dot-iu-cutter v0.4 — First Controlled Production CUT/VERIFY Trial — TARGET_IU Read-Only Selection Preflight

Date: 2026-05-17 · Status: READ-ONLY PREFLIGHT COMPLETE — TARGET_IU pinned. NOTHING WRITTEN. Execution still BLOCKED. Authorized scope: read-only production SELECTs only (GPT: read-only target-selection preflight allowed; production execution allowed now = false; sovereign execution prompt allowed now = false). Parent: command-review …-first-controlled-production-cut-verify-command-review-2026-05-17.md · readiness addendum …-readiness-addendum-2026-05-17.md (B2 CLOSED). Accepted code commit (pinned, unchanged): e93424b5ff7fa5e4b8406131977ce4339cd0856a (branch main).

1. Read-only scope confirmation

Only read-only SELECT statements were issued, via the sanctioned docker exec postgres psql -U workflow_admin -d directus path used for dry-run identity/backup. SQL was delivered as psql -f files (deleted after). No production row write, no CUT/VERIFY, no secret value read or printed, no deploy/restart, no schema/DDL/JSONB/label/vector change, no bulk/wildcard selector, no guessed target. Evidence recorded as ids/flags/counts only — unit textual body and identity_profile JSONB were not read or exposed (no content overexposure).

2. Production identity guard

select system_identifier from pg_control_system() → SYSID=7611578671664259111 == production. PASS (guard would ABORT on mismatch).

3. Query summary (no secret values)

• Schema introspection of public.tac_logical_unit (column names/types only).
• Global row-count of all cutter_governance cut/verify-family tables.
• Distribution of lifecycle_status / authority / canonical_address_format_version / tier / section_type across tac_logical_unit (86 rows).
• Bounded candidate enumeration (LIMIT 10) + a single deterministic pick (ORDER BY id ASC LIMIT 1).
• Linkage counts for the pinned id.

No row content, no secrets, no JSONB payloads selected. All temp SQL files removed from host and container.

4. Selected TARGET_IU primary key

TARGET_IU = 04e0c674-2a71-53b7-8d30-9c1a78d6fd17   (public.tac_logical_unit.id, uuid)
canonical_address = D38-DIEU28-S3-P1   (structural address; not content/secret)
doc_code = DIEU-28 · section_type = technical_spec · section_code = P1 · sort_order = 1

5. Candidate evidence — count = 1

select count(*) from public.tac_logical_unit where id='04e0c674-2a71-53b7-8d30-9c1a78d6fd17' → 1. Selector is a single literal primary key — no bulk, no wildcard, no range, no IN/LIKE. G-A1 (count != 1 ⇒ ABORT) would PASS.

Selection rule & deterministic tie-breaker: filter = lifecycle_status='draft_only' AND authority='draft' AND canonical_address_format_version='canonical-address-v1' AND tier='unit' AND leaf (no tac_logical_unit row has parent_id = candidate id). Qualifying pool = 22. Tie-breaker = ORDER BY id ASC LIMIT 1 (stable, deterministic on the uuid primary key). 04e0c674-… is the minimum uuid of that pool → uniquely, reproducibly selected. (Whole table is uniformly draft, so the discriminating safety axes are tier=unit + leaf + deterministic id.)

6. Lifecycle / authority / format_version evidence

For 04e0c674-…: lifecycle_status = draft_only · authority = draft (non-enacted) · canonical_address_format_version = canonical-address-v1 · tier = unit. (Table-wide: all 86 rows are draft_only / draft / canonical-address-v1 — the entire corpus is non-enacted draft; the chosen unit is squarely in the safest class.)

7. Dependency = 0 evidence

cutter_governance.decision_backlog_dependency global count = 0 → the target has no inbound and no outbound dependency edges (none exist anywhere). (The unit's doc-tree parent_id is a normal document hierarchy pointer, not a cutter dependency; child_count = 0 so nothing hangs off it either.)

8. No-prior-cut evidence

Global counts (production): cut_change_set = 0 · cut_change_set_affected_row = 0 · manifest_envelope = 0 · review_decision = 0 · decision_backlog_entry = 0 · canonical_address_alias = 0. The entire cutter_governance cut/verify family is empty in production; therefore the target provably has no prior cut_change_set, no cut_change_set_affected_row, and no pre-existing manifest/review rows. G-CUT-ONCE will be clean.

9. Single-unit-block expected evidence

tier = 'unit' (an explicit unit-level row, not section/root/container) and leaf (child_count = 0 — no tac_logical_unit has parent_id = target). A single leaf unit canonicalises to exactly one unit block, matching the dry-run single-unit fixture that produced the exact +15 / manifest_unit_block=+1 baseline.

10. Non-critical / low-blast-radius reason

• authority = draft (non-enacted) and lifecycle_status = draft_only — no enacted legal force; editing/cutting a draft unit does not perturb enacted law.
• Leaf unit (child_count = 0) — nothing in the doc tree depends on it as a parent; blast radius is the single row family.
• cutter_governance globally empty — zero pre-existing entanglement (no dependency/cut/manifest/review/alias anywhere); the trial is the first and only writer.
• Single-unit, single-block → bounded, exact +15 delta; no fan-out. Net: minimal, contained, reversible-by-forward-compensation blast radius.

11. Alias-write-not-required evidence

cutter_governance.canonical_address_alias global count = 0; v0.4 defers all alias writes (no alias writer in MARK→SWEEP→REVIEW→CUT→VERIFY). Expected canonical_address_alias delta = +0 for this trial. No alias write is required or in scope.

12. Final recommendation

RECOMMEND TARGET_IU = 04e0c674-2a71-53b7-8d30-9c1a78d6fd17 (canonical_address D38-DIEU28-S3-P1, DIEU-28) for the first controlled production CUT/VERIFY trial. All target-selection requirements met: count=1, draft_only, authority=draft, canonical-address-v1, tier=unit leaf, no prior cut/affected_row, dependency=0, no manifest/review, single-unit-block expected, no alias required, non-critical / low blast radius. Deterministic and reproducible (min-id of the 22-row safe pool). No STOP condition (a qualifying candidate exists; not selected by guess).

13. Execution-still-blocked statement

Execution remains BLOCKED. This phase performed read-only SELECTs only — no production write, CUT/VERIFY, secret read/print, deploy, or schema change. B1 is now satisfied (TARGET_IU pinned + evidenced); B2 was closed in the readiness addendum. Production execution still requires: a separate GPT review of this preflight + pinned target, then a separate sovereign execution prompt. No self-advance.

Git SSOT

• branch: main · HEAD: e93424b5ff7fa5e4b8406131977ce4339cd0856a · git status --short -- iu-cutter: clean (empty) — no code change, no commit this phase.

Hardcode / metadata

No hardcoded label/key; no schema change; SQL remains SSOT. The only literals are auditable safety constants (prod sysid, accepted-commit pin, the now-pinned TARGET_IU recorded for GPT review). No JSONB/label/vector change. No STOP-class hardcode/label issue.