KB-3A98
dot-iu-cutter v0.5 — Constitution Source Seed FROM SNAPSHOT: Rollback/Compensation Draft (child-first, no CASCADE; NOT executed)
6 min read Revision 1
dot-iu-cutterv0.5constitution-fixturesource-seed-from-snapshotrollbackcompensationno-cascadechild-firstsnapshot-bound-identitynot-executeddieu442026-05-18
dot-iu-cutter v0.5 — Constitution Source Seed FROM SNAPSHOT: Rollback / Compensation Draft
Phase:
v0_5_constitution_source_document_seed_from_snapshot_authoring· Date: 2026-05-18 · doc 3 of 5nature: ROLLBACK DRAFT — NOT executed ; dml: none run ; dry_run: none applies_to: the future, separately-gated execution of the doc-2 atomic snapshot-bound seed method: exact inverse, child-before-parent, single tx, NO CASCADE decision_authority: GPT / User ONLY ; self_advance: PROHIBITED
Authored complete (QG6) so the future execution phase is mechanical. Becomes live only after GPT command-review + sovereign execution authorization. Identity/catalog assertions only — never rendered-string equality (C-07 / v0.3 / WS-Q5 lesson).
1. Exact rollback target (the doc-2 seed delta)
seed_delta:
+1 cutter_governance.source_document_registry
source_document_ref='incomex-constitution', address_docprefix='ICX-CONST'
+1 cutter_governance.source_document_version_registry
source_document_ref='incomex-constitution'
content_checksum='17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c'
document_version_id='icxconst-008a06ace23a96ea6cd456146e805c97' (deterministic; verify before delete)
fk: source_document_version_registry.source_document_ref
-> source_document_registry.source_document_ref (fk_sdvr_source_document)
=> child (version) MUST be deleted BEFORE parent (document)
note: the pinned SNAPSHOT artifact is NOT a rollback target. It is a write-once
KB artifact (E1 CLOSED_PASS); rollback NEVER deletes or mutates it.
2. Preconditions before any rollback (ALL must hold)
RB-P1 exact identity match:
source_document_registry: source_document_ref='incomex-constitution'
AND address_docprefix='ICX-CONST' AND registered_by='constitution-source-seed'
source_document_version_registry: source_document_ref='incomex-constitution'
AND content_checksum='17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c'
AND document_version_id='icxconst-008a06ace23a96ea6cd456146e805c97'
AND registered_by='constitution-source-seed'
RB-P2 NO downstream references to either row:
- no IU / iu_provenance rows bound to this document_version_id
- no manifest_envelope / manifest_unit_block / cut artifact referencing it
- no OTHER source_document_version row for 'incomex-constitution'
RB-P3 row counts are exactly the seed delta (+1 doc, +1 version), no extras
(else: production-state mismatch -> STOP and report, do NOT delete)
3. Rollback path A — clean DELETE (preferred; only if RB-P1..P3 ALL hold)
-- NOT EXECUTED. Exact inverse of the doc-2 seed. Child first, then parent.
\set ON_ERROR_STOP on
BEGIN;
DELETE FROM cutter_governance.source_document_version_registry
WHERE source_document_ref = 'incomex-constitution'
AND content_checksum = '17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c'
AND document_version_id = 'icxconst-008a06ace23a96ea6cd456146e805c97'
AND registered_by = 'constitution-source-seed';
-- expect: DELETE 1
DELETE FROM cutter_governance.source_document_registry
WHERE source_document_ref = 'incomex-constitution'
AND address_docprefix = 'ICX-CONST'
AND registered_by = 'constitution-source-seed';
-- expect: DELETE 1
COMMIT;
-- expect: DELETE 1 ; DELETE 1 ; COMMIT -> registry back to 0 / 0
4. Rollback path B — compensation (ONLY if RB-P2 fails: downstream refs exist)
condition: downstream references exist -> a clean DELETE would break referential/audit integrity
action: do NOT DELETE. Instead lifecycle-retire the parent (schema supports it):
UPDATE cutter_governance.source_document_registry
SET lifecycle='deprecated'
WHERE source_document_ref='incomex-constitution'
AND address_docprefix='ICX-CONST';
version_row: source_document_version_registry has NO lifecycle column live ->
it cannot be lifecycle-retired. version_status MAY be set to a non-cut value
(e.g. 'void') and provenance->>'rollback_note' recorded — ONLY if GPT approves
at command-review. Path B is NOT clean rollback.
gate: Path B requires an explicit GPT ruling at command-review (open item RB-B).
escalation: if downstream refs exist AND Path B is not pre-approved ->
STOP_AND_ESCALATE to GPT/User; take no compensating write.
5. Method constraints
- no CASCADE, no TRUNCATE, no DROP
- single transaction, child-before-parent, ON_ERROR_STOP armed
- no GRANT/REVOKE, no schema change, no Directus mutation, no index DDL
- the pinned snapshot artifact is write-once: NEVER deleted/edited by rollback
- identity match on (source_document_ref, content_checksum, document_version_id,
registered_by) — never on a rendered/observed string
- if any DELETE affects != 1 row -> ABORT the transaction (ROLLBACK), report mismatch
6. Statement
- Exact inverse rollback (Path A clean DELETE, child-before-parent, no CASCADE) + compensation Path B (lifecycle-deprecate parent; version_status void only with GPT approval) authored complete (QG6). The write-once snapshot artifact is explicitly out of rollback scope. Nothing executed (QG5).
- doc 3 of 5; STOP after package → route GPT/User. Self-advance PROHIBITED.
Companion: operational-framing, DML-draft, verification-plan, authoring-report.