dot-iu-cutter v0.4 — Credential-Cycle Design Report

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-design/dot-iu-cutter-v0.4-credential-cycle-design-report-2026-05-16.md
revision: r1
date_authored: 2026-05-17
cycle_date_label: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
sovereign: User / anh Huyền
verifier: GPT (design review pending — this report routes the package in)
phase: v0.4 — Tier 2 CREDENTIAL-CYCLE DESIGN — routing report
status: design_only_pending_gpt_review

⛔ DESIGN ONLY. No role/credential/secret created. No GRANT/REVOKE. No .env edit. No production DB connection. No DB dry-run. No CUT/VERIFY. No code modification. No deploy. No self-advance. Output = 8 KB documents.

---

§1 — Authorization & Input

opened_by: GPT v0.4 cutter-agent FINAL CODE REVIEW = PASS (commit 689e53e,
  defects none, agent_revision_needed false, Tier 2 code baseline ACCEPTED)
  + explicit User credential-cycle-DESIGN-ONLY prompt.
controlling_files_read (6/6, full):
  1 reviews/…final-code-gpt-review-2026-05-16.md
  2 v0.4-code/…code-review-evidence-2026-05-16.md
  3 v0.4-code/…code-authoring-report-2026-05-16.md
  4 v0.4-design/…credential-and-principal-strategy-design-2026-05-16.md
  5 v0.3-execution/…read-observability-inventory-2026-05-16.md
  6 v0.2-execution/…structural-schema-inventory-2026-05-16.md

§2 — Deliverables (paths + revisions; ALL created)

prefix: knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-design/
1 dot-iu-cutter-v0.4-credential-cycle-design-master-2026-05-16.md      r1
2 dot-iu-cutter-v0.4-cutter-exec-principal-design-2026-05-16.md        r1
3 dot-iu-cutter-v0.4-cutter-verify-principal-design-2026-05-16.md      r1
4 dot-iu-cutter-v0.4-privilege-matrix-design-2026-05-16.md             r1
5 dot-iu-cutter-v0.4-secret-custody-design-2026-05-16.md               r1
6 dot-iu-cutter-v0.4-credential-dry-run-plan-2026-05-16.md             r1
7 dot-iu-cutter-v0.4-credential-risk-and-rollback-plan-2026-05-16.md   r1
8 dot-iu-cutter-v0.4-credential-cycle-design-report-2026-05-16.md      r1 (this)
upload_status: all 8 created in Agent Data (knowledge/* SSOT).

§3 — Recommended Credential Model

TWO writer principals (OD-3 option B, re-recommended):
  cutter_exec   LOGIN, DOT-991, MARK/sweep/REVIEW/CUT
  cutter_verify LOGIN, DOT-992, VERIFY (+ forward compensation/escalation)
  cutter_ro     UNCHANGED v0.3 (NOLOGIN, views-only, never on write path)
both writers: NOSUPERUSER, NOCREATEDB, NOCREATEROLE, NOREPLICATION,
  NOBYPASSRLS, no membership, scram-sha-256, bounded CONNECTION LIMIT,
  search_path = cutter_governance. Forbidden for runtime writes:
  workflow_admin, directus, postgres.
SoD at 3 layers: distinct DB role / distinct secret+process / distinct
  DOT-991|DOT-992 signing identity (G-VERIFY-SOD).
secret substrate: VPS /opt/incomex/docker/.env pattern, 2 SEPARATE keys
  (GCP Secret Manager = open CD-4, needs later authorized availability
  check). No secret minted/read/printed; redaction + rotation + revocation
  + e-stop (ALTER ROLE NOLOGIN) + audit (PG log_connections +
  decision_backlog_history + DOT signature chain) specified.

§4 — Recommended Privilege Matrix (condensed)

legend S=SELECT I=INSERT Uc=column-scoped UPDATE  · =none
table                         cutter_exec                 cutter_verify
decision_backlog_entry        S I Uc(status)              S I Uc(status)
dot_pair_signature            S I                         S I
cut_change_set                S I                         S I  (CD-8/10)
cut_change_set_affected_row   I                           S I
verify_result                 ·                           S I
canonical_address_alias       ·                           ·    (OD-2)
manifest_envelope             S I                         S
manifest_unit_block           S I                         S
review_decision               S I Uc(superseded_by_…)     S
decision_backlog_history      S I                         S I
decision_backlog_dependency   S I                         ·
decision_backlog_sweep_log    I                           ·
schema cutter_governance      USAGE                        USAGE (no CREATE)

append_only: only 2 UPDATEs exist (decision_backlog_entry.status,
  review_decision.superseded_by_review_decision_id); RECOMMEND column-scoped
  UPDATE grants (DB-enforced, no trigger/CHECK) + code state-machine/
  write-once. NO DELETE/TRUNCATE/REFERENCES/TRIGGER/DDL/GRANT/ownership/
  ALTER DEFAULT PRIVILEGES; NO public/other-schema/observe-view/cutter_ro
  privilege; cutter_ro unchanged; B-4 binding stays deferred.

§5 — Risk Class

this_design_cycle: NONE-to-production (docs only).
future_credential_execution: STANDARD (empty schema, 2 LOGIN roles +
  bounded enumerated grants, no DDL/superuser/RLS, fully reversible,
  dry-run + command-review gated). NOT high-risk given the gates.

§6 — Blockers Before Any Credential Execution

B-1 GPT PASS of this 8-doc design package.
B-2 separate real-DB-adapter design cycle (must satisfy/refine this matrix).
B-3 GPT resolution of CD-1..CD-13.
B-4 secret substrate (CD-4) settled + later authorized availability check.
B-5 isolated credential dry-run PASS (doc 6) + GPT review.
B-6 command-review + sovereign prompt for the execution chain.
status: ALL OPEN — none satisfied by this cycle.

§7 — Open Decisions for GPT

CD-1  UPDATE posture → RECOMMEND C: column-scoped UPDATE grants.
CD-2  both principals get Uc(status); legality split enforced in code.
CD-3  direct grants (RECOMMEND) vs SECURITY DEFINER functions.
CD-4  secret substrate VPS .env (RECOMMEND) vs GCP Secret Manager.
CD-5  scram-sha-256 password (RECOMMEND v0.4) vs cert auth (defer).
CD-6  dry-run uses temporary fake credentials → RECOMMEND YES.
CD-7  decision_backlog_sweep_log SELECT for exec → RECOMMEND write-only.
CD-8  cutter_verify INSERT on cut_change_set vs route-back-to-exec.
CD-9  CONNECTION LIMIT value per writer role.
CD-10 compensating change-set signer lane: DOT-992 escalation (RECOMMEND)
      vs DOT-991 re-exec.
CD-11 dot_pair_signature single shared table — accept code/crypto-only
      lane separation (no DDL split in v0.4)?
CD-12 enable PG log_connections for writer roles → RECOMMEND yes.
CD-13 dry-run backup = fresh read-only prod pg_dump (RECOMMEND) vs reuse
      protected env (REJECT).

§8 — No-Touch Confirmation

role_creation: NONE   GRANT/REVOKE: NONE   secret_create/read/print: NONE
env_file_touched: NONE   production_DB_connection: NONE   DB_dry_run: NONE
code_modified: NONE   deploy: NONE   CUT/VERIFY: NONE
cutter_ro_changed: NONE   Directus/RLS_changed: NONE
prod/sysid_contacted: NONE   git/repo_modified: NONE
output: 8 KB design documents (this package) only.

§9 — Readiness

v0_4_credential_cycle_design: COMPLETE (8 docs r1, uploaded)
ready_for_gpt_review: TRUE
ready_for_credential_creation: FALSE (B-1..B-6 all open)
the_only_next_thing: GPT review of this design package
agent_self_advance: PROHIBITED

End of v0.4 credential-cycle design report (design only; no credential created; ready for GPT review; self-advance PROHIBITED).