KB-1B91

dot-iu-cutter v0.5 — Constitution Source Snapshot & Version Policy: Operations-First Framing (race-free "Cắt Hiến pháp")

8 min read Revision 1

dot-iu-cutterv0.5constitution-fixturesource-snapshotversion-policyoperations-firstdesign-onlyno-executionroute-gpt-userdieu442026-05-18

dot-iu-cutter v0.5 — Constitution Source Snapshot & Version Policy: Operations-First Framing

Phase: v0_5_constitution_source_snapshot_and_version_policy_design · Nature: read_only_design_authoring__no_seed_no_dml · Date: 2026-05-18 · doc 1 of 5

authority: GPT ruling reviews/dot-iu-cutter-v0.5-constitution-checksum-drift-triage-gpt-ruling-2026-05-18
selected_policy: primary OPT_2_PIN_IMMUTABLE_SNAPSHOT ; secondary OPT_3_VERSION_MODEL_POLICY ;
  OPT_1_re_ratify only_after_snapshot_or_version_policy_is_defined
dml: none ; seed: none ; checksum_persisted_or_updated: NONE ; dry_run/cut/verify: none
mutation: none (Agent Data read-only inspection only) ; decision_authority: GPT / User ONLY
self_advance: PROHIBITED

This is doc 1 of 5. Per the binding operating principle (operating-objectives §3: operational goal → state machine → marking/review → safety → schema), operations are framed before mechanism. Companion docs derive options, policy, seed strategy, report.

1. The operational goal this design protects

Operator: "Cắt Hiến pháp"

For this command to be safe, the system must guarantee that the bytes it cuts/verifies are exactly the bytes that were ratified and command-reviewed — not whatever the live page happens to render at execution time. The Constitution source is a living Nuxt/Directus KB article rendered from Agent Data knowledge/dev/laws/constitution.md (currently revision 44). It can be edited at any moment, including between ratification and seed/cut. The 2026-05-18 incident is the proof: ratified f9d22d05…/17791 → Codex fresh fetch 17660443…/17522 (markers 19/1/1/1 unchanged). Codex blocked correctly at QG1.

2. The race condition, named

race_window:
  t0 ratify_checksum:        normalized checksum C0 captured from live render
  t1 command_review:         GPT/User approve seed bound to C0
  t2 production_seed_or_cut: live page re-fetched -> may now be C1 != C0
hazard: any KB edit (AD revision bump) in (t0, t2] silently changes the source.
  Binding any of seed / dry-run / cut to a *live re-fetch* re-opens this race
  every time. The only race-free binding is to an IMMUTABLE pinned capture.
root_cause_class: REAL_SOURCE_CHANGE / living_document_KB_revision_drift
  (NOT parser nondeterminism — B6 remains CLOSED; NOT transport — raw Nuxt
   drift is the known harmless forensic-only band).

3. Race-free operating rule (the core invariant this design establishes)

INV-SNAP: source_document_version identity, and every downstream dry-run / CUT / VERIFY, MUST bind to an immutable pinned snapshot. The live URL is used only for (a) discovery / source_document current-URL, and (b) drift detection. Live content is never the thing that is cut.

Consequence: the live page may change freely; it does not endanger an approved cut, because the cut operates on the pinned snapshot, and any divergence of live-vs-pinned is reported as an exception, never silently absorbed.

4. Operator behavior matrix (automatic vs stop-for-review)

case_1 source_changed_BEFORE_seed:
  detect: seed precheck recomputes normalized checksum of the *candidate snapshot*
          and compares to the ratified/command-reviewed identity.
  automatic: fetch+normalize+checksum+marker-census ; drift detect ; drift
             classification (doc 3 taxonomy) ; fail-closed STOP-E3 ; concise report.
  stop_for_review (human): whether to mint a NEW source_document_version candidate
             and/or capture a new pinned snapshot. NO in-place checksum update ever.
  status_today: this is exactly what fired; behavior was CORRECT.

case_2 source_changed_BEFORE_dry_run:
  rule: dry-run binds to the registered source_document_version's PINNED SNAPSHOT,
        not a live re-fetch.
  automatic: run dry-run on pinned snapshot ; in parallel detect live!=pinned ;
             emit exception NOTE "source drifted vs registered version N;
             dry-run used pinned snapshot; new version candidate proposed".
  stop_for_review: only if drift classification >= MEDIUM (doc 3) — promote the
             new-version-candidate decision to human; dry-run result on the
             pinned snapshot is still valid and reported.

case_3 source_changed_BEFORE_production_cut:
  rule: CUT operates ONLY on the pinned snapshot tied to the *approved* version
        identity. A fresh live fetch is never the cut input.
  automatic: verify pinned-snapshot checksum == approved identity (integrity
             gate) ; if equal -> proceed gated cut ; emit live-vs-pinned drift NOTE.
  stop_for_review (fail-closed): pinned snapshot checksum != approved identity
        (snapshot tampered/missing) OR approval was scoped to a version whose
        snapshot no longer resolves -> STOP, do not cut, escalate.
  never: silently cut newly-edited live content under an old approval.

5. What is automatic vs what stops — summary

automatic_no_human:
  - fetch + normalize + content_checksum + marker census
  - drift detection (candidate/live vs registered pinned identity)
  - drift classification by severity (doc 3)
  - binding dry-run/cut/verify to the pinned snapshot
  - raw-Nuxt-changed-but-normalized-same  -> auto-pass (forensic-only)
  - chrome-only change outside candidate_B span -> no version event
  - concise PASS / FAIL / BLOCKED operator report
stop_for_human_review:
  - minting a NEW source_document_version (new identity)
  - any marker-structure change (count/codepoint set differs)
  - supersede / lineage decision on the prior version
  - authority_class / enacted_only scope implications
  - pinned-snapshot integrity failure (fail-closed STOP)
forbidden_regardless:
  - in-place content_checksum update (silent re-cut)
  - retry seed against old checksum f9d22d05…
  - seeding production version identity from an unpinned live page

6. Why pinning (OPT_2) is the operations-first answer

A version model alone (OPT_3) tells us how to classify a change but still leaves the cut bound to a moving target. A pinned snapshot (OPT_2) makes the thing being operated on immutable, so the classification has something stable to compare against and the operator command becomes deterministic. OPT_3 is the rulebook; OPT_2 is the frozen evidence the rulebook is applied to. OPT_1 (re-ratify a new checksum) becomes safe only once a pin exists, because then the new checksum describes frozen bytes, not a live race.

7. Statement

Operations framed before mechanism (binding principle). Race condition named; the race-free invariant INV-SNAP and the 3-case operator matrix defined. Live source drift treated as REAL and never retried against the old checksum (QG1); snapshot/version evaluation deferred to doc 2/3 (QG2/QG3); no-silent-update preserved (QG5); nothing executed or mutated (QG6).
doc 1 of 5; STOP after 5 files → route GPT/User. Self-advance PROHIBITED.

Companions: options-analysis, version-policy-design, seed-strategy-update, policy-report.