dot-iu-cutter v0.4 — NEXT-PHASE ROUTING NOTE (post first controlled production CUT/VERIFY trial)

Date: 2026-05-17 · Status: ROUTING NOTE ONLY — nothing executed, no code change, no commit, no production write. Phase verdict: GPT-PASS of the first controlled production CUT/VERIFY trial; closeout + post-execution backup verification = PASS. Accepted code commit (validated, unchanged): e93424b5ff7fa5e4b8406131977ce4339cd0856a (branch main).

1. Where we are

First controlled production CUT/VERIFY trial COMPLETE — SUCCESS_LIVE, one IU, exact +15 append-only governance rows, DOT lane verified, no rollback, production identity stable, backup restore-tested PASS, protected envs untouched. The v0.4 cutter-agent runtime (MARK→SWEEP→REVIEW→CUT→VERIFY) is now proven once against production for a single non-critical draft IU.

2. Carry-forward constraints (HARD — each needs its own GPT review + sovereign prompt)

• No bulk before index strategy. The validated path is correct but the deployed cutter_governance is unindexed for production-scale lookup/scan volume. Index-only DDL design + GPT review is a prerequisite to any bulk/multi-IU run. No index DDL performed or authorized.
• No large-scale labeling / reclassification before label/metadata registry design. No label/metadata registry schema exists or is authorized. SQL / deployed cutter_governance remains the single source of truth; JSONB carries no hidden authority. Large-scale labeling/reclassification is blocked on a separate label/metadata registry design → GPT review.
• Vector / NoSQL remains projection / search only. Not an authority store; no vector/NoSQL in the cut/verify write path. Unchanged.
• Second IU requires a separate GPT review + sovereign prompt. The single-trial PASS does NOT authorize a second IU. A second IU is a new authorization (its own target preflight, command-review confirmation, sovereign prompt).
• Bulk / scale requires a separate design (design → GPT review → command-review → sovereign prompt), gated behind the index strategy and (for labeling) the label/metadata registry design.

3. Explicitly NOT authorized now (self-advance PROHIBITED)

Second IU · bulk cut · reclassification batch · deploy/restart · schema migration · index DDL · JSONB normalization · label/metadata registry creation/change · vector/NoSQL integration · canonical_address_alias writes · iu-cutter source/test change · git commit · touching protected prior dry-run envs · docker prune/wildcard cleanup · any self-advance beyond this routing note.

4. Candidate next routes (proposal only — NOT authorized; pick one via separate GPT review)

1. Index-only DDL design for cutter_governance (prerequisite for any scale) — design → GPT review (no DDL until separately authorized).
2. Label / metadata registry design (prerequisite for large-scale labeling/reclassification) — design → GPT review.
3. Second single-IU controlled trial — only if the program wants more single-IU production evidence before scale; requires a fresh target preflight + command-review confirmation + sovereign prompt.

No route is self-selected. Next concrete step = GPT review of this closeout package (handoff status · backup verification · production state inventory · this routing note), then an explicit decision on the route.

5. Git / hardcode / metadata

• branch main · HEAD e93424b5ff7fa5e4b8406131977ce4339cd0856a · git status --short -- iu-cutter = clean (0 lines); no code change, no commit this phase.
• No fixed IP/DSN/password/container/vector-collection. No runtime label/key hardcoding. No schema change. SQL / deployed cutter_governance remains SSOT. No vector/NoSQL. No STOP-class hardcode/label issue.