dot-iu-cutter v0.5 — Constitution CUT Command Review · Gap Report + Command Contract

doc 3 of 6 · review_design_only__no_execution · 2026-05-19 Outcome: BLOCKED_WITH_EXACT_GAP. A runnable production CUT command is NOT authored (authoring one would be fabrication against a non-existent entrypoint). This doc states the exact missing capability and the minimal, separately-gated unblock sequence.

1. Exact gap (evidence-grounded; see doc 2)

GAP-1 (controlling) no committed snapshot-manifest→CUT entrypoint:
  dryrun.py = MARK-only/import-isolated (cannot write); the v0.4 generic phases.cut() does
  not consume manifest 9d908a62… and refuses production. No committed module turns the
  accepted manifest into governed rows.
GAP-2 cut-plan PREVIEW entrypoint uncommitted + ungated:
  cutter_agent/cutplan.py + tests/test_cutplan_snapshot.py exist UNTRACKED (15/15 targeted
  GREEN) but are NOT committed and are pending a GPT/User commit-gate ruling (S2 escalation
  R1/R2/R3). No GPT ruling exists in KB reviews/. Even the safe no-DB first step is not yet
  ratified into the tree.
GAP-3 no information_unit writer / schema binding:
  ledger.py writes manifest/ledger/signature families but has NO `information_unit` insert.
  The live directus.public.information_unit schema (canonical_address/unit_kind/
  lifecycle_status/identity_profile/version_anchor_ref/parent_or_container_ref/
  conformance_status/doc_code/section_type/section_code) has no committed mapping from the
  60 manifest candidates. The CUT objective ("persist 60 canonical IU rows") has no
  implementing writer. (This also subsumes N-2: the IU-vs-container level decision is an
  input to this missing writer's design.)
GAP-4 production credential cycle / real signing not built:
  signing.py is Stub/Deferred ("no production key/secret in v0.4"); DeferredSigning raises;
  cli + db_adapter refuse production. cutter_exec/cutter_verify principals, DOT-991/992
  real signing, and the governed-ledger substrate GRANTs are design-only / unconfirmed.
GAP-5 no separate explicit production-DB-write authorization on record.
conclusion: production CUT = BLOCKED (missing-capability). Net effect identical in spirit
  to the MARK-lineage "R9" framing: the honest move is to declare the gap, not fabricate a
  command with flags against an entrypoint that does not exist.

2. CUT command — CONTRACT ONLY (NOT runnable today)

A production CUT command is WITHHELD (cannot be honestly written — GAP-1/3/4/5). The recommended first reviewable step remains the artifact-only cut-plan dry-run, whose entrypoint must first be committed via the gated S2 path:

# CONTRACT — requires the committed S2 cutplan entrypoint. DO NOT RUN (uncommitted today).
cd /Users/nmhuyen/iu-cutter-build/repo/iu-cutter      # branch feature/constitution-snapshot-mark-dryrun
WD="$(mktemp -d /tmp/icx-const-cutplan.XXXXXX)"; chmod 700 "$WD"   # OUTSIDE the repo
# step 0: regenerate the full manifest deterministically (N-1) into $WD/manifest.json
#         then assert sha256==7d56f3ce…012179 AND digest==9d908a62…dd324f  (else ABORT)
python3 -m cutter_agent.cutplan \
  --mode cut-plan-only --no-db-write --no-cut --no-verify --fail-closed \
  --manifest "$WD/manifest.json" \
  --expect-manifest-digest    9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f \
  --expect-manifest-file-sha  7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179 \
  --expect-candidate-count    60 \
  --source-version-id         icxconst-008a06ace23a96ea6cd456146e805c97 \
  --docprefix ICX-CONST --scope enacted_only --exclude-dieu-44 \
  --out-dir "$WD/cutplan" \
  --emit cut_plan.json,write_set_preview.jsonl,iu_mapping_preview.json,idempotency_keys_preview.json,dryrun_report.md
# net-zero: emits the 60-row IU set + ledger rows it WOULD insert; writes ZERO DB rows.

eventual_production_CUT (CONTRACT — needs ALL of: ratified manifest→CUT+IU-writer entrypoint
  · cutter_exec/cutter_verify credential cycle · substrate GRANTs · separate production-write
  approval):
  mandatory_flags: --manifest, --expect-manifest-digest 9d908a62…, --expect-manifest-file-sha
    7d56f3ce…, --expect-candidate-count 60, --source-version-id icxconst-008a06…,
    --exclude-dieu-44, --idempotent, --fail-closed ; production credential at connect-time only
  would_write (append-only, one atomic txn): 60 information_unit rows (one per candidate;
    canonical_address ICX-CONST/<path>; unit_kind ∈ {nguyen_tac,kien_truc_section,dieu};
    version_anchor_ref → source_document_version icxconst-008a06…; parent_or_container_ref
    linkage preserving reconstruction) + 1 cut_change_set + manifest_envelope/unit_block(60)
    + DOT-991 executor signature + decision_backlog_history → cut_applied. Điều 44 + 3
    excluded rows: ZERO rows. NO UPDATE-in-place except write-once superseded_by_*; NO
    DELETE/TRUNCATE.

3. Minimal unblock sequence (each step a SEPARATE GPT/User gate — no self-advance)

U-1  GPT/User commit-gate ruling on S2 (R1 ratify targeted-suite gate + commit the 2
     untracked files as-is, tracking the pre-existing security-test heuristic vs
     dryrun.py/cutplan.py DB-env guard token as a SEPARATE remediation; R2 remediate-first;
     R3 other). Recommended by S2E evidence: R1 (consistent with the MARK afb7bfc precedent).
U-2  (after U-1=R1) commit cutplan.py (sha 548eabc5…) + test_cutplan_snapshot.py
     (sha 06e871e7…) to the feature branch ONLY (no merge/push/tag/deploy).
U-3  separate command-review → GPT/User execution approval for the FIRST cut-plan dry-run
     (mirrors the MARK first-dry-run gate); N-1 manifest regen+sha-verify is its C-3 gate.
U-4  design → author → CI → commit the snapshot-manifest→CUT entrypoint INCLUDING the
     information_unit writer + schema binding (resolves GAP-3 / rules N-2 IU-vs-container);
     mirror the ratified MARK entrypoint lineage; feature branch only.
U-5  cutter_exec/cutter_verify credential cycle build + GPT review + governed-ledger
     substrate/GRANT confirmation (resolves GAP-4).
U-6  production CUT command-review + a separate explicit production-DB-write approval
     (resolves GAP-5). Only then is a runnable production CUT command authorable.

4. Why BLOCKED and not a green command (honesty statement)

- Fabricating `python3 -m <module> --flags …` against an entrypoint that is not committed
  (or does not exist) is the exact failure the MARK command-package explicitly forbade
  ("OMITTED ON PURPOSE … would crash"). The honest deliverable is the contract + the exact
  gap + the minimal gated unblock path — not a runnable command.
- Nothing here authorizes U-1..U-6; each is its own GPT/User-gated phase.

doc 3 of 6. Nothing executed. Self-advance PROHIBITED.