dot-iu-cutter v0.5 — Constitution Source Seed FROM SNAPSHOT: Operations-First Framing

Phase: v0_5_constitution_source_document_seed_from_snapshot_authoring · Nature: DML_authoring_only__no_execution · Date: 2026-05-18 · doc 1 of 5

design_order: operations_first (current-operating-objectives-and-principles 2026-05-18 §3)
snapshot_pinned: TRUE (E1 re-run refimpl.r1 CLOSED_PASS — GPT closeout 2026-05-18)
version_identity_basis: pinned_snapshot_artifact_region_sha256  (NOT live page, NOT raw fetch)
B5: READY_FOR_E2_AUTHORING_FROM_SNAPSHOT ; B6: CLOSED ; SC3: CLOSED_BY_REFIMPL_R1
dml_executed: 0 ; rows_inserted: 0 ; dry_run: none ; cut: none ; verify: none
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

This is doc 1 of 5. It states the operator workflow and the deterministic resolution contract first. Schema/checksum/DML detail is derived in companion docs. This package supersedes the prior live-page restart package (v0.5-constitution-source-document-seed-authoring-restart/): the version identity is no longer a live-page fresh checksum (f9d22d05…, never persisted) — it is now the pinned, rehash-verified snapshot artifact produced by E1 re-run with refimpl.r1.

---

1. The operational goal this seed serves

The long-term target (operating-objectives §1, §4) is one small command:

Cắt Hiến pháp

→ MARK → REVIEW → CUT → VERIFY → STORE → REPORT, controlled gates, exception-only human attention, concise PASS/FAIL/BLOCKED.

For Cắt Hiến pháp to be unambiguous and reproducible, the system must answer six questions with zero human guesswork. This seed is the data that answers the first five and gates the sixth — and, crucially, it pins the answer to an immutable artifact, not a mutable web page:

operator_says: "Cắt Hiến pháp"
system_must_resolve_deterministically:
  1_which_source:    -> source_document_registry row              (identity, discovery URL, family, docprefix)
  2_which_version:   -> source_document_version_registry row       (content_checksum = SNAPSHOT region sha256)
  3_which_bytes:     -> the pinned snapshot artifact                (write-once, checksum-addressed path)
  3b_integrity:      -> rehash artifact BEGIN/END region == registered checksum
  4_which_parser:    -> parser_profile + refimpl.r1 (recorded in provenance; no live column)
  5_which_grammar:   -> via source_family -> grammar_profile         (LIVE: incomex-architecture-constitution-v4)
  6_which_scope:     -> enacted_only                                (source_family.status_policy LIVE; GPT R2)
  7_what_report:     -> PASS / FAIL / BLOCKED back to operator

2. The required pre-dry-run lookup chain (the contract this seed satisfies)

Before any Constitution dry-run/cut, the system performs exactly this resolution, in order, STOP on any miss. The decisive change from the prior live-page model is step 3:

pre_dry_run_lookup_chain:
  step_1 source_document:
    "Hiến pháp" -> exactly ONE source_document_registry row
    key: source_document_ref='incomex-constitution', address_docprefix='ICX-CONST'
    miss: 0 or >1 rows -> STOP E1 (ambiguous/absent anchor)
  step_2 source_document_version:
    that source_document_ref -> the authoritative source_document_version_registry row
    key: content_checksum (NOT NULL, UNIQUE per source_document_ref)
         = 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c
    miss: no version row -> STOP E2 (version not pinnable)
  step_3 snapshot_artifact (REPLACES live-fetch-recompute):
    read the pinned artifact at the checksum-addressed path
      knowledge/dev/laws/dieu44-trien-khai/snapshots/constitution/constitution-normalized-17660443e0f23e99.md
    revision MUST be 1 ; path MUST be exact
    miss: artifact absent / path or revision differ -> STOP E3a (snapshot unavailable)
  step_3b snapshot_rehash (THE identity gate now):
    sha256 over bytes strictly BETWEEN the sentinels
      <<<BEGIN-NORMALIZED-CONTENT-DO-NOT-EDIT  ...  END-NORMALIZED-CONTENT-DO-NOT-EDIT>>>
      (sentinels EXCLUDED, no trailing newline)
    MUST equal registered content_checksum 17660443… ; length MUST = 17522 ;
    marker counts MUST = enacted 19 / controlled_draft 1 / draft 1 / obsolete 1
    miss: any mismatch -> STOP E3b (snapshot integrity failure; do NOT cut)
  step_4 parser_profile / refimpl:
    provenance.parser_profile_ref = nuxt-incomex-portal-constitution-v1
    provenance.parser_reference_implementation = nuxt-incomex-portal-constitution-v1.refimpl.r1
    (LIVE schema has NO parser column -> recorded in provenance jsonb + this package; GPT R-PP1)
    miss: profile/refimpl absent or mismatch -> STOP E2-variant
  step_5 grammar_profile:
    source_family internal_incomex_constitution -> grammar_profile
      incomex-architecture-constitution-v4 (LIVE, derived via source_family, not a column)
    miss: unbound family -> STOP E4
  step_6 enacted_only_scope:
    source_family_registry.status_policy = enacted_only (LIVE) + GPT R2
    only ✅ enacted nodes cut-eligible; 📋 controlled_draft (Điều 44), 📝 draft, ⛔ obsolete excluded
    violation: a non-✅ node would be cut -> STOP E5 (fail-closed)

The seed in this package creates steps 1 and 2 as one atomic unit, binding step 2 to the snapshot artifact (step 3 anchor), recording the parser/refimpl provenance (step 4), and leaving a derivable grammar binding (step 5). Step 6 policy is unchanged and untouched.

3. Why snapshot-binding (not live-page) is the operations-correct identity

prior_model_problem:
  live page (Nuxt SSR) re-renders volatile -> raw fetch checksum unstable ->
  using a live recompute as the version-identity gate created an identity race
  (drift-triage + SC3 divergence). f9d22d05… was never safely persistable.
snapshot_model:
  identity = sha256 of the BEGIN/END region of a write-once, checksum-addressed
  artifact that was produced by the GPT-ratified refimpl.r1 and rehash-verified
  3/3 deterministic at capture (E1 re-run CLOSED_PASS).
operational_consequences:
  - "Cắt Hiến pháp" resolves to FIXED bytes; reproducible across sessions/operators
  - live URL keeps a real but DIFFERENT job: discovery + drift detection only
  - drift on the live page no longer blocks a cut; it proposes a NEW snapshot+version
    (separate gated phase), never a silent re-cut against shifting content
live_url_role: discovery_only   (recorded explicitly in provenance)

4. What the operator should see

normal_path:
  operator: "Cắt Hiến pháp"
  system:   source=ICX-CONST, version=<content_checksum 17660443…cae80c>,
            artifact=constitution-normalized-17660443e0f23e99.md (rev 1, rehash PASS),
            grammar=incomex-architecture-constitution-v4, scope=enacted_only
            -> gated cut -> "PASS: N IU cut, M deferred (📋/📝/⛔), 0 errors. Report: <KB link>."
  human_attention: none unless exception
exception_path:
  surface ONLY the exception + one-line reason + the safe default taken, e.g.
  "BLOCKED: snapshot rehash mismatch — cut withheld, snapshot integrity escalated" OR
  "NOTE: live Hiến pháp page drifted vs pinned snapshot — new snapshot proposed; current cut still uses pinned version".
technical_detail: always written to KB, never forced on the operator.

5. What is now unblocked vs still gated

now_unblocked_for_authoring (this package):
  - executable-for-review source_document + source_document_version seed DML
  - content_checksum = pinned SNAPSHOT region sha256 17660443…cae80c (len 17522, markers 19/1/1/1)
  - parser profile + refimpl.r1 + snapshot_* provenance recorded (R-PP1; no schema change)
still_gated (NOT in this package):
  - DML execution (gated: GPT command-review + sovereign authorization, separate phase)
  - first Constitution dry-run (gated on this seed executed + verified, B5)
  - promotion of 📋 controlled-draft Điều 44 into scope (GPT R3 — DEFERRED)
  - the cut/verify itself

6. Exceptions that MUST stop the workflow

STOP_conditions:
  E1 source_not_resolvable:   "Hiến pháp" -> 0 or >1 source_document rows -> STOP
  E2 version_not_pinnable:    content_checksum / recorded profile/refimpl absent -> STOP
  E3a snapshot_unavailable:   artifact path/revision missing or differs -> STOP
  E3b snapshot_integrity_fail: rehash != 17660443… OR len != 17522 OR markers != 19/1/1/1 -> STOP
  E4 grammar_unbound:         source_family has no resolvable grammar_profile -> STOP
  E5 scope_violation:         a non-✅ node would be cut under enacted_only -> STOP (fail-closed)
  E6 authority_insufficient:  source not authority_class=authoritative for node -> STOP
production_state_mismatch (governance):
  if PRE-checks find Constitution source_document/version rows already present
  (live facts say 0/0) -> STOP and report; do NOT upsert, do NOT assume.
note: live-page fresh checksum is NO LONGER a STOP gate for identity. Live drift is a
  discovery signal that proposes a new snapshot (separate phase), not a cut blocker.

7. Statement

• Operations-first framing precedes technical detail (QG7). The pre-dry-run lookup chain — source_document → source_document_version → snapshot_artifact → snapshot rehash → parser/refimpl provenance → grammar_profile → enacted_only — is the operational contract this seed satisfies, with snapshot rehash (not live-page recompute) as the identity gate (QG1, QG2). document_version_id rule unchanged (QG3). enacted_only scope and Điều 44 deferral preserved unchanged (QG6).
• No DML executed; no dry-run/cut/verify (QG5). doc 1 of 5; STOP after package → route GPT/User. Self-advance PROHIBITED.

Companion: DML-draft, rollback-draft, verification-plan, authoring-report.