dot-iu-cutter v0.5 — Final Bridge · Bridge State & Final Gap Analysis

doc 1 of 6 · 2026-05-19 · authorized by …/reviews/dot-iu-cutter-v0.5-production-bridge-to-cut-approval-readiness-gpt-ruling-2026-05-19 (scope: finalize GRANT pkg; author+test guarded prod adapter locally; assemble CUT command-review; stop before any GRANT/write/CUT/VERIFY/deploy/merge/push).

kb_read: confirmed   kb_upload: confirmed (this doc + 5 more)
production_mutation: NONE   self_advance: PROHIBITED
result: B — BLOCKED_WITH_EXACT_FINAL_GAP  (single code blocker: GAP-B1)

1. Headline

result: BLOCKED_WITH_EXACT_FINAL_GAP
what_advanced:
  - guarded leg-A production birth adapter AUTHORED + LOCALLY TESTED + COMMITTED
    (feature branch only): cutter_agent/prod_iu_adapter.py + cutter_agent/
    cutprod.py + tests/test_prod_iu_adapter.py. 20 new tests GREEN; cutwrite/
    MARK/cutplan 58 unchanged-green; cutwrite.py byte-unchanged; NO DB connect.
  - credential/GRANT command-review package finalized (doc 2); live state
    re-verified read-only (unchanged; cutter_* still ZERO on public.*).
  - production CUT command-review assembled (doc 4) with the exact gap stated.
  - backup/drift/verification/rollback plan (doc 5).
the_single_remaining_CODE_blocker:
  GAP-B1 — there is NO committed production-shaped cutter_governance
  governed-ledger row-builder (leg B). It cannot be fabricated. Exact unblock
  = UB-1 or UB-2 (doc 4 §4). Plus the pre-existing sovereign gates GD-1 /
  U-W4b(GRANT exec) / C5(sovereign write approval) which only GPT/User can close.

2. New decisive evidence (this phase) — GAP-B1

The prior bridge package assumed leg B (the cutter_governance CUT change-set

• DOT-991 signature + decision_backlog history) was a "mechanical reuse" of the ratified v0.4 ledger machinery. Read-only catalog + repo evidence this phase disproves that:

live cutter_governance.cut_change_set: 24 columns, MANY NOT NULL that the only
  committed ledger writer (ledger.py) does NOT supply:
  rollback_key, manifest_version, review_decision_id (uuid NOT NULL),
  executor_tool_revision, verifier_tool_revision, state, cut_started_at,
  affected_unit_count, emitted_by, version, risk_class.
ledger.py write_cut_change_set supplies ONLY: change_set_id,
  decision_backlog_entry_id, executor_signature_id, verifier_signature_id,
  manifest_id, content_hash  ⇒ structurally CANNOT satisfy the live table.
same divergence for: manifest_envelope (live NOT NULL operation_kind/status/
  source_doc_ref/created_by/created_at — ledger.py writes canonical_address/
  content_hash/source_entry_id/canon_lib_version, NOT live columns),
  manifest_unit_block (live NOT NULL block_role/source_span jsonb/render_order),
  dot_pair_signature (live NOT NULL signature_kind/signer_dot_id/
  signer_tool_revision/payload_hash/payload_envelope jsonb/signature_payload/
  signed_at/validation_state — ledger.py writes lane/signer_identity/
  payload_digest/placeholder_signature, NONE live), decision_backlog_*.
phases.py: writes ledger rows ONLY into InMemoryDryRunAdapter (never the real
  schema). __init__.py docstring: "no cutter_governance row is ever written to
  a real database". The branch baseline 4367c83 = "ratified iu-cutter v0.4
  SKELETON". grep of committed code for the live NOT-NULL columns
  (rollback_key|manifest_version|executor_tool_revision|affected_unit_count|
  payload_envelope|signature_kind|risk_class) = ZERO hits.
conclusion: the v0.4 First Controlled Production CUT (2026-05-17, +15 rows) DID
  write these rich rows, but its production-shaped row-builder was NEVER
  committed to this iu-cutter branch/repo. Re-deriving 7 rich tables + a
  NOT-NULL review_decision_id (which needs a live-shaped governed REVIEW
  sub-pipeline that also is not committed) = exactly the forbidden fabrication.
classification: IMPLEMENTATION gap (missing committed code), NOT schema drift.

3. Non-gaps re-verified read-only this phase (NO drift)

information_unit 19 cols · unit_version 16 cols · IU 4 constraints (PK id;
  UNIQUE canonical_address; FK version_anchor_ref→unit_version(id) DEFERRABLE
  INITIALLY DEFERRED; trg_iu_birth_gate_layer2 DEFERRED) · unit_version PK/
  UNIQUE(unit_id,version_seq)/FK unit_id
md5(fn_iu_birth_gate_layer1)=f38c94d0043a61507a8c2e85afd59998 (== pin)
md5(fn_iu_birth_gate_layer2)=078ba0051ce4d894cabcc0102c4320f8 (== pin)
public.information_unit total 98 · ICX-CONST 0 · unit_version total 105
dot_config vocab: 6/6 required keys present
public.information_unit/unit_version/dot_config relacl: directus +
  context_pack_readonly only ⇒ cutter_exec/cutter_verify STILL ZERO (GAP-C1)
cutter_governance ledger grants for cutter_exec/cutter_verify: already the
  exact v0.4 CD-1..CD-13 matrix (C2 RESOLVED, unchanged).

4. Disposition

A_PRODUCTION_CUT_COMMAND_REVIEW_READY: NOT reached (leg B uncodeable here).
B_BLOCKED_WITH_EXACT_FINAL_GAP: REACHED.
  smallest code blocker: GAP-B1.
  smallest unblock: UB-1 (gated authoring+review of a production-shaped
    governed-ledger row-builder bound to the live 24-col schema) OR UB-2
    (sovereign architectural ruling decoupling the first controlled
    constitution CUT — leg A governed-write under cutter_exec, governed
    change-set/signature recorded via the already-PASSed v0.4 production path
    as a separate proven step). Both are sovereign/gated decisions, not Agent-
    fabricable. (doc 4 §4)
  also still required (unchanged): GD-1 GRANT apply principal · U-W4b scoped
    GRANT execution · C5 sovereign production-write approval.
production_mutation: NONE.

doc 1 of 6. No production mutation. Self-advance PROHIBITED.