dot-iu-cutter v0.4 — Credential Dry-Run Authoring Report

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-authoring/dot-iu-cutter-v0.4-credential-dry-run-authoring-report-2026-05-16.md
revision: r1
date_authored: 2026-05-17
cycle_date_label: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
sovereign: User / anh Huyền
verifier: GPT (review pending — this report routes the package in)
phase: v0.4 — credential-cycle DRY-RUN AUTHORING — routing report
status: authoring_only_pending_gpt_review

⛔ AUTHORING ONLY. No role/grant/secret/.env/connection/dry-run/CUT/VERIFY/ deploy. Output = 5 KB documents. Nothing executed. Self-advance PROHIBITED.

---

§1 — Authorization & Input

opened_by: GPT v0.4 credential-cycle DESIGN review = PASS
  (agent_revision_needed=false; CD-1..CD-13 CLOSED; credential execution /
  prod role / secret / .env / GRANT-REVOKE / CUT-VERIFY / deploy NOT allowed)
  + explicit User credential-dry-run-AUTHORING-ONLY prompt.
controlling_files_read (8/8, full):
  1 reviews/…credential-cycle-design-gpt-review-2026-05-16.md
  2 v0.4-credential-design/…credential-cycle-design-report-2026-05-16.md
  3 v0.4-credential-design/…privilege-matrix-design-2026-05-16.md
  4 v0.4-credential-design/…secret-custody-design-2026-05-16.md
  5 v0.4-credential-design/…credential-dry-run-plan-2026-05-16.md
  6 v0.4-credential-design/…credential-risk-and-rollback-plan-2026-05-16.md
  7 v0.2-execution/…structural-schema-inventory-2026-05-16.md
  8 v0.3-execution/…read-observability-inventory-2026-05-16.md

§2 — Deliverables (paths + revisions; ALL created in KB SSOT)

prefix: knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-authoring/
1 dot-iu-cutter-v0.4-credential-dry-run-sql-draft-2026-05-16.sql.md          r1
2 dot-iu-cutter-v0.4-credential-dry-run-verification-plan-2026-05-16.md      r1
3 dot-iu-cutter-v0.4-credential-dry-run-rollback-draft-2026-05-16.md         r1
4 dot-iu-cutter-v0.4-credential-dry-run-command-plan-2026-05-16.md           r1
5 dot-iu-cutter-v0.4-credential-dry-run-authoring-report-2026-05-16.md       r1 (this)
upload_status: all 5 created in Agent Data (knowledge/* SSOT).

§3 — SQL Draft Summary

roles: CREATE ROLE cutter_exec / cutter_verify — LOGIN NOSUPERUSER
  NOCREATEDB NOCREATEROLE NOREPLICATION NOBYPASSRLS CONNECTION LIMIT 2,
  scram-sha-256, created memberless, throwaway PLACEHOLDER passwords only.
schema: GRANT USAGE ON SCHEMA cutter_governance to both; CREATE NOT granted.
grants: encode the GPT-accepted matrix EXACTLY — direct grants only:
  cutter_exec  -> entry S/I/U(status), history S/I, dependency S/I,
    sweep_log I-only, manifest_envelope S/I, manifest_unit_block S/I,
    review_decision S/I/U(superseded_by_review_decision_id),
    cut_change_set S/I, cut_change_set_affected_row I-only,
    dot_pair_signature S/I; verify_result NONE; canonical_address_alias NONE.
  cutter_verify -> entry S/I/U(status), history S/I, dot_pair_signature S/I,
    cut_change_set S/I, cut_change_set_affected_row S/I, verify_result S/I,
    manifest_envelope S, manifest_unit_block S, review_decision S;
    dependency NONE; sweep_log NONE; canonical_address_alias NONE.
absent_by_design: no DELETE/TRUNCATE/REFERENCES/TRIGGER, no UPDATE beyond
  the 2 columns, no GRANT OPTION, no ALTER DEFAULT PRIVILEGES, no SECURITY
  DEFINER, no ownership, no DDL, no RLS, no public-schema, no observe-view
  grant, no cutter_ro change, no Directus. log_connections = NOTE only
  (CD-12), never SQL here. BEGIN/COMMIT wrapped; sha-gated apply.

§4 — Verification Summary

doctrine: structural aclexplode() SET-equality (symmetric difference == ∅),
  never rendered-string compare — explicitly carries the P0-6/P0-5
  pg_get_constraintdef false-negative lesson (feedback memory) so a clean
  run is not mis-flagged into a needless rollback.
catalog V-01..V-17: role flags; CONNECTION LIMIT=2; no membership; no
  ownership (pg_shdepend deptype='o'); exact table privs; exact column
  privs; no extra UPDATE (exactly 3 col-UPDATE tuples total); no
  DELETE/TRUNCATE/REFERENCES/TRIGGER; no observe-view grant; no
  canonical_address_alias grant; no out-of-schema priv; cutter_ro byte-
  unchanged (13 grants); Directus 164/1173/9/8/9 unchanged; RLS 0
  unchanged; scram prefix.
behavioural: allow-probes A-EXEC/A-VERIFY (must succeed, in-savepoint);
  deny-probes D-1..D-20 (must be REFUSED, SQLSTATE 42501; incl. CONN LIMIT
  3rd-session refusal, cross-lane SoD, alias zero-access, view denial,
  DDL/GRANT denial).
rollback verify RBV-1..RBV-6 + prod-untouched gate PU-1..PU-3.

§5 — Rollback Summary

exact inverse of the grant set (no blanket REVOKE ALL, no CASCADE).
RB-1 e-stop NOLOGIN -> RB-2 terminate backends -> RB-3 REVOKE exact set ->
RB-4 GATE (memberless AND owns-nothing AND no-priv-left, per role) ->
RB-5 plain DROP ROLE only if RB-4 all-pass (never CASCADE / DROP OWNED) ->
RB-6 baseline assertions -> RB-7 secret rollback N/A this cycle.
cutter_ro / 12 views / 12 base tables / Directus / RLS NEVER touched.
partial-abort safe (idempotent REVOKE; gated DROP).

§6 — Open Blockers Before Any Credential Execution

B-1 GPT PASS of THIS 5-doc dry-run authoring package.            OPEN
B-2 separate real-DB-adapter design cycle satisfying this matrix. OPEN
B-3 isolated credential dry-run EXECUTION PASS (command plan) +
    GPT review of the dry-run result docs.                       OPEN
B-4 command-review package + sovereign prompt for the exec chain. OPEN
B-5 secret substrate (CD-4 = VPS .env, closed) operationalised in
    the future execution cycle (no secret exists yet).           OPEN
status: ALL OPEN — none satisfied by this authoring cycle. No new blocker
  introduced; CD-1..CD-13 already CLOSED by GPT design review.

§7 — No-Touch Confirmation

role_creation: NONE   GRANT/REVOKE: NONE   secret create/read/print: NONE
.env_touched: NONE   production_DB_connection: NONE   dry_run_executed: NONE
isolated_env_built: NONE   pg_dump_taken: NONE   SQL_applied: NONE
code_modified: NONE   deploy: NONE   CUT/VERIFY: NONE
cutter_ro_changed: NONE   Directus/RLS_changed: NONE
prod/sysid_contacted: NONE   git/repo_modified: NONE
output: 5 KB authoring documents (this package) only.

§8 — Readiness

v0_4_credential_dry_run_authoring: COMPLETE (5 docs r1, uploaded to KB SSOT)
ready_for_gpt_review: TRUE
ready_for_dry_run_execution: FALSE (B-1..B-5 all open)
the_only_next_thing: GPT review of this authoring package
agent_self_advance: PROHIBITED

End of credential dry-run authoring report (authoring only; nothing executed; ready for GPT review; self-advance PROHIBITED).