dot-iu-cutter v0.4 — Tier 2 Cutter-Agent DESIGN Routing Note

document_path: knowledge/dev/laws/dieu44-trien-khai/v0.4-planning/dot-iu-cutter-v0.4-tier2-cutter-agent-routing-note-2026-05-16.md
revision: r1
date: 2026-05-16
author: Agent (Claude Code CLI, Opus 4.7 1M)
phase: v0.4 — Tier 2 ROUTING NOTE (design-routing only; nothing built)
authorization: GPT v0.3 execution review = PASS; GPT selected next
  workstream = cutter_agent_code_design (review §7). This note ROUTES the
  next DESIGN cycle only. No code, data write, CUT, VERIFY, or deploy
  is authorized.
status: routing_note_only

⛔ DESIGN ROUTING ONLY — NOTHING BUILT. No cutter-agent code written. No data write. No CUT. No VERIFY. No deploy. No Directus/RLS/role/view change. This document only records that Tier 1 is complete and routes the first Tier 2 design task for a future authorized session. Agent self-advance to Tier 2 execution PROHIBITED.

---

§1 — Tier 1 Status

tier_1_structural_schema: COMPLETE (v0.2 — 12 tables, PK 12, FK 19, 0 rows)
tier_1_read_observability: COMPLETE (v0.3 — cutter_ro + 12 observe views +
  13 grants LIVE; GPT execution review = PASS; rollback not triggered)
tier_1_overall: COMPLETE
production_state: SAFE; empty schema + read-only observability layer LIVE

§2 — Tier 2 Selected First Workstream

selected_next_workstream: cutter_agent_code_design  (GPT review §7)
nature: DESIGN ONLY
rationale (GPT review §7):
  - schema and observability are now live
  - tables are empty and need a writer/runtime path
  - the cutter agent is the core value layer
  - canonicalization / signing / signal-routing are best designed inside or
    adjacent to the cutter-agent design rather than as separate prior cycles

§3 — Candidate Design Areas (to be scoped in the Tier 2 design cycle)

1  cutter_agent_write_path:
     how the agent writes into cutter_governance (which tables, transaction
     boundaries, idempotency, who owns the writing DB principal — NOT
     cutter_ro, which is read-only)
2  MARK_REVIEW_CUT_VERIFY_flow:
     the state machine MARK → REVIEW → CUT → VERIFY; states, transitions,
     persisted artefacts (decision_backlog_entry/history, review_decision,
     cut_change_set(+affected_row), verify_result), guard conditions
3  canonicalization_library_runtime:
     runtime that resolves canonical addresses / aliases
     (canonical_address_alias is empty — population & resolution rules)
4  signing_scheme_runtime:
     dot_pair_signature lifecycle — executor/verifier signature creation,
     chaining (prior_signature_id), verification semantics
5  signal_routing:
     how external signals/triggers enter the flow and are routed to MARK
     and onward; backlog sweep (decision_backlog_sweep_log) cadence
6  dry_run_CUT_VERIFY_tests:
     isolated dry-run harness design for CUT/VERIFY before any prod runtime
7  failure_rollback_behavior:
     failure taxonomy, compensating actions, rollback_change_set linkage
     (verify_result.rollback_change_set_id_triggered), escalation_ref path
8  directus_pg_credential_strategy:
     which principal the agent uses to write (vs the read-only cutter_ro);
     PG password vs Directus app-role reuse; secret custody; least privilege;
     interaction with the deferred B-4 login/member binding

§4 — Explicit Authorization Boundary

no_code_implementation_authorized_yet: TRUE
also_not_authorized:
  - data write into cutter_governance (INSERT/seed/backfill)
  - CUT (any) / VERIFY (any)
  - Qdrant / vector / embedding mutation
  - app / service / tooling deploy or restart
  - cutter_ro login enablement or member/group binding (B-4)
  - Directus / RLS / role / view / grant change
  - any further schema migration
  - self-advance to Tier 2 execution OR to a Tier 2 design cycle without
    an explicit User prompt
the_only_next_thing: a Tier 2 cutter-agent DESIGN cycle, authored for GPT
  review, in a separate explicitly-prompted session

§5 — Recommended Next First Design Task

recommendation: start the Tier 2 design cycle with area (1)+(2) TOGETHER —
  "cutter-agent write path + MARK→REVIEW→CUT→VERIFY flow design"
why_this_first:
  - it is the spine: every other area (canonicalization, signing, signal
    routing, dry-run, failure/rollback) attaches to this state machine and
    write path, so designing it first prevents rework
  - it forces the credential-strategy question (area 8) to be answered as a
    dependency, surfacing the read/write principal split early
  - it maps cleanly onto the already-LIVE empty tables (decision_backlog_*,
    review_decision, cut_change_set*, verify_result) and the 12 observe
    views, so the design can be validated against real schema
  - it is design-only and therefore the lowest-risk way to make progress
    while runtime/data remain frozen
deliverable_shape: a design document authored for GPT review (the standard
  design → GPT review → dry-run → command-review → execution chain), scoping
  areas (1),(2) and explicitly listing (3)-(8) as downstream design follow-ons
gate: explicit User prompt to open the Tier 2 design cycle + (when authored)
  GPT design review PASS before anything downstream. Agent does NOT
  self-advance.

End of v0.4 Tier 2 cutter-agent DESIGN routing note (routing only; nothing built; self-advance PROHIBITED).