KB-44C6
dot-iu-cutter v0.5 — Canonical Path Survey · Updated Production CUT Approval Package (READY conditional on sovereign rulings G-A through G-D) (doc 6 of 7)
10 min read Revision 1
dot-iu-cutterv0.5fn-iu-create-canonical-path-survey-and-redesignupdated-production-cut-approval-packageready-conditionalsovereign-gateslifecycle-status-draftwriter-digest-equivalence-proofp-pub1-pub2-pilotdieu442026-05-20
dot-iu-cutter v0.5 — Canonical Path Survey · Updated Production CUT Approval Package
doc 6 of 7 · 2026-05-20
phase : S6 — new production CUT approval package (canonical path) outcome : READY_CONDITIONAL_ON_SOVEREIGN_RULINGS production_mutation : NONE this phase (package authoring only)
1. Pinned identity (UNCHANGED from prior approval packages)
manifest_file_sha256 : 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179
manifest_digest : 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f
candidate_count : 60 (NT15·KT3·DIEU42)
source_document_version_id : icxconst-008a06ace23a96ea6cd456146e805c97
region_sha256 : 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c
writer_digest : d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28
exclusions : Điều 44 (controlled_draft tier_2 UOSL) · draft · obsolete
docprefix : ICX-CONST
target_db : directus
canonical_function : public.fn_iu_create(text,text,text,text,text,text,text,text,uuid)
canonical_writer_marker : fn_iu_create (set txn-local by the function itself)
The writer_digest equivalence proof (see doc 5 §2.3) shows the canonical adapter preserves all five digest input elements ; no re-ratification of PIN_WRITER_DIGEST is required.
2. GRANT package (canonical-path delta)
Verbatim from doc 4 §3 — issued by directus (GD-1, sovereign-ruled,
unchanged):
BEGIN;
REVOKE INSERT ON public.information_unit FROM cutter_exec;
REVOKE UPDATE (version_anchor_ref, content_anchor_ref) ON public.information_unit FROM cutter_exec;
REVOKE INSERT ON public.unit_version FROM cutter_exec;
GRANT EXECUTE ON FUNCTION
public.fn_iu_create(text,text,text,text,text,text,text,text,uuid)
TO cutter_exec;
COMMIT;
Acceptance gate (doc 4 §5) — 11-bool probe row expected t|f|f|f|f|t|f|t|t|t|t.
REVOKE rollback (doc 4 §6) is the byte-inverse and restores the post-rerun-G5 relacl state.
3. Production CUT — canonical command (R1-equivalent)
docker run --rm \
--network container:postgres \
-v <staging-dir>:/work \
-v /opt/incomex/dot/specs:/specs:ro \
-w /work -e PYTHONPATH=/work:/specs \
python:3.12-slim bash -c '
pip install --quiet psycopg2-binary
python -m cutter_agent.cutprod_canonical \
--mode production-leg-a-only-canonical \
--fail-closed --exclude-dieu-44 \
--manifest /work/manifest.json \
--snapshot-artifact /work/tests/fixtures/constitution-normalized-17660443e0f23e99.md \
--expect-manifest-digest 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f \
--expect-manifest-file-sha 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179 \
--expect-candidate-count 60 \
--expect-region-sha 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c \
--source-version-id icxconst-008a06ace23a96ea6cd456146e805c97 \
--expect-writer-digest d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28 \
--i-have-sovereign-production-write-approval <next-ruling-kb-doc-id> \
--i-have-grant-execution-approval-kb-id <next-ruling-kb-doc-id> \
--production-intent CONFIRM-LEG-A-ONLY-CONSTITUTION-CUT-CANONICAL \
--fresh-backup-sha256 <new-64-hex-pre-CUT-backup-sha> \
--connection-provider-module cutter_legA_provider_<new-ts>:get_provider
'
Exact writes (the command performs ONLY these):
single DB connection : 1 (cutter_exec ; trust auth from postgres container netns)
single transaction : 1 (BEGIN…COMMIT owned by the adapter)
ordering inside txn :
SELECT current_user -- G4
SELECT count(*) FROM public.information_unit WHERE canonical_address LIKE 'ICX-CONST%' -- G6
<drift catalog probe> -- G5 (read-only on pg_attribute/pg_proc/dot_config)
BEGIN
SELECT public.fn_iu_create(%s, %s, %s, %s, %s, %s, %s, %s, %s) × 60
COMMIT
total leg-A statements : 60 fn_iu_create calls (each internally INSERTs IU+UV,
UPDATEs anchor — 180 statements net inside the function)
no writes outside this set :
no cutter_governance.* row (leg-B post-CUT package, UB-2)
no DELETE / TRUNCATE / DDL / direct INSERT / direct UPDATE / GRANT / REVOKE
no source_document* mutation
no Directus app / vector / NoSQL write
4. Backup / precheck / verify / rollback (UNCHANGED doctrines)
backup (PC-5) : fresh narrow logical backup of
public.{information_unit, unit_version, dot_config}
taken by an authorized DB operator (NOT the Agent
; NOT cutter_exec / cutter_verify) within ≤60 min
of the CUT txn open ; restorability-tested in an
ephemeral postgres ; sha256 logged. The rerun
macro's PC-5 script can be reused
(`/opt/incomex/backups/pg/directus_legA_cut_pre_grant_<ts>.dump`).
precheck (G0..G7) : identical to rerun macro (95/95 tests +
live drift + backup gate + provider verified)
verify (post-CUT, separate) : cutter_verify VW-1..VW-12 — separately
sovereign-gated ; NOT in scope here. Note: VW
must be updated to account for canonical-path
persisted row shape (lifecycle_status='draft'
etc.) before it can run.
rollback : R-1 / R-2 / R-3 doctrine unchanged (atomic
ROLLBACK ; never hard-delete ; forward-comp only)
post-CUT governed recording : separately sovereign-gated leg-B package (UB-2)
5. Sovereign-gate dependencies (must close before execution)
A-1 Approval of the canonical-path GRANT delta (this doc §2)
A-2 Approval of the canonical-path production CUT (this doc §3)
A-3 Ruling on G-A : accept lifecycle_status='draft' for constitution IUs
OR require enactment workflow first ; OR pass p_publication_type='law'
to satisfy future strict L1
A-4 Ruling on G-B / G-C / G-D : doc_code/section_code/section_type column
NULL semantics ; server-gen ids ; L1 PILOT-warning future-proofing
A-5 Fresh backup taken in-run by Agent (already authorized in 2026-05-20
GPT ruling for the rerun macro ; carry-forward expected)
A-6 Connection provider module: REUSE the existing one at
`/opt/incomex/dot/specs/cutter_legA_provider_20260520T031054Z.py`
(sha 503af2f1d000b126cd21abe3540bf80e13e0194887708e15d6a97b76c3d76ef4)
— works unchanged for the canonical path (same DSN, same trust auth)
6. Failure regimes / STOP conditions
exit 2 REFUSED (no DB connect attempted) on ANY of :
--mode not 'production-leg-a-only-canonical'
--fail-closed or --exclude-dieu-44 missing
--expect-writer-digest != d99a31d4… (ratified pin)
ANY DB env var present (PG_DSN/DATABASE_URL/DIRECTUS_URL/PGHOST/PGUSER/PGPASSWORD)
--i-have-sovereign-production-write-approval missing
--i-have-grant-execution-approval-kb-id missing
--production-intent != CONFIRM-LEG-A-ONLY-CONSTITUTION-CUT-CANONICAL (literal)
--fresh-backup-sha256 missing or not 64-hex
--connection-provider-module missing
exit 3 BLOCKED on ANY of :
provider module not loadable / factory shape wrong
G2 pinned identity mismatch ; G3 writer_digest mismatch
G7 backup_gate callable returns false
G4 SELECT current_user != 'cutter_exec'
G5 in-txn drift mismatch → atomic ROLLBACK, 0 rows
G6 in-txn count(ICX-CONST%) != 0 → atomic ROLLBACK, 0 rows
fn_iu_create returns non-'created' status (e.g. 'exists_complete' or
'exists_missing_*') → atomic ROLLBACK, 0 rows
fn_iu_create content_hash mismatch with cutwrite uv['content_hash']
→ atomic ROLLBACK, 0 rows
any psycopg / socket / network error → atomic ROLLBACK
any SIGINT/SIGTERM during the txn → driver-level ROLLBACK
exit 0 CUT_OK_LEG_A_CANONICAL — single STDOUT line :
CUT_OK_LEG_A_CANONICAL iu_created=60 uv_created=60 anchor_updates=60
writer_digest=d99a31d4… txn=COMMITTED canonical_fn=public.fn_iu_create
leg_b=DEFERRED_TO_POST_CUT_GOVERNED_RECORDING_PACKAGE
approval_id=<kb> grant_approval_id=<kb> backup_sha=<64-hex>
7. STATUS
package_status : READY_CONDITIONAL_ON_SOVEREIGN_RULINGS
remaining_sovereign_gates : A-1, A-2, A-3, A-4 (above)
production_mutation_this_phase : NONE
self_advance : PROHIBITED
next_action : route → GPT/User for the 4 sovereign rulings.
Once closed, the canonical CUT can run in a
SEPARATE gated macro using this command shape.
doc 6 of 7.