dot-iu-cutter v0.4 — Credential Dry-Run SQL Draft

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-authoring/dot-iu-cutter-v0.4-credential-dry-run-sql-draft-2026-05-16.sql.md
revision: r1
date_authored: 2026-05-17
cycle_date_label: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.4 — credential-cycle DRY-RUN AUTHORING (SQL draft)
status: authoring_only_not_executed_pending_gpt_review
opened_by: GPT v0.4 credential-cycle DESIGN review = PASS (CD-1..CD-13 closed,
  agent_revision_needed=false) + explicit User dry-run-AUTHORING-ONLY prompt.

⛔ AUTHORING ONLY. This SQL is NOT executed. No role created. No GRANT issued. No secret minted. No .env touched. No production connection. The script below is the verbatim artefact a SEPARATE, GPT-gated dry-run cycle will apply inside an isolated ephemeral postgres env ONLY, never production. Passwords below are inert placeholder tokens, not secrets.

---

§1 — Target & Provenance

schema_under_control: cutter_governance
base_tables: 12 (all 0 rows; v0.2/v0.3 inventory)
observe_views: 12 v_*_observe (cutter_ro-only; NOT touched here)
existing_role: cutter_ro (NOLOGIN, 13 grants = 1 schema USAGE + 12 view
  SELECT; MUST remain byte-identical — never referenced by this script)
prod_sysid_reference: 7611578671664259111 (NEVER contacted by this artefact)
encodes: GPT-accepted privilege matrix (privilege-matrix-design §2,
  credential-cycle GPT review §4) — CD-1 column-scoped UPDATE, CD-2 both
  principals get UPDATE(status), CD-3 direct grants (no SECURITY DEFINER),
  CD-5 scram-sha-256, CD-7 sweep_log write-only, CD-8/CD-10 verify fwd
  compensation INSERT on cut_change_set, CD-9 CONNECTION LIMIT 2.

§2 — Password Placeholder Policy (CD-6)

tokens: '__DRY_RUN_THROWAWAY_EXEC_PW__' / '__DRY_RUN_THROWAWAY_VERIFY_PW__'
meaning: inert literals, NOT secrets, NOT a real/future credential.
substitution: the dry-run EXECUTION cycle (separate, GPT-gated) generates a
  fresh random throwaway password INSIDE the ephemeral container only,
  substitutes it for the token at apply time, and destroys it with the env.
never: written to any .env, KB doc, log, repo, or CLI output.
encryption: rely on the dry-run cluster default password_encryption =
  'scram-sha-256' (CD-5) — ASSERTED by the verification plan, not SET here
  (no global config change authored).

§3 — The SQL Artefact (verbatim; NOT executed)

-- ============================================================================
-- dot-iu-cutter v0.4 — credential dry-run SQL DRAFT  (r1, NOT EXECUTED)
-- Apply target: ISOLATED ephemeral postgres env ONLY  (NEVER production)
-- Schema: cutter_governance | 12 base tables | 0 rows
-- Encodes the GPT-accepted privilege matrix EXACTLY. Direct grants only.
-- No SECURITY DEFINER, no ownership, no GRANT OPTION, no ALTER DEFAULT
-- PRIVILEGES, no RLS, no DDL on data objects, no public schema, no Directus,
-- no cutter_ro change, no observe-view grant.
-- ============================================================================

BEGIN;

-- ---- §3.1  Writer principals (CD-9 CONNECTION LIMIT 2, CD-5 scram) ----------
-- Placeholder passwords ONLY (see doc §2). Both roles: bounded LOGIN, zero
-- elevated attributes, no membership clause (created memberless).

CREATE ROLE cutter_exec
  LOGIN
  NOSUPERUSER NOCREATEDB NOCREATEROLE NOREPLICATION NOBYPASSRLS
  CONNECTION LIMIT 2
  PASSWORD '__DRY_RUN_THROWAWAY_EXEC_PW__';

CREATE ROLE cutter_verify
  LOGIN
  NOSUPERUSER NOCREATEDB NOCREATEROLE NOREPLICATION NOBYPASSRLS
  CONNECTION LIMIT 2
  PASSWORD '__DRY_RUN_THROWAWAY_VERIFY_PW__';

-- ---- §3.2  Schema usage (NO CREATE on schema) ------------------------------
GRANT USAGE ON SCHEMA cutter_governance TO cutter_exec;
GRANT USAGE ON SCHEMA cutter_governance TO cutter_verify;
-- (CREATE ON SCHEMA deliberately NOT granted to either principal.)

-- ---- §3.3  cutter_exec table privileges (matrix §2, exec column) -----------
GRANT SELECT, INSERT ON cutter_governance.decision_backlog_entry     TO cutter_exec;
GRANT UPDATE (status) ON cutter_governance.decision_backlog_entry     TO cutter_exec;
GRANT SELECT, INSERT ON cutter_governance.decision_backlog_history    TO cutter_exec;
GRANT SELECT, INSERT ON cutter_governance.decision_backlog_dependency TO cutter_exec;
GRANT INSERT         ON cutter_governance.decision_backlog_sweep_log  TO cutter_exec;  -- CD-7 write-only, NO SELECT
GRANT SELECT, INSERT ON cutter_governance.manifest_envelope          TO cutter_exec;
GRANT SELECT, INSERT ON cutter_governance.manifest_unit_block        TO cutter_exec;
GRANT SELECT, INSERT ON cutter_governance.review_decision            TO cutter_exec;
GRANT UPDATE (superseded_by_review_decision_id)
                     ON cutter_governance.review_decision            TO cutter_exec;
GRANT SELECT, INSERT ON cutter_governance.cut_change_set             TO cutter_exec;
GRANT INSERT         ON cutter_governance.cut_change_set_affected_row TO cutter_exec;  -- INSERT-only (least priv)
GRANT SELECT, INSERT ON cutter_governance.dot_pair_signature         TO cutter_exec;
--   verify_result            -> NO privilege to cutter_exec (strong SoD)
--   canonical_address_alias  -> NO privilege to cutter_exec (alias deferred, OD-2)

-- ---- §3.4  cutter_verify table privileges (matrix §2, verify column) -------
GRANT SELECT, INSERT ON cutter_governance.decision_backlog_entry     TO cutter_verify;
GRANT UPDATE (status) ON cutter_governance.decision_backlog_entry     TO cutter_verify;  -- CD-2 (legality in code)
GRANT SELECT, INSERT ON cutter_governance.decision_backlog_history    TO cutter_verify;
GRANT SELECT, INSERT ON cutter_governance.dot_pair_signature         TO cutter_verify;
GRANT SELECT, INSERT ON cutter_governance.cut_change_set             TO cutter_verify;  -- CD-8/CD-10 fwd compensation only (no UPDATE)
GRANT SELECT, INSERT ON cutter_governance.cut_change_set_affected_row TO cutter_verify;
GRANT SELECT, INSERT ON cutter_governance.verify_result              TO cutter_verify;
GRANT SELECT         ON cutter_governance.manifest_envelope          TO cutter_verify;  -- read-only
GRANT SELECT         ON cutter_governance.manifest_unit_block        TO cutter_verify;  -- read-only
GRANT SELECT         ON cutter_governance.review_decision            TO cutter_verify;  -- read-only
--   decision_backlog_dependency -> NO privilege to cutter_verify
--   decision_backlog_sweep_log  -> NO privilege to cutter_verify
--   canonical_address_alias     -> NO privilege to cutter_verify

COMMIT;

-- ============================================================================
-- §3.5  Constructs DELIBERATELY ABSENT (denied by omission; asserted by the
--       verification plan as MUST-NOT-EXIST):
--   * no DELETE / TRUNCATE / REFERENCES / TRIGGER on ANY table
--   * no UPDATE outside decision_backlog_entry.status and
--     review_decision.superseded_by_review_decision_id (exactly 2 cols total)
--   * no WITH GRANT OPTION anywhere
--   * no ALTER DEFAULT PRIVILEGES
--   * no SECURITY DEFINER function; no object ownership transfer; no DDL
--     (CREATE/ALTER/DROP) on any data object
--   * no RLS / no policy / no relrowsecurity change
--   * no privilege on schema public or any object outside cutter_governance
--   * no privilege on the 12 v_*_observe views (cutter_ro-only, untouched)
--   * no ALTER/GRANT/REVOKE touching cutter_ro (its 13 grants stay identical)
--   * no Directus object / collection / policy / permission
-- ============================================================================

§4 — Optional Audit Logging (NOTE ONLY — NOT SQL, CD-12)

intent: CD-12 — log_connections/log_disconnections for the writer roles is
  desirable for auth audit. It is INTENTIONALLY NOT in §3 SQL.
why_not_sql_here: global `ALTER SYSTEM SET log_connections` is cluster-wide
  noise and was explicitly excluded by the prompt and CD-12 ("do not change
  global logging blindly"). If the dry-run cluster supports role-scoped
  `ALTER ROLE cutter_exec SET log_connections = on` safely, the dry-run
  EXECUTION cycle MAY add it then — as a separately reviewed line, not part
  of this privilege artefact. Recorded here as a requirement, not a command.
fallback: app-side decision_backlog_history ledger + DOT signature chain
  already provide principal-keyed audit independent of PG logs.

§5 — Idempotency & Apply Note (for the future dry-run cycle)

re_run: this artefact is NOT idempotent (CREATE ROLE fails if the role
  exists). The dry-run env is FRESH per the command plan, so this is correct
  (a pre-existing cutter_exec/cutter_verify in the env is itself a FAIL
  signal — baseline fidelity gate D-1).
transaction: §3 is wrapped BEGIN/COMMIT; on any error the dry-run harness
  aborts and runs the rollback draft (companion doc). No partial grant set
  is left silently.
sha_gate: the dry-run/command cycle records sha256 of this fenced block and
  applies it verbatim (feedback memory: critical multi-line VPS ops = script
  artefact + sha256 + identity guards + logs).

End of credential dry-run SQL draft (authoring only; nothing executed; no role/grant/secret created).