dot-iu-cutter v0.5 — Constitution Snapshot-source MARK Entrypoint: Command-Review Package

Phase: …_code_authoring · Nature: command_review_package_only__execution_separately_gated · Date: 2026-05-18 · doc 4 of 6

command_executed: false ; first_dryrun: NOT authorized by this phase
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

This is the artifact GPT/User reviews to decide whether the authored code may be applied and (separately) whether the first Constitution dry-run may be run.

---

1. Exact command (the GPT/task-specified contract — implemented)

python -m cutter_agent.dryrun \
  --mode mark-manifest-only \
  --no-db-write \
  --no-cut \
  --no-verify \
  --fail-closed \
  --source-version-id icxconst-008a06ace23a96ea6cd456146e805c97 \
  --snapshot-artifact <local path to a byte-exact copy of \
      knowledge/dev/laws/dieu44-trien-khai/snapshots/constitution/constitution-normalized-17660443e0f23e99.md> \
  --expect-region-sha 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c \
  --expect-length 17522 \
  --expect-markers 'enacted=19,controlled_draft=1,draft=1,obsolete=1' \
  --grammar-profile incomex-architecture-constitution-v4 \
  --parser-refimpl nuxt-incomex-portal-constitution-v1.refimpl.r1 \
  --scope enacted_only \
  --docprefix ICX-CONST \
  --out-dir <ephemeral scratch dir; results summarized to KB> \
  --emit manifest.json,review_evaluation.json,coverage_proof.json,determinism_digest.md,dryrun_report.md

status: IMPLEMENTED but NOT RUN as the first dry-run.
  Running this command over the real snapshot to emit the 5 KB artifacts IS the
  first Constitution dry-run -> requires a SEPARATE GPT/User authorization
  (this package is the input to that decision).

2. Preconditions a future authorized run must satisfy (PRE-gate)

PRE-1 code applied: cutter_agent/dryrun.py present at module_sha256
       f1f42e83ca23ba0b328f79cf04a8391ac699d1b307eb1b22b52c305f2efa1422
       (or a GPT-re-reviewed successor); no existing module modified
PRE-2 snapshot artifact byte-exact == KB pinned (region sha256 17660443…cae80c,
       length 17522, markers ✅19/📋1/📝1/⛔1); fetched read-only from KB
PRE-3 isolated environment: no PG_DSN/DATABASE_URL/DIRECTUS_URL/PGPASSWORD in env
       (the entrypoint refuses with exit 2 if any is set); no DB reachable needed
PRE-4 out-dir = ephemeral scratch (0700, not git-added); only a redacted summary
       + digests + report uploaded to the KB folder
       knowledge/dev/laws/dieu44-trien-khai/v0.5-constitution-first-dryrun/
PRE-5 source identity foundation still CLOSED (B1/B5/B6/SC3) per KB SSOT; no live
       DB SELECT required (KB-grounded)
PRE-6 GPT/User explicit authorization for the first dry-run execution (separate
       from approving this code)

3. Expected result of a future authorized run (from validated logic)

on_PASS (expected, per doc 3 in-memory evidence):
  exit 0 ; stdout JSON {status:PASS, candidate_count:60, excluded_count:4,
           manifest_digest_sha256:<deterministic>, production_touched:false,
           db_write:NONE}
  out-dir files: manifest.json (60 candidates: 15 NGUYEN_TAC + 3
           KIEN_TRUC_SECTION + 42 DIEU; 4 excluded: Đ44/Đ34/2×obsolete;
           69 noncontent), review_evaluation.json, coverage_proof.json,
           determinism_digest.md, dryrun_report.md
on_BLOCKED (any drift / unknown marker / overlap / orphan / malformed /
           non-determinism):
  exit 3 ; out-dir has ONLY dryrun_report.md with status:BLOCKED + reason ;
           no manifest ; partial output quarantined
on_REFUSED (wrong mode / missing --no-* flags / scope≠enacted_only / DB env set):
  exit 2 ; nothing parsed ; nothing written

4. Stop conditions / hard guarantees

- never writes any DB row (structural: stdlib-only import; AST-asserted)
- never CUT / VERIFY / fn_iu_create / Directus / vector / git
- ABORTS before parse on snapshot drift (rehash gate)
- fail-closed: BLOCKED is always preferred over a guessed PASS; no silent drop
  (coverage independently re-derived; reconstruction checked)
- artifact-only output to --out-dir; db_write=NONE in every report

5. What this package asks GPT/User to decide

ask:
  1 ACCEPT the authored no-DB-write entrypoint (doc 2 patch) as correct vs the
    ratified design + OD-G3
  2 RULE whether a later phase may APPLY + commit + (CI) the patch to the
    iu-cutter repo (git commit/deploy NOT done here; explicitly requested)
  3 RULE whether/when the FIRST Constitution dry-run may be executed (separate
    authorization; this package is its command-review input)
NOT asking for: permission already used. Nothing here authorizes self-advance.
explicitly_not_authorized_until_ruled:
  - applying/committing the patch to the real repo
  - the first Constitution dry-run execution
  - any CUT / VERIFY / production IU / DB write

6. Statement

• QG7 satisfied: exact command + preconditions + expected outcomes + stop conditions specified; the code IS the patch (doc 2), not a BLOCKED-only draft.
• Execution remains separately gated; nothing was run as the first dry-run.
• doc 4 of 6; STOP after 6 docs → route GPT/User. Self-advance PROHIBITED.

Companion docs: code-authoring-plan (1), code-diff-or-patch (2), test-plan-and-results (3), risk-and-rollback-note (5), code-authoring-report (6).