KB-2DEF
dot-iu-cutter v0.5 — First Controlled CUT · Production CUT leg-A Command Package (doc 3)
14 min read Revision 1
dot-iu-cutterv0.5first-controlled-cut-approval-packageproduction-cut-commandleg-a-onlyub-2runnable-options-r1-r2gap-a1dieu442026-05-20
dot-iu-cutter v0.5 — First Controlled CUT · Production CUT leg-A Command Package
doc 3 of 7 · 2026-05-20 · COMMAND-REVIEW package for the UB-2-decoupled first controlled Constitution CUT (leg-A only). NOT executed. No DB write. No GRANT/CUT/VERIFY/deploy/restart/merge/push/tag. Sovereign approval gates ALL execution.
1. Scope — exactly what this first CUT does, and what it does NOT
in-scope (leg A, writes once, atomically) :
+60 public.information_unit rows (full birth, L1+L2 birth-gates ENFORCED)
+60 public.unit_version rows (FK unit_id → IU.id, content body verbatim)
60 public.information_unit UPDATE(version_anchor_ref, content_anchor_ref)
= 180 leg-A SQL statements ; ONE atomic transaction ; principal cutter_exec
out-of-scope (NOT in this CUT — UB-2 decoupled to a separate post-CUT package) :
- cutter_governance.cut_change_set (governed change-set row)
- cutter_governance.cut_change_set_affected_row (60 affected_row rows)
- cutter_governance.manifest_envelope (governed manifest header)
- cutter_governance.manifest_unit_block (60 manifest unit blocks)
- cutter_governance.dot_pair_signature (DOT-991 executor signature)
- cutter_governance.decision_backlog_entry (governed decision row)
- cutter_governance.decision_backlog_history (state transition history)
- cutter_governance.review_decision (governed review decision row)
⇒ all 7 leg-B targets are recorded SEPARATELY by the already-ratified v0.4
production governed path, per doc 6 (post-CUT governed-recording obligation).
forbidden in any path :
- DELETE / TRUNCATE / DDL / GRANT on any target
- UPDATE on unit_version
- UPDATE on information_unit columns other than the 2 anchor cols
- any write to source_document / source_document_version / Directus app /
vector / NoSQL / any non-listed table
2. Exact inputs (six pins; any mismatch ⇒ REFUSED at G2)
target_db : directus (single DB ; single atomic txn)
principal : cutter_exec (DOT-991 executor lane)
manifest_file_sha256 : 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179
manifest_file_bytes : 84157
manifest_digest : 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f
candidate_count : 60 (NT15 · KT3 · DIEU42)
source_document_version_id : icxconst-008a06ace23a96ea6cd456146e805c97
region_sha256 : 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c
writer_digest : d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28
docprefix : ICX-CONST
scope : enacted_only
exclusions enforced : Điều 44 (controlled_draft tier_2 UOSL) · draft · obsolete
sovereign_approval_doc_id : <KB id of the post-doc-7 sovereign production-write
approval ; supplied via --i-have-sovereign-production-
write-approval ; resolved by G1 against KB>
backup_artifact_sha256 : <recorded by operator before run ; G7 callback returns
True ONLY when this is set within the last ≤60 minutes>
3. Runnable command — TWO sovereign-selectable options under UB-2
The committed cutprod --mode production is INTENTIONALLY fail-closed (raises
LegBUnavailable) to forbid a public-only CUT without leg-B. Under UB-2 the
first CUT is leg-A only by sovereign decoupling, which requires a runnable
seam that the committed code does not yet expose. Sovereign chooses ONE:
Option R1 — micro-authoring of a leg-A-only mode (PREFERRED; cleanest audit)
what : add a new mode `--mode production-leg-a-only` to cutprod.py + a thin
guarded entrypoint method `ProdIuBirthAdapter.execute_leg_a_only(args,
conn_provider, approval_resolver, backup_gate)` that runs guards
G1..G7 then opens a caller-owned txn on the cutter_exec connection
returned by conn_provider, calls leg_a_in_txn(conn, iu, uv), commits.
NO change to plan() / execute_cut() (the latter still fail-closes
with LegBUnavailable to preserve the leg-B audit constraint).
scope : ~80 lines new code + 4–6 new tests (rollback-only, fake conn) ; no
existing code modified ; no DB write in tests.
SEPARATE GATE (GAP-A1) : this micro-authoring is itself sovereign-gated. It
is NOT done in this approval package. It must run as a separately-
gated authoring micro-cycle (review → commit-gate ruling → commit
on feature branch only → tests green → THEN this command available).
runnable command (post-authoring) :
python -m cutter_agent.cutprod \
--mode production-leg-a-only \
--fail-closed --exclude-dieu-44 \
--manifest <path/to/manifest.json> \
--snapshot-artifact <path/to/snapshot> \
--expect-manifest-digest 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f \
--expect-manifest-file-sha 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179 \
--expect-candidate-count 60 \
--expect-region-sha 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c \
--source-version-id icxconst-008a06ace23a96ea6cd456146e805c97 \
--expect-writer-digest d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28 \
--i-have-sovereign-production-write-approval <kb-doc-id>
Option R2 — sovereign-operator wrapper using the existing seam (no new code)
what : a sovereign-operator Python harness (NOT committed to the repo; lives
in /opt/incomex/dot/specs/ as a sovereign artifact) that imports
cutter_agent.prod_iu_adapter, builds the args record, constructs
ProdIuBirthAdapter(approval_doc_id=<kb-id>, env={…safe vars only…},
connection_provider=<lambda that opens a libpq conn as cutter_exec
from the approved .env>, signer=StubSigning(), approval_resolver=
<KB-verifier callable>, backup_gate=<fresh-backup callable>),
THEN runs the leg-A-only flow explicitly :
a = …; iu, uv, wdig = adapter._g23_rows(a) ; # G2/G3/G6(via factory)
adapter._g1_approval() ; # G1
adapter._g7_backup() ; # G7
conn = adapter._provider({"role": "cutter_exec"})
adapter._g4_principal(conn) ; # G4
adapter._g5_drift(conn) ; # G5
adapter._g6_cut_once(conn) ; # G6 (live)
conn.execute("BEGIN") ;
adapter.leg_a_in_txn(conn, iu, uv) ;
conn.execute("COMMIT")
constraints :
- the harness MUST NOT be committed to the iu-cutter repo (avoids drift in
the ratified composer surface ; preserves cutprod refusal as the public
audit invariant).
- the harness MUST be reviewed in a sovereign-gated command-review package
BEFORE execution (same form as this doc) ; its sha256 is recorded in the
CUT execution log.
- secrets are sourced from the approved .env ONLY ; never argv, never logs.
trade-off vs R1 : faster to execute (no code commit) but the runnable surface
is not in the test harness (no unit test on the harness itself). R1 is
cleaner for long-term audit. Sovereign picks based on urgency.
GAP-A1 = "no committed leg-A-only runnable entrypoint" — applies to BOTH
options at execution time : either R1 must be authored (1 small
gated micro-cycle) or R2 must be reviewed (1 small gated command-
review of the harness). NEITHER is fabricated by this Agent.
sovereign_pick : GPT/User must pick R1 OR R2 in the final approval ruling.
4. Transaction model — ONE atomic transaction, single DB connection
DB connection : 1 (cutter_exec ; conn_lim=2 — head-room for retry)
transaction count : 1
ordering inside the txn :
SET CONSTRAINTS ALL DEFERRED -- defer FK + birth-gate L2 trigger
-- birth phase 1 (60 statements)
INSERT INTO public.information_unit (id, canonical_address, unit_kind,
lifecycle_status, content_anchor_ref=NULL, version_anchor_ref=NULL,
owner_ref, parent_or_container_ref=NULL, conformance_status,
identity_profile, created_at=now(), updated_at=now(),
created_by='cutter_exec/DOT-991/constitution-cut',
updated_by='cutter_exec/DOT-991/constitution-cut',
deleted_at=NULL, sort_order=NULL, doc_code, section_type, section_code)
VALUES (…) × 60 -- each row from cutwrite.build_rows (ratified)
-- birth phase 2 (60 statements)
INSERT INTO public.unit_version (id, unit_id, body, content_hash, version_seq,
lifecycle_status, content_profile, created_at=now(),
created_by='cutter_exec/DOT-991/constitution-cut',
title=NULL, description=NULL, review_state=NULL, provenance=NULL, editor=NULL,
enacted_at=NULL, updated_at=now())
VALUES (…) × 60 -- each row from cutwrite.build_rows (ratified)
-- anchor phase (60 column-scoped UPDATEs)
UPDATE public.information_unit
SET version_anchor_ref = <uv.id>, content_anchor_ref = <uv.id::text>
WHERE id = <iu.id> × 60
COMMIT -- triggers DEFERRED birth-gate L2 + FK at the boundary
total : exactly 180 leg-A statements
isolation level : default (READ COMMITTED is sufficient; the txn is
single-writer and append-only on never-before-used
ICX-CONST addresses ; no read/write conflict possible).
no : no SAVEPOINT branching ; no nested txn ; no autocommit;
no DDL ; no GRANT ; no DELETE ; no TRUNCATE ; no UPDATE
on unit_version ; no UPDATE on any non-anchor IU column.
secrets : never argv ; never logs ; never KB ; never STDOUT.
5. STOP conditions (fail-closed before any DB write; or atomic ABORT mid-txn)
STOP BEFORE any DB connect when ANY of :
G1 sovereign approval flag absent / KB id not resolvable
G2 pinned manifest_file_sha / digest / count / source-version / region mismatch
G3 cutwrite factory not PASS / writer_digest != d99a31d4… / cardinality != 60 /
factory returned NOOP_ALREADY_APPLIED (scratch pre-existence detected)
G7 fresh backup_gate callback returns False (no backup ≤60 min / no sha logged)
cutprod argv : --mode wrong ; --fail-closed / --exclude-dieu-44 missing ;
--expect-writer-digest != pin ; ANY DB env var set (PG_DSN / DATABASE_URL /
DIRECTUS_URL / PGHOST / PGUSER / PGPASSWORD)
GAP-A1 unresolved (R1 not authored ; R2 wrapper not reviewed)
GD-1 unresolved or U-W4b GRANT not executed-and-verified (doc 2 §6.1 row mismatch)
Any prior verification step in doc 1 fails on re-run
STOP AT runtime BEFORE any leg-A SQL executes when ANY of :
G4 SELECT current_user != 'cutter_exec'
G5 live drift detected (IU cols ≠ 19 / UV cols ≠ 16 / L1 md5 mismatch /
L2 md5 mismatch / vocab count != 6)
G6 live count(ICX-CONST%) on information_unit != 0 (G-CUT-ONCE NO-OP exit 0)
ATOMIC ABORT mid-txn (zero rows persisted) when ANY of :
- the live birth-gate L1 (immediate) raises on any of the 60 IU rows
- the live birth-gate L2 (deferred ; fires at COMMIT) raises
- FK fk_iu_version_anchor (DEFERRED) fails at COMMIT
- UNIQUE(canonical_address) violation
- allowlist guard inside the adapter rejects an unexpected statement
- any psycopg / socket / network error
- any signal / SIGINT / SIGTERM during the txn
post-CUT VERIFY failure : see doc 4 (cutter_verify / DOT-992) + doc 5 §3
(forward-compensation doctrine).
6. Fail-closed guards (mapped to code; unit-tested)
G1 (no-connect) : prod_iu_adapter.ProdIuBirthAdapter._g1_approval
G2/G3 (no-connect): prod_iu_adapter.ProdIuBirthAdapter._g23_rows
G4 (connect) : prod_iu_adapter.ProdIuBirthAdapter._g4_principal
G5 (connect) : prod_iu_adapter.ProdIuBirthAdapter._g5_drift (_DRIFT_SQL)
G6 (connect) : prod_iu_adapter.ProdIuBirthAdapter._g6_cut_once
G7 (no-connect) : prod_iu_adapter.ProdIuBirthAdapter._g7_backup
SQL allowlists : prod_iu_adapter.ProdIuBirthAdapter._insert / _anchor_update
(defence-in-depth; _IU_COLS / _UV_COLS / _ANCHOR_UPDATE_COLS)
no DB connect : default _default_provider RAISES ProductionAccessNotAuthorized
until a real provider is injected (R1 by cutprod after sovereign
approval ; R2 by the sovereign-reviewed harness).
env hygiene : cutprod refuses if any of PG_DSN / DATABASE_URL / DIRECTUS_URL /
PGHOST / PGUSER / PGPASSWORD are set in the caller's env.
7. Status
production_cut_legA_command_package : CONTRACT_READY · RUNNABLE_OPTIONS_PRESENTED
runnable_options : R1 (preferred) | R2 (operator wrapper)
remaining sovereign gates : GAP-A1 (R1 OR R2 pick) · GD-1 · U-W4b · C5 ·
U-W5 (production CUT execution approval)
production mutation this phase : NONE
self_advance : PROHIBITED
doc 3 of 7. No production mutation. Self-advance PROHIBITED.