dot-iu-cutter v0.5 — Constitution Snapshot-source MARK Entrypoint: Risk & Rollback Note

Phase: …_code_authoring · Nature: risk_and_rollback_note__no_execution · Date: 2026-05-18 · doc 5 of 6

production_surface_added: NONE ; patch_applied_to_real_repo: false
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

---

1. Risk assessment

#	Risk	Severity	Mitigation (in the authored code)
R1	code path writes to a production DB	CRITICAL	structurally impossible: module imports only stdlib; never imports db_adapter/phases/ledger/signal/psycopg/socket; AST-asserted in test; db_write=NONE in every report
R2	accidental CUT/VERIFY/fn_iu_create	CRITICAL	no ledger/runtime import; only mode mark-manifest-only; --no-cut/--no-verify/--no-db-write mandatory else exit 2
R3	parses a drifted / wrong snapshot	HIGH	rehash gate ABORTS before any parse unless region sha==17660443…cae80c & len==17522 & markers=={✅19,📋1,📝1,⛔1}
R4	silent drop / mis-segmentation	HIGH	independent coverage proof (unit set ⟂ structural set, union==all lines); reconstruction_ok; fail-closed on overlap/gap/orphan/unknown-marker/malformed
R5	non-deterministic manifest	MED	digest excludes timestamps/RNG; re-run equality enforced (FailClosed on mismatch)
R6	Đ44 leaks as a candidate	HIGH	tier_2 explicit 📋 row marker overrides tier_1 group ✅ → controlled_draft → EXCLUDED with reason (unit-tested)
R7	regression to ratified v0.4 skeleton	LOW	patch is PURE ADDITION — 0 existing files modified; cli.py/phases.py untouched
R8	secret/credential exposure	MED	no .env/DSN/credential read; refuses if PG_DSN/DATABASE_URL/DIRECTUS_URL/PGPASSWORD set; no secrets in artifacts
R9	zone-header constants mis-transcribed	MED	constants byte-verified against the pinned region; zone_router fail-closes if any zone header not present exactly once / out of order
R10	fixture (snapshot copy) drift in tests	LOW	test fixture is byte-exact (sha reproduces 17660443…cae80c); gate would BLOCK any drift; fixture-shipping decision deferred to apply phase

residual_risk_after_mitigation: LOW. The only material residual is correctness of
  segmentation over the FULL real snapshot, which the GPT-gated first dry-run (not
  this phase) is designed to confirm with the emitted coverage/determinism proofs.

2. Rollback / cleanup

this_phase (code authoring):
  real_repo_working_tree: NEVER MODIFIED -> nothing to roll back
  scratch /tmp/iucut-scratch: SHREDDED (rm -rf) after tests -> no residue
  KB: 6 command-review docs added (intended deliverables; a superseded revision
      is marked SUPERSEDED, never silently deleted)
  rollback action required: NONE (no mutation occurred anywhere)
future_apply_phase (only if separately authorized):
  apply = drop 2 NEW files (cutter_agent/dryrun.py, tests/test_dryrun_snapshot_mark.py)
  rollback = delete those 2 files; ZERO impact on existing modules (additive);
             no DB/schema/Directus change exists to compensate
future_first_dryrun (only if separately authorized):
  artifact-only; no production mutation by construction -> no production rollback
  needed or designed; cleanup = shred ephemeral out-dir, keep KB summary

3. Why no production rollback is designed

- the entrypoint has ZERO production surface: no DB connection, no CUT/VERIFY,
  no registry/Directus/vector write. A net-zero-by-construction tool needs no
  forward-compensation or backup-restore path (those belong to CUT/VERIFY, which
  are FORBIDDEN here and not implemented in this module).

4. Statement

• Risk is LOW and structurally contained; rollback for this phase is N/A (no mutation); future apply rollback is a trivial 2-file delete (additive patch).
• doc 5 of 6; STOP after 6 docs → route GPT/User. Self-advance PROHIBITED.

Companion docs: code-authoring-plan (1), code-diff-or-patch (2), test-plan-and-results (3), command-review-package (4), code-authoring-report (6).