dot-iu-cutter v0.5 — Constitution CUT Command Review · CUT Readiness Investigation

doc 2 of 6 · review_design_only__no_execution · 2026-05-19 Read-only investigation of committed code, uncommitted S2, and live production schema. Nothing mutated. Repo inspected at branch feature/constitution-snapshot-mark-dryrun @ HEAD afb7bfcc9b7bbb953bb00159479c9611e6ac4bd1, working tree (only 2 untracked S2 files).

1. Committed code capability (afb7bfc) — verified live, read-only

Two disjoint code worlds exist in the committed tree (corroborates the prior first-snapshot-cut-command-review capability assessment, now re-verified from source):

A_MARK_entrypoint  cutter_agent/dryrun.py (sha256 f1f42e83…2efa1422, committed):
  - MARK-only; mode != mark-manifest-only ⇒ exit 2. Import-isolated, stdlib-only.
  - Does NOT import db_adapter/phases/ledger/signal ⇒ cannot open DB, cannot write a row,
    cannot CUT/VERIFY by construction. PRODUCED the accepted manifest 9d908a62….
B_v0.4_generic_skeleton  cli.py + cutter_agent/{phases,ledger,db_adapter,state_machine,
  signal,signing,idempotency,canonicalization}.py (committed):
  - cli.py: dry-run ONLY; `--production` ⇒ _refuse_production() exit 2
    ("production mode is NOT authorized in the v0.4 code-authoring cycle … requires the
    cutter_exec/cutter_verify credential cycle + GPT review + explicit sovereign prompt").
  - phases.CutterRuntime: a generic MARK→sweep→REVIEW→CUT→VERIFY pipeline over a
    `LocalSignal` JSON + `InMemoryDryRunAdapter`. `cut(entry_id)` consumes a pipeline
    entry_id and a `manifest_envelope` produced by StubCanonicalization during REVIEW —
    it does **NOT** consume the accepted snapshot manifest.json, has no manifest-digest
    gate, no 60-cardinality invariant, no --exclude-dieu-44, no source_document_version
    provenance binding.
  - signing.py: `StubSigning` (non-cryptographic placeholder) / `DeferredSigning` RAISES;
    "NO production key, NO secret, NO .env access … deferred HIGH-risk workstream".
  - ledger.LedgerWriter writes: decision_backlog_entry/history/dependency/sweep_log,
    manifest_envelope, manifest_unit_block, review_decision, cut_change_set,
    cut_change_set_affected_row, dot_pair_signature, verify_result.
    It has **NO `information_unit` writer at all.**
  - idempotency.py: OD-1 key = sha256(canonical_json(signal_source_id, iu_ref,
    proposed_cut_spec)); it is **signal-shaped**, not (source_version, canonical_address,
    content_hash)-shaped — it does not key per-IU-per-manifest-candidate.
C_S2_cutplan  cutter_agent/cutplan.py + tests/test_cutplan_snapshot.py:
  - **UNTRACKED / NOT committed** (git status: `?? cutter_agent/cutplan.py`,
    `?? tests/test_cutplan_snapshot.py`; HEAD afb7bfc unchanged).
  - No-DB **cut-plan PREVIEW** entrypoint only (artifact-only; never inserts a row).
  - Targeted suite 15/15 GREEN; pending a GPT/User **commit-gate ruling** (R1/R2/R3).
    No such GPT ruling exists in KB `reviews/` as of 2026-05-19.

2. Transaction / idempotency / rollback / verification model (committed design)

transaction_model: each phase = ONE atomic transaction (write-path-design §3); ledger never
  opens its own txn — the calling phase owns it. Status CAS (OD-SM-1, no advisory lock) +
  mandatory same-txn decision_backlog_history row (audit invariant A-5). S5 cut_in_progress
  is conceptual, never persisted (OD-SM-2).
append_only: db_adapter raises AppendOnlyViolation on DELETE/TRUNCATE; lineage via prior_*
  pointers + write-once superseded_by_* stamp; no in-place overwrite.
idempotency (CUT): phases.cut() enforces G-CUT-ONCE (a second cut_change_set for the same
  entry raises) and G-CUT-APPROVED / G-CUT-DEPS. BUT this is keyed on the pipeline entry,
  NOT on the manifest digest / per-candidate IU identity required for a 60-row snapshot CUT.
rollback: single-txn abort ⇒ zero rows; post-commit ⇒ forward-compensation only
  (superseded_by_* stamp + compensating history transition + escalation entry); no physical
  delete. (phases.verify(force_fail=True) demonstrates the forward-compensation shape.)
separation_of_duty: MARK/REVIEW/CUT under cutter_exec / DOT-991; VERIFY under cutter_verify
  / DOT-992 (distinct principals/lanes) — designed in phases.py but the real principals,
  credentials and cryptographic signing are DEFERRED/not built.

3. Live production schema — read-only probe (4 DBs: directus, workflow, incomex_metadata, postgres)

Probed via the read-only Incomex VPS PG role (information_schema only). Findings:

information_unit:  PRESENT — directus.public.information_unit (19 columns):
  id uuid PK · canonical_address text NOT NULL · unit_kind text NOT NULL ·
  lifecycle_status text NOT NULL · content_anchor_ref text · version_anchor_ref uuid ·
  owner_ref text NOT NULL · parent_or_container_ref uuid · conformance_status text NOT NULL ·
  identity_profile jsonb NOT NULL · created_at/by · updated_at/by · deleted_at ·
  sort_order int · doc_code text · section_type text · section_code text
governed_ledger_tables (manifest_envelope, manifest_unit_block, cut_change_set,
  cut_change_set_affected_row, dot_pair_signature, verify_result, decision_backlog_*,
  review_decision): NOT VISIBLE to the read-only role in any of the 4 databases'
  inspectable schemas (only unrelated `context_pack_manifest` matched the manifest pattern).
source_document / source_document_version: NOT VISIBLE to the read-only role under those
  names (the B5 source-seed production-closeout asserts the source_document +
  source_document_version icxconst-008a06… rows are live; this read-only role/path could
  not confirm them — privilege-scoped visibility, NOT proof of absence).

Interpretation (stated precisely — privilege-scoped, not absolute):

- The CUT target IU table (`information_unit`) EXISTS in production with a concrete schema
  (canonical_address / unit_kind / lifecycle_status / identity_profile / version_anchor_ref
  / parent_or_container_ref / conformance_status / doc_code / section_type / section_code).
- The committed CUT code (ledger.py / phases.py) has NO writer that maps manifest
  candidates → this `information_unit` schema. The two are unbound.
- The governed append-only ledger/governance/signature substrate the committed CUT design
  writes to is NOT confirmed present/accessible by read-only inspection ⇒ substrate
  presence + GRANTs for the cutter_exec principal is itself an unresolved CUT precheck
  (a schema-binding + substrate gate), not a green precondition.

4. Investigation conclusion (feeds doc 3)

cut_capability_today: ABSENT for the pinned snapshot manifest. Specifically:
  - no committed entrypoint consumes manifest 9d908a62… and writes governed rows;
  - the no-DB cut-plan PREVIEW entrypoint (S2 cutplan.py) is uncommitted + pending a
    GPT commit-gate ruling;
  - the committed generic CUT (phases.cut) is signal-pipeline-shaped, has no
    information_unit writer, no manifest-digest/60-cardinality/Điều-44 binding, and
    refuses production (cli + db_adapter + DeferredSigning);
  - the production credential cycle (cutter_exec/cutter_verify, DOT-991/992 real
    signing) is design-only/not built; no separate production-write approval exists;
  - the production governed-ledger substrate + cutter_exec GRANTs are not confirmed
    by read-only inspection.
⇒ a runnable production CUT command CANNOT be honestly authored (doc 3, doc 6).

doc 2 of 6. Read-only only. Nothing executed/mutated. Self-advance PROHIBITED.