dot-iu-cutter v0.5 — First Controlled CUT Rerun · Provider Module + Command Integrity Result (G3/G4 PASS) (doc 2 of 7)
dot-iu-cutter v0.5 — First Controlled CUT Rerun · Provider Module + Command Integrity Result
doc 2 of 7 · 2026-05-20
phase : provider module install + command integrity (G3 + G4) outcome : G3 PASS · G4 PASS production_mutation: NONE this phase (file install + import-verify; no SQL)
1. G3 — sovereign-authored connection-provider module — PASS
authorized_by : GPT ruling 2026-05-20 §G3_connection_provider_module
(AUTHORIZE_AGENT_TO_AUTHOR_AND_INSTALL_PROVIDER_MODULE_IN_RUN_UNDER_GATES)
location : /opt/incomex/dot/specs/ (per ruling; NOT in iu-cutter repo)
filename : cutter_legA_provider_20260520T031054Z.py
sha256 : 503af2f1d000b126cd21abe3540bf80e13e0194887708e15d6a97b76c3d76ef4
bytes : 4495
permissions : 0444 (read-only, no execute bit — importable only)
owner : root:root (per VPS norm)
lifecycle : ephemeral; created in-session for THIS macro; cleanup at
end of rerun macro recommended
1.1 Auth strategy — trust auth via 127.0.0.1 from inside postgres container's network namespace
Discovered from pg_hba.conf inspection:
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
…
host all all all scram-sha-256
Conclusion: cutter_exec can authenticate without password when the client IP (as seen by postgres) is 127.0.0.1. This is reachable by:
docker exec postgres …(Unix socket / loopback from inside container)- A sidecar container that joins postgres' network namespace via
docker run --network container:postgres …(loopback IS the postgres container's loopback)
The provider connects via DSN host=127.0.0.1 port=5432 dbname=directus user=cutter_exec — no password. No PG_PASSWORD_CUTTER_EXEC required
(none exists in /opt/incomex/secrets/.env.production, which only has
PG_USER_RW/PG_PASSWORD_RW and PG_USER_RO/PG_PASSWORD_RO).
Note: SET ROLE not needed in this design — connecting directly as cutter_exec means session_user AND current_user both == 'cutter_exec' (G4 guard passes without role-switching gymnastics).
1.2 Sentinel handling
The committed adapter (prod_iu_adapter.py line 286/302/439) uses the
sentinel _NOW = "__SQL_NOW__" as the value bound to created_at and
updated_at parameters, with the comment "the real composer binds now()
server-side". The composer in the production-leg-a-only path does NOT
perform this swap before SQL emission — so the literal string would
otherwise be sent to the timestamp column and FAIL with cast error.
The sovereign provider implements _swap_sql_now(sql, params) which
walks %s placeholders in left-to-right order, paired 1:1 with params;
when a param value equals __SQL_NOW__, it rewrites that %s in SQL to
NOW() and removes the param. Safe because the adapter's SQL has no
string literals containing %s.
Verified in-container:
swap1= ('INSERT INTO t (a,b,c) VALUES (%s,NOW(),%s)', ['x', 'z'])
swap2= ('SELECT current_user', [])
swap3= ('BEGIN', [])
1.3 Live connection verification (read-only, NO writes)
live= ('cutter_exec', 'cutter_exec', 'directus')
So:
current_user= cutter_exec ⇒ G4 guard would PASSsession_user= cutter_execcurrent_database()= directus
Verified inside docker run --network container:postgres python:3.12-slim … psycopg2.connect …. No INSERT / UPDATE / DELETE issued in the verify.
1.4 Secret hygiene
DSN_in_argv : NO (DSN string lives only inside the module body)
DSN_in_KB : NO (only the module sha256 is logged here)
DSN_in_logs : NO
PG_PASSWORD_*_in_use : NO (trust auth — no password is read)
caller_env_DB_vars : NONE set; the sidecar container has none of
PG_DSN / DATABASE_URL / DIRECTUS_URL / PGPASSWORD /
PGHOST / PGUSER set
2. G4 — command integrity — PASS · byte-match approval package
repo_staged_on_vps : /tmp/iu-cutter-cut-f20c79c-20260520T031054Z/
file_shas_match (vs ratified production-legA doc 1 §2) :
cutter_agent/cutprod.py : 9d1cd33624f52e28227143ea0ca2f4687c612efefaa85fa325d78dbce39f2345 ✓
cutter_agent/prod_iu_adapter.py : 07618c41422ebe0f4077a3b8ccb444047524ae6509159b513e2fee7a2ee6131d ✓
cutter_agent/cutwrite.py : 31ce88dca8f68abd1bff484d665235f396272b0b4f64448812de8a93a1f901d3 ✓
manifest.json (regen via dryrun) : 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179 == PIN_MANIFEST_FILE_SHA ✓
digest = 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f == PIN_MANIFEST_DIGEST ✓
candidate_count = 60, status=PASS
2.1 Manifest regeneration (deterministic; no DB)
python3 -m cutter_agent.dryrun \
--mode mark-manifest-only \
--no-db-write --no-cut --no-verify --fail-closed \
--source-version-id icxconst-008a06ace23a96ea6cd456146e805c97 \
--snapshot-artifact tests/fixtures/constitution-normalized-17660443e0f23e99.md \
--expect-region-sha 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c \
--expect-length 17522 \
--expect-markers 'enacted=19,controlled_draft=1,draft=1,obsolete=1' \
--grammar-profile incomex-architecture-constitution-v4 \
--parser-refimpl nuxt-incomex-portal-constitution-v1.refimpl.r1 \
--scope enacted_only --docprefix ICX-CONST \
--out-dir /tmp/icx-const-rerun-manifest.XXX/manifest \
--emit manifest.json,review_evaluation.json,coverage_proof.json,determinism_digest.md,dryrun_report.md
# → status: PASS, candidate_count: 60, manifest_digest_sha256: 9d908a62…
2.2 Approved GRANT SQL (byte-match doc 3 §2 / doc 2 §2)
BEGIN;
GRANT SELECT, INSERT ON public.information_unit TO cutter_exec;
GRANT UPDATE (version_anchor_ref, content_anchor_ref) ON public.information_unit TO cutter_exec;
GRANT SELECT, INSERT ON public.unit_version TO cutter_exec;
GRANT SELECT ON public.dot_config TO cutter_exec;
GRANT SELECT ON public.information_unit TO cutter_verify;
GRANT SELECT ON public.unit_version TO cutter_verify;
COMMIT;
Issued via docker exec -i postgres psql -U directus -d directus -v ON_ERROR_STOP=1 (Unix socket trust auth as the apply principal directus, ruled GD-1 in package).
2.3 Approved CUT command (byte-match doc 3 §3.1 R1; placeholders filled with this run's artifacts)
docker run --rm \
--network container:postgres \
-v /tmp/iu-cutter-cut-f20c79c-20260520T031054Z:/work \
-v /opt/incomex/dot/specs:/specs:ro \
-w /work -e PYTHONPATH=/work:/specs \
python:3.12-slim bash -c '
pip install --quiet psycopg2-binary
python -m cutter_agent.cutprod \
--mode production-leg-a-only \
--fail-closed --exclude-dieu-44 \
--manifest /work/manifest.json \
--snapshot-artifact /work/tests/fixtures/constitution-normalized-17660443e0f23e99.md \
--expect-manifest-digest 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f \
--expect-manifest-file-sha 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179 \
--expect-candidate-count 60 \
--expect-region-sha 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c \
--source-version-id icxconst-008a06ace23a96ea6cd456146e805c97 \
--expect-writer-digest d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28 \
--i-have-sovereign-production-write-approval <ruling-kb-doc-id> \
--i-have-grant-execution-approval-kb-id <ruling-kb-doc-id> \
--production-intent CONFIRM-LEG-A-ONLY-CONSTITUTION-CUT \
--fresh-backup-sha256 17093a7a9cf6b671545919857ec4478273d5332143daf96957549ba657228043 \
--connection-provider-module cutter_legA_provider_20260520T031054Z:get_provider
'
Where <ruling-kb-doc-id> =
knowledge/dev/laws/dieu44-trien-khai/reviews/dot-iu-cutter-v0.5-first-controlled-cut-production-execution-blocked-gpt-ruling-and-execution-approval-2026-05-20.md
(per GPT ruling §G3_sovereign_production_write_approval_id and §G3_grant_execution_approval_id).
3. Disposition
G3 (provider) : PASS · sha 503af2f1… · import + factory + live connect verified
G4 (command) : PASS · all artifact shas match ratified pins ; argv assembled
byte-for-byte against R1 specification
production_mutation_this_phase : NONE
next_action : G5 execute approved scoped GRANT
doc 2 of 7.