KB-47B1
dot-iu-cutter v0.4 — cutter_exec Principal Design
7 min read Revision 1
dot-iu-cutterv0.4credential-designcutter_execdieu44
dot-iu-cutter v0.4 — cutter_exec Principal Design
document_path: knowledge/dev/laws/dieu44-trien-khai/v0.4-credential-design/dot-iu-cutter-v0.4-cutter-exec-principal-design-2026-05-16.md
revision: r1
date_authored: 2026-05-17
cycle_date_label: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.4 — credential-cycle DESIGN (cutter_exec principal)
status: design_only_pending_gpt_review
⛔ DESIGN ONLY.
cutter_execis NOT created. NO GRANT. NO password. This document specifies the TARGET identity only.
§1 — Identity & Lane
role_name: cutter_exec
dot_lane: DOT-991 (executor lane; matches code __init__.PRINCIPAL_EXEC and
the project DOT-…-EXECUTOR ↔ DOT-…-EXECUTOR-VERIFY paired idiom)
purpose: the sole runtime write identity for MARK / sweep / REVIEW-
persistence / CUT phases of the cutter-agent (phases.exec_adapter).
attributes (TARGET — not created here):
LOGIN, NOSUPERUSER, NOCREATEDB, NOCREATEROLE, NOREPLICATION, NOBYPASSRLS,
no group membership (no INHERIT of workflow_admin/directus/postgres/
cutter_ro), scram-sha-256 password, CONNECTION LIMIT bounded (CD-9),
search_path pinned to cutter_governance (no public object reliance).
must_NOT: be a superuser, own any object, hold DDL, hold GRANT, be a member
of any other role, write canonical_address_alias, touch schema public,
touch any non-cutter_governance object, ever authenticate as / inherit
cutter_ro / workflow_admin / directus / postgres.
§2 — Phases Driven (from skeleton phases.py / ledger.py @689e53e)
mark(): INSERT decision_backlog_entry (idempotent on
payload.idempotency_key); INSERT decision_backlog_history (birth
row). Reads decision_backlog_entry to dedup. One exec txn.
sweep(): INSERT decision_backlog_sweep_log + INSERT decision_backlog_history
(OD-SM-3 same-agent logged pass). One exec txn.
review(): INSERT manifest_envelope; INSERT manifest_unit_block; INSERT
review_decision; on re-review set prior_review_decision_id and
write-once stamp old row's superseded_by_review_decision_id
(OD-5); status CAS on decision_backlog_entry + history. One txn.
cut(): guards G-CUT-APPROVED / G-CUT-DEPS / G-CUT-ONCE (read
review_decision / decision_backlog_dependency / cut_change_set);
INSERT cut_change_set (verifier_signature_id LEFT NULL — OD-6);
INSERT cut_change_set_affected_row; INSERT dot_pair_signature
(executor sig, DOT-991); status CAS decision_backlog_entry +
history. One txn.
dependency: decision_backlog_dependency edges (from_entry_id/to_entry_id)
appended by the exec lane when declared (mark/review time).
§3 — cutter_exec Target Privileges (per table; APPLIED LATER)
legend: S=SELECT I=INSERT U(col)=column-scoped UPDATE —=no privilege
decision_backlog_entry ......... S, I, U(status)
decision_backlog_history ....... S, I
decision_backlog_dependency .... S, I
decision_backlog_sweep_log ..... I (write-only log; S optional, CD-7)
manifest_envelope .............. S, I
manifest_unit_block ............ S, I
review_decision ................ S, I, U(superseded_by_review_decision_id)*
cut_change_set ................. S, I (S for G-CUT-ONCE guard)
cut_change_set_affected_row .... I
dot_pair_signature ............. S, I (S to chain prior_signature_id)
verify_result .................. — (exec never reads/writes verify)
canonical_address_alias ........ — (OD-2 deferred; no grant)
*write-once: U is scoped to exactly the one lineage column; the value is
set once (NULL → new id) and never re-updated — enforced in code (ledger
stamp_superseded) AND, recommended, bounded by the column-level GRANT so
no other column of review_decision is UPDATE-able. (CD-1)
schema-level: GRANT USAGE ON SCHEMA cutter_governance (no CREATE).
explicitly_NOT: DELETE, TRUNCATE, REFERENCES, TRIGGER, any DDL, any GRANT,
any privilege on public / other schemas / observe views / cutter_ro
objects, ALTER DEFAULT PRIVILEGES.
§4 — Why exec Needs Base-Table SELECT (not cutter_ro / not views)
- idempotency: mark() must read decision_backlog_entry by idempotency_key to
return the existing entry on replay (the observe views are redacted &
external-facing — unsuitable and out of scope per strategy C-4).
- guards: G-CUT-APPROVED reads review_decision; G-CUT-DEPS reads
decision_backlog_dependency; G-CUT-ONCE reads cut_change_set.
- lineage: re-review reads the prior review_decision; signature chaining
reads prior dot_pair_signature.
=> SELECT is granted on the writer's OWN base tables only, as needed for
invariant enforcement. cutter_ro and the 12 observe views are untouched
and never on this path (strategy C-1..C-4 upheld).
§5 — Open Decisions Touching cutter_exec
CD-1 INSERT-only vs INSERT + column-scoped UPDATE(status) /
UPDATE(superseded_by_review_decision_id). RECOMMEND column-scoped
UPDATE grants (DB-enforced least privilege; no trigger/CHECK added).
CD-2 status-update authority: cutter_exec owns MARK→…→cut_applied
transitions; cutter_verify owns cut_applied→verified_complete/
verify_failed_escalated. Both need U(status) on decision_backlog_entry;
code state-machine restricts WHICH transitions each may make. RECOMMEND
both granted U(status); legality enforced by code CAS (OD-SM-1).
CD-7 grant SELECT on decision_backlog_sweep_log to exec or keep it
write-only? RECOMMEND write-only (I only) unless dry-run shows a read
need.
CD-8 dot_pair_signature is a single shared table; exec INSERTs the executor
row, verify INSERTs the verifier row — DB grant cannot separate lanes
at row level. Lane separation stays code/crypto-enforced (D-3). Accept
as documented limitation (splitting the table = DDL, out of scope).
§6 — Non-Scope
NOT here: CREATE ROLE cutter_exec, any GRANT, password mint, .env key,
login test, connection as cutter_exec, dry-run. Specification only.
End of cutter_exec principal design (design only; not created).