Incomex AI Portal
KB-75C1

dot-iu-cutter v0.4 — First Controlled Production CUT/VERIFY Trial — COMMAND REVIEW (document-only, execution blocked) (2026-05-17)

14 min read Revision 1
dot-iu-cutterv0.4production-trialcommand-reviewcut-verifydocument-onlyexecution-blockeddieu44

dot-iu-cutter v0.4 — First Controlled Production CUT/VERIFY Trial — COMMAND REVIEW

Date: 2026-05-17 · Status: DOCUMENT-ONLY — NOTHING EXECUTED. Every command below is PROPOSED and requires a separate GPT review + sovereign authorization before any execution. Authorized scope of THIS phase: command-review authoring only. Production execution allowed now = false. Accepted code commit (pinned, validated by RERUN#4): e93424b5ff7fa5e4b8406131977ce4339cd0856a (parent db4aa58, branch main). Predecessor evidence: …/v0.4-db-adapter-dry-run/dot-iu-cutter-v0.4-pg-backed-dry-run-RERUN4-SUCCESS-2026-05-17.md (isolated PG dry-run PASS) · …-closeout-and-production-trial-routing-note-2026-05-17.md.

Hard boundary: no production execution, no production row write, no secret read/print, no deploy/restart, no bulk cut, no schema migration / index DDL / JSONB normalization, no label/metadata registry, no vector/NoSQL, no alias writes, no self-advance to execution.

1. Target IU selection criteria

Exactly one non-critical information unit, selected by an explicit, deterministic, single-row rule — never a bulk or wildcard selector.

  • Selector form: a single fully-qualified IU primary key, pinned literally in the authorized run (TARGET_IU = '<one tac_logical_unit id>'). No LIKE, no IN (...) with >1, no range, no WHERE status = … set, no LIMIT n>1, no "all of category X".
  • Non-critical safety criteria (all must hold, asserted at preflight, not assumed):
    1. The IU is a single tac_logical_unit row with no inbound/outbound decision_backlog_dependency (standalone — matches the dry-run's dependency=0 fixture).
    2. The IU has no existing cut_change_set (never cut → G-CUT-ONCE clean; first-touch).
    3. The IU is classified non-critical / low blast radius (not a load-bearing/critical-flagged unit; no downstream legal-authority dependents).
    4. The IU's content is stable (not under concurrent edit) at preflight snapshot.
    5. The resulting change set affects exactly one unit block (single-unit canonical fixture parity → keeps the +15 delta exact and bounded).
  • Why a single pinned PK is safe: it makes the blast radius provably one row family; it is auditable (the exact id is in the command-review the GPT approves); it cannot fan out; a wrong/ambiguous target is caught by the count != 1 abort gate before any write.
  • The concrete IU id is deliberately not chosen in this document (choosing it requires a read-only production preflight under a separate authorization). This review defines the rule; the id is bound at authorization time and re-reviewed.

2. Explicit non-scope

Out of scope for this trial (each independently forbidden without separate review): no bulk cut · no reclassification batch · no deploy/restart · no schema migration · no index DDL · no JSONB normalization · no label/metadata registry creation or change · no vector/NoSQL integration · no canonical_address_alias writes (alias deferred; +0 expected — any alias write requires separate review) · no more than one IU · no compensating/forward cut beyond the single trial's own rollback policy (§9).

3. Preflight (PROPOSED — gates P-01 … P-08; read-only)

ID Proposed preflight check Pass criterion
P-01 Production identity guard: select system_identifier from pg_control_system() (read-only, workflow_admin) == 7611578671664259111 (else ABORT)
P-02 Code commit pin: git -C /opt/incomex/dot rev-parse HEAD == e93424b5ff7fa5e4b8406131977ce4339cd0856a; git status --short -- iu-cutter clean
P-03 cutter_exec / cutter_verify presence + privilege: roles exist, LOGIN, NOSUPERUSER/NOBYPASSRLS, exact 33 table-priv + 3 col-UPDATE matrix via aclexplode set-equality (structural, not string); cutter_ro NOLOGIN exact frozen matrix; grant_option=0
P-04 Baseline row counts of the 12 cutter_governance tables (select count(*) each, integer-captured) recorded as the pre-trial baseline B[12]
P-05 Target resolution: the single pinned TARGET_IU resolves to exactly one tac_logical_unit row; dependency=0; no existing cut_change_set row count == 1 (else ABORT)
P-06 DOT-991/DOT-992 active checks: lanes resolvable; centralised SIGNATURE_LANE_REFERENCE_KIND = {DOT-991→change_set, DOT-992→verify_result}; deployed dot_pair_signature_check XOR present mapping exact; constraint present
P-07 Hardcode / no-label-key check: static scan of the executed command set + config for fixed IP/DSN/password/container/vector-collection and runtime label/metadata keys NONE_FOUND (else STOP)
P-08 Separation-of-duty wiring: CUT path binds cutter_exec/DOT-991; VERIFY path binds cutter_verify/DOT-992; cutter_ro never a writer bound correctly

4. Backup & backstop (PROPOSED)

  • Fresh backup: read-only pg_dump (workflow_admin) of the production directus DB immediately before any write; capture SHA256 + byte size.
  • Freshness gate: backup pg_dump start timestamp must be within a tight window (e.g. ≤ 10 min) of the first write command; stale backup ⇒ ABORT.
  • Checksum: SHA256 recorded in the execution report; the dump file itself never uploaded to KB (contains prod data) and shredded at teardown (R11), sha-reference only.
  • Restore/backstop note: the backup is the disaster backstop only. Because the ledger is append-only (no casual deletes), the first-trial rollback policy is forward-compensation / no-delete (see §9); a full restore is the last-resort backstop, not the routine rollback.
  • Secret scrubbing: all logs/artefacts redacted; passwords never echoed; .env never read; dr.env-style throwaway not applicable (production uses the already-provisioned cutter_exec/cutter_verify credentials in /opt/incomex/docker/.env, which are not read or printed by this trial — the adapter loads them from env at runtime without logging).

5. Exact command sequence (PROPOSED — command-review only; NOT executed in this phase)

Cmd Action Guard before it
C-01 Preflight P-01…P-08 all P-gates PASS
C-02 Fresh read-only pg_dump + sha + freshness stamp P-01 prod-identity OK
C-03 Re-assert baseline B[12] (idempotent re-read) matches P-04 (no unexplained drift)
C-04 MARK the single TARGET_IU (cutter_exec / DOT-991) target count == 1
C-05 SWEEP (promote marked→review_pending; writes sweep_log) C-04 committed
C-06 REVIEW = approve (writes manifest_envelope/unit_block + review_decision) status review_pending
C-07 CUT (cutter_exec/DOT-991: dot_pair_signature exec row w/ cross_reference_change_set_id; cut_change_set; affected_row) status reviewed_approved; G-CUT-ONCE clean
C-08 VERIFY pass (cutter_verify/DOT-992: dot_pair_signature verifier row w/ cross_reference_verify_result_id; verify_result) status cut_applied
C-09 Post-count Δ vs B[12]; assert exact +15 matrix (§7); DOT lane/XOR check (§8) every cell exact
C-10 Forbidden-SQL scan (verbs only INSERT/SELECT/SET/UPDATE), secret-leak scan, identity re-confirm (sysid pre==post) all clean
C-11 Backup sha re-record; shred dump (R11); finalize redacted report net-zero except the intended +15

Each phase = one atomic transaction (write-path-design §3); guards + state machine enforced before any write; append-only (no DELETE/TRUNCATE/DDL).

6. Safety gates (abort conditions — ABORT ⇒ STOP, no improvise)

  • G-A1 target IU count != 1 → ABORT (no write).
  • G-A2 production identity unclear / sysid != 7611578671664259111 → ABORT.
  • G-A3 code commit != e93424b5ff7fa5e4b8406131977ce4339cd0856a or iu-cutter tree dirty → ABORT.
  • G-A4 expected baseline drift unexplained (C-03 ≠ P-04 without a documented benign cause) → ABORT.
  • G-A5 DOT lane mapping mismatch (SIGNATURE_LANE_REFERENCE_KIND ≠ {DOT-991→change_set, DOT-992→verify_result}) or dot_pair_signature_check absent → ABORT.
  • G-A6 any secret would be logged/printed → ABORT.
  • G-A7 any bulk/wildcard selector appears in the resolved command set → ABORT.
  • G-A8 privilege matrix not exactly the frozen set, or cutter_ro LOGIN, or grant_option≠0 → ABORT.
  • G-A9 post-Δ ≠ exact +15 matrix, or any forbidden SQL verb, or XOR/lane violation observed → STOP + rollback policy (§9).
  • G-A10 backup missing / stale / checksum unrecorded → ABORT before any write.

Any abort before C-04 = nothing written. Any stop at/after C-04 → §9 policy. A server 42501 is not expected here (correctly-privileged writers) — if seen, STOP.

7. Expected production row delta for one IU (EXACT, gating)

Table Δ
decision_backlog_entry +1
decision_backlog_history +5
decision_backlog_dependency +0
decision_backlog_sweep_log +1
manifest_envelope +1
manifest_unit_block +1
review_decision +1
dot_pair_signature +2
cut_change_set +1
cut_change_set_affected_row +1
verify_result +1
canonical_address_alias +0
TOTAL +15

Identical to the RERUN#4-validated verification-plan r3 baseline. Any single-cell deviation ⇒ G-A9 STOP. (Other production tables: Δ0 — this trial writes only the cutter_governance cut/verify family for one IU.)

8. DOT lane checks

  • DOT-991 (executor/CUT) signature row: cross_reference_change_set_id = the trial's cut_change_set.change_set_id; cross_reference_verify_result_id = NULL.
  • DOT-992 (verifier/VERIFY) signature row: cross_reference_verify_result_id = the trial's verify_result.verify_result_id; cross_reference_change_set_id = NULL.
  • Exactly one cross-reference column non-null per dot_pair_signature row (deployed dot_pair_signature_check XOR).
  • No swapped lane; no both-null; no both-non-null. Enforced pre-write by the centralised signature_cross_reference() (accepted e93424b) → LaneReferenceMismatch ⇒ STOP. Post-check at C-09 confirms the 2 rows structurally.

9. Rollback / forward-compensation policy (first trial — explicit for GPT review)

The ledger is append-only; audit rows (decision_backlog_history, signatures, change sets, verify results) are never casually deleted or truncated. Proposed first-trial policy:

  • Primary = forward compensation (no physical delete). If VERIFY fails or a post-condition is violated, use the existing forward-compensation path (compensating cut_change_set + escalation entry + verify_result outcome=fail), exactly as exercised by the dry-run force_fail scenario — no row removal.
  • No routine "rollback by delete". Deleting audit rows is forbidden.
  • Backup restore = last-resort disaster backstop only, used solely if the database is left structurally inconsistent in a way forward-compensation cannot express — a separately-authorized incident action, not the routine path.
  • Decision requested from GPT: confirm first-trial policy = forward-compensation, no-delete; backup-restore backstop reserved for disaster only (recommended), vs. no rollback at all for the first trial (accept the +15 as permanent audit even on a benign mismatch, investigate forward). This choice is left explicit and open for GPT — not self-decided.

10. Report (this command-review package)

  • Command count: 11 proposed commands (C-01 … C-11).
  • Safety gate count: 8 preflight gates (P-01…P-08) + 10 abort gates (G-A1…G-A10) = 18 gates.
  • Target IU selection rule: exactly one pinned tac_logical_unit primary key; non-critical; dependency=0; no prior cut; single unit block; no bulk/wildcard; count != 1 ⇒ ABORT.
  • Expected delta matrix: the §7 table, total +15, identical to RERUN#4-validated r3 baseline.
  • Execution still blocked: CONFIRMED. Nothing in this phase was executed. No production connection, write, secret read, deploy, or CUT/VERIFY occurred. All commands are proposals pending a separate GPT review + sovereign authorization.
  • Git: branch main · HEAD e93424b5ff7fa5e4b8406131977ce4339cd0856a · git status --short -- iu-cutter = clean (empty) — no code change, no commit this phase.
  • Hardcode control statement: no fixed IP/DSN/password/container/vector-collection introduced; production credentials are loaded by the adapter from existing env at runtime and never read/printed by this trial; the only literals are the mandated safety constants (prod sysid 7611578671664259111, accepted commit pin, exact role/lane names) which are auditable safety identifiers, not forbidden hardcodes. No STOP-class hardcode.
  • Metadata/label non-hardcode statement: no metadata or label registry schema; no label columns; no runtime label/metadata key hardcoding; SQL / deployed cutter_governance remains SSOT; JSONB carries no hidden authority (DOT lane↔reference mapping is the centralised schema-binding-tested map in accepted e93424b, unchanged); no vector/NoSQL.

Standing forbidden statement

All of the following remain forbidden without a separate explicit GPT review + sovereign authorization: production execution of any command above, production row write, production secret/.env read or print, deploy/restart, bulk cut, reclassification batch, schema migration, index DDL, JSONB normalization, label/metadata registry, vector/NoSQL integration, alias writes, iu-cutter source/test change, git commit, and any self-advance from this document to execution.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.4-production-trial/dot-iu-cutter-v0.4-first-controlled-production-cut-verify-command-review-2026-05-17.md