KB-4690

dot-iu-cutter v0.5 — First Constitution Snapshot CUT · Command Contract + Write Statement (no runnable production command; doc 2 of 5)

5 min read Revision 1

dot-iu-cutterv0.5first-snapshot-cutcommand-contractwrite-statementartifact-only-dryrunno-executiondieu442026-05-19

dot-iu-cutter v0.5 — First Constitution Snapshot CUT · Command Contract + Write/Mutation Statement

doc 2 of 5 · review_design_only__no_execution · 2026-05-19

1. Proposed command (required item 2) — CONTRACT ONLY, NOT runnable today

A runnable production CUT command cannot honestly be written against committed afb7bfc (doc 1 §2: no ratified snapshot-manifest→CUT entrypoint; v0.4 skeleton refuses production). The package therefore specifies the contract the future, separately-ratified entrypoint must satisfy — and a safe artifact-only CUT dry-run as the recommended first reviewable step (parallel to mark-manifest-only).

1a. Recommended FIRST step — artifact-only CUT-plan dry-run (no DB; GPT-gated)

# CONTRACT for a future committed entrypoint — DO NOT RUN (entrypoint does not exist yet)
python3 -m cutter_agent.cutplan \
  --mode               cut-plan-only \
  --no-db-write --no-verify --fail-closed \
  --manifest           <accepted manifest.json> \
  --expect-manifest-digest 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f \
  --expect-candidate-count 60 \
  --source-version-id  icxconst-008a06ace23a96ea6cd456146e805c97 \
  --docprefix          ICX-CONST --scope enacted_only \
  --exclude-dieu-44 \
  --out-dir            "$WD/cutplan" \
  --emit               cut_plan.json,iu_rowset_preview.json,idempotency_keys.json,cut_plan_report.md
# net-zero: emits the exact 60-row IU set it WOULD insert; writes ZERO DB rows.

1b. Eventual production CUT — CONTRACT (requires separate approvals; not authored runnable)

entrypoint:        a future ratified module that consumes the PINNED manifest and drives
                   cutter_agent.phases.cut() under the cutter_exec principal / DOT-991 lane
preconditions_ALL_required_before_any_runnable_command_is_authored:
  - GPT/User ruling approving the CUT capability sub-phase
  - design → code-authoring → CI → commit of the snapshot-manifest→CUT entrypoint (gated,
    same discipline as the MARK entrypoint lineage)
  - cutter_exec / cutter_verify credential cycle built + GPT-reviewed (currently design-only)
  - explicit, separate production-DB-write authorization
mandatory_flags (contract): --manifest, --expect-manifest-digest 9d908a62…,
  --expect-candidate-count 60, --source-version-id icxconst-008a06…, --exclude-dieu-44,
  --idempotent, --fail-closed ; production credential supplied only at connect time

2. Expected mutations (required item 4)

cut_plan_dry_run (1a): ZERO mutations. Local artifact files only (cut_plan.json,
  iu_rowset_preview.json, idempotency_keys.json, cut_plan_report.md). No DB/IU/Directus/vector.
production_cut (1b, when eventually authorized) WOULD perform — append-only, one atomic txn:
  - INSERT 60 IU artefact rows (one per accepted candidate; address ICX-CONST/<path>;
    provenance.source_document_version_id = icxconst-008a06…; content/span hashes from manifest)
  - INSERT 1 cut_change_set row (ledger.write_cut_change_set; manifest_id + content_hash =
    pinned digest; executor_signature_id from DOT-991 lane; verifier_signature_id = NULL)
  - INSERT decision_backlog_history transition row(s) → state cut_applied (state_machine)
  - INSERT DOT-991 executor signature row(s)
  NO UPDATE-in-place except sanctioned write-once superseded_by_* stamps; NO DELETE/TRUNCATE
  (db_adapter raises AppendOnlyViolation). Điều 44 + 3 excluded rows: NO row created.

3. Does CUT write IU/DB/Directus/vector or only produce artifacts? (required item 5 — explicit)

cut_plan_dry_run (recommended first step): ARTIFACT-ONLY. Writes NO IU, NO DB, NO Directus,
  NO vector. Net-zero by construction (same isolation discipline as mark-manifest-only).
production_CUT (the real CUT): **WRITES.** It is NOT artifact-only. It INSERTs IU rows +
  ledger/governance/signature rows into the governed PostgreSQL store (append-only). It does
  NOT write Directus or vector directly in the CUT phase itself (downstream 5-layer sync is a
  later, separate concern). Because production CUT writes IU/DB, it is FORBIDDEN here and
  requires a separate explicit production-write approval + the ratified entrypoint + the
  credential cycle. None of those exist/are granted today ⇒ no production CUT in scope.

doc 2 of 5. Nothing executed. Self-advance PROHIBITED.