dot-iu-cutter v0.4 — First Controlled Production CUT/VERIFY Trial — Readiness Addendum

Date: 2026-05-17 · Status: DOCUMENT-ONLY — NOTHING EXECUTED. Execution blocked. B1 = STOP (separate authorization requested). B2 = CLOSED. Parent package: …/v0.4-production-trial/dot-iu-cutter-v0.4-first-controlled-production-cut-verify-command-review-2026-05-17.md. GPT verdict on parent: command-review framework PASS; production execution NOT allowed now; sovereign execution prompt NOT allowed now; revision/addendum required before execution (B1 target not pinned; B2 rollback policy open). Accepted code commit (pinned, unchanged): e93424b5ff7fa5e4b8406131977ce4339cd0856a (branch main).

Hard boundary (unchanged): no production execution, no production row write, no production secret value printing, no deploy/restart, no bulk processing, no schema migration, no index DDL, no JSONB normalization, no label registry change, no vector/NoSQL, no alias writes, no self-advance to execution.

1. Target IU selection readiness

The selection framework is ready (parent §1): selector form = a single literally-pinned tac_logical_unit primary key; non-critical / dependency=0 / no prior cut_change_set / single unit block; no bulk/wildcard; count != 1 ⇒ ABORT (G-A1). What is not ready: the concrete target value, because pinning it requires reading production business data (the IU catalogue, its criticality classification, its dependency edges, and its cut history), which is outside the authorization currently in force.

2. Exact TARGET_IU primary key

NOT SELECTED. No TARGET_IU value is recorded in this document. None has been (or may be, under current authorization) chosen. No target is invented or guessed.

3. Additional read-only target-selection preflight — REQUIRED (STOP / authorization requested)

Selecting and evidencing the exact TARGET_IU requires a separate, explicitly-authorized, read-only production target-selection preflight. This addendum phase is document-only; the conditional "read-only target selection only if already authorized and safe under current scope" is not met — no prior phase authorized a production query to enumerate/classify/select a business information unit (all prior production access was strictly the dry-run pg_dump + system_identifier path, scoped to the isolated dry-run, never to business-data selection).

Therefore: STOP on B1. Requested next authorization (separate, document-bounded): a read-only target-selection preflight permitting, against production via the read-only path, only:

• a bounded read-only SELECT enumerating candidate non-critical tac_logical_unit units,
• read-only checks of each candidate's decision_backlog_dependency (=0), prior cut_change_set (none), and expected single-unit-block resolution,
• producing exactly one pinned TARGET_IU + the §4–§8 evidence,
• no writes, no secret read/print, no execution — output is a follow-up readiness document for GPT review.

Until that is separately authorized, B1 remains open and execution stays blocked.

4. Evidence target count = 1

PENDING — not asserted here. To be established by the authorized read-only target-selection preflight (parent gate P-05 / G-A1: resolves to exactly one tac_logical_unit row, else ABORT). No count is fabricated in this document.

5. Evidence target is non-critical / low blast radius

PENDING — not asserted here. To be established by the authorized read-only preflight (criticality classification + absence of downstream legal-authority dependents). Not asserted without data.

6. Evidence dependency = 0

PENDING — not asserted here. To be established by the authorized read-only preflight (read-only check: no inbound/outbound decision_backlog_dependency for the candidate). Not asserted without data.

7. Evidence no prior cut_change_set

PENDING — not asserted here. To be established by the authorized read-only preflight (read-only check: zero cut_change_set with decision_backlog_entry_id/IU linkage for the candidate → G-CUT-ONCE clean). Not asserted without data.

8. Evidence single-unit-block expected

PENDING — not asserted here. To be established by the authorized read-only preflight (canonicalization resolves the candidate to exactly one unit block → keeps the +15 delta exact). Not asserted without data.

§4–§8 are deliberately left as explicit PENDING rather than filled, to avoid inventing a target or fabricating evidence. They are precisely the outputs of the requested read-only target-selection preflight.

9. Finalized rollback policy (B2 — CLOSED per GPT)

• Rollback policy = forward-compensation / no-delete. The ledger is append-only; on VERIFY failure or a violated postcondition the reviewed forward-compensation / escalation path is used (compensating cut_change_set + escalation entry + verify_result outcome=fail), exactly as dry-run-validated.
• Backup restore = disaster backstop ONLY. Used solely if the database is left structurally inconsistent in a way forward-compensation cannot express — a separately-authorized incident action, never the routine path.
• Routine deletion of audit rows = FORBIDDEN. No DELETE/TRUNCATE of decision_backlog_history, signatures, change sets, verify results, or any audit row.
• On VERIFY fail or postcondition fail: STOP, preserve all audit rows, apply the reviewed forward-compensation/escalation path if applicable, and report honestly. No casual rollback, no self-advance.

B2 is now closed with this finalized policy (GPT decision adopted verbatim).

10. Final execution gate summary

Execution (a future, separately-authorized phase) is gated on ALL of:

• B2 CLOSED ✓ (rollback policy finalized, this addendum).
• B1 CLOSED ✗ — requires the separately-authorized read-only target-selection preflight to (a) pin exactly one TARGET_IU, (b) supply §4–§8 evidence, (c) be GPT-reviewed.
• Parent command-review gates intact: 8 preflight (P-01…P-08: prod identity 7611578671664259111, commit pin e93424b…0856a, role/privilege matrix, 12-table baseline, DOT-991/992, hardcode/no-label scan, SoD) + 10 abort (G-A1…G-A10) = 18 gates, plus B1/B2 = the 2 blocker preconditions.
• Backup + freshness + checksum + secret-scrubbing (parent §4); expected exact +15 delta (parent §7); DOT XOR/lane (parent §8).
• A separate GPT review of the completed B1 evidence and then a separate sovereign execution prompt.

11. Execution-blocked confirmation

Execution remains BLOCKED. Nothing was executed in this phase. No production connection, write, secret read/print, deploy, or CUT/VERIFY occurred. No target was selected or invented. Production execution stays forbidden until: B1 closed via the separately-authorized read-only target-selection preflight + its GPT review, then a separate sovereign execution prompt. No self-advance.

Git SSOT

• branch: main
• HEAD: e93424b5ff7fa5e4b8406131977ce4339cd0856a
• git status --short -- iu-cutter: clean (empty) — no code change, no commit this phase.

Hardcode / metadata-label control

No fixed IP/DSN/password/container/vector-collection introduced. No production secret value read or printed. No runtime label/metadata key hardcoding; no label/metadata registry schema; SQL / deployed cutter_governance remains SSOT; JSONB carries no hidden authority; no vector/NoSQL. The only literals are the mandated auditable safety constants (prod sysid, accepted-commit pin, exact role/lane names). No STOP-class hardcode/label issue.