KB-3027
dot-iu-cutter v0.5 — Lifecycle Implementation Authoring · Verification + Rollback + Compensation Plan (G3 PASS) (doc 4 of 6)
26 min read Revision 1
dot-iu-cutterv0.5lifecycle-enactment-implementation-authoringverification-rollback-compensationpre-flight-probespost-execution-probesbehavioral-probes-b1-b10per-bundle-rollbackforward-compensation-retire-supersedeemergency-revert-sovereigndieu442026-05-20
dot-iu-cutter v0.5 — Lifecycle Implementation Authoring · Verification + Rollback + Compensation Plan
doc 4 of 6 · 2026-05-20 · OPERATIONS DESIGN ONLY
phase : G3 — verification + rollback + compensation outcome : PASS — full operational envelope for Bundles A..E production_mutation : NONE
0. Scope
This document is the operational complement to the authored bundles in [[dot-iu-cutter-v0-5-02-fn-iu-enact-ddl-package-2026-05-20]] (Bundles A..D) and [[dot-iu-cutter-v0-5-03-fn-iu-apply-edit-draft-patch-package-2026-05-20]] (Bundle E).
It defines:
- Pre-flight probes (gate-keepers before any DDL applies)
- Per-bundle in-flight probes (between each Bundle's COMMIT and the next)
- Post-execution probes (end-of-implementation acceptance criteria)
- Per-DDL-object rollback procedures (with safety constraints)
- Compensation doctrine for an accidental Phase 7 enactment
- Fingerprint capture catalog (15 pre/post pairs)
- Acceptance criteria for the implementation-execution macro
Nothing here is executed in THIS authoring macro.
1. Pre-flight probes (PHASE 0 in execution macro)
Run AS context_pack_readonly (or any SELECT-only role with USAGE on
both public and cutter_governance schemas).
-- P0.1 Gateway state present and at pre-state
SELECT value FROM public.dot_config
WHERE key = 'iu_create.gateway.allowed_marker_values';
-- expect EXACTLY 1 row, value='fn_iu_create,fn_iu_apply_edit_draft'
SELECT value FROM public.dot_config
WHERE key = 'iu_create.gateway.mode';
-- expect 'enforced'
-- P0.2 60 ICX-CONST still all draft (uncoupled to anything we're about to do,
-- but confirms the live state baseline)
SELECT count(*) FILTER (WHERE lifecycle_status='draft') AS n_draft,
count(*) AS n_total
FROM public.information_unit
WHERE canonical_address LIKE 'ICX-CONST%';
-- expect n_draft=60, n_total=60
SELECT count(*) AS uv_with_enacted_at FROM public.unit_version WHERE enacted_at IS NOT NULL;
-- expect 0
-- P0.3 Lifecycle infrastructure absent
SELECT count(*) FROM pg_class c JOIN pg_namespace n ON c.relnamespace=n.oid
WHERE n.nspname='public' AND c.relname IN ('iu_lifecycle_vocab','iu_lifecycle_log');
-- expect 0
SELECT count(*) FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname IN ('fn_iu_enact','fn_iu_enacted_immut','fn_uv_enacted_immut');
-- expect 0
SELECT count(*) FROM pg_trigger t JOIN pg_class c ON t.tgrelid=c.oid
WHERE NOT t.tgisinternal
AND t.tgname IN ('trg_iu_enacted_immut','trg_uv_enacted_immut');
-- expect 0
SELECT count(*) FROM public.dot_config WHERE key LIKE 'iu_enact.%';
-- expect 0
-- P0.4 fn_iu_apply_edit_draft fingerprint matches the design finding
SELECT md5(prosrc) AS pre_md5, length(prosrc) AS pre_len
FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname='fn_iu_apply_edit_draft';
-- expect: pre_md5='22875ce25b2e2d1751cc4f3d1757252e', pre_len=4144
-- P0.5 cutter_governance accessibility for SECDEF directus
SELECT has_schema_privilege('directus','cutter_governance','USAGE') AS usage,
has_table_privilege('directus','cutter_governance.review_decision','SELECT') AS s_rd,
has_table_privilege('directus','cutter_governance.cut_change_set','SELECT') AS s_cs;
-- expect usage=true, s_rd=true, s_cs=true
-- P0.6 cutter_exec role exists
SELECT 1 FROM pg_roles WHERE rolname='cutter_exec';
-- expect 1 row
abort_on_failure_of_any_probe:
- the execution macro MUST abort and route to GPT/User if any P0.* probe
fails. No DDL applies if pre-flight does not PASS.
2. Per-bundle in-flight probes
2.1 After TXN-1 (Bundle A — vocab + log) committed
-- A.V1 vocab seeded with exactly 4 rows
SELECT code, name, sort_order FROM public.iu_lifecycle_vocab
ORDER BY sort_order, code;
-- expect rows:
-- draft Bản nháp 10
-- enacted Đã ban hành 20
-- superseded Bị thay 30
-- retired Đã rút 40
-- A.V2 log table empty, 5 indexes present, FK present
SELECT count(*) AS n_rows FROM public.iu_lifecycle_log;
-- expect 0
SELECT count(*) AS n_idx
FROM pg_index ix JOIN pg_class c ON ix.indrelid = c.oid
JOIN pg_namespace n ON c.relnamespace=n.oid
WHERE n.nspname='public' AND c.relname='iu_lifecycle_log';
-- expect >= 6 (5 explicit + 1 implicit PK btree)
SELECT conname, pg_get_constraintdef(oid)
FROM pg_constraint
WHERE conrelid='public.iu_lifecycle_log'::regclass
AND contype='f';
-- expect: fk_iu_lifecycle_log_unit FOREIGN KEY (unit_id)
-- REFERENCES information_unit(id)
-- A.V3 read grants
SELECT has_table_privilege('public','public.iu_lifecycle_vocab','SELECT') AS pub,
has_table_privilege('cutter_exec','public.iu_lifecycle_log','SELECT') AS exec_log,
has_table_privilege('cutter_exec','public.iu_lifecycle_log','INSERT') AS exec_log_ins;
-- expect pub=true, exec_log=true, exec_log_ins=false
2.2 After TXN-2 (Bundle B — immutability) committed
-- B.V1 functions exist; not SECDEF
SELECT proname, prosecdef
FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname IN ('fn_iu_enacted_immut','fn_uv_enacted_immut');
-- expect 2 rows, prosecdef=false for both
-- B.V2 triggers attached
SELECT tgname, c.relname AS tbl, p.proname AS fn
FROM pg_trigger t
JOIN pg_class c ON t.tgrelid = c.oid
JOIN pg_proc p ON t.tgfoid = p.oid
WHERE tgname IN ('trg_iu_enacted_immut','trg_uv_enacted_immut');
-- expect 2 rows; tbl matches function target table
-- B.V3 live data unchanged
SELECT (SELECT count(*) FROM public.information_unit) AS iu_total,
(SELECT count(*) FROM public.unit_version) AS uv_total,
(SELECT count(*) FROM public.information_unit
WHERE lifecycle_status='draft') AS iu_draft,
(SELECT count(*) FROM public.unit_version
WHERE lifecycle_status='draft') AS uv_draft;
-- expect iu_total=158, uv_total=165, iu_draft=158, uv_draft=165
2.3 After TXN-3 (Bundle C — fn_iu_enact) committed
-- C.V1 function exists with expected signature + SECDEF
SELECT proname, prosecdef, pg_get_function_identity_arguments(oid) AS args
FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname='fn_iu_enact';
-- expect:
-- proname='fn_iu_enact'
-- prosecdef=true
-- args='p_canonical_address text, p_actor text, p_review_decision_id uuid,
-- p_target_lifecycle text, p_change_set_id uuid, p_reason text,
-- p_tool_revision text, p_dry_run boolean'
-- C.V2 dry-run smoke (cutter_exec doesn't have EXECUTE yet; run as directus
-- OR test from a session that has EXECUTE temporarily)
BEGIN;
SELECT public.fn_iu_enact(
'ICX-CONST/DIEU-0', -- existing ICX-CONST IU
'verify_probe',
'29c88a7b-60f7-41bd-af45-43cc9b9f41c0', -- existing review_decision
'enacted',
NULL, 'C.V2 dry-run', 'iu-enact@v0.5-M3a-2026-05-20',
true -- dry_run=true
);
-- expect status='plan_ok', would_write_rows={1,1,1}
ROLLBACK;
2.4 After TXN-4 (Bundle D — policy + grants) committed
-- D.V1 gateway allowed_marker_values updated
SELECT value FROM public.dot_config
WHERE key='iu_create.gateway.allowed_marker_values';
-- expect 'fn_iu_create,fn_iu_apply_edit_draft,fn_iu_enact'
-- D.V2 iu_enact.* keys seeded (8 keys)
SELECT key, value FROM public.dot_config
WHERE key LIKE 'iu_enact.%'
ORDER BY key;
-- expect 8 rows with documented values:
-- iu_enact.allow_no_review_decision = 'false'
-- iu_enact.canonical_function = 'public.fn_iu_enact(text,text,uuid,text,uuid,text,text,boolean)'
-- iu_enact.log_table = 'public.iu_lifecycle_log'
-- iu_enact.mode = 'enforced'
-- iu_enact.policy_doc_path = '<doc 04 of design package path>'
-- iu_enact.readme_path = 'knowledge/.../readme/iu-lifecycle-enactment-readme.md'
-- iu_enact.target_default = 'enacted'
-- iu_enact.vocab_table = 'public.iu_lifecycle_vocab'
-- D.V3 EXECUTE grants
SELECT has_function_privilege(
'cutter_exec',
'public.fn_iu_enact(text,text,uuid,text,uuid,text,text,boolean)',
'EXECUTE') AS cutter_can_exec,
has_function_privilege(
'public',
'public.fn_iu_enact(text,text,uuid,text,uuid,text,text,boolean)',
'EXECUTE') AS pub_can_exec;
-- expect cutter_can_exec=true, pub_can_exec=false
2.5 After TXN-5 (Bundle E — fn_iu_apply_edit_draft patch) committed
-- E.V1 md5 changed
SELECT md5(prosrc) AS post_md5, length(prosrc) AS post_len
FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname='fn_iu_apply_edit_draft';
-- expect: post_md5 != '22875ce25b2e2d1751cc4f3d1757252e'
-- post_len within ±100 of 4144
-- E.V2 SECDEF + search_path still pinned
SELECT prosecdef, proconfig
FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname='fn_iu_apply_edit_draft';
-- expect prosecdef=true; proconfig contains search_path=pg_catalog, public
-- E.V3 body contains new sentinel string (text grep)
SELECT prosrc LIKE '%base_version_enacted%' AS has_new_status
FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname='fn_iu_apply_edit_draft';
-- expect true
SELECT prosrc LIKE '%count(DISTINCT lifecycle_status)%' AS still_has_global_check
FROM pg_proc
WHERE pronamespace='public'::regnamespace
AND proname='fn_iu_apply_edit_draft';
-- expect false (the global check is GONE)
3. Post-execution acceptance probes (end of implementation macro)
After TXN-1..TXN-5 all committed, the execution macro runs all of the following AND uploads a verification report:
ALL of (post-execution criteria):
schema:
A.V1 vocab 4-row PASS
A.V2 log table empty + 5 idx + FK PASS
A.V3 vocab/log grants PASS
B.V1 immutability functions present PASS
B.V2 immutability triggers attached PASS
B.V3 live data unchanged PASS
C.V1 fn_iu_enact present + SECDEF + signature PASS
D.V1 gateway updated PASS
D.V2 iu_enact.* keys PASS
D.V3 EXECUTE grants PASS
E.V1 patch md5 changed PASS
E.V2 patch SECDEF preserved PASS
E.V3 body text confirms patch PASS
behavioral (ROLLBACK-only):
B-1 dry-run plan_ok PASS
B-2 invalid_target_lifecycle PASS
B-3 iu_not_found PASS
B-4 review_decision_not_found PASS
B-5 raw UPDATE still blocked PASS
B-6 NULL review_decision_id refused PASS
B-7 NULL actor refused PASS
B-8 fsm_denied for draft→superseded PASS
B-9 edit-draft on draft base unchanged PASS
B-10 edit-draft on enacted base refused
(CANNOT run in this macro;
deferred to LIFECYCLE_ENACT_TEST_INTEGRATION=1 path)
data invariants:
60 ICX-CONST still all draft PASS
158 IU total / 165 UV total PASS
uv_enacted_at_nonnull = 0 PASS
iu_lifecycle_log row count = 0 PASS
iu_lifecycle_vocab row count = 4 PASS
acceptance_threshold:
- ALL schema + ALL behavioral (B-1..B-9) + ALL data invariants
- B-10 deferred OK
- any FAIL → execution macro reports FAIL, hands off to GPT/User
(does NOT roll back automatically; allows operator to inspect
before destructive action)
4. Fingerprint capture catalog
The execution macro captures the following 15 pre/post pairs and embeds them in its closeout report.
schema_fingerprints:
F-01 fn_iu_gateway_write_guard.body_md5 : pre=post=6907fa4e5e46b5617d7dfecbd86326d7
F-02 fn_iu_create.body_md5 : pre=post=3017892a5ac605a6daeaa5348e2a6cdf
F-03 fn_iu_verify_invariants.body_md5 : pre=post=6d005323d15eb4802f22802470b2c966
F-04 fn_iu_apply_edit_draft.body_md5 : pre=22875ce25b2e2d1751cc4f3d1757252e
post=<captured-post-Bundle-E>
F-05 fn_iu_enact.body_md5 : pre=ABSENT
post=<captured-post-Bundle-C>
F-06 fn_iu_enacted_immut.body_md5 : pre=ABSENT
post=<captured-post-Bundle-B>
F-07 fn_uv_enacted_immut.body_md5 : pre=ABSENT
post=<captured-post-Bundle-B>
F-08 trigger_count_information_unit : pre=5, post=6
F-09 trigger_count_unit_version : pre=2, post=3
F-10 iu_lifecycle_vocab.row_count : pre=ABSENT (table missing); post=4
F-11 iu_lifecycle_log.row_count : pre=ABSENT; post=0
data_fingerprints:
F-12 information_unit.total_rows : pre=post=158
F-13 unit_version.total_rows : pre=post=165
F-14 unit_version.enacted_at_nonnull_count : pre=post=0
F-15 icx_const_iu.lifecycle_status_distinct : pre=post=['draft']
ASSERT F-01 == F-02 == F-03 (unchanged gateway/create/verify_invariants md5s)
ASSERT F-04.post != F-04.pre
ASSERT F-05.post is non-null
ASSERT F-08.post = F-08.pre + 1
ASSERT F-09.post = F-09.pre + 1
ASSERT F-10.post = 4
ASSERT F-11.post = 0
ASSERT F-12..F-15 unchanged
5. Rollback procedures per Bundle
5.1 Bundle A rollback
-- safe to run unconditionally if Bundle A applied but Bundle C did not
-- (Bundle C references iu_lifecycle_log via INSERT; rolling back
-- the log table while fn_iu_enact still exists would break the function.
-- Always rollback Bundle C FIRST if both applied.)
BEGIN;
DROP TABLE IF EXISTS public.iu_lifecycle_log;
DROP TABLE IF EXISTS public.iu_lifecycle_vocab;
COMMIT;
-- VERIFY rollback:
SELECT count(*) FROM pg_class c JOIN pg_namespace n ON c.relnamespace=n.oid
WHERE n.nspname='public' AND c.relname IN ('iu_lifecycle_vocab','iu_lifecycle_log');
-- expect 0
safety_constraint:
- Bundle A rollback is SAFE while iu_lifecycle_log has 0 rows.
- If iu_lifecycle_log has rows (i.e. after Phase 7 fires), DO NOT
run Bundle A rollback — it would destroy audit history.
- The execution macro must REFUSE rollback of Bundle A if
SELECT count(*) FROM iu_lifecycle_log > 0.
5.2 Bundle B rollback
BEGIN;
DROP TRIGGER IF EXISTS trg_uv_enacted_immut ON public.unit_version;
DROP TRIGGER IF EXISTS trg_iu_enacted_immut ON public.information_unit;
DROP FUNCTION IF EXISTS public.fn_uv_enacted_immut();
DROP FUNCTION IF EXISTS public.fn_iu_enacted_immut();
COMMIT;
-- VERIFY rollback:
SELECT count(*) FROM pg_trigger
WHERE tgname IN ('trg_iu_enacted_immut','trg_uv_enacted_immut');
-- expect 0
safety_constraint:
- Bundle B rollback is SAFE while no row has lifecycle_status='enacted'.
- If some rows ARE enacted, rollback REMOVES the immutability protection
those rows depended on. The execution macro must REFUSE Bundle B
rollback if:
SELECT count(*) FROM public.information_unit WHERE lifecycle_status='enacted' > 0
OR
SELECT count(*) FROM public.unit_version WHERE lifecycle_status='enacted' > 0
5.3 Bundle C rollback
BEGIN;
DROP FUNCTION IF EXISTS public.fn_iu_enact(
text, text, uuid, text, uuid, text, text, boolean);
COMMIT;
safety_constraint:
- Bundle C rollback is SAFE while iu_lifecycle_log has 0 rows.
- If Phase 7 has run, rolling back fn_iu_enact PREVENTS future
enactment but does not retro-revert existing enactments. May still
be the right move if forward fixes are needed.
5.4 Bundle D rollback
BEGIN;
UPDATE public.dot_config
SET value = 'fn_iu_create,fn_iu_apply_edit_draft',
updated_at = now()
WHERE key = 'iu_create.gateway.allowed_marker_values';
DELETE FROM public.dot_config WHERE key LIKE 'iu_enact.%';
REVOKE EXECUTE ON FUNCTION public.fn_iu_enact(
text, text, uuid, text, uuid, text, text, boolean
) FROM cutter_exec;
COMMIT;
safety_constraint:
- Bundle D rollback while Bundle C is still in place leaves fn_iu_enact
existing but unable to UPDATE (the marker 'fn_iu_enact' is no longer
in allowed_marker_values, so the gateway will block).
- This is FAIL-CLOSED behavior and acceptable: the function refuses
rather than runs.
5.5 Bundle E rollback (fn_iu_apply_edit_draft patch revert)
-- restore the prior body from the operational sidecar :backup_body
CREATE OR REPLACE FUNCTION public.fn_iu_apply_edit_draft(
p_draft_id uuid, p_actor text, p_review_note text
) RETURNS jsonb
LANGUAGE plpgsql
SECURITY DEFINER
SET search_path = pg_catalog, public
AS $body$
<insert-exact-pre-patch-body-from-:backup_body>
$body$;
-- VERIFY:
SELECT md5(prosrc) FROM pg_proc
WHERE pronamespace='public'::regnamespace AND proname='fn_iu_apply_edit_draft';
-- expect: '22875ce25b2e2d1751cc4f3d1757252e'
safety_constraint:
- Bundle E rollback is SAFE only while NO UV has lifecycle_status != 'draft'.
- If any UV is non-'draft', pre-patch body's global coupling will
return 'lifecycle_ambiguous' on every call. The execution macro
must REFUSE Bundle E rollback if:
SELECT count(DISTINCT lifecycle_status) FROM public.unit_version > 1
5.6 Cascading rollback order (if all bundles applied and need reversal)
correct_order_for_full_reversal:
1. Bundle E rollback (restore old fn_iu_apply_edit_draft)
2. Bundle D rollback (revert dot_config + grants)
3. Bundle C rollback (drop fn_iu_enact)
4. Bundle B rollback (drop immutability triggers + functions)
5. Bundle A rollback (drop log + vocab)
each step safe ONLY IF:
- no Phase 7 has fired (iu_lifecycle_log row count = 0)
- no row has lifecycle_status='enacted'
- no UV has enacted_at IS NOT NULL
if any of the above is false:
- DO NOT do a full reversal
- investigate why a reversal is needed; usually a forward-compensation
(retire / supersede) is the right answer
6. Compensation doctrine — accidental Phase 7 enactment
Phase 7 (the 60-IU enactment) is OUT OF SCOPE for this macro and gated behind a separate sovereign ruling. The following compensation runbook exists so an emergency response is pre-designed.
6.1 Preferred — forward compensation (canonical)
scenario : a row was enacted in error AFTER Phase 7 fires
preferred : transition the erroneously enacted IU to 'retired' via a
FUTURE fn_iu_retire(canonical_address, actor,
new_review_decision_id, reason).
sequence:
1. Sovereign records a NEW cutter_governance.review_decision with
governance_event_kind='compensation' (or similar) describing the
reversal rationale.
2. fn_iu_retire is called with the new review_decision_id and a clear
reason text (e.g. 'accidental_enactment_compensation_<ticket>').
3. The retired row's lifecycle_log captures the reversal; the original
enactment log row remains forever as audit.
limitations:
- fn_iu_retire is BACKLOG (design doc 05 §7 B-2); does NOT exist yet.
- until fn_iu_retire ships, this preferred path is THEORETICAL.
- if compensation is needed before fn_iu_retire ships, the emergency
path below applies under explicit sovereign ruling.
6.2 Emergency — fn_iu_emergency_revert (sovereign-gated)
scenario : enactment in error AND fn_iu_retire is not available AND the
sovereign explicitly authorizes a one-shot revert.
procedure (NOT designed in this macro; surfaced as an emergency template):
1. Author public.fn_iu_emergency_revert(p_canonical_address text,
p_actor text,
p_rollback_review_decision_id uuid,
p_root_cause_text text)
RETURNS jsonb LANGUAGE plpgsql SECURITY DEFINER.
2. The function:
- sets app.canonical_writer='fn_iu_emergency_revert'
- UPDATE information_unit SET lifecycle_status='draft'
- UPDATE unit_version SET lifecycle_status='draft', enacted_at=NULL
- INSERT iu_lifecycle_log row with transition_type='emergency_revert'
- this requires temporarily adding 'fn_iu_emergency_revert' to
iu_create.gateway.allowed_marker_values AND temporarily relaxing
trg_iu_enacted_immut / trg_uv_enacted_immut to allow the
'enacted'→'draft' transition for this writer only.
3. Recommended structure:
- trg_iu_enacted_immut and trg_uv_enacted_immut both call
current_setting('app.canonical_writer', true); when that value is
'fn_iu_emergency_revert', they allow 'enacted'→'draft'.
This avoids ALTERing triggers under emergency stress; the
capability is built into the trigger function from the start.
DESIGN OBSERVATION:
- The triggers authored in Bundle B (doc 02 §2) DO NOT currently
have this carve-out. Adding it would create a permanent
'emergency_revert' carve-out — an OPT-E3-class precedent
(cf. design doc 03 §3 anti-doctrine warning).
- The CORRECT trade-off: leave Bundle B triggers as authored
(strict; no carve-out); accept that emergency_revert requires
DROP + re-CREATE of the triggers under sovereign approval.
The trade-off is conscious: we prefer a hard wall plus an
operationally-supervised emergency path over a built-in escape hatch.
surface as backlog (NOT this macro):
B-EMR Author fn_iu_emergency_revert + matching trigger carve-out
design under explicit incident ticket only.
6.3 Absolute floor — audit-log permanence
NO row in public.iu_lifecycle_log is ever DELETEd or UPDATEd.
Even after a successful compensation, the original enactment row
remains. The compensation log row (whether 'retire' or 'emergency_revert')
is ADDED, not replaced.
This is enforced by:
- REVOKE INSERT, UPDATE, DELETE, TRUNCATE FROM public, cutter_exec,
cutter_verify, workflow_admin, context_pack_readonly
- directus retains DELETE/UPDATE via ownership but ops policy is to
never use it
- no trigger blocks DELETE explicitly (could be added in a future
hardening macro)
7. Verification report template (consumed by GPT/User review)
The execution macro produces a YAML report whose top-level structure is:
implementation_execution_report:
macro_id : v0.5-M3a-impl-exec
started_at : <ISO-8601>
completed_at : <ISO-8601>
duration_seconds : <int>
applied_by : <user/operator id>
applied_principal : directus # via psql -U directus
bundles_applied : [A, B, C, D, E]
pre_flight:
P0_1_gateway_state : PASS
P0_2_icx_const : PASS
P0_3_lifecycle_infra: PASS
P0_4_fn_apply_md5 : PASS
P0_5_directus_cg : PASS
P0_6_cutter_exec : PASS
in_flight:
A_V1_vocab : PASS
A_V2_log : PASS
A_V3_grants : PASS
B_V1_functions : PASS
B_V2_triggers : PASS
B_V3_data_unchanged : PASS
C_V1_fn_iu_enact : PASS
C_V2_dry_run_smoke : PASS
D_V1_gateway_update : PASS
D_V2_iu_enact_keys : PASS
D_V3_execute_grants : PASS
E_V1_md5_changed : PASS
E_V2_secdef_kept : PASS
E_V3_body_text : PASS
behavioral_probes:
B_1_dry_run_plan_ok : PASS
B_2_invalid_target : PASS
B_3_iu_not_found : PASS
B_4_review_decision_not_found : PASS
B_5_raw_update_blocked : PASS
B_6_null_review_decision : PASS
B_7_null_actor : PASS
B_8_fsm_denied_supersede : PASS
B_9_edit_draft_on_draft_unchanged : PASS
B_10_edit_draft_on_enacted_refused : DEFERRED_INTEGRATION
fingerprints:
F_01..F_15 with pre/post values
data_invariants:
icx_const_lifecycle_uniform_draft : PASS
iu_total_unchanged : PASS
uv_total_unchanged : PASS
uv_enacted_at_nonnull_zero : PASS
iu_lifecycle_log_row_count_zero : PASS
iu_lifecycle_vocab_row_count_four : PASS
overall:
result : LIFECYCLE_IMPLEMENTATION_EXECUTED_PASS
next : STOP → GPT/User; await Phase 7 ruling
If any probe FAILs: the report is uploaded with the FAIL and the macro STOPs without proceeding to later TXNs.
8. G3 disposition
G3_verification_rollback_compensation : PASS
production_mutation : NONE
delivered:
- 6 pre-flight probes (P0.1..P0.6)
- 14 in-flight probes (4 Bundles × ~3-4 probes each)
- 10 behavioral probes (B-1..B-10; B-10 deferred to integration)
- 15-fingerprint capture catalog (F-01..F-15)
- 5 per-bundle rollback scripts with safety constraints
- cascading rollback ordering
- 2-tier compensation doctrine (forward / emergency)
- audit-log permanence floor
- verification report template
next:
- G4 — static tests/proofs
- G5 — command-review package
[[dot-iu-cutter-v0-5-05-command-review-package-2026-05-20]]
Related KB documents in this package:
- [[dot-iu-cutter-v0-5-01-live-recheck-and-scope-lock-2026-05-20]]
- [[dot-iu-cutter-v0-5-02-fn-iu-enact-ddl-package-2026-05-20]]
- [[dot-iu-cutter-v0-5-03-fn-iu-apply-edit-draft-patch-package-2026-05-20]]
- [[dot-iu-cutter-v0-5-05-command-review-package-2026-05-20]]
- [[dot-iu-cutter-v0-5-06-final-implementation-authoring-report-2026-05-20]]