dot-iu-cutter v0.4 — Credential Dry-Run Command Plan

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-authoring/dot-iu-cutter-v0.4-credential-dry-run-command-plan-2026-05-16.md
revision: r1
date_authored: 2026-05-17
cycle_date_label: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.4 — credential-cycle DRY-RUN AUTHORING (command plan)
status: authoring_only_not_executed_pending_gpt_review

⛔ AUTHORING ONLY. NOTHING below is executed. No env built. No pg_dump taken. No container started. No SQL applied. This is the gated runbook the SEPARATE, GPT-gated dry-run EXECUTION cycle would follow — production is read-only ONLY for the backup, and only in that future authorized cycle.

---

§1 — Doctrine (mirrors every prior dieu44 dry-run cycle)

- roles/grants exist FIRST only in an EPHEMERAL ISOLATED env restored from a
  FRESH READ-ONLY prod pg_dump (CD-13). Protected existing dry-run envs are
  NOT reused (CD-13 reject).
- prod is touched read-only ONLY by pg_dump; never by the credential SQL or
  any probe. sysid asserted != prod before AND after.
- throwaway passwords are minted INSIDE the container only (CD-6); destroyed
  with the env; never written to .env / KB / log / CLI.
- script-artefact discipline (feedback memory): each multi-line op is a
  scp'd script with sha256 + identity guards + logs — never a complex inline
  SSH heredoc. `run_pg` uses `< /dev/null` not `-i` (project memory gotcha).
- nothing self-advances: this plan executes only after GPT PASS of this
  authoring package + explicit sovereign dry-run-EXECUTION prompt.

§2 — Command Sequence (target; each step GATED; NOT executed)

C-01 backup (read-only):
  fresh pg_dump of prod-directus DB taken with workflow_admin/rolsuper
  (read-only; per v0.2/v0.3 pattern). Record sha256 of the dump + byte size.
  GATE G-01: pg_dump exit 0; sha256 recorded; prod sysid read =
  7611578671664259111 and logged as PRE value.

C-02 spin isolated env:
  ephemeral container `pg-dry-run-v0.4-credential-2026-05-16` on
  postgres:<prod-major> (PG; project memory: prod is PostgreSQL post-S115).
  No network path to prod. GATE G-02: container up; isolated; distinct.

C-03 restore + baseline fidelity:
  restore the C-01 dump into the container. Assert schema
  cutter_governance present with EXACTLY 12 base tables + 12 v_*_observe
  views + cutter_ro (13 grants, NOLOGIN), 0 rows, 19 in-schema FK — matches
  v0.2/v0.3 inventory. GATE G-03: baseline == inventory; DR_SYSID != prod
  7611578671664259111 (the v0.2/v0.3 sysid gate).

C-04 mint throwaway passwords (in-container only, CD-6):
  generate two random throwaway passwords inside the container; substitute
  them for the SQL-draft placeholder tokens at apply time ONLY. GATE G-04:
  passwords exist only in container memory/temp; never echoed; never in any
  .env or KB doc; password_encryption='scram-sha-256' confirmed (CD-5).

C-05 apply credential SQL (sha-gated):
  scp the SQL-draft §3 artefact; verify sha256 == the value recorded in the
  authoring report; apply verbatim in-container via run_pg (< /dev/null).
  GATE G-05: artefact sha matches; BEGIN/COMMIT clean (rc=0); on ANY error
  -> abort + run rollback draft + mark FAIL.

C-06 catalog verification:
  run verification plan §2 V-01..V-17 (structural aclexplode set-equality).
  GATE G-06: every V-* PASS; symmetric difference == ∅; 0 false-negative
  (assertions schema-qualified/structural per feedback memory).

C-07 behavioural probes:
  run verification §3 allow-probes (all SUCCEED, in-savepoint, rolled back)
  and §4 deny-probes (all REFUSED with SQLSTATE 42501; CONNECTION LIMIT 2
  probe refuses 3rd session). GATE G-07: all allow PASS; all deny REFUSED;
  no row persisted.

C-08 rollback:
  apply the rollback draft §2 (sha-gated). Run verification §5 RBV-1..RBV-6.
  GATE G-08: roles dropped (RB-4 gates clean), aclexplode residue = 0,
  cutter_ro byte-identical, no CASCADE side effect, baseline restored.

C-09 teardown + prod re-assert:
  destroy the container. Re-read prod sysid (read-only) = POST value; assert
  POST == PRE == 7611578671664259111 and prod was never written. GATE G-09:
  env gone; prod sysid unchanged; prod read-only throughout.

C-10 result docs:
  write 3 dry-run RESULT docs to
  knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-dry-run/
  (handoff-status / catalog+behavioural evidence / prod-untouched + backup
  verification). These persist; everything else is destroyed.

§3 — Gate Summary

G-01 fresh read-only prod pg_dump; sha + size + PRE sysid recorded.
G-02 isolated ephemeral container; no prod network path.
G-03 baseline == v0.2/v0.3 inventory; DR_SYSID != prod.
G-04 throwaway passwords in-container only; scram; never persisted/echoed.
G-05 SQL artefact sha matches authoring report; clean apply or abort+rollback.
G-06 all catalog V-* PASS via structural set-equality (no string FN).
G-07 all allow-probes SUCCEED; all deny-probes REFUSED (42501); CONN LIMIT enforced.
G-08 rollback clean; RB-4 drop gates pass; cutter_ro untouched; no CASCADE.
G-09 container destroyed; prod sysid POST == PRE; prod read-only throughout.
G-10 only KB result docs persist; protected dry-run envs untouched.

§4 — Hard Boundaries (this command plan)

NO production role / GRANT / REVOKE / secret / .env / connection / CUT /
VERIFY / deploy — in this cycle or by this document. The plan EXECUTES
NOTHING. Production is read-only ONLY for C-01 pg_dump, and ONLY in a
future separately-authorized dry-run-execution cycle gated by GPT PASS of
this package + a sovereign prompt. Self-advance PROHIBITED.

§5 — Open Decisions Touched (all GPT-closed; recorded for traceability)

CD-6  throwaway dry-run credentials = YES (closed) — encoded C-04.
CD-13 fresh read-only prod pg_dump, no protected-env reuse (closed) — C-01.
CD-12 role-scoped log_connections only-if-safe (closed) — NOT in this plan's
      SQL; optional, separately reviewed line in the future exec cycle.

End of credential dry-run command plan (authoring only; nothing executed).