dot-iu-cutter v0.5 — First Constitution Snapshot CUT · Rollback / Restore Plan + Risk Assessment

doc 4 of 5 · review_design_only__no_execution · 2026-05-19

1. Rollback / restore plan (required item 6)

cut_plan_dry_run (recommended first step): NO rollback needed — zero mutation. Cleanup =
  shred $WD; KB outputs superseded-not-deleted in a new revision (audit-preserving).
production_cut (only if/when separately authorized): the store is APPEND-ONLY — db_adapter
  raises AppendOnlyViolation on DELETE/TRUNCATE. Therefore rollback is NOT physical deletion:
  R-pre   single atomic transaction: CUT writes all 60 IU + ledger + signature rows in ONE
          txn. Any in-txn failure ⇒ _rollback() ⇒ zero rows persisted (clean abort).
  R-post  if a fault is found AFTER commit: forward-compensation only —
          - write-once superseded_by_* stamp on the affected artefact rows
          - append a compensating decision_backlog_history transition (e.g. → abandoned /
            verify_failed_escalated) under the proper principal
          - the erroneous rows remain visible but marked superseded (audit invariant A-5)
  R-id    idempotency (G-CUT-ONCE) guarantees a re-attempt of the same manifest digest is a
          no-op, so a retry after a partial-but-rolled-back txn cannot double-insert.
  R-snap  source/snapshot is immutable & pinned (digest 9d908a62…); "restore" = re-derive the
          IU set from the pinned manifest, never hand-edit rows.
  no DB credentials/connection exist in this phase ⇒ no production rollback is exercisable here.

2. Risk assessment (required item 9)

R-A NO ratified CUT entrypoint (controlling): producing a runnable production command would
    be fabrication.  Likelihood: certain (verified).  Impact: high if ignored.
    Mitigation: package is review-only; production CUT declared BLOCKED; route GPT/User.
R-B premature production write without credential cycle / separate approval.
    Mitigation: C-7/C-8 fail-closed gates; cli.py refuses --production; db_adapter refuses
    production connect in v0.4. Residual: LOW (defense-in-depth).
R-C manifest/snapshot drift between MARK and CUT (digest ≠ 9d908a62…).
    Mitigation: C-3/C-4 rehash+redigest ABORT; manifest deterministically reproducible.
R-D Điều 44 leakage into the cut set.
    Mitigation: C-5 precheck + --exclude-dieu-44 contract flag + VR-2; enacted_only scope;
    Điều 44 already excluded in the pinned manifest (tier_2). Residual: LOW.
R-E cardinality drift (≠ 60 IU): partial cut / duplicate.
    Mitigation: single atomic txn, C-6/G-CUT-ONCE idempotency, VR-1/VR-6/VR-9. Residual: LOW.
R-F separation-of-duty violation (executor also verifies).
    Mitigation: distinct cutter_exec/cutter_verify principals + DOT-991/992 lanes; phases.py
    enforces; VERIFY refuses unless S_CUT_APPLIED. Residual: LOW (by design, once built).
R-G append-only breach / silent deletion on rollback.
    Mitigation: AppendOnlyViolation guard; forward-compensation only (R-post). Residual: LOW.
R-H scope creep (Directus/vector/git/deploy from a CUT).
    Mitigation: CUT writes governed PG only; downstream sync is a separate later phase;
    forbidden list enforced. Residual: LOW.
overall_risk_level_for_THIS_package: LOW — it is review/design only, zero execution, zero
  mutation. The HIGH-risk actions (production CUT) are explicitly BLOCKED and out of scope.
overall_risk_level_of_a_FUTURE_production_CUT: MEDIUM-HIGH — first irreversible (append-only)
  governed write; must be its own gated cycle with the credential build + separate approval.

3. Stop conditions (any ⇒ STOP, preserve evidence, route GPT/User)

- no ratified CUT entrypoint (current state) ⇒ no production command authored/run
- HEAD/branch/tree mismatch ; dryrun.py sha ≠ f1f42e83…
- manifest digest ≠ 9d908a62… OR candidate_count ≠ 60 OR file sha ≠ 7d56f3ce…
- Điều 44 present in candidates[] (must stay excluded)
- any DB/IU/Directus/vector/git mutation attempted in this review phase (CRITICAL)
- any request to deploy/restart/merge/push/tag, or to self-advance to CUT/VERIFY

doc 4 of 5. Nothing executed. Self-advance PROHIBITED.