KB-30A6
dot-iu-cutter v0.5 — First Controlled CUT · GRANT Execution Package (doc 2)
12 min read Revision 1
dot-iu-cutterv0.5first-controlled-cut-approval-packagegrant-execution-packagescoped-least-privilegeu-w4bgd-1revoke-rollbackdieu442026-05-20
dot-iu-cutter v0.5 — First Controlled CUT · GRANT Execution Package
doc 2 of 7 · 2026-05-20 · review-only. NOT executed. No GRANT/REVOKE run. Production privilege state UNCHANGED this phase. Supersedes the GRANT package shape in Final-Bridge doc 2 only by tightening the SoD-safe acceptance gate; the SQL delta is byte-identical.
1. Why this exact delta — and only this
target_writer : cutter_exec (DOT-991 executor lane, login=YES, conn_lim=2)
target_verifier : cutter_verify (DOT-992 verifier lane, login=YES, conn_lim=2)
real-execution targets : public.information_unit · public.unit_version
catalog touched at runtime by SECURITY-INVOKER birth gate L1 :
public.dot_config (4 vocab key lookups) ⇒ cutter_exec MUST SELECT dot_config
catalog touched by SECURITY-INVOKER birth gate L2 (DEFERRED at COMMIT) :
public.information_unit + public.unit_version ⇒ already covered by SELECT
G-CUT-ONCE precheck (adapter G6) reads public.information_unit ⇒ same SELECT
adapter only-permitted UPDATE on information_unit is the 2 anchor columns
(prod_iu_adapter._anchor_update; defence-in-depth column allowlist) ⇒ the
GRANT mirrors that exactly (no other column UPDATE; no DELETE/TRUNCATE).
cutter_verify is read-only for the FIRST CUT (VW-1..VW-10 are read-only on
public.* under UB-2 leg-A scope). Any future forward-compensation write
privileges for cutter_verify (superseding unit_version, lifecycle_status
change) are a SEPARATE later sovereign-gated package; NOT in this delta.
2. Exact GRANT delta — minimal · scoped · SoD-safe · append-only
-- principal apply: see §3 (GD-1, sovereign-ruled).
-- target DB : directus
-- target schema : public
-- cutter_exec (DOT-991 executor lane, constitution birth writer / leg A)
GRANT SELECT, INSERT ON public.information_unit TO cutter_exec;
GRANT UPDATE (version_anchor_ref,
content_anchor_ref) ON public.information_unit TO cutter_exec;
GRANT SELECT, INSERT ON public.unit_version TO cutter_exec;
GRANT SELECT ON public.dot_config TO cutter_exec;
-- cutter_verify (DOT-992 verifier lane, VW-1..VW-10 read-only on public.*)
GRANT SELECT ON public.information_unit TO cutter_verify;
GRANT SELECT ON public.unit_version TO cutter_verify;
explicitly NOT granted (defence-in-depth · least-privilege · append-only) :
- any DELETE / TRUNCATE / REFERENCES / TRIGGER / GRANT OPTION on public.* tables
- any DDL (CREATE/ALTER/DROP) on public.* objects
- any UPDATE on unit_version (write-once; new version_seq required for changes)
- any UPDATE on information_unit columns other than the 2 anchor cols above
- any write privilege for cutter_verify on public.* (forward-compensation =
SEPARATE later gated package)
- any privilege on cutter_governance.* (already correctly set v0.4 CD-1..CD-13)
- any privilege on source_document / source_document_version (immutable here)
- any privilege on Directus app / vector / NoSQL targets
- any change to context_pack_readonly / directus / workflow_admin / cutter_ro
The column-scoped UPDATE list (version_anchor_ref, content_anchor_ref) is
exactly the two columns prod_iu_adapter._anchor_update provably writes —
asserted by tests/test_prod_iu_adapter.py::test_leg_a_ordering_and_allowlist.
3. GD-1 — APPLY PRINCIPAL (sovereign ruling REQUIRED before §2 runs)
finding : public.* is owned by `directus`; cutter_governance is owned by
`workflow_admin`. The §2 GRANTs must therefore be issued by
the public.* owner (`directus`) OR by a PostgreSQL superuser.
precedent : WS-Q5 used `workflow_admin` as the privileged apply role for
the cutter_governance grants; that role does NOT own public.*
and therefore CANNOT issue the §2 grants.
candidates : (a) `directus` ← owns public.* (canonical, least surprise)
(b) superuser ← e.g. postgres (more powerful than required)
recommended : (a) `directus` (matches owner; matches v0.4 ratified pattern;
smallest blast radius).
sovereign action : GPT/User must ratify the apply principal AND record its KB id
in the U-W4b execution log BEFORE §2 is issued. The Agent does NOT pick.
4. Rollback (exact inverse — byte-inverse of §2)
REVOKE SELECT, INSERT ON public.information_unit FROM cutter_exec;
REVOKE UPDATE (version_anchor_ref, content_anchor_ref)
ON public.information_unit FROM cutter_exec;
REVOKE SELECT, INSERT ON public.unit_version FROM cutter_exec;
REVOKE SELECT ON public.dot_config FROM cutter_exec;
REVOKE SELECT ON public.information_unit FROM cutter_verify;
REVOKE SELECT ON public.unit_version FROM cutter_verify;
fully reversible : no object/role/ownership change is made; only relacl deltas
on three tables for two roles. After REVOKE the relacl is
byte-identical to the pre-state proven in doc 1 §4.
when to roll back : (i) §6 verification fails on any row; (ii) CUT execution
is postponed and the privileges should not idle exposed.
5. SoD safety (separation of duties — DOT-991 ↔ DOT-992)
cutter_exec writes information_unit + unit_version (DOT-991 lane). It MUST NOT
read or write verify_result (DOT-992 ledger) — already enforced today by
existing ledger relacl (cutter_governance.verify_result has NO cutter_exec
privilege; preserved unchanged here).
cutter_verify is read-only on public.* in this delta. It MUST NOT have
INSERT/UPDATE/DELETE on the IU/UV birth path — enforced by §2 omissions.
lane-overlap (binding mandate dot-iu-cutter-v0.4-dot-lane-overlap-prevention-
gpt-mandate-2026-05-17) : enforced in code by
prod_iu_adapter.assert_lane_overlap_invariants (unit-tested) — DOT-991 sigs
reference ONLY change_set_id; verify_result_id MUST stay NULL. This GRANT
delta does not touch DOT signatures (those live in cutter_governance).
6. Post-GRANT verification — STRUCTURAL + BEHAVIORAL (mandatory)
6.1 Structural relacl re-read (must match EXACTLY)
-- one query returns the full ACL state on all 3 tables
SELECT n.nspname||'.'||c.relname AS rel, c.relacl::text AS acl
FROM pg_class c JOIN pg_namespace n ON n.oid=c.relnamespace
WHERE n.nspname='public'
AND c.relname IN ('information_unit','unit_version','dot_config')
ORDER BY c.relname;
-- column-level UPDATE allowlist on the 2 anchor cols (and NOT others)
SELECT a.attname,
has_column_privilege('cutter_exec','public.information_unit',
a.attname,'UPDATE') AS ce_can_update
FROM pg_attribute a JOIN pg_class c ON c.oid=a.attrelid
JOIN pg_namespace n ON n.oid=c.relnamespace
WHERE n.nspname='public' AND c.relname='information_unit'
AND a.attnum>0 AND NOT a.attisdropped
ORDER BY a.attnum;
-- table-level privilege probes (10 expected TRUE, none unexpectedly TRUE)
SELECT
has_table_privilege ('cutter_exec', 'public.information_unit', 'SELECT') AS ce_iu_S,
has_table_privilege ('cutter_exec', 'public.information_unit', 'INSERT') AS ce_iu_I,
has_table_privilege ('cutter_exec', 'public.information_unit', 'DELETE') AS ce_iu_D,
has_table_privilege ('cutter_exec', 'public.information_unit', 'TRUNCATE') AS ce_iu_T,
has_column_privilege('cutter_exec', 'public.information_unit',
'version_anchor_ref', 'UPDATE') AS ce_iu_upd_van,
has_column_privilege('cutter_exec', 'public.information_unit',
'content_anchor_ref', 'UPDATE') AS ce_iu_upd_can,
has_column_privilege('cutter_exec', 'public.information_unit',
'identity_profile', 'UPDATE') AS ce_iu_upd_idp,
has_column_privilege('cutter_exec', 'public.information_unit',
'canonical_address', 'UPDATE') AS ce_iu_upd_caddr,
has_table_privilege ('cutter_exec', 'public.unit_version', 'SELECT') AS ce_uv_S,
has_table_privilege ('cutter_exec', 'public.unit_version', 'INSERT') AS ce_uv_I,
has_table_privilege ('cutter_exec', 'public.unit_version', 'UPDATE') AS ce_uv_U,
has_table_privilege ('cutter_exec', 'public.unit_version', 'DELETE') AS ce_uv_D,
has_table_privilege ('cutter_exec', 'public.dot_config', 'SELECT') AS ce_dc_S,
has_table_privilege ('cutter_exec', 'public.dot_config', 'INSERT') AS ce_dc_I,
has_table_privilege ('cutter_verify','public.information_unit', 'SELECT') AS cv_iu_S,
has_table_privilege ('cutter_verify','public.information_unit', 'INSERT') AS cv_iu_I,
has_table_privilege ('cutter_verify','public.unit_version', 'SELECT') AS cv_uv_S,
has_table_privilege ('cutter_verify','public.unit_version', 'INSERT') AS cv_uv_I;
EXPECTED VALUES (any deviation ⇒ STOP and rollback §4):
ce_iu_S=t ce_iu_I=t ce_iu_D=f ce_iu_T=f
ce_iu_upd_van=t ce_iu_upd_can=t ce_iu_upd_idp=f ce_iu_upd_caddr=f
ce_uv_S=t ce_uv_I=t ce_uv_U=f ce_uv_D=f
ce_dc_S=t ce_dc_I=f
cv_iu_S=t cv_iu_I=f cv_uv_S=t cv_uv_I=f
context_pack_readonly / directus / workflow_admin / cutter_ro probe rows : MUST
remain byte-identical to doc 1 §4 (no collateral change).
6.2 Behavioral isolation probe (SCRATCH SCHEMA only; OPTIONAL)
performed by : the apply principal (§3); not by cutter_exec.
purpose : prove that the GRANT delta does what the §2 SQL says and NO
more, without using the production tables.
scratch setup : CREATE SCHEMA cutgrant_probe ; clone IU/UV/dot_config structure
(NO data); mirror the same §2 GRANTs on the scratch tables to
cutter_exec/cutter_verify; run:
T-1 SET ROLE cutter_exec ; INSERT one row into cutgrant_probe.information_unit ;
UPDATE the 2 anchor cols ⇒ allowed.
T-2 SET ROLE cutter_exec ; DELETE/TRUNCATE/UPDATE non-anchor col ⇒ 42501.
T-3 SET ROLE cutter_verify ; SELECT cutgrant_probe.* ⇒ allowed ;
INSERT/UPDATE/DELETE ⇒ 42501.
T-4 rolling back the wrapping txn + DROP SCHEMA cutgrant_probe CASCADE.
note : OPTIONAL. The defence-in-depth allowlists in prod_iu_adapter make
this provable in code; the live test is an extra safety net at
the sovereign-chosen moment of U-W4b.
7. Status
delta : READY_FOR_SOVEREIGN_GATED_EXECUTION (U-W4b)
remaining for unblock : GD-1 ruling (apply principal) · sovereign approval
production privilege mutation : NONE this phase
ordering : GD-1 → U-W4b (§2 GRANT) → §6.1 structural verify →
(optional §6.2 behavioral) → then doc 3 CUT cmd
doc 2 of 7. No production mutation. Self-advance PROHIBITED.