KB-3FF2
dot-iu-cutter v0.5 — First Controlled CUT Rerun · Final Production CUT Report (Result D CUT_FAILED_ROLLED_BACK; IU Gateway architecture drift; OPT-A canonical-function redesign recommended; STOP → GPT/User) (doc 7 of 7)
16 min read Revision 1
dot-iu-cutterv0.5first-controlled-cut-production-execution-rerunfinal-production-cut-reportcut-failed-rolled-backatomic-rollbackiu-gateway-architecture-driftpack-22-p3-p2-rev7fn-iu-create-redesignstop-and-escalateopt-a-recommendedstop-route-gpt-userdieu442026-05-20
dot-iu-cutter v0.5 — First Controlled CUT Rerun · Final Production CUT Report
doc 7 of 7 · 2026-05-20 · STOP → GPT/User
macro_goal : rerun first controlled Constitution CUT (UB-2 leg-A only) after GPT/User cleared the 6 prior-session blockers final_result : D — CUT_FAILED_ROLLED_BACK_OR_COMPENSATION_REQUIRED (rolled back ; no compensation needed — no row committed) root_cause : architecture drift between approval package and production — `trg_aa_iu_gateway_write_guard` BEFORE-INSERT trigger (enforced 2026-05-06 via Pack 22-P3-P2 rev7) blocks direct INSERT on public.information_unit ; canonical write path is `fn_iu_create(...)` / `fn_iu_apply_edit_draft(...)` (both SECURITY DEFINER) per `knowledge/dev/laws/dieu44-trien-khai/readme/iu-create-gateway-readme.md` production_mutation_persisted : NONE (atomic R-2 rollback) production_mutation_in_place : G5 GRANTs only (relacl deltas on 3 tables for cutter_exec + cutter_verify)
1. Final result
result : D — CUT_FAILED_ROLLED_BACK_OR_COMPENSATION_REQUIRED
why : The cutprod R1 command ran to its INSERT step, hit production
`trg_aa_iu_gateway_write_guard`, atomically rolled back, and exited
non-zero. Zero rows persisted. The approval package's direct-INSERT
design contract collides with a production policy (Pack 22-P3-P2
rev7) that requires writes go through canonical SECURITY-DEFINER
functions — drift that the package's drift catalog did NOT cover
(the catalog probes pin IU columns, UV columns, L1/L2 md5, vocab,
and ICX-CONST count, but NOT the gateway trigger).
2. Gate-by-gate outcome
G0 SSOT + repo precheck : PASS (tests 95/95 ; HEAD f20c79c)
G1 live drift precheck : PASS ZERO drift on all six catalog pins
G2 backup + restore-test : PASS sha 17093a7a… ; ephemeral restore
row-counts iu=98 uv=105 dc=65
G3 provider module install : PASS /opt/incomex/dot/specs/
cutter_legA_provider_20260520T031054Z.py
sha 503af2f1… ; live conn verified
(current_user=cutter_exec)
G4 command integrity : PASS all file shas match ratified pins
G5 GRANT execution + verify : PASS 18-bool probe byte-exact
G6 final pre-CUT check (post-GRANT): PASS drift still zero ; ICX-CONST=0
G7 production leg-A CUT : R-2 ATOMIC ROLLBACK
fn_iu_gateway_write_guard raised on
first INSERT into information_unit ;
adapter caught, conn.rollback(), re-raise ;
exit 1 ; zero rows persisted
G8 immediate post-CUT structural : N/A — no commit ; baseline invariants
verified instead (all unchanged)
G9 reports + KB upload : PASS — 7 docs in
`…/v0.5-first-controlled-cut-production-
execution-rerun/`
3. STOP_AND_ESCALATE — structured
3.1 Exact blocker
Direct INSERT on public.information_unit is forbidden by production policy.
The BEFORE-INSERT trigger trg_aa_iu_gateway_write_guard calls
public.fn_iu_gateway_write_guard() (SECURITY DEFINER) which raises
IU Gateway blocked: direct write to information_unit not allowed. Use canonical functions (fn_iu_create, fn_iu_apply_edit_draft). The
adapter's leg-A SQL is direct INSERT — incompatible with this policy.
3.2 Evidence verified
e-1 : 95/95 targeted tests PASS on HEAD f20c79c (unchanged from prior session)
e-2 : zero live drift on the six catalog pins this package probes
e-3 : narrow backup taken in-session ; restorability test passed in ephemeral
postgres:16 with row-counts matching baseline
e-4 : provider module installed at /opt/incomex/dot/specs/ ; sha recorded ;
no secrets in argv/log/KB ; live connect verified as cutter_exec
e-5 : GRANT executed by directus in single txn ; psql output BEGIN, 6×GRANT,
COMMIT ; 18-bool probe row matches package §6.1 expected byte-exact
e-6 : cutprod R1 command shape == approval package doc 3 §3.1 byte-for-byte
(with placeholders filled from this run's artifacts)
e-7 : the gateway trigger and canonical functions exist as cataloged ; the
readme at `…/readme/iu-create-gateway-readme.md` documents the policy
(enforced 2026-05-06, Pack 22-P3-P2 rev7)
e-8 : post-G7 row counts and max(updated_at)/max(created_at) confirm zero
rows persisted ; relacl unchanged from end-of-G5 (no REVOKE issued)
3.3 Why the Agent cannot self-decide further
- redesigning the cutter_agent code to route through fn_iu_create instead of
direct INSERT is a *code change* outside the approved scope of the rerun
macro ("Không schema change ngoài approved GRANT" ; "Không run any SQL
outside approved GRANT + leg-A CUT" — the cutprod CUT is hard-coded for
direct INSERT, so redesigning it would invalidate the f20c79c contract).
- the gateway readme documents fn_iu_create as the canonical path, but using
it has implications the approval package never analyzed :
· fn_iu_create() is SECURITY DEFINER — runs as its owner (likely directus
or workflow_admin), bypassing cutter_exec lane separation. The DOT-991
lane-overlap doctrine that the package enforces would need re-evaluation.
· fn_iu_create(p_canonical_address, p_title, p_body, p_actor, …) does NOT
expose `parent_or_container_ref`, `conformance_status`, `identity_profile`,
`doc_code`, `section_type`, `section_code` as inputs (per its
pg_get_function_arguments signature). If the function sets these
internally, our ratified writer_digest (which is content-addressed over
these fields) MAY NOT MATCH d99a31d4… post-write — requiring re-ratification.
· fn_iu_apply_edit_draft expects a draft_id ; no draft creation function
is among the discovered fn_iu_* functions ; the create+apply flow may
require additional canonical functions not yet inspected.
- REVOKE of the G5 GRANTs is package-pre-approved (doc 2 §4) but the package
says "sovereign-issued only on STOP or postpone" ; the GPT ruling of
2026-05-20 authorized GRANT but not REVOKE. Issuing REVOKE now would be a
fresh sovereign-issued mutation without explicit ruling.
3.4 Resolution options (presented for sovereign ruling)
OPT-A (Recommended) — *redesign leg-A writer to call fn_iu_create + a new
UV-aware companion function, on a separate gated
authoring macro*
scope :
1. Read fn_iu_create + fn_iu_apply_edit_draft definitions in full ;
map their behavior to the 19-col IU shape the ratified rowset
uses ; identify exactly which IU fields the function sets
automatically vs. accepts as input.
2. Identify the canonical write path for `public.unit_version`. The
gateway readme references `fn_iu_create` (for IU) and
`fn_iu_apply_edit_draft` (for edits) but does NOT name a UV
writer. Either fn_iu_create internally writes the first UV, or
a separate canonical UV writer exists. Verify.
3. Adjust the writer_digest contract: if fn_iu_create computes any
field that the cutwrite factory currently computes (e.g.,
identity_profile, parent_or_container_ref), the writer_digest
pin may shift. Re-ratify by recomputing the digest under the
new contract OR by passing through fields explicitly.
4. Author a new cutter_agent module (say cutter_agent.prod_iu_adapter_v2)
that drives leg-A via fn_iu_create per row, in a single atomic
transaction. Keep the existing prod_iu_adapter as historical
reference. Add tests proving the new path matches the ratified
cardinality (60+60+60) and that the gateway trigger does NOT
raise.
5. Update the GRANT delta: cutter_exec needs `EXECUTE` on
fn_iu_create (and whichever UV writer is canonical), and may
NOT need INSERT/UPDATE on the IU/UV tables anymore (those are
internal to the SECURITY-DEFINER function). Re-author the GRANT
package. REVOKE the existing G5 GRANTs as part of the new
package's prerequisites.
6. New approval cycle for the redesigned macro.
trade_off : preserves SoD/audit/append-only/non-fabrication ; aligns
with production policy ; requires a code-authoring cycle
+ GRANT-redelta + new test set. Estimated 2–4 sovereign-gated
sub-macros (read code ↔ redesign cutwrite path ↔ author
adapter v2 ↔ new GRANT ↔ rerun CUT).
OPT-B — *temporarily disable / bypass the gateway trigger for the CUT only*
scope : workflow_admin (superuser) sets a session-context flag that
fn_iu_gateway_write_guard checks and skips ; cutprod runs in
that flagged session ; flag cleared at COMMIT/ROLLBACK.
trade_off : faster end-to-end but DEFEATS the production policy that
the gateway implements. The whole point of Pack 22-P3-P2
rev7 is to prevent direct writes. Bypassing it for one
CUT sets a precedent and may violate the architectural
intent of the gateway. NOT RECOMMENDED without explicit
sovereign architectural review.
OPT-C — *use fn_iu_create one row at a time from a bash/psql harness
instead of from the cutprod adapter*
scope : write a sovereign-side harness that calls fn_iu_create 60×
inside a single atomic txn, reading the 60-row payload from
a JSON-serialized form of cutwrite.build_rows. Keep cutprod
unchanged on this branch.
trade_off : avoids modifying cutprod, but the writer_digest invariant
(d99a31d4…) was computed for the direct-INSERT path —
calling fn_iu_create produces rows that may or may not
hash to the same digest, depending on what the function
sets internally. Re-ratification almost certainly needed.
Also, the harness is itself a new sovereign-authored
artifact requiring its own command-review cycle.
3.5 Agent's recommendation
recommend : OPT-A (canonical-function redesign on a separate gated authoring
macro).
reason :
- the gateway is a production-policy invariant (Pack 22-P3-P2 rev7) that
we should respect, not bypass.
- the redesign is a one-time architectural alignment that yields a CUT
path which is forward-compatible with future policy changes (additional
triggers, audit hooks, etc. — the canonical functions are the future-
proof entry).
- SoD/DOT-991 lane separation: fn_iu_create being SECURITY DEFINER
technically means writes execute as its owner ; the cutter_exec lane
becomes an EXECUTE-only lane. The DOT-991 doctrine permits this if the
audit trail is preserved (which fn_iu_create does, by recording p_actor).
- the GRANT package needs revision anyway — direct INSERT/UPDATE column
privileges on IU/UV are no longer the right delta when the canonical
function bypasses them.
- re-ratification of writer_digest is a contained one-shot effort the same
deterministic factory can produce.
3.6 Shortest next step after GPT/User rule
shortest_next_step :
GPT/User issues a ruling on the four open questions :
(i) redesign vs. bypass vs. harness (OPT-A / OPT-B / OPT-C)
(ii) REVOKE the G5 GRANTs now, OR keep them in place pending the
redesigned GRANT package
(iii) the canonical UV write path (does fn_iu_create write the
first UV row automatically? or is there a separate UV
canonical writer?)
(iv) re-ratification policy for writer_digest if fn_iu_create's
internal field-setting changes the content-addressed hash
the Agent (next session) then :
- opens a new sovereign-gated authoring macro for the chosen path
- if OPT-A: read fn_iu_create + fn_iu_apply_edit_draft definitions
in full, draft cutter_agent.prod_iu_adapter_v2 + redesigned GRANT
delta, re-ratify writer_digest, run targeted tests, commit on a
new branch (no push), route back to GPT/User for review-and-
execute approval.
- cleanup the in-run artifacts of THIS macro :
· /tmp/iu-cutter-cut-f20c79c-20260520T031054Z/ (stage dir)
· /opt/incomex/dot/specs/cutter_legA_provider_20260520T031054Z.py
(provider module — REUSE if the next macro re-attempts with
the same f20c79c CUT, otherwise delete)
· keep the backup file as audit evidence (or rotate per backup
retention policy)
4. Boundaries honored this session
forbidden_actions_NOT_taken :
- did NOT execute VERIFY (cutter_verify VW-1..VW-12)
- did NOT execute post-CUT governed-recording (leg-B 126 rows)
- did NOT deploy / restart / docker rebuild any production service
- did NOT merge / push / tag the feature branch
- did NOT mutate source_document / source_document_version
- did NOT run any SQL outside the approved GRANT + the cutprod CUT
(no REVOKE, no ALTER, no DROP, no DDL beyond GRANT)
- did NOT hard-delete anything
- did NOT self-advance beyond leg-A CUT (the failed CUT was the
last sovereign-authorized action)
- did NOT fabricate KB approval doc ids, backup sha, or provider
module values
- did NOT echo / log / argv-leak any secret
- did NOT bypass the gateway trigger
5. Status
final_result : D — CUT_FAILED_ROLLED_BACK_OR_COMPENSATION_REQUIRED
(rolled back ; no compensation needed)
production_mutation_persisted : NONE on rows
production_mutation_in_place : G5 GRANTs on 3 tables (relacl deltas only)
data_state : byte-identical to pre-G7 baseline
(IU=98, UV=105, ICX-CONST=0)
artifacts_for_next_session :
backup /opt/incomex/backups/pg/directus_legA_cut_pre_grant_20260520T031054Z.dump
sha 17093a7a9cf6b671545919857ec4478273d5332143daf96957549ba657228043
provider /opt/incomex/dot/specs/cutter_legA_provider_20260520T031054Z.py
sha 503af2f1d000b126cd21abe3540bf80e13e0194887708e15d6a97b76c3d76ef4
staging /tmp/iu-cutter-cut-f20c79c-20260520T031054Z/
cut_log /opt/incomex/backups/pg/directus_legA_cut_pre_grant_20260520T031054Z.log
/opt/incomex/backups/pg/directus_legA_cut_20260520T031054Z.cut.log
self_advance : PROHIBITED
next_action : route → GPT/User ; await ruling on OPT-A vs
OPT-B vs OPT-C and the REVOKE-now decision
doc 7 of 7.