonical)
extracted_rollback_sql:
  path: …/v0_3_read_observability_rollback.sql
  sha256: 059f1dcf0154eac260a0b47c08c161ee45ecb7a8b60d634349da894d7e611a5c
  source: verbatim from GPT-PASSed rollback-draft §2
orchestrator: /root/v0_3_readobs_dryrun.sh
  sha256: 4deed42f880a6e9def77dfc5bf84006e15735349e396d3717906244432485e7e
restore_noise: benign "role context_pack_readonly / incomex does not exist"
  (ownership lines; zero structural impact — same as prior phase restore tests)

§2 — Preflight (all PASS)

PROD (read-only): sysid=7611578671664259111 db=directus cg=12 rows=0
  cutter_ro=0 views=0 rls=0 pk=12 fk=19 directus(roles/pol/perm/acc)=9/8/1173/9
ENV (post-restore): cg=12, cutter_ro absent, views absent, rls=0, pk=12, fk=19
  → all preflight gates PASS

§3 — DDL Execution (SUCCESS)

command: psql -v ON_ERROR_STOP=1 -f v0_3_read_observability.sql  (env only)
psql_output: BEGIN / CREATE ROLE / COMMENT / CREATE VIEW ×12 / GRANT ×13 / COMMIT
DDL_RC: 0
created: role cutter_ro + 12 cutter_governance.v_*_observe views
         + GRANT USAGE + 12 GRANT SELECT (views only)

§4 — Verification: Substantive Result = PASS; 4 Harness False-Negatives

Substantive checks — ALL PASS

- V03 no role membership: 0
- V04 twelve views exist: 12
- V05 cutter_ro SELECT on each of 12 views: t ×12
- V06 cutter_ro NO SELECT on each of 12 base tables: f ×12
- V07 no write (INSERT/UPDATE/DELETE/TRUNCATE) on 24 relations: 0 (96 assertions)
- V08 USAGE on cutter_governance = t; CREATE on cutter_governance = f;
      USAGE on sandbox_tac = f
- V10 per-view visible-col counts exact (7/19/6/6/4/7/9/11/11/9/22/23);
      total visible columns = 134
- V11 no pg_views definition leaks any redacted column name: 0
- V09 every redacted column ABSENT from every view (30 names): 0 present
- V12 cutter_ro base-table SELECT denied = yes; base write denied = yes
- V13 all 12 views 0 rows; V14 all 12 base tables 0 rows
- V15 base count 12; PK 12; FK 19; per-base colcount unchanged
- V16 directus_collections unchanged (164); V17 no RLS (0); V18 env sysid stable
- Rollback: rc=0; cutter_ro absent; 12 views absent; base 12/PK12/FK19 intact;
  Directus unchanged; no RLS
- Teardown OK; PROD reconfirm: sysid unchanged, cg=12, no cutter_ro, no v0.3
  views, no RLS, directus_permissions=1173 unchanged

The 4 false-negatives (harness defects — NOT DDL/grant/rollback faults)

FN-1  V02_role_flags:
  reported: got "false,false,false,false,false,false" exp "f,f,f,f,f,f"
  reality: ALL SIX flags are false — cutter_ro IS NOLOGIN, NOSUPERUSER,
    NOBYPASSRLS, NOCREATEROLE, NOCREATEDB, NOREPLICATION. CORRECT & SAFE.
  defect: harness expected the wrong literal — `bool||text` renders
    'true'/'false', not psql's 't'/'f'. Pure string-format bug.
FN-2  V08_no_usage_public:
  reported: got "t" exp "f" (cutter_ro has USAGE on schema public)
  reality: PostgreSQL grants USAGE on schema `public` to PUBLIC by default
    (PG15+ revoked only CREATE, not USAGE). EVERY role — existing and future
    — already "has" this; our v0.3 DDL did NOT grant it and cannot remove it
    without a cluster-wide `REVOKE … FROM PUBLIC` (out of scope, not proposed).
    cutter_ro still has ZERO table privilege in public and ZERO base-table
    access in cutter_governance — the read-observability intent is intact.
  defect: harness assertion premise was naive (asserted a PG default as if it
    were a v0.3 over-grant). NOTE, not a finding (see §6 N-1).
FN-3  V12_funcread_* (×12):
  reported: got "SET\n0" exp "0" for each view
  reality: `psql -tAc "SET ROLE cutter_ro; SELECT count(*) …"` emitted the SET
    command tag then `0`. The SELECT under SET ROLE cutter_ro SUCCEEDED and
    returned 0 — the grant→view-owner read chain WORKS. Corroborated by the
    PASSing V12_base_select_denied=yes and V12_base_write_denied=yes.
  defect: harness captured multi-statement stdout and string-compared the
    whole blob. Parsing bug; functional reality CORRECT.
FN-4  RB_guard_owns:
  reported: got "13" exp "0" (pre-DROP-ROLE ownership guard)
  reality: pg_shdepend refobjid=cutter_ro counted the 13 ACL grant
    dependencies (deptype 'a'), NOT object ownership (deptype 'o'). The role
    owns NOTHING (views owned by workflow_admin). The rollback REVOKEs all 13
    grants BEFORE DROP ROLE, so DROP ROLE succeeded (rc=0) and the role is
    provably absent post-rollback (RB_role_absent count=0).
  defect: guard query omitted `deptype='o'` filter. Over-broad; reality clean.

§5 — Rollback Test (SUCCESS)

executed: rollback SQL (sha 059f1dcf…) single txn, rc=0
result: REVOKE ×13 / DROP VIEW ×12 / DROP ROLE → cutter_ro absent; 0 v0.3
  views; base 12 tables intact (PK12/FK19); Directus unchanged; no RLS;
  i.e. environment returned to the pre-v0.3 baseline. NO CASCADE used.
note: the FN-4 guard tripped on an over-broad query but the rollback itself
  ran correctly and cleanly (the guard is advisory; rollback proved safe).

§6 — Notes (carry to harness fix / command-review)

N-1 (from FN-2): cutter_ro inherits PostgreSQL's default PUBLIC USAGE on
  schema `public`. This is true for ALL roles cluster-wide and is NOT
  introduced by v0.3. It grants no table/data access. The production
  command-review should explicitly acknowledge this PG default; tightening it
  (REVOKE USAGE ON SCHEMA public FROM PUBLIC) is cluster-wide, risky, and
  OUT OF v0.3 SCOPE — do NOT bundle.
N-2 restore noise (context_pack_readonly / incomex role-absence) is benign and
  identical to prior phase restore tests; zero structural impact.
N-3 DDL/rollback artefacts are byte-stable; record their SHAs for the
  command-review chain (DDL 065ee6d3…; rollback 059f1dcf…).

§7 — Disposition

dry_run_status: FAIL_HARNESS_FALSE_NEGATIVE
ddl_artefact_verdict: SOUND (executed clean; every substantive assertion
  passed; rollback clean; production untouched)
defect_owner: the Agent dry-run VERIFICATION HARNESS (4 assertion bugs:
  FN-1 literal, FN-2 PG-default premise, FN-3 multi-statement parse,
  FN-4 ownership-guard breadth). NOT the DDL, projection, grants, or rollback.
marked_PASS: NO (honest; per instruction "if any fail, do not mark PASS")
production_state: SAFE & UNCHANGED (read-only; sysid 7611578671664259111;
  cg=12; no cutter_ro; no v0.3 views; no RLS; directus 9/8/1173/9 unchanged)
env: torn down; protected envs untouched
next_recommended_step: |
  GPT review of this report. Recommended remediation (NOT performed; requires
  explicit re-authorization — Agent does NOT self-advance):
    1. Fix the 4 harness assertions: FN-1 expect 'false,false,false,false,
       false,false' (or compare booleans structurally); FN-2 drop the
       public-USAGE assertion (PG default) and instead assert "no table
       privilege in public" + document N-1; FN-3 split statements / capture
       only the final result row; FN-4 filter pg_shdepend deptype='o' for the
       ownership guard.
    2. Re-authorize a single dry-run re-run with the corrected harness
       (DDL + rollback artefacts UNCHANGED — already proven; sha 065ee6d3… /
       059f1dcf…).
  No self-advance to command-review, no production action.
self_advance: PROHIBITED — awaiting GPT review.

§8 — Hard Boundaries (honored)

dry_run_only: TRUE              production_DDL: NONE
production_mutation: NONE       production_GRANT_REVOKE: NONE
directus_change: NONE           RLS_change: NONE
deploy: NONE                    CUT_or_VERIFY: NONE
prod_touched: read-only inspection + read-only pg_dump only
env_isolated_no_published_port: TRUE   env_sysid≠prod: TRUE   env_torn_down: TRUE
honest_disclosure_of_harness_defect: TRUE   marked_PASS: NO
self_advance_to_command_review: PROHIBITED
output_form: v0_3_read_observability_dry_run_execution_report

End of v0.3 read-observability dry-run execution report (DDL proven; harness false-negative; NOT marked PASS).