dot-iu-cutter v0.5 — First Constitution Snapshot MARK Dry-run · Risk & Cleanup Plan

Phase: v0_5_constitution_first_snapshot_MARK_dryrun_command_review · Nature: risk_cleanup_design_only__no_execution · Date: 2026-05-18 · doc 4 of 5

---

1. Risk register

R-A wrong artifact set / large manifest:
  mitigation: 5 fixed-name files only; if manifest.json too large for KB upload, keep full
    manifest in shredded $WD evidence and upload a redacted summary + digests + dryrun_report.md.
  disposition if wrong: replace the KB output folder ONLY AFTER GPT/User approval; the prior
    revision is marked SUPERSEDED in a NEW revision, never silently deleted (audit-preserving).
R-B snapshot drift (region sha/len/marker != pinned):
  mitigation: snapshot_gate ABORTS before any parse (exit 3 BLOCKED, only dryrun_report.md).
  disposition: STOP; do NOT regenerate or hand-edit the fixture; route to GPT (re-pin question).
R-C guard REFUSED (exit 2): wrong mode / missing --no-* / scope!=enacted_only / DB env set.
  disposition: correct the COMMAND or unset the DB env; NEVER patch the code to bypass a guard.
R-D fail-closed BLOCKED (exit 3): unknown marker / overlap / uncovered line / orphan /
  malformed heading / duplicate address / non-deterministic re-run.
  disposition: preserve $WD + dryrun_report.md as evidence; STOP; route to GPT — do NOT
  "fix to green". BLOCKED is always preferred over a guessed PASS.
R-E count outside [55,78]:
  disposition: NOT an auto-fail and NOT an auto-pass — investigate against the manifest;
  route findings to GPT/User. The guardrail is a tripwire, not a target.
R-F accidental scope creep (any DB/CUT/VERIFY/Directus/git write):
  mitigation: impossible by construction (import-isolated stdlib-only; TestNoDbImportIsolation).
  disposition: if ever observed, treat as a CRITICAL incident, STOP, full report — not normal FAIL.
R-G git tree pollution: $WD is OUTSIDE the repo (mktemp -d, 0700); out-dir never inside the
  working tree ⇒ git status stays EMPTY. Verify post-run.

2. Cleanup (case A — the ONLY sanctioned case)

on PASS:
  - upload the 5 artifacts to KB knowledge/dev/laws/dieu44-trien-khai/
    v0.5-constitution-first-snapshot-mark-dryrun-output/  (operator step, AFTER approval to run)
  - shred scratch: rm -rf "$WD"  (or `shred` then rm) — $WD held only local artifacts, no secrets
  - confirm git status --porcelain EMPTY ; HEAD still afb7bfc ; main untouched
on BLOCKED/REFUSED:
  - keep $WD + dryrun_report.md as forensic evidence; upload report (+ redacted context) to KB;
    STOP and route to GPT/User. Do not retry with a mutated command/code without a ruling.
superseded outputs: never silently overwritten/deleted — mark SUPERSEDED in a new KB revision.
protected envs: N/A — the committed entrypoint uses NO docker/pg/harness (pure stdlib file IO);
  the heavyweight DR-sysid / isolated-pg harness from the OLD design pseudo is NOT needed for
  the committed code and is intentionally not invoked.

3. Rollback

production_rollback: NONE needed and NONE designed — the dry-run performs zero production
  mutation by construction (no DB module importable). Backup/forward-compensation belong to
  CUT/VERIFY phases, which are FORBIDDEN here.
code/git_rollback: NONE — no code change, no commit, no merge, no tag, no push in this phase.
artifact_rollback: delete/replace the KB output folder ONLY after explicit GPT/User approval.

4. Stop conditions (any ⇒ STOP, preserve logs, route GPT/User)

- HEAD != afb7bfcc9b7bbb953bb00159479c9611e6ac4bd1  OR  branch != feature/constitution-snapshot-mark-dryrun
- working tree not clean before run, or polluted after run
- cutter_agent/dryrun.py sha != f1f42e83…  OR  test sha != 454d9fc8…
- snapshot region rehash != 17660443… / 17522 / {enacted:19,controlled_draft:1,draft:1,obsolete:1}
- exit code 2 (REFUSED) or 3 (BLOCKED)
- candidate_count outside [55,78] (investigate, no auto-pass)
- any sign of DB/CUT/VERIFY/Directus/vector/git mutation (CRITICAL)
- any action that would require deploy/restart, merge to main, push/tag, or a first CUT

5. Forbidden in this phase (and in the proposed run)

- dry-run EXECUTION before GPT/User approval (this phase only AUTHORS the command)
- CUT · VERIFY · production IU creation · production DB write
- source_document / source_document_version mutation · schema change · Directus mutation
- deploy / restart · merge to main · push / tag / remote · self-advance to execution

doc 4 of 5. Nothing executed. Self-advance PROHIBITED.