dot-iu-cutter v0.5 — Constitution Snapshot-source MARK Entrypoint Design Report

Phase: v0_5_constitution_snapshot_source_MARK_dryrun_entrypoint_design · Nature: design_and_command_authoring_only · Date: 2026-05-18 · doc 5 of 5

nothing_executed: true ; no dry-run ; no parser run ; no CUT ; no VERIFY ;
  no production IU ; no DB write ; no source_document/source_version mutation ;
  no schema/GRANT/Directus/vector/deploy/git ; no live-page fetch ; no code change
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

---

1. Verdict

entrypoint_design_package: COMPLETE (5 docs) — design + command-authoring only
source_identity_foundation: READY  (R1..R8 CLOSED per closeouts — unchanged this phase)
missing_capability_design:  SUPPLIED (matcher internals, status cascade, manifest,
                            command contract, verification — all specified)
missing_capability_code:    STILL ABSENT (R9 — no no-DB-write entrypoint exists yet)
overall_status:             DESIGN_COMPLETE__CODE_AUTHORING_REQUIRED_NEXT

This package discharges the GPT next-phase directive: it specifies deterministic matchers for the normalized snapshot, fixes leaf segmentation at DIEU, defines the no-DB-write MARK contract, the artifact-only manifest spec, and the command-review inputs. It is not an authorization to build or run anything; no code was written and nothing was executed.

2. What this phase resolved (against GPT rulings to implement)

GPT_ruling_1 matcher internals before execution (OD-MC1 DESIGN_BEFORE_EXECUTION):
  -> RESOLVED: doc 2 §2 specifies deterministic internals + verbatim snapshot
     evidence + failure modes for mc.icx.zone_router, mc.icx.nguyen_tac,
     mc.icx.kien_truc_section, mc.icx.dieu, status_marker_detector,
     changelog_boundary_detector
GPT_ruling_2 leaf IU = DIEU (OD-G2):
  -> RESOLVED: DIEU is the segmentation floor; no descent into Khoản/Điểm/sub-bullets
GPT_ruling_3 group-header status inherits to child DIEU until next scope:
  -> RESOLVED: doc 2 §3 3-tier cascade (tier_1 group inheritance)
GPT_ruling_4 explicit DIEU marker overrides inherited group status:
  -> RESOLVED: tier_2 row marker; Điều 44 (group "Quản trị — ✅", explicit row 📋)
     deterministically resolves to controlled_draft -> EXCLUDED
GPT_ruling_5 Điều 44 excluded:
  -> RESOLVED: doc 2 §3.2 + doc 3 §1.3 + doc 4 V-7 (reason=controlled_draft_deferred)
required_matchers all defined: mc.icx.nguyen_tac, mc.icx.kien_truc_section,
  mc.icx.dieu, status_marker_detector, changelog_boundary_detector (+ prerequisite
  mc.icx.zone_router) — doc 2 §2

3. One residual decision routed to GPT/User (NOT self-resolved)

OD-G3 emit-levels: GPT OD-G2 names DIEU explicitly, but the ratified grammar profile
  sets leaf=true on ALL THREE levels and the planning readiness range [55,78] counts
  principles(15)+sections(3)+DIEU. Question: emit NGUYEN_TAC + KIEN_TRUC_SECTION as
  their own candidate IUs (recommended — matches ratified profile + the [55,78]
  range), or DIEU-catalog only? One-line micro-ruling; can be folded into the
  code-package review. Flagged per governance (never invent missing authority).

4. Quality-gate self-check

QG1 use pinned snapshot identity      : PASS — artifact 17660443e0f23e99 (rev1,
      write-once); region sha/length/marker census pinned; live URL = discovery_only;
      rehash gate precedes any parse (doc 1 §2, doc 4 C2/V-1/V-2)
QG2 leaf IU = DIEU                     : PASS — DIEU is the segmentation floor (doc 2 §4)
QG3 define matcher internals           : PASS — 6 deterministic matchers with verbatim
      snapshot evidence + failure modes (doc 2 §2/§5)
QG4 group-header status inheritance    : PASS — 3-tier cascade; explicit row override;
      Điều 44 EXCLUDED; no silent drop (doc 2 §3)
QG5 artifact-only manifest output      : PASS — manifest schema + ICX-CONST/<path>
      + allowed 5-file KB folder; ALL DB writes forbidden (doc 3, doc 4 §4)
QG6 do not execute dry-run             : PASS — nothing executed; no parser run; no
      DB SELECT; no code change; no SSH
QG7 recommend next phase clearly       : PASS — §5 recommends Option A (single rec)
QG8 stop after uploading 5 files       : PASS — exactly 5 docs; STOP → GPT/User

5. Implementation recommendation (task §8 — one recommendation)

options:
  A code authoring for the new no-DB-write snapshot-source MARK entrypoint
  B command-review (existing code can support it)
  C design revision (missing grammar detail remains)
assessment:
  B is NOT viable: KB SSOT (R9) is explicit that NO existing code path ingests a
    snapshot artifact and emits a manifest without writing IU rows; nothing to
    command-review.
  C is NOT required: OD-MC1 matcher internals, OD-G2 leaf floor, and the group-vs-row
    status cascade are now fully specified with snapshot evidence; the only residual
    is the one-line OD-G3 emit-levels micro-ruling, which does not require a design
    revision cycle (it is a single parameter the code package takes as a ruled input).

RECOMMENDATION: ===> OPTION A — code authoring for the new entrypoint <===
  Open `v0_5_constitution_snapshot_source_MARK_dryrun_entrypoint_code_authoring`
  (authoring only, no execution), using docs 1–4 as the frozen input specification:
    1 GPT confirms this design + rules OD-G3 (emit-levels) — recommended: emit all
      3 ratified levels, DIEU = floor
    2 author the `cutter_agent.dryrun --mode mark-manifest-only` no-DB-write code
      package (the 6 matchers, 3-tier status cascade, manifest emitter, fail-closed
      gates of doc 4 C1–C10) — code returned for GPT command-review, NOT run
    3 code-pin (commit, iu-cutter mounted read-only), isolation harness reuse confirmed
    4 execution command-review for the first Constitution dry-run
    5 (separately authorized) the dry-run execution itself
  git commit / code change is NOT authorized now; it is requested explicitly inside
  step 2's returned package.

6. What was grounded (KB SSOT, read-only)

read:
  - first-dryrun-planning GPT review & next phase (OD-MC1/OD-G2/group-vs-row rulings,
    entrypoint contract, still-forbidden list)
  - source-seed-from-snapshot production CLOSEOUT (B5 CLOSED; dry-run NOT authorized)
  - nuxt parser refimpl GPT ruling (refimpl.r1 RATIFIED; N8 = drop empty lines)
  - first-dryrun-planning package (5 docs: framing/readiness/command/verification/report)
  - constitution fixture grammar package (grounding, grammar-applicability, version plan)
  - current operating objectives & principles (operations-first; no self-advance)
  - the pinned normalized snapshot artifact 17660443e0f23e99 (full BEGIN/END region;
    structure, zones, marker placement analysed read-only)
no_live_DB_SELECT / no_live_code_read this phase: KB is SSOT; live re-confirm is a
  PRE-gate at any future run time (doc 4)

7. Explicit non-execution statement

• No dry-run executed. No parser run. No CUT. No VERIFY. No production IU. No source_document / source_document_version mutation. No DB write of any kind. No schema change. No GRANT/REVOKE. No Directus / vector / NoSQL mutation. No deploy/restart. No git commit. No code authored or changed. No live-page fetch. No live cutter_governance SELECT. No self-advance.
• Exactly 5 docs authored under knowledge/dev/laws/dieu44-trien-khai/v0.5-constitution-snapshot-source-mark-dryrun-entrypoint-design/.
• doc 5 of 5 — STOP. Route to GPT / User review. Self-advance PROHIBITED.

8. Approval request

asking_GPT_User_to:
  - accept this entrypoint design (docs 1–4) as the frozen input spec
  - rule OD-G3 (emit-levels): recommended = emit NGUYEN_TAC + KIEN_TRUC_SECTION + DIEU,
    DIEU = segmentation floor
  - approve OPTION A: open the no-DB-write entrypoint CODE-AUTHORING phase (authoring
    only; code returned for command-review; nothing executed)
NOT asking for: authorization to write code, run a parser, or execute a dry-run
  (premature — code does not exist; sovereign-gated)

Companion docs: operational-framing (1), matcher-and-status-design (2), manifest-contract (3), command-and-verification-plan (4).