dot-iu-cutter v0.4 — Risk & Dry-Run Test Plan

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.4-design/dot-iu-cutter-v0.4-risk-and-dry-run-test-plan-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.4 — Tier 2 risk + dry-run test-plan DESIGN (companion to design-master)
status: design_only_pending_gpt_review

⛔ DESIGN ONLY. This is a risk classification + a planned test strategy. No test is run, no harness built, no dry-run executed, no prod touched.

---

§1 — Risk Classification

overall_design_risk: STANDARD (a design package; mutates nothing)
overall_eventual_runtime_risk: ELEVATED — first writer into a hitherto
  empty governance ledger; append-only but semantically irreversible content
component_risk:
  write-path / txn model        : STANDARD (well-bounded, per-phase atomic)
  state machine                 : STANDARD (explicit allowed/forbidden set)
  credential/principal strategy : STANDARD design / HIGH at execution
                                   (privilege + secret custody)
  canonicalization runtime      : HIGH (semantics unsettled; deferred)
  signing scheme runtime        : HIGH (cryptographic; deferred)
  signal source contract        : MEDIUM (unsettled dependency; OD-4)
  dry-run harness               : STANDARD (de-risks everything downstream;
                                   must avoid the P0-6/P0-5 schema-qualified
                                   constraintdef false-negative class)

§2 — Blockers Before Code Authoring

B-CODE-1 GPT design-review PASS of this 8-doc package
B-CODE-2 resolution of OPEN DECISIONS: OD-1 (idempotency column), OD-2
  (alias deferral), OD-3 (writer principal count), OD-4 (signal source),
  OD-5 (append-only retry invariant), OD-6 (cut.verifier_signature_id),
  OD-SM-1/2/3 (concurrency guard, S5/S7 persistence, sweep authority)
B-CODE-3 explicit sovereign prompt to open the CODE-authoring cycle
  (separate session; agent does NOT self-advance)

§3 — Blockers Before Dry-Run

B-DRY-1 code authored AND GPT-reviewed
B-DRY-2 dry-run harness designed in detail + harness itself reviewed
B-DRY-3 isolated ephemeral PG env only, restored from a sha-pinned
  READ-ONLY prod backup; production never touched; env torn down after
B-DRY-4 harness assertions are catalog-based and schema-qualified (carry
  the pg_get_constraintdef lesson; structural compare, not string compare)
B-DRY-5 explicit authorization for the dry-run cycle

§4 — Blockers Before Production CUT / VERIFY

B-PROD-1 dry-run PASS (incl. induced-failure / rollback / escalation path)
B-PROD-2 the credential cycle executed: cutter_exec / cutter_verify created,
  least-privilege grants applied, secrets custodied — under its OWN
  design→review→execution chain (doc 5), NOT folded into runtime
B-PROD-3 command-review package authored + GPT-reviewed
B-PROD-4 fresh sha-verified prod backup + restore test (the established
  v0.1→v0.3 discipline) immediately before execution
B-PROD-5 explicit sovereign execution prompt; rollback artefact staged +
  sha-pinned; agent self-advance PROHIBITED at every gate

§5 — What Remains HIGH Risk

H-1 canonicalization/alias semantics — DEFERRED; must NOT be improvised in
    v0.4 flow code. canonical_address_alias stays empty/untouched in v0.4.
H-2 signing scheme — DEFERRED; cryptographic design owns its own chain;
    v0.4 only reserves the dot_pair_signature integration shape.
H-3 first non-zero write into cutter_governance — even with append-only +
    compensating rollback, the SEMANTIC content of a CUT is consequential;
    the dry-run harness + independent VERIFY + DOT-pair attestation exist
    precisely to bound this. Stays HIGH until dry-run PASS demonstrates the
    full failure/rollback/escalation loop.
H-4 credential execution — privilege blast radius + secret custody; HIGH at
    the credential cycle, mitigated by least-privilege + SoD design (doc 5).

§6 — Planned Dry-Run Test Matrix (to be built LATER)

T-1 happy path: MARK→REVIEW(approve)→CUT→VERIFY(pass) ⇒ S8; assert one
    row each in entry/history×4/manifest pair/review_decision/change_set/
    affected_row/2 signatures/verify_result; FK + signature chain valid.
T-2 reject:  REVIEW(reject) ⇒ S4 terminal; no manifest-effect, no CUT.
T-3 defer→re-sweep: REVIEW(defer)→sweep→re-REVIEW(approve) ⇒ S2; lineage
    via prior/superseded review_decision correct.
T-4 idempotent MARK: replay same signal ⇒ no duplicate entry (IK-MARK).
T-5 idempotent CUT: replay ⇒ same change_set, no double apply (IK-CUT).
T-6 dependency gate: G-CUT-DEPS holds entry until blocker verified_complete.
T-7 induced VERIFY fail ⇒ compensating cut_change_set +
    rollback_change_set_id_triggered + escalation entry + S9; escalation
    entry begins its own S0 lifecycle.
T-8 forbidden transitions rejected: attempt S2→S8, S6→S6, S4→S5 ⇒ blocked.
T-9 crash recovery: kill mid-phase ⇒ txn aborts, status unchanged, re-run
    resumes cleanly (no half-written phase).
T-10 SoD: verifier identity == executor identity ⇒ verify rejected.
T-11 cutter_ro write attempt ⇒ denied (proves read-only invariant).
T-12 audit completeness: every transition has a matching history row;
     history append-only (no UPDATE/DELETE observed).
all assertions: catalog/structural, schema-qualified; prod read-only;
  env ephemeral + torn down.

§7 — Non-Scope

no test run, no harness code, no dry-run, no prod CUT/VERIFY, no credential,
no deploy, no Directus/RLS, no Qdrant, no schema change. This is the plan,
not its execution.

End of v0.4 risk & dry-run test plan (design only; nothing built or run).