dot-iu-cutter v0.5 — Constitution First Dry-Run: Command Package

Phase: v0_5_constitution_first_dryrun_planning_and_command_review · Nature: command_review_authoring_only__NOTHING_EXECUTED · Date: 2026-05-18 · doc 3 of 5

status: BLOCKED — required safe dry-run command does NOT exist as a ratified entrypoint
nothing_executed: true ; every command below is PROPOSED / pseudo, requiring a separate
                   GPT ruling + sovereign authorization AND a missing-capability fix first
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

---

1. Command-path finding (QG3)

existing_command_surface (KB-grounded):
  v0.4 pg-backed dry-run command-review : an ISOLATED restored-prod-DB harness that
    exercises the role/privilege matrix + scenario battery using `cutter_agent`
    (phases.mark) over PRE-EXISTING tac_logical_unit rows. It does NOT ingest a
    source document.
  v0.4 first controlled CUT/VERIFY command-review : MARK→SWEEP→REVIEW→CUT→VERIFY on
    ONE already-existing pinned tac_logical_unit PK. Upstream of MARK it assumes
    the IU rows already exist.
  v0.5 full-document dry-run-at-volume plan : explicitly "no real Hiến pháp
    ingestion here"; volume source = synthetic / replay of restored corpus.
gap:
  The step that turns the PINNED NORMALIZED SNAPSHOT TEXT into a Constitution
  CUT MANIFEST against grammar_profile incomex-architecture-constitution-v4
  (refimpl.r1) — i.e. the actual "Cắt Hiến pháp" segmentation — is, per KB SSOT,
  "undesigned/unauthorized — upstream of the cutter" (scale-index-risk-note item 5),
  and the canonicalization/address-grammar design is DESIGN-ONLY ("no parser runs").
  Matcher detection internals = OD-MC1 deferred; leaf granularity = OD-G2 unruled.
conclusion:
  No existing CLI/entrypoint supports the exact safe Constitution snapshot-source
  dry-run path. Per QG3 this package CLEARLY REPORTS THE MISSING COMMAND rather
  than fabricating a runnable one.  STATUS = BLOCKED.

2. The REQUIRED dry-run command — exact specification (pseudo; not runnable today)

This is the precise contract the missing entrypoint MUST satisfy. It is a specification for GPT/User to rule on, not an authorized command.

# PSEUDO — NOT RUNNABLE; requires the missing entrypoint (§3) + separate authorization.
# Isolation env reuses the proven pattern (ephemeral postgres:16, no published port,
# DR-sysid ≠ 7611578671664259111 hard abort, iu-cutter mounted READ-ONLY at pinned
# commit, ephemeral psycopg3 harness, env-destruction teardown, prod read-only only).

python -m cutter_agent.dryrun \
  --mode               mark-manifest-only \
  --no-cut --no-verify --no-db-write \
  --source-version-id  icxconst-008a06ace23a96ea6cd456146e805c97 \
  --snapshot-artifact  knowledge/dev/laws/dieu44-trien-khai/snapshots/constitution/constitution-normalized-17660443e0f23e99.md \
  --expect-region-sha  17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c \
  --expect-length      17522 \
  --expect-markers     'enacted=19,controlled_draft=1,draft=1,obsolete=1' \
  --grammar-profile    incomex-architecture-constitution-v4 \
  --parser-refimpl     nuxt-incomex-portal-constitution-v1.refimpl.r1 \
  --scope              enacted_only \
  --exclude-markers    'controlled_draft,draft,obsolete' \
  --address-template   at.icx.const.v4 \
  --docprefix          ICX-CONST \
  --out-dir            $WD/manifest \
  --emit               manifest.json,review_eval.json,coverage_proof.json,determinism.digest \
  --fail-closed

2.1 Mandatory behaviour the command MUST enforce (gating)

B1 read source_document_version_id icxconst-008a06… and bind every manifest unit to it
B2 REHASH the snapshot BEGIN/END region BEFORE parsing; assert
   region_sha256 == 17660443…cae80c AND length == 17522 AND
   marker_counts == {✅19,📋1,📝1,⛔1}  ; any mismatch => ABORT (no parse, no output)
B3 parse using ONLY refimpl.r1 semantics for parser_profile
   nuxt-incomex-portal-constitution-v1 (R-RI3 N8: drop all empty lines) over the
   normalized snapshot content — NO live URL fetch (live = discovery_only)
B4 apply grammar_profile incomex-architecture-constitution-v4 (levels NGUYEN_TAC /
   KIEN_TRUC_SECTION / DIEU; address_template at.icx.const.v4; status NEVER in address)
B5 apply enacted_only: only ✅ spans become candidate IUs; 📋/📝/⛔ spans emitted
   as EXCLUDED rows with reason; ZERO silent drop (coverage must still close)
B6 write ONLY dry-run artifacts to $WD/manifest (files, §4); NO row in
   tac_logical_unit / cutter_governance.* / manifest_envelope / cut_change_set /
   verify_result / canonical_address_alias / any production or DR governance table
B7 NO CUT, NO VERIFY, NO fn_iu_create, NO production mutation, NO Directus/vector write
B8 fail-closed: any unrecognised marker / uncovered span / overlap / address
   collision / determinism mismatch => STOP with BLOCKED, partial output quarantined

3. The MISSING command / capability (what GPT/User must rule on)

missing_capability: cutter_agent snapshot-source MARK dry-run entrypoint
  ( e.g. `cutter_agent.dryrun --mode mark-manifest-only` )
why_missing:
  - no ratified code path ingests a normalized snapshot artifact + grammar profile
    and emits a cut manifest WITHOUT writing IU rows; MARK today presumes existing
    tac_logical_unit input or a restored-DB corpus
prerequisite_rulings (BLOCKING — none self-resolvable):
  M1 OD-MC1 : concrete matcher detection internals for mc.icx.nguyen_tac /
              mc.icx.kien_truc / mc.icx.dieu must be specified & ratified
  M2 OD-G2  : which grammar level is THE leaf-IU (Điều vs principle vs sub-bullet)
  M3 group-vs-row enacted rule: how ✅ at GROUP-header granularity (Nền tảng /
              Registry / Vận hành) maps to per-Điều enacted membership
  M4 a no-DB-write MARK dry-run mode must be designed + GPT-approved + code-pinned
     (commit pin, iu-cutter mounted read-only) BEFORE any execution command-review
  M5 isolation harness reuse confirmed (ephemeral pg, DR-sysid≠prod hard abort,
     env-destruction teardown) — pattern exists; binding to this mode does not
sequencing:
  ruling(M1,M2,M3) -> design+approve(M4) -> code+pin -> execution command-review
  -> (separate) authorized dry-run execution.  THIS phase is only the first link.

4. Allowed dry-run outputs (QG4)

primary_output_location (KB):
  knowledge/dev/laws/dieu44-trien-khai/v0.5-constitution-first-dryrun/
  files (when a future authorized run produces them):
    - …-manifest-2026-..md / .json        (candidate IU manifest)
    - …-review-evaluation-2026-..md       (coverage/no-overlap/vocab/hierarchy eval)
    - …-coverage-proof-2026-..md          (span reconciliation over the snapshot region)
    - …-determinism-digest-2026-..md      (manifest hash; re-run equality)
    - …-dryrun-report-2026-..md           (PASS/FAIL/BLOCKED + operator one-liner)
large_output_handling:
  if the manifest is too large for KB, write it to ephemeral local/throwaway
  scratch ($WD/manifest, 0700, never git-added, shredded at teardown) and upload
  ONLY a redacted summary + digests + the report to the KB folder above
forbidden_output_targets:
  - any production DB row (tac_logical_unit, cutter_governance.*, manifest_envelope,
    cut_change_set, cut_change_set_affected_row, verify_result,
    canonical_address_alias, dot_pair_signature, decision_backlog_*)
  - any DR/isolated governance table  (no approved isolated dry-run IU tables exist;
    DB writes are therefore FORBIDDEN — uncertainty resolves to "no DB write")
  - source_document_registry / source_document_version_registry (no mutation)
  - Directus, Qdrant/vector, NoSQL, git
db_write_policy: NONE. The dry-run is artifact-only. If any party later proposes a
  DB-backed dry-run table, that requires a SEPARATE design + GPT approval +
  rollback plan and is out of scope here (doc 4 §3).

5. Statement

• QG3 satisfied by clearly reporting the MISSING command and specifying the exact required command contract (§2) + prerequisite rulings (§3). No runnable command is asserted because none exists; nothing was executed.
• QG4 satisfied: allowed outputs are the …/v0.5-constitution-first-dryrun/ KB folder (or throwaway scratch + KB summary); all DB writes forbidden.
• STATUS = BLOCKED. doc 3 of 5; STOP after 5 docs → route GPT/User. Self-advance PROHIBITED.

Companion docs: operational-framing (1), readiness-and-scope (2), verification-and-cleanup-plan (4), planning-report (5).