dot-iu-cutter v0.4 — PG-backed Dry-run Closeout & Production-Trial Routing Note

Date: 2026-05-17 · Status: CLOSEOUT / ROUTING NOTE ONLY — nothing executed, no code change, no commit, no production touch. Phase verdict: GPT-reviewed PASS of PG-backed dry-run RERUN#4 (isolated real PostgreSQL, restored production schema). Accepted code commit (validated, unchanged): e93424b5ff7fa5e4b8406131977ce4339cd0856a (parent db4aa58, branch main). Controlling plan: command-review r1 · verification-plan r3 · rollback-plan r1 · risk-review r1.

1. RERUN#4 PASS evidence summary

Isolated postgres:16 dry-run env, fresh read-only pg_dump of production restored into it, dry-run-only cutter_exec/cutter_verify + exact privilege matrix, sysid-guarded, ephemeral python:3.12-slim harness mounting accepted commit e93424b read-only. All execution gates PASS (execution_status=SUCCESS, ORCH_EXIT=0, orch.log ALL GATES PASS -> SUCCESS):

• C-01..C-08 OK (HEAD e93424b…0856a; harness sha c963caed68446f8c9da585cc25fa291e647e7baf42e44e42f3a82e888332b96e; orchestrator sha 2ddffd1d071cc9b87ec05c4dd1fbeeb41ee2c3c0a9d2bcfa2d7228cf66a7e484; roles.sql sha 2a409696…; dr_sysid 7640844057988476971 ≠ prod).
• C-10a/C-11a happy r3 baseline EXACT total=15.
• C-10b/C-11b negative/idempotency Δ=0 on all 12 tables.
• C-12 sql_verbs={INSERT,SELECT,SET,UPDATE}, forbidden-SQL absent, secret-leak absent, dr.env=600.
• C-13 teardown net-zero; protected_untouched=true, dr_env_after=gone.

KB sources: …dot-iu-cutter-v0.4-pg-backed-dry-run-RERUN4-SUCCESS-2026-05-17.md (full evidence); chain of prior FAIL reports (RERUN#2 dot_pair_signature XOR, RERUN#3 harness-FN) document the route to this PASS.

2. Final 15-row matrix (verification-plan r3 §2.3, EXACT — observed)

Table	Count
decision_backlog_entry	1
decision_backlog_history	5
decision_backlog_dependency	0
decision_backlog_sweep_log	1
manifest_envelope	1
manifest_unit_block	1
review_decision	1
dot_pair_signature	2
cut_change_set	1
cut_change_set_affected_row	1
verify_result	1
canonical_address_alias	0
TOTAL	15

baseline_match=true, baseline_total=15. Canonical flow MARK → SWEEP → REVIEW → CUT → VERIFY reached S7_VERIFY final_status=verified_complete.

3. Negative / idempotency Δ=0 result

negatives_delta0=true — C-11b post-count == C-11a baseline on all 12 tables, zero drift. Scenario outcomes (failures=[]): S8 cross-table refused pre-SQL both ways · S9 server 42501 → STOP disposition (expected proof, not masked) · S10 idempotency replay resolved to existing entry by primary key, no insert · S11 phase txn rolled back (atomicity) · S12 delete & truncate both refused. No system-under-test error masked.

4. DOT lane-overlap validation

Validated end-to-end against the deployed dot_pair_signature_check XOR: dot_pair_signature=2 with DOT-991 (executor/CUT) referencing change_set only (cross_reference_change_set_id set, cross_reference_verify_result_id NULL) and DOT-992 (verifier/VERIFY) referencing verify_result only (inverse). Exactly one cross-reference column non-null per row; no swapped lane, no both-null, no both-non-null. Centralised, schema-binding-tested mapping (SIGNATURE_LANE_REFERENCE_KIND in accepted e93424b); LaneReferenceMismatch STOP-on-mismatch. RERUN#2 XOR blocker fully resolved.

5. Production untouched proof

Production accessed read-only only (pg_dump via workflow_admin, sysid SELECT). prod_sysid_pre == prod_sysid_post == 7611578671664259111; prod_started_before == prod_started_after == 2026-04-17T05:35:18.48439927Z. No production row write, no production CUT/VERIFY, no .env/secret read, prod container not restarted. Current-run prod dump prod-directus-20260517T125651Z.sql (sha c0428b5f4690649a445791a2dbed58a22c4db56725c5c3916784eccbbc07f4b6) shredded at teardown (CURRENT_RUN_DUMP_ABSENT_OK). 3 protected prior dry-run envs PROTECTED_BYTE_IDENTICAL. DR container + network removed (exact-name; no prune/wildcard).

6. Harness hygiene note (carry-forward)

• Observed: RESULT.json retained vestigial fail_gate=G_HARNESS_NEG / fail_detail keys from RERUN#3. The orchestrator emit() does json.load existing → update keys → json.dump, and never deletes stale keys; only orch.log is reset per run. On the RERUN#4 SUCCESS path the authoritative signals (execution_status=SUCCESS, boolean gate keys all true, ORCH_EXIT=0, orch.log ALL GATES PASS) are unambiguous — the stale keys are cosmetic, not a gate failure.
• Future fix (separate, non-blocking, gitignored harness tooling only): write a fresh RESULT.json per run (truncate/seed at C-01, or emit from an empty dict) so no prior-run keys can carry forward. Tracked as harness-tooling hygiene; does not affect SUT validation.
• Resolved this cycle: harness report serialization now default=str (report-only; UUID semantics preserved for the SUT; no scenario-semantic change; no SUT-error masking) — corrected harness sha c963caed….

7. Next possible route (proposal only — NOT authorized)

The only forward route opened for consideration is a production COMMAND-REVIEW for a first controlled CUT/VERIFY trial — i.e. author and submit, for GPT review, a command-review package describing a single minimal production CUT/VERIFY. This is command-review authoring only; it is NOT production execution. Production execution remains gated on a separate GPT review of that command-review plus a separate sovereign authorization. No self-advance from this note to any execution.

8. First production-trial constraints (when/if separately authorized)

• Exactly one non-critical information unit only.
• No bulk cut.
• No reclassification batch.
• No deploy/restart unless separately approved.
• Must carry its own command-review + verification + rollback + risk package, GPT-reviewed, with a distinct sovereign authorization (the dry-run PASS does not authorize production).

9. Pre-scale blockers (carry-forward — must clear before large scale)

• Index-only DDL required before large scale: the validated path is correct but unindexed for production-scale lookup/scan volume; index-only DDL design + review required before any large-scale run. (No index DDL performed or authorized here.)
• Label / metadata registry design required before any large-scale labeling or reclassification; SQL/deployed cutter_governance remains SSOT; no label registry schema exists or is authorized.
• Vector / NoSQL remains projection / search only — not an authority store; no vector/NoSQL integration in the cut/verify write path.

10. Forbidden-actions standing statement

All of the following remain forbidden without separate explicit GPT review + sovereign authorization: production DB connection by the adapter, production secret/.env read, production row write, production CUT/VERIFY, deploy/restart, bulk cut, reclassification batch, index DDL, label/metadata registry schema creation or change, vector/NoSQL integration, iu-cutter source/test code change, git commit, touching protected prior dry-run envs, docker prune/wildcard cleanup, and any self-advance beyond this closeout/routing note.

Git SSOT

• branch: main
• HEAD: e93424b5ff7fa5e4b8406131977ce4339cd0856a
• git status --short -- iu-cutter: clean (empty) — no code change, no commit this phase. Only the gitignored dry-run harness was modified in the prior (GPT-authorized) hardening cycle; no tracked iu-cutter file changed.

Hardcode / scale / label control

No fixed IP/DSN/password/container/vector-collection. No runtime label/key hardcoding. No metadata/label schema change. Dry-run config sourced from dry-run-only env; exact-name container/network identifiers are mandated safety controls (command-review/rollback), not forbidden hardcodes. No STOP-class hardcode/label issue.