dot-iu-cutter v0.5 — Constitution CUT Command Review · Pre-execution Checks + Verification Plan

doc 4 of 6 · review_design_only__no_execution · 2026-05-19 Designed, not executed. Applies to a future CUT-class command once GAP-1..GAP-5 (doc 3) are separately resolved. Any failed check ⇒ STOP, upload BLOCKED report, route GPT/User. Never patch code to pass a guard; never "fix to green".

1. Pre-execution checks — fail-closed (requirement 2)

C-0  CAPABILITY GATE (controlling): a ratified, committed, sha-pinned, CI-green
     snapshot-manifest→CUT entrypoint exists (incl. the information_unit writer).
     TODAY: FAILS (GAP-1/GAP-3) ⇒ production CUT BLOCKED; only the contract is reviewable.
C-0b S2 cut-plan entrypoint committed (cutplan.py sha 548eabc5…, test 06e871e7…) on the
     feature branch, after a GPT commit-gate ruling. TODAY: FAILS (GAP-2, uncommitted).
C-1  repo/branch/HEAD: branch feature/constitution-snapshot-mark-dryrun ∧ HEAD ==
     afb7bfcc9b7bbb953bb00159479c9611e6ac4bd1 (or the future ratified CUT-entrypoint
     commit) ∧ `git status --porcelain` reflects only the expected, ratified files.
C-2  MARK entrypoint identity: cutter_agent/dryrun.py sha256 == f1f42e83…2efa1422.
C-3  N-1 FULL MANIFEST GATE: regenerate manifest.json deterministically (pinned MARK
     command, re_run_equal:true) into ephemeral $WD; assert
     sha256(file)==7d56f3ce…012179 ∧ recomputed manifest_digest==9d908a62…dd324f.
     Mismatch ⇒ ABORT (snapshot/manifest drift).
C-4  snapshot region rehash == 17660443…cae80c / length 17522 /
     {enacted:19,controlled_draft:1,draft:1,obsolete:1} (re-assert source identity).
C-5  Điều 44 exclusion present: manifest excluded[] contains Điều 44 (UOSL controlled_draft,
     tier_2_explicit_row_marker, reason controlled_draft_deferred); Điều 44 + the other 3
     excluded rows are NOT in candidates[]; excluded_count == 4; candidate_count == 60.
C-6  idempotency / G-CUT-ONCE: no prior cut_change_set or IU rowset exists for manifest
     digest 9d908a62… (a second CUT of the same digest must be a no-op, never duplicate).
C-7  schema/substrate gate (production only): the governed-ledger substrate +
     information_unit are present and the cutter_exec principal holds exactly the required
     INSERT GRANTs (no UPDATE/DELETE/TRUNCATE). TODAY: substrate not confirmed by read-only
     inspection ⇒ FAILS for production until resolved (GAP-3/GAP-4).
C-8  credential/principal (production only): cutter_exec principal + DOT-991 lane present;
     separation-of-duty enforced; post-connect `SELECT current_user` == bound principal;
     cutter_ro never used for writes. TODAY: credential cycle NOT built ⇒ FAILS.
C-9  explicit separate production-DB-write approval on record. TODAY: ABSENT ⇒ FAILS.
C-10 out-dir (dry-run): $WD = mktemp -d, mode 0700, OUTSIDE the git repo; empty/new;
     no DB env var set (PG_DSN/DATABASE_URL/DIRECTUS_URL/libpq-pw/PGHOST/PGUSER) ⇒ else
     the entrypoint must exit 2 REFUSED.

2. VERIFY plan after a production CUT (requirement: verification after CUT)

VERIFY is a separate, separately-gated phase (cutter_verify principal / DOT-992 lane — never the executor; phases.verify() requires status == cut_applied, writes an append-only verify_result; verifier_signature_id lives on verify_result, never back-filled — OD-6). Designed here, not executed.

VR-1  cardinality: exactly 60 information_unit rows for manifest digest 9d908a62…
      == candidate_count (NGUYEN_TAC 15 + KIEN_TRUC_SECTION 3 + DIEU 42).
VR-2  no excluded leakage: ZERO IU mapping to Điều 44 or the other 3 excluded rows.
VR-3  provenance binding: 100% of created IU carry version_anchor_ref →
      source_document_version icxconst-008a06… and bind the pinned snapshot_region_sha256
      / manifest digest 9d908a62….
VR-4  address integrity: every IU canonical_address == ICX-CONST/<path>, unique, status
      never encoded in the address (N-4: addresses are the manifest's, not renumbered).
VR-5  content fidelity: each IU content/span hash == the manifest candidate span_sha256.
VR-6  coverage parity: created-IU set ≡ manifest candidates[] (no extra, none missing);
      reconstruction stays closed (229+10+69=308) given the N-2 level mapping.
VR-7  ledger chain: cut_change_set.content_hash == pinned digest; DOT-991 executor
      signature valid; decision_backlog_history transition → cut_applied consistent;
      verify_result chained.
VR-8  append-only: zero DELETE/TRUNCATE; only sanctioned write-once superseded_by_* stamps.
VR-9  idempotency: a re-CUT of the same digest produced no new rows (G-CUT-ONCE held).
VR-10 determinism: the IU rowset is byte-equivalently re-derivable from the pinned manifest.
verdict_rule:
  VERIFIED_COMPLETE iff VR-1..VR-10 all PASS.
  any VR fail ⇒ VERIFY_FAILED_ESCALATED ⇒ STOP + forward-compensation (doc 5);
  never silent row deletion, never fix-to-green.

3. This-phase verification (what was actually checked here, read-only)

- KB read confirmed (search_knowledge/batch_read/list_documents) before work.
- KB upload confirmed (doc 1 created revision 1) before authoring the rest.
- Repo state verified read-only: HEAD afb7bfc, 2 untracked S2 files, no tracked diffs.
- Live schema probed read-only: information_unit present; governed-ledger tables +
  source_document_version not visible to the read-only role (privilege-scoped).
- Zero mutation performed (no DB write, no CUT, no VERIFY, no code/commit).

doc 4 of 6. Nothing executed. Self-advance PROHIBITED.