dot-iu-cutter v0.4 — PG-backed Dry-run: EXECUTION BLOCKED (pre-provision)

Date: 2026-05-17 · execution_status: BLOCKED_PRE_EXECUTION (spec/gate defect in GPT-PASSed verification-plan r2; NOT an adapter defect)

GPT authorized execution of the PG-backed dry-run. During the authorized read-only grounding step (no environment provisioned, no production connection, no secret/.env read, no code change, no commit) a hard blocker was found that makes the run deterministically fail its own GPT-PASSed gate. Per the hard rules (do not improvise · no self-advance · report honest · do not mark PASS unless all gates pass) execution was halted before C-01 provisioning. No isolated env was created.

1. Finding

The GPT-PASSed verification-plan r2 §2 baseline is inconsistent with the accepted code at 56d3732. r2 pinned decision_backlog_sweep_log = 0 on the rationale "the dry-run invokes no sweep cycle … only discrete phase calls MARK/REVIEW/CUT/VERIFY". That rationale is false against the accepted runtime:

• review() hard-requires decision_backlog_entry.status == review_pending (phases.py review(), raises GuardFailure otherwise).
• mark() only produces status = marked (phases.py mark()).
• The only marked → review_pending transition in the state machine is the sweep-promote edge (state_machine.py ALLOWED_TRANSITIONS[S_MARKED] = {review_pending, abandoned}), and the only code performing it is CutterRuntime.sweep().
• sweep() writes exactly one decision_backlog_sweep_log row (led.append_sweep_log(...)) plus one decision_backlog_history row per promoted entry (led.transition_status(...)), per call.

sweep() is therefore a mandatory, named step of the canonical happy path, not an optional cycle:

• cli.py:13 docstring: "run MARK->sweep->REVIEW(approve)->CUT->VERIFY".
• cli.py:46-52 _run_pipeline: rt.mark(); rt.sweep(); rt.review(...,"approve"); rt.cut(); rt.verify().
• tests/test_phase_contracts.py _approved_entry() = mark(); sweep(); review("approve"); test_one_transaction_per_phase asserts 5 committed txns with the inline comment # mark + sweep + review = 3, # +1 exec, # +1 verify — part of the accepted 92/92 suite at 56d3732.

2. Exact happy-path counts the accepted code WOULD produce

Single-unit canonical fixture proposed_cut_spec = {"units":[{"k":1}]} ⇒ StubCanonicalization.resolve yields exactly 1 UnitBlockPlan (canonicalization.py). Statement-by-statement trace of phases.py/ledger.py for mark · sweep · review(approve) · cut · verify(pass):

Table	r2 gate (GPT-PASSed)	Accepted code @56d3732	Δ	Derivation
decision_backlog_entry	1	1	0	mark append_entry; verify(pass) creates no escalation entry
decision_backlog_history	4	5	+1	append_history×1 (mark BIRTH→marked) + transition_status×4 (sweep, review, cut, verify)
decision_backlog_dependency	0	0	0	none authored
decision_backlog_sweep_log	0	1	+1	sweep() append_sweep_log once
manifest_envelope	1	1	0	review write_manifest_envelope
manifest_unit_block	1	1	0	1 unit block (single-unit fixture)
review_decision	1	1	0	review write_review_decision
dot_pair_signature	2	2	0	cut exec-sig + verify verify-sig
cut_change_set	1	1	0	cut write_cut_change_set; verify(pass) writes no compensating set
cut_change_set_affected_row	1	1	0	cut write_affected_row
verify_result	1	1	0	verify write_verify_result
canonical_address_alias	0	0	0	OD-2 fully deferred; no alias writer
TOTAL	13	15	+2

Net defect: r2 omitted the mandatory sweep step from its count derivation ⇒ undercounts decision_backlog_history by 1 and decision_backlog_sweep_log by 1 (total 13 vs 15).

3. Why halt pre-provision (not run-then-FAIL)

Running would deterministically FAIL G-15 (actual 15 ≠ gated 13). But the FAIL's root cause is a defect in the GPT-PASSed gate spec (r2), not the RealPostgresAdapter. Proceeding would: (a) consume the execution authorization + isolated-env build on a foreordained failure; (b) risk conflating a spec defect with an adapter defect. The defect is fully determinable from authorized read-only grounding alone, so the honest, non-improvising, resource-respecting action is to stop and escalate for adjudication.

Not done (would violate the hard rules): silently editing the GPT-PASSed r2 (self-advance / altering a passed artefact without authorization); changing accepted code at 56d3732 (forbidden); running into a known-doomed gate and softening the verdict; marking PASS / PASS_WITH_NOTES.

4. Recommended remediation (requires GPT/User authorization — NOT self-applied)

Author verification-plan r3 correcting §2 to the accepted-code reality and re-submit for GPT review:

• decision_backlog_history final = 5; per-phase column add an explicit "After sweep" step (history 1→2, sweep_log 0→1) between MARK and REVIEW.
• decision_backlog_sweep_log = 1 throughout S5..S7 (0 only after MARK, before sweep).
• final happy-path total = 15 rows.
• Add sweep as a named happy-path scenario in design-master §5 / verification-plan §2 (it is currently implicit), since the canonical pipeline is MARK→sweep→REVIEW→CUT→VERIFY.
• All negative/idempotency Δ=0 assertions, false-negative defences, gate catalogue G-14…G-25, verdict rule: unchanged.
• After GPT PASS of r3, re-authorize execution.

5. Boundaries honoured (nothing executed)

No isolated env created · no pg_dump taken · no production DB connection · no production secret/.env read · no production row write · no production CUT/VERIFY · no code change · no git commit · no deploy/restart · no docker prune/wildcard · 3 protected prior dry-run envs untouched (snapshot only). Only authorized read-only grounding ran.

Git SSOT proof

• Branch main; HEAD /opt/incomex/dot = 56d3732cb74d07546c938242180a434ed1067a9a (accepted, unchanged).
• git status --short -- iu-cutter = empty (clean; no working-tree change).
• No code change ⇒ no commit needed this turn. Last authoritative: python3 -m unittest discover -s tests → 92/92 at 56d3732.

Read-only grounding evidence captured (no prod write/secret)

• prod postgres = postgres:16, healthy; PROD system_identifier = 7611578671664259111 (pre); prod container StartedAt baseline 2026-04-17T05:35:18.48439927Z.
• 3 protected prior dry-run containers snapshot (running, Id+StartedAt recorded): pg-dry-run-v0.2-p0-2-2026-05-16, pg-dry-run-v0.2-phase-alpha-2026-05-16, pg-dry-run-hb05-2026-05-15.
• new env name pg-dry-run-v0.4-db-adapter-2026-05-17 + network dr-net-v0.4-2026-05-17 = collision-free (absent).
• cutter_governance = 12 base tables + 12 v_*_observe views, all 0 rows; frozen privilege matrix validated live (cutter_exec 18 table-priv + 2 col-UPDATE; cutter_verify 15 + 1; total 33+3; cutter_ro NOLOGIN + 13 grants).

6. Next gate

GPT adjudication of this blocking finding + decision on r3 remediation. No self-advance. No execution, no provisioning, no code/spec change until GPT rules.