dot-iu-cutter v0.5 — Constitution CUT Command Review · Rollback/Compensation Plan + Risk Report

doc 5 of 6 · review_design_only__no_execution · 2026-05-19. Designed, not exercised.

1. Rollback / compensation plan (requirement)

this_review_package: NOTHING to roll back — zero mutation (KB docs only). Cleanup of any
  read-only scratch = none created. KB outputs are superseded-not-deleted in new revisions.
cut_plan_dry_run (future, gated): NO rollback needed — artifact-only, net-zero by
  construction. Cleanup = shred $WD; KB report superseded-not-deleted (audit-preserving).
production_CUT (future, only if separately authorized) — store is APPEND-ONLY
  (db_adapter raises AppendOnlyViolation on DELETE/TRUNCATE), so "rollback" is NEVER
  physical deletion:
  R-pre  single atomic transaction: all 60 information_unit + cut_change_set +
         manifest_envelope/unit_block + DOT-991 signature + history rows in ONE txn. Any
         in-txn failure ⇒ _rollback() ⇒ zero rows persisted (clean abort, no partial CUT).
  R-post a fault found AFTER commit ⇒ forward-compensation ONLY:
         - write-once superseded_by_* stamp on the affected artefact rows
         - append a compensating decision_backlog_history transition (→ abandoned /
           verify_failed_escalated) under the proper principal
         - birth an escalation entry (phases.verify(force_fail=True) shape); erroneous
           rows remain visible but marked superseded (audit invariant A-5)
  R-id   G-CUT-ONCE makes a retry of the same manifest digest a no-op ⇒ a retry after a
         partial-but-rolled-back txn cannot double-insert the 60 IU.
  R-snap source/snapshot is immutable & pinned (digest 9d908a62…); "restore" = re-derive
         the IU set from the pinned manifest, never hand-edit rows.
  note   no DB credential/connection exists in this phase ⇒ no production rollback is
         exercisable here (and none is needed — nothing was written).

2. Risk report (requirement)

R-A no ratified CUT entrypoint / no information_unit writer (CONTROLLING):
    likelihood certain (verified read-only); impact high if a command were fabricated.
    mitigation: package is review-only; production CUT declared BLOCKED_WITH_EXACT_GAP;
    minimal gated unblock sequence U-1..U-6 (doc 3). Residual for THIS package: LOW.
R-B premature production write without the credential cycle / separate approval.
    mitigation: C-7/C-8/C-9 fail-closed; cli.py refuses --production; db_adapter refuses
    production connect; DeferredSigning raises. Residual: LOW (defense-in-depth).
R-C manifest/snapshot drift between MARK and CUT (digest ≠ 9d908a62…).
    mitigation: N-1 C-3/C-4 regen+rehash+redigest ABORT; manifest deterministically
    reproducible (re_run_equal:true). Residual: LOW.
R-D Điều 44 / draft / obsolete leakage into the cut set (N-3).
    mitigation: C-5 + --exclude-dieu-44 + VR-2; already excluded in the pinned manifest
    (tier_2). Residual: LOW.
R-E cardinality drift (≠ 60 IU) / partial / duplicate.
    mitigation: single atomic txn, C-6/G-CUT-ONCE, VR-1/VR-6/VR-9. Residual: LOW (once built).
R-F separation-of-duty violation (executor also verifies).
    mitigation: distinct cutter_exec/cutter_verify + DOT-991/992; phases enforces; VERIFY
    refuses unless cut_applied. Residual: LOW by design (once the credential cycle is built).
R-G append-only breach / silent deletion on rollback.
    mitigation: AppendOnlyViolation guard; forward-compensation only. Residual: LOW.
R-H IU schema-binding error (manifest candidate → information_unit column mapping,
    incl. N-2 IU-vs-container for NGUYEN_TAC/KIEN_TRUC_SECTION).
    mitigation: GAP-3 is an explicit gated design sub-phase (U-4) with its own
    command-review + CI before any commit; VR-4/VR-6 verify reconstruction stays closed.
    Residual until U-4: this is the principal unbuilt design risk — MEDIUM (deferred,
    not yet exercised).
R-I scope creep (Directus/vector/git/deploy from a CUT).
    mitigation: CUT writes governed PG only; downstream 5-layer sync is a separate later
    phase; forbidden list enforced. Residual: LOW.
overall_risk_of_THIS_package: LOW — review/design only, zero execution, zero mutation;
  the HIGH-risk actions are explicitly BLOCKED and out of scope.
overall_risk_of_a_FUTURE_production_CUT: MEDIUM-HIGH — first irreversible (append-only)
  governed write; must be its own gated cycle (entrypoint+IU-writer build, credential
  cycle, substrate/GRANT confirmation, separate write approval).

3. Stop conditions (any ⇒ STOP, preserve evidence, route GPT/User)

- no ratified CUT entrypoint / no information_unit writer (CURRENT) ⇒ no production command
- S2 cutplan still uncommitted / no GPT commit-gate ruling ⇒ no cut-plan dry-run execution
- HEAD/branch/tree mismatch ; dryrun.py sha ≠ f1f42e83…
- manifest digest ≠ 9d908a62… OR file sha ≠ 7d56f3ce… OR candidate_count ≠ 60
- Điều 44 (or any of the 4 excluded) present in candidates[]
- any DB/IU/Directus/vector/git mutation attempted in this review phase (CRITICAL)
- any request to deploy/restart/merge/push/tag or to self-advance to CUT/VERIFY
- KB read or upload failure ⇒ STOP_AND_ESCALATE (do not proceed on assumption)

doc 5 of 6. Nothing executed. Self-advance PROHIBITED.