dot-iu-cutter v0.5 — First Controlled CUT · Final Readiness & Drift Precheck

doc 1 of 7 · 2026-05-20 · read-only re-verification this phase. No production mutation. No GRANT/CUT/VERIFY executed. KB read+upload confirmed.

macro_goal       : first controlled Constitution CUT, UB-2 decoupled (leg-A only)
selected_path    : UB-2 (sovereign ruling, ratified)
exit_outcome     : READINESS_RE_VERIFIED_PASS  (zero drift; all pins unchanged)
kb_read          : confirmed (3 GPT rulings + 6 final-bridge + 5 cutwrite + 6 W-4 docs)
kb_upload        : will be confirmed at doc-7 final-approval-report
production_mutation : NONE   self_advance : PROHIBITED

1. Repo / HEAD / status / tests (local, read-only)

repo            : /Users/nmhuyen/iu-cutter-build/repo/iu-cutter
branch          : feature/constitution-snapshot-mark-dryrun  (NOT main; no push/merge/tag)
HEAD            : 152e7dbb665f706e09ddf0918dfef585ba26a6cc        (== ratified pin)
tree            : clean (git status --short empty)
committed (this branch only, 3 files / 0 existing modified):
  cutter_agent/prod_iu_adapter.py  sha256 b012d196 26f16d15 d749e4ea b0d6435b
                                          b09a890f 25b147df 15dfbabc fff40470
  cutter_agent/cutprod.py          sha256 cb745473 cb82756f bebf15c8 78c625ed
                                          613774b9 0eaf2f2e 7fb483ee 38e99a1b
  tests/test_prod_iu_adapter.py    sha256 221be6dd c804ac2e 9ae88ee3 a6dd2313
                                          2dbf19aa ef10e04f 5888ef9c 36edf0db
ratified factory (byte-unchanged):
  cutter_agent/cutwrite.py         sha256 31ce88dc a8f68abd 1bff484d 665235f3
                                          96272b0b 4f644488 12de8a93 a1f901d3
  cutter_agent/cutplan.py          sha256 548eabc5 530260555ff448ce 6f3acded
                                          9728fe51 c4ae61de 658e9a97 c4d828f1
  cutter_agent/dryrun.py           sha256 f1f42e83 ca23ba0b 328f79cf 04a8391a
                                          c699d1b3 07eb1b22 b52c305f 2efa1422

targeted tests re-run this phase (local, NO DB; identical to ratified result):
  tests.test_prod_iu_adapter        : 20/20 PASS
  tests.test_cutwrite_snapshot      : 22/22 PASS
  tests.test_dryrun_snapshot_mark   : 21/21 PASS
  tests.test_cutplan_snapshot       : 15/15 PASS
  total                             : 78/78 PASS (0.13 s)

2. Pinned identity (the FIRST CUT operates ONLY on this)

manifest_file_sha256       : 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179
manifest_file_bytes        : 84157
manifest_digest            : 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f
candidate_count            : 60                       (NT15 · KT3 · DIEU42)
source_document_version_id : icxconst-008a06ace23a96ea6cd456146e805c97
region_sha256              : 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c
writer_digest              : d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28
exclusions (ratified)      : Điều 44 (controlled_draft tier_2; UOSL) ; draft ; obsolete
levels                     : NGUYÊN_TẮC = 15 · KIẾN_TRÚC_SECTION = 3 · ĐIỀU = 42
all_unit_kind              : law_unit ; parent_or_container_ref = NULL (flat top-level)
docprefix                  : ICX-CONST

These six pins are enforced by prod_iu_adapter constants (PIN_MANIFEST_FILE_SHA / PIN_MANIFEST_DIGEST / PIN_CANDIDATE_COUNT / PIN_SOURCE_VERSION / PIN_REGION_SHA / PIN_WRITER_DIGEST) and by cutprod mandatory --expect-* flags. Any mismatch → REFUSED before any DB connect (guard G2/G3).

3. Live production schema drift (read-only catalog, THIS phase) — ZERO

public.information_unit:
  columns                    : 19                                 (== PIN_IU_COLS)
  constraints (4 / unchanged):
    PRIMARY KEY (id)
    UNIQUE (canonical_address)                             [NOT DEFERRABLE]
    FK (version_anchor_ref) → unit_version(id)             [DEFERRABLE INITIALLY DEFERRED]
    trg_iu_birth_gate_layer2 trigger                       [DEFERRABLE INITIALLY DEFERRED]
  total rows                 : 98
  ICX-CONST rows             : 0                                  (G-CUT-ONCE precond met)
public.unit_version:
  columns                    : 16                                 (== PIN_UV_COLS)
  PK(id) ; UNIQUE(unit_id, version_seq) ; FK unit_id              (unchanged)
  total rows                 : 105
md5(pg_get_functiondef('public.fn_iu_birth_gate_layer1')) :
  f38c94d0043a61507a8c2e85afd59998                                (== PIN_L1_MD5)
md5(pg_get_functiondef('public.fn_iu_birth_gate_layer2')) :
  078ba0051ce4d894cabcc0102c4320f8                                (== PIN_L2_MD5)
public.dot_config vocab (6/6 required by L1 SECURITY-INVOKER lookups) :
  vocab.unit_kind.law_unit                                        : PRESENT
  vocab.section_type.principle                                    : PRESENT
  vocab.section_type.section                                      : PRESENT
  vocab.section_type.article                                      : PRESENT
  vocab.publication_type.law                                      : PRESENT
  vocab.publication_authority.incomex_council                     : PRESENT
verdict : ZERO DRIFT vs the pins captured 2026-05-19 (W-4 doc 5 / Final-Bridge doc 5).

4. Grants on writer targets — STILL ABSENT (as expected; GAP-C1 OPEN)

public.information_unit relacl : {directus=arwdDxt/directus,
                                  context_pack_readonly=r/directus}
public.unit_version    relacl : {directus=arwdDxt/directus,
                                  context_pack_readonly=r/directus}
public.dot_config      relacl : {directus=arwdDxt/directus,
                                  context_pack_readonly=r/directus}
has_table_privilege('cutter_exec',  'public.information_unit', 'SELECT') : FALSE
has_table_privilege('cutter_exec',  'public.information_unit', 'INSERT') : FALSE
has_column_privilege('cutter_exec', 'public.information_unit',
                     'version_anchor_ref', 'UPDATE')                     : FALSE
has_column_privilege('cutter_exec', 'public.information_unit',
                     'content_anchor_ref', 'UPDATE')                     : FALSE
has_table_privilege('cutter_exec',  'public.unit_version',    'SELECT') : FALSE
has_table_privilege('cutter_exec',  'public.unit_version',    'INSERT') : FALSE
has_table_privilege('cutter_exec',  'public.dot_config',      'SELECT') : FALSE
has_table_privilege('cutter_verify','public.information_unit','SELECT') : FALSE
has_table_privilege('cutter_verify','public.unit_version',    'SELECT') : FALSE
role state : cutter_exec / cutter_verify exist, login=YES, connection_limit=2 (intact).
status     : exactly the state Final-Bridge doc 2 measured. U-W4b (GRANT execution)
             must run BEFORE any CUT attempt. Exact GRANT delta = doc 2 of this pkg.

5. Governed ledger (leg-B) state — UNCHANGED · GAP-B1 OPEN

cutter_governance.* live tables (70 relations) include the NOT-NULL rich-shape
  set referenced in Final-Bridge doc 4 §2 (cut_change_set 24-col incl. NOT NULL
  review_decision_id / rollback_key / state / risk_class / version / tool_revisions;
  manifest_envelope ; manifest_unit_block ; dot_pair_signature ; decision_backlog_*;
  review_decision ; verify_result). The committed iu-cutter branch has NO
  production-shaped row-builder for these (ledger.py = v0.4 dry-run SKELETON).
implication : leg-B CANNOT be safely written in the first CUT command. Per the
  ratified UB-2 ruling (GPT 2026-05-19), leg-B is recorded SEPARATELY by the
  ALREADY-PASSED v0.4 production governed path AFTER the first CUT. See doc 6.
existing ledger grants (cutter_governance) for cutter_exec / cutter_verify :
  already exactly the v0.4 CD-1..CD-13 matrix (unchanged); not on the leg-A
  critical path of this first CUT.

6. Backup feasibility — DESIGN SPECIFIED, EXECUTION GATED

backup scope (mandatory before CUT, mirrors v0.4 C_01 backstop):
  fresh logical backup of directus DB tables on the leg-A write path:
    public.information_unit, public.unit_version, public.dot_config (read-only here)
  by an authorized DB operator (NOT the Agent, NOT cutter_exec)
  age ≤ 60 minutes from the moment cutter_exec opens its CUT transaction
  restorability verified : test-restore the dump into a scratch namespace +
    row-count + sha256 reconciliation on the dump artifact
  artefact sha256 must be logged in the U-W4b/CUT execution log
adapter G7 backup_gate callback : already wired (prod_iu_adapter.__init__ accepts
  ``backup_gate=Callable[[], bool]``); execution shall pass a callable that
  returns True only when the operator has just verified the fresh-backup record.
note : leg-B governed-ledger tables (cut_change_set / manifest_envelope /
  manifest_unit_block / dot_pair_signature / decision_backlog_*) are NOT written
  in the first CUT under UB-2 ; their backup is part of the SEPARATE post-CUT
  governed-recording package (doc 6).

7. Disposition of this readiness re-verification

re_verified                                : PASS (all six pins; zero drift)
test_re_run                                : 78/78 PASS
grants_still_absent_as_expected            : TRUE (GAP-C1 unblock = doc 2)
governed_ledger_uncodeable_in_branch       : TRUE (GAP-B1 unblock = UB-2 + doc 6)
ICX_CONST_pre_existence                    : 0 (G-CUT-ONCE met)
backup_feasibility                         : DESIGN-READY, execution gated to operator
self_advance                               : PROHIBITED
production_mutation                        : NONE
next                                       : doc 2 (GRANT pkg) · doc 3 (CUT pkg) · …

doc 1 of 7. No production mutation. Self-advance PROHIBITED.