dot-iu-cutter v0.3 — Read-Observability Dry-Run RE-RUN Verification Results

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.3-dry-run/dot-iu-cutter-v0.3-read-observability-dry-run-rerun-verification-results-2026-05-16.md
revision: r1
date: 2026-05-16
phase: v0.3 — dry-run RE-RUN verification (env pg-dryrun-v0.3-readobs-rerun-2026-05-16)
result: ALL PASS (VERIFY_FAIL_COUNT=0)
all_4_FN_resolved: true
dry_run_status: PASS_WITH_NOTES

---

§1 — Verification Grid

ID	Check	Expected	Observed	Verdict
GATE	DDL sha == GPT-pin 065ee6d3…	match	match	PASS
GATE	rollback sha == GPT-pin 059f1dcf…	match	match	PASS
DDL	execute single txn ON_ERROR_STOP=1	rc=0	rc=0	PASS
V01	cutter_ro exists	1	1	PASS
V02	role flags structural scalar (FN-1 fix)	PASS	PASS (raw: all false)	PASS
V03	cutter_ro membership of any role	0	0	PASS
V04	12 v_*_observe views exist	12	12	PASS
V05	cutter_ro SELECT on each of 12 views	t ×12	t ×12	PASS
V06	cutter_ro NO SELECT on each of 12 base tables	f ×12	f ×12	PASS
V07	no INSERT/UPDATE/DELETE/TRUNCATE on 24 rels (96)	0	0	PASS
V08a	USAGE on cutter_governance	t	t	PASS
V08b	CREATE on cutter_governance	f	f	PASS
V08c	USAGE on sandbox_tac	f	f	PASS
N-1	USAGE on public (FN-2 fix: NOTE only)	NOTE	t (PG default)	NOTE (not a gate)
V09	30 redacted columns absent across 12 views	0 present	0 present	PASS
V10	per-view visible counts (7,19,6,6,4,7,9,11,11,9,22,23)	exact	exact	PASS
V10t	total visible columns	134	134	PASS
V11	no view definition leaks a redacted name	0	0	PASS
V12r	functional read as cutter_ro per view (FN-3 fix)	0 ×12	0 ×12	PASS
V12d1	cutter_ro base-table SELECT denied	yes	yes	PASS
V12d2	cutter_ro base-table write denied	yes	yes	PASS
V13	all 12 views 0 rows	1	1	PASS
V14	all 12 base tables 0 rows	1	1	PASS
V15a/b/c	base count 12 / PK 12 / FK 19	exact	exact	PASS
V15d	per-base column count unchanged	1	1	PASS
V16a	directus_collections unchanged	164	164	PASS
V16b	directus_permissions unchanged	1173	1173	PASS
V17	no RLS on cg tables	0	0	PASS
V18	env sysid unchanged	7640629181421084711	same	PASS
RBg1	rollback guard: members	0	0	PASS
RBg2	rollback guard: owns deptype='o' (FN-4 fix)	0	0	PASS
RB1	rollback rc	0	0	PASS
RB2	cutter_ro absent post-rollback	0	0	PASS
RB3	v0.3 views absent post-rollback	0	0	PASS
RB4	base 12 / PK12 / FK19 post-rollback	exact	exact	PASS
RB5	no RLS post-rollback	0	0	PASS
RB6	directus_collections post-rollback	164	164	PASS
TD	env teardown	OK	OK	PASS
P1	prod sysid unchanged	7611578671664259111	same	PASS
P2	prod cg unchanged	12	12	PASS
P3	prod no cutter_ro	0	0	PASS
P4	prod no v0.3 views	0	0	PASS
P5	prod no RLS	0	0	PASS
P6	prod directus_permissions unchanged	1173	1173	PASS

§2 — FN Resolution Confirmation

FN-1 (bool rendering): RESOLVED — V02 uses structural CASE→PASS scalar;
  observed PASS; raw flags echoed (all false) as INFO.
FN-2 (PUBLIC USAGE): RESOLVED — removed from fail gates; emitted as NOTE N-1
  only; no revoke; no cluster mutation.
FN-3 (multi-statement stdout): RESOLVED — PGOPTIONS '-c role=cutter_ro' yields
  a clean scalar; all 12 functional reads = 0; base SELECT/write denied.
FN-4 (ownership guard): RESOLVED — pg_shdepend filtered to deptype='o';
  owns=0; rollback guard clean; DROP ROLE succeeded.
no_false_negative_remains: TRUE

§3 — Conclusion

substantive_verdict: ALL PASS (VERIFY_FAIL_COUNT=0)
ddl_rollback: UNCHANGED, SHA-gated to GPT-pinned, proven correct again
production: read-only, unchanged; env isolated + torn down
dry_run_status: PASS_WITH_NOTES (NOTE N-1 = PG-default PUBLIC USAGE,
  documented; carry to command-review acknowledgement)
next: GPT review of the re-run report; command-review NOT yet allowed;
  Agent self-advance PROHIBITED.

End of v0.3 read-observability dry-run RE-RUN verification results.