Incomex AI Portal
KB-2C95

dot-iu-cutter v0.5 — Constitution source_document Seed Restart: Rollback/Compensation Draft (NOT executed)

6 min read Revision 1
dot-iu-cutterv0.5constitution-fixturesource-document-seed-restartrollbackcompensationno-cascadechild-firstnot-executeddieu442026-05-18

dot-iu-cutter v0.5 — Constitution source_document Seed Restart: Rollback / Compensation Draft

Phase: v0_5_constitution_source_document_seed_authoring_restart · Date: 2026-05-18 · doc 3 of 5

nature: ROLLBACK DRAFT — NOT executed ; dml: none run ; dry_run: none
applies_to: the future, separately-gated execution of the doc-2 atomic seed
method: exact inverse, child-before-parent, single tx, NO CASCADE
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

Authored complete (QG7) so the future execution phase is mechanical. Becomes live only after GPT command-review + sovereign execution authorization. Method follows the C-07 / v0.3 / WS-Q5 lesson: catalog/identity assertions, never rendered-string equality.

1. Exact rollback target (the doc-2 seed delta)

seed_delta:
  +1 cutter_governance.source_document_registry
       source_document_ref='incomex-constitution', address_docprefix='ICX-CONST'
  +1 cutter_governance.source_document_version_registry
       source_document_ref='incomex-constitution'
       content_checksum='f9d22d0571fa296cbc8e308c46acde93804ffcfb4a19a2e7f55dabd8657d1689'
       document_version_id='icxconst-f4ce1f63bd768838f26b4f0ccdb615e4'  (deterministic; verify before delete)
fk: source_document_version_registry.source_document_ref
    -> source_document_registry.source_document_ref  (fk_sdvr_source_document)
    => child (version) MUST be deleted BEFORE parent (document)

2. Preconditions before any rollback (ALL must hold)

RB-P1 exact identity match:
  source_document_registry: source_document_ref='incomex-constitution'
    AND address_docprefix='ICX-CONST' AND registered_by='constitution-source-seed'
  source_document_version_registry: source_document_ref='incomex-constitution'
    AND content_checksum='f9d22d05…d1689'
    AND document_version_id='icxconst-f4ce1f63bd768838f26b4f0ccdb615e4'
    AND registered_by='constitution-source-seed'
RB-P2 NO downstream references to either row:
  - no IU / iu_provenance rows bound to this document_version_id
  - no manifest_envelope / manifest_unit_block / cut artifact referencing it
  - no OTHER source_document_version row for 'incomex-constitution'
RB-P3 row counts are exactly the seed delta (+1 doc, +1 version), no extras
  (else: production-state mismatch -> STOP and report, do NOT delete)

3. Rollback path A — clean DELETE (preferred; only if RB-P1..P3 ALL hold)

-- NOT EXECUTED. Exact inverse of the doc-2 seed. Child first, then parent.
\set ON_ERROR_STOP on
BEGIN;

DELETE FROM cutter_governance.source_document_version_registry
 WHERE source_document_ref = 'incomex-constitution'
   AND content_checksum    = 'f9d22d0571fa296cbc8e308c46acde93804ffcfb4a19a2e7f55dabd8657d1689'
   AND document_version_id = 'icxconst-f4ce1f63bd768838f26b4f0ccdb615e4'
   AND registered_by       = 'constitution-source-seed';
-- expect: DELETE 1

DELETE FROM cutter_governance.source_document_registry
 WHERE source_document_ref = 'incomex-constitution'
   AND address_docprefix   = 'ICX-CONST'
   AND registered_by       = 'constitution-source-seed';
-- expect: DELETE 1

COMMIT;
-- expect: DELETE 1 ; DELETE 1 ; COMMIT  -> registry back to 0 / 0

4. Rollback path B — compensation (ONLY if RB-P2 fails: downstream refs exist)

condition: downstream references exist -> a clean DELETE would break referential/audit integrity
action: do NOT DELETE. Instead lifecycle-retire the parent (schema supports it):
  UPDATE cutter_governance.source_document_registry
     SET lifecycle='deprecated'
   WHERE source_document_ref='incomex-constitution'
     AND address_docprefix='ICX-CONST';
version_row: source_document_version_registry has NO lifecycle column live ->
  it cannot be lifecycle-retired. version_status MAY be set to a non-cut value
  (e.g. 'void') and provenance->>'rollback_note' recorded — ONLY if GPT approves
  at command-review. Path B is NOT clean rollback.
gate: Path B requires an explicit GPT ruling at command-review (open item RB-B).
escalation: if downstream refs exist AND Path B is not pre-approved ->
  STOP_AND_ESCALATE to GPT/User; take no compensating write.

5. Method constraints

- no CASCADE, no TRUNCATE, no DROP
- single transaction, child-before-parent, ON_ERROR_STOP armed
- no GRANT/REVOKE, no schema change, no Directus mutation, no index DDL
- identity match on (source_document_ref, content_checksum, document_version_id,
  registered_by) — never on a rendered/observed string
- if any DELETE affects != 1 row -> ABORT the transaction (ROLLBACK), report mismatch

6. Statement

  • Exact inverse rollback (Path A clean DELETE, child-before-parent, no CASCADE) + compensation Path B (lifecycle-deprecate parent; version_status void only with GPT approval) authored complete (QG7). Nothing executed (QG4).
  • doc 3 of 5; STOP after package → route GPT/User. Self-advance PROHIBITED.

Companion: operational-framing, DML-draft, verification-plan, report.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.5-constitution-source-document-seed-authoring-restart/dot-iu-cutter-v0.5-constitution-source-document-seed-restart-rollback-draft-2026-05-18.sql.md