KB-3520
dot-iu-cutter v0.5 — First Snapshot CUT-plan Dry-run · Validation Rules + Failure Modes (fail-closed) (S1; doc 3 of 5)
4 min read Revision 1
dot-iu-cutterv0.5cut-plan-dryruns1validation-rulesfailure-modesfail-closeddieu442026-05-19
dot-iu-cutter v0.5 — First Snapshot CUT-plan Dry-run · Validation Rules + Failure Modes
doc 3 of 5 ·
review_design_only__no_execution__no_code· 2026-05-19 · sub-phase S1
1. Validation rules (required item 5) — all fail-closed
| ID | Rule | Pass criterion | On fail |
|---|---|---|---|
| VAL-1 | manifest digest match | recomputed manifest_digest == 9d908a62…dd324f |
exit 3 BLOCKED |
| VAL-1b | manifest file sha | file sha256 == 7d56f3ce…012179 (84157 B) |
exit 3 BLOCKED |
| VAL-2 | candidate_count | exactly 60 (NGUYEN_TAC 15 + KIEN_TRUC_SECTION 3 + DIEU 42) |
exit 3 BLOCKED |
| VAL-3 | Điều 44 excluded | Điều 44 NOT in candidates[]; present in excluded[] with reason controlled_draft_deferred, status_basis tier_2_explicit_row_marker; excluded_count==4 |
exit 3 BLOCKED |
| VAL-4 | no duplicate IU address | all 60 canonical_address (ICX-CONST/<path>) unique; status never in address |
exit 3 BLOCKED |
| VAL-5 | no overlap | no two candidates' source_span line ranges overlap (no double-cut) | exit 3 BLOCKED |
| VAL-6 | deterministic rerun equality | build the plan twice in-process; cut_plan_digest_sha256 identical ⇒ re_run_equal: true |
exit 3 BLOCKED |
| VAL-7 | reconstruction_ok remains true | manifest's coverage_proof.reconstruction_ok == true is re-asserted; candidate∪excluded∪noncontent still covers every region line |
exit 3 BLOCKED |
| VAL-8 | provenance binding | 100% of preview IU/rows carry source_document_version_id == icxconst-008a06… and the pinned snapshot_region_sha256 / manifest digest |
exit 3 BLOCKED |
| VAL-9 | idempotency-key integrity | 60 OD-1 keys, all distinct, deterministic, label-independent | exit 3 BLOCKED |
verdict_rule:
PASS iff exit 0 ∧ VAL-1..VAL-9 all PASS ∧ artifacts written ∧ db_write NONE
BLOCKED if exit 3 — any VAL fails / digest|count|Điều44 drift / nondeterministic / overlap;
only dryrun_report.md (status BLOCKED) is written; never a guessed PASS
REFUSED if exit 2 — wrong mode / missing --no-* / scope!=enacted_only / DB env set
2. Failure modes and fail-closed behavior (required item 7)
F-A manifest drift (digest/file-sha/count ≠ pinned): the upstream MARK manifest changed or
was regenerated wrong. ⇒ exit 3 BLOCKED. Do NOT hand-edit the manifest; STOP; route GPT
(re-pin question). Determinism means a correct regen always reproduces 9d908a62….
F-B Điều 44 leakage (in candidates[], or excluded_count≠4): ⇒ exit 3 BLOCKED. CRITICAL —
Điều 44 must never enter the plan. STOP; route GPT.
F-C duplicate address / span overlap: structural defect in the plan derivation ⇒ exit 3
BLOCKED. Preserve artifacts as evidence; STOP. Never dedupe-to-green.
F-D non-deterministic rerun (cut_plan_digest differs build-to-build): ⇒ exit 3 BLOCKED.
Indicates non-canonical ordering/serialization; STOP; fix spec, never the symptom.
F-E guard REFUSED (exit 2): wrong mode / missing --no-* / scope / DB env set. ⇒ correct the
COMMAND or unset the env; NEVER patch the entrypoint to bypass a guard.
F-F any DB/IU/Directus/vector/network touch: impossible by construction (import isolation);
if ever observed ⇒ CRITICAL incident, STOP, full report — not a normal FAIL.
F-G out-dir inside the repo / git tree polluted: $WD must be mktemp -d 0700 OUTSIDE the repo;
verify `git status --porcelain` EMPTY post-run.
global_rule: BLOCKED is ALWAYS preferred over a guessed PASS. No fix-to-green. Preserve
$WD + dryrun_report.md as forensic evidence; STOP; route GPT/User.
doc 3 of 5. Nothing executed. Self-advance PROHIBITED.