dot-iu-cutter v0.3 — Read-Observability Dry-Run Verification Results

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.3-dry-run/dot-iu-cutter-v0.3-read-observability-dry-run-verification-results-2026-05-16.md
revision: r1
date: 2026-05-16
phase: v0.3 — dry-run verification grid (env pg-dryrun-v0.3-readobs-2026-05-16)
substantive_result: ALL PASS
harness_false_negatives: 4 (FN-1..FN-4 — not DDL/grant/rollback faults)
dry_run_status: FAIL_HARNESS_FALSE_NEGATIVE (NOT marked PASS)

---

§1 — Verification Grid

ID	Check	Expected	Observed	Verdict
V01	cutter_ro exists	1	1	PASS
V02	role flags canlogin/super/bypassrls/createrole/createdb/replication	all false	false,false,false,false,false,false	PASS (FN-1: harness expected 'f' literal)
V03	cutter_ro membership of any role	0	0	PASS
V04	12 v_*_observe views exist	12	12	PASS
V05	cutter_ro SELECT on each of 12 views	t ×12	t ×12	PASS
V06	cutter_ro NO SELECT on each of 12 base tables	f ×12	f ×12	PASS
V07	cutter_ro no INSERT/UPDATE/DELETE/TRUNCATE on 24 rels (96)	0	0	PASS
V08a	USAGE on cutter_governance	t	t	PASS
V08b	CREATE on cutter_governance	f	f	PASS
V08c	USAGE on schema public	(asserted f)	t	PASS-as-NOTE (FN-2: PG default PUBLIC USAGE; not v0.3-introduced)
V08d	USAGE on sandbox_tac	f	f	PASS
V09	30 redacted columns absent across 12 views	0 present	0 present	PASS
V10	per-view visible col counts (7,19,6,6,4,7,9,11,11,9,22,23)	exact	exact	PASS
V10t	total visible columns	134	134	PASS
V11	no view definition leaks a redacted name	0	0	PASS
V12r	functional SET ROLE read of each view (count)	0 ×12	0 ×12 (read succeeded)	PASS (FN-3: harness mis-parsed "SET\n0")
V12d1	cutter_ro base-table SELECT denied	yes	yes	PASS
V12d2	cutter_ro base-table write denied	yes	yes	PASS
V13	all 12 views 0 rows	1	1	PASS
V14	all 12 base tables 0 rows	1	1	PASS
V15a	base table count	12	12	PASS
V15b	PK count (cutter_governance)	12	12	PASS
V15c	FK count (cutter_governance)	19	19	PASS
V15d	per-base column count unchanged	1	1	PASS
V16	directus_collections unchanged	164	164	PASS
V17	no RLS on cg tables	0	0	PASS
V18	env sysid unchanged	7640511494105550893	same	PASS
RBg1	rollback guard: members	0	0	PASS
RBg2	rollback guard: owns (deptype)	(asserted 0)	13	PASS-as-FN-4 (counted 13 ACL deps, not ownership; role owns nothing)
RB1	rollback rc	0	0	PASS
RB2	cutter_ro absent post-rollback	0	0	PASS
RB3	v0.3 views absent post-rollback	0	0	PASS
RB4	base 12 / PK12 / FK19 post-rollback	exact	exact	PASS
RB5	no RLS post-rollback	0	0	PASS
RB6	directus_collections post-rollback	164	164	PASS
TD	env teardown	OK	OK	PASS
P1	prod sysid unchanged	7611578671664259111	same	PASS
P2	prod cg unchanged	12	12	PASS
P3	prod no cutter_ro	0	0	PASS
P4	prod no v0.3 views	0	0	PASS
P5	prod no RLS	0	0	PASS
P6	prod directus_permissions unchanged	1173	1173	PASS

§2 — Interpretation

substantive_assertions: ALL PASS — the DDL creates exactly 1 NOLOGIN
  least-priv role + 12 correctly-projected views + 13 view-only grants;
  redaction exact (134 visible / 30 redacted absent / no viewdef leak);
  cutter_ro can read views, CANNOT read base tables, CANNOT write anything;
  base tables/Directus/RLS untouched; rollback fully reversible; production
  read-only and unchanged.
the_4_FN: V02 (wrong expected literal), V08c (PG-default PUBLIC USAGE asserted
  as if v0.3-introduced), V12r (multi-statement stdout parse), RBg2 (ownership
  guard counted ACL deps not deptype='o'). None is a DDL/projection/grant/
  rollback fault — all are harness-assertion defects.
conclusion: DDL artefact SOUND; harness must be corrected and the dry-run
  re-run under fresh authorization before PASS can be claimed. NOT marked PASS.

End of v0.3 read-observability dry-run verification results.