Incomex AI Portal
KB-7F26

dot-iu-cutter v0.3 — Post-Execution Backup Verification (post-v0.3 backup + restore test PASS) (2026-05-16)

7 min read Revision 1
dot-iu-cutterdieu44v0.3read-observabilitybackup-verificationrestore-testcloseout

dot-iu-cutter v0.3 — Post-Execution Backup Verification

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.3-execution/dot-iu-cutter-v0.3-post-execution-backup-verification-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.3 — CLOSEOUT backup verification (read-only + ephemeral restore test)
authorization: GPT v0.3 execution review = PASS + User closeout prompt
  (allowed: read-only checks, fresh post-v0.3 backup, restore test, teardown)
production_mutation: NONE
backup_verification_status: PASS

✅ Fresh post-v0.3 backup taken (read-only pg_dump), content-checked, and isolated-restore-tested. Restore-test env torn down. Production was NOT mutated (sysid identical before and after; only read-only pg_dump + catalog SELECTs touched production).

§1 — Method & Provenance

script_artefact: /root/v0_3_closeout_verify.sh
  local_sha256:  6c37872a5dfdb5cc00b1b58583f97654b8d04e858cfa0972c15ce1d1ecdd9679
  remote_sha256: 6c37872a5dfdb5cc00b1b58583f97654b8d04e858cfa0972c15ce1d1ecdd9679
  provenance: authored locally, scp'd, sha256-gated end-to-end (MATCH),
    identity-guarded (sysid abort), fully logged — no inline SSH heredoc
host: VPS 38.242.240.89 ; container: postgres ; db: directus
run_window_utc: 2026-05-16T23:33:17Z → 2026-05-16T23:34:53Z
work_dir: /opt/incomex/backups/dieu44_v0_3_closeout_20260516T233317Z
log: <work_dir>/logs/closeout_20260516T233317Z.log
production_identity_guard: sysid asserted == 7611578671664259111 AND
  db == directus BEFORE any action (abort-on-mismatch)

§2 — Fresh Post-v0.3 Backup

backup_path: /opt/incomex/backups/dieu44_v0_3_closeout_20260516T233317Z/prod-directus-postv0_3-20260516T233317Z.sql
backup_method: docker exec postgres pg_dump -U workflow_admin -d directus
  (READ-ONLY plain-SQL dump; no mutation)
backup_size_bytes: 667414820  (~667 MB)
backup_sha256: ad614a71813d21902343049021fb413c4c058826e99bc5e4948fc3d6ab0a67cd
checksum_self_check: SHA256SUMS -c → OK (1/1)
captured_at_utc: 2026-05-16T23:33Z (post-v0.3-execution; layer already LIVE)

§3 — Backup Content Check (cutter_ro + 12 observe views + 12 base tables)

dump_contains_cutter_ro: YES — cutter_ro referenced in role-scoped GRANT/
  ALTER/OWNER/ACL lines (5 matched lines)
dump_observe_views_distinct: 12 (exactly the 12 v_*_observe view objects):
  v_canonical_address_alias_observe, v_cut_change_set_observe,
  v_cut_change_set_affected_row_observe,
  v_decision_backlog_dependency_observe, v_decision_backlog_entry_observe,
  v_decision_backlog_history_observe, v_decision_backlog_sweep_log_observe,
  v_dot_pair_signature_observe, v_manifest_envelope_observe,
  v_manifest_unit_block_observe, v_review_decision_observe,
  v_verify_result_observe
dump_base_tables_distinct: 12 (canonical_address_alias, cut_change_set,
  cut_change_set_affected_row, decision_backlog_dependency,
  decision_backlog_entry, decision_backlog_history,
  decision_backlog_sweep_log, dot_pair_signature, manifest_envelope,
  manifest_unit_block, review_decision, verify_result)
verdict: backup CONTAINS cutter_ro grant/ACL definition + 12 observe views
  + 12 base tables → CONTENT CHECK PASS

§4 — Isolated Restore Test

restore_env_name: dieu44_v0_3_restoretest_20260516T233317Z
restore_image: postgres:16 (ephemeral docker container; not on prod network path)
restore_system_identifier: 7640636973498654764
  (≠ production 7611578671664259111 → DEFINITIVELY isolated, NOT production)
restore_method: psql -U postgres -d directus < post-v0.3 dump
restore_result:
  observe_views_restored: 12  (PASS — all 12 v_*_observe present)
  base_tables_restored:   12  (PASS — all 12 cutter_governance tables present)
  cg_total_rows: empty (reltuples sentinel -12 = 12 never-analyzed EMPTY
    tables; consistent with 0 business rows)
  cutter_ro_role_in_restore: 0  (see Note N-1 below — EXPECTED for a
    database-scope pg_dump; NOT a backup defect)
restore_verdict: PASS — schema + 12 views + 12 base tables restore with
  full fidelity into an isolated env

Note N-1 — Role recreation scope (expected, not a defect)

fact: a database-scope `pg_dump -d directus` does NOT emit cluster-global
  `CREATE ROLE` statements (roles are cluster-global; emitted only by
  `pg_dumpall --roles` / `--globals`). The dump DOES carry every GRANT/ACL
  that references cutter_ro, so on a cluster where the role exists the
  privileges restore exactly.
implication: full disaster-recovery of the read layer = restore this dump
  INTO a cluster that already has cutter_ro, OR recreate cutter_ro first via
  the GPT-pinned DDL artefact (sha 065ee6d3…e3b04) / pg_dumpall globals.
consistency: identical method & characteristic to the authoritative
  post-v0.2 closeout backup (a432a86e…) — accepted pattern, not a regression.
disposition: NOTE ONLY — not a fail gate; backup_verification_status=PASS.
  Schema+views fidelity is fully proven; role DDL provenance is preserved
  separately and immutably (GPT-pinned, sha-gated).

§5 — Teardown

restore_test_env_teardown: docker rm -f dieu44_v0_3_restoretest_20260516T233317Z
restore_env_after_teardown: 0 containers matching name (GONE — confirmed)
protected_dry-run/restore_envs: none pre-existing were touched

§6 — Production-Untouched Confirmation

production_system_identifier_before: 7611578671664259111
production_system_identifier_after:  7611578671664259111  (UNCHANGED)
mutating_operations_on_production: NONE
  - only read-only catalog SELECTs + a read-only pg_dump touched prod
  - NO role/view/grant change; NO Directus change; NO RLS change;
    NO base-table alter/drop; NO data write; NO CUT/VERIFY; NO deploy
live_v0_3_objects_unchanged: cutter_ro present, 12 observe views, 13 grants,
  0 base-table/write grants — identical to the execution report's verified
  state; re-confirmed read-only at this closeout
verdict: PRODUCTION UNTOUCHED — backup verification was non-mutating

§7 — Summary

backup_verification_status: PASS
fresh_post_v0_3_backup: /opt/incomex/backups/dieu44_v0_3_closeout_20260516T233317Z/prod-directus-postv0_3-20260516T233317Z.sql
  sha256: ad614a71813d21902343049021fb413c4c058826e99bc5e4948fc3d6ab0a67cd
  size_bytes: 667414820
content_check: PASS (cutter_ro + 12 observe views + 12 base tables present)
restore_test: PASS (12 views + 12 base tables; isolated sysid; Note N-1 role)
restore_env: dieu44_v0_3_restoretest_20260516T233317Z — TORN DOWN
production_untouched: CONFIRMED (sysid unchanged before/after; read-only only)

End of v0.3 post-execution backup verification (backup_verification_status = PASS).

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.3-execution/dot-iu-cutter-v0.3-post-execution-backup-verification-2026-05-16.md