KB-2A8B

dot-iu-cutter v0.5 — Post-CUT · Live State Survey (G0/G1 PASS) (doc 1 of 6)

8 min read Revision 1

dot-iu-cutterv0.5post-cut-verify-governed-recording-release-readinesspost-cut-live-state-surveyg0-passg1-passicx-const-60-livecutter-governance-schema-presentledger-py-incompatible-live-shapedieu442026-05-20

dot-iu-cutter v0.5 — Post-CUT · Live State Survey

doc 1 of 6 · 2026-05-20 · post first controlled canonical CUT

phase                : G0 + G1
outcome              : G0 PASS · G1 PASS (with GAP-B1 confirmed)
production_mutation  : NONE this phase (read-only catalog + code inspection)
audit_debt_window    : 24h from 2026-05-20T04:18:22Z → expires 2026-05-21T04:18:22Z
session_start_utc    : 2026-05-20T04:32:41Z

1. G0 — SSOT + live state confirms CUT committed — PASS

repo_HEAD                  : f20c79c (unchanged)
canonical_files_untracked  : 3
  cutter_agent/prod_iu_adapter_canonical.py
  cutter_agent/cutprod_canonical.py
  tests/test_prod_iu_adapter_canonical.py
KB_read                    : confirmed
KB_upload                  : confirmed (this 6-doc report set)

live state (via mcp query_pg, role=context_pack_readonly) :
  ICX_CONST rows                : 60                  ✓ matches CUT result
  iu_total                      : 158                 ✓ 98 + 60
  uv_total                      : 165                 ✓ 105 + 60
  ICX_CONST anchored            : 60                  ✓
  ICX_CONST max(created_at)     : 2026-05-20 04:18:21.854512+00  ✓ matches CUT timestamp
  lifecycle_status distinct set : {'draft'}            (per A-3 ruling)
  context_pack_readonly visibility of cutter_governance : 0 (no USAGE)
  (re-checked as `directus` via SSH: schema present with 35 tables/views)

2. G1 — VERIFY survey: canonical row shape + existing VW package re-check

2.1 Canonical row shape on the 60 ICX-CONST IUs

Confirmed via read-only probes (full results in doc 2 §1) :

canonical_address  : 60 distinct ; prefix 'ICX-CONST/...'
unit_kind          : 'law_unit' (constant ; matches cutwrite OD-W2)
lifecycle_status   : 'draft' (column DEFAULT ; fn_iu_create does not expose param)
content_anchor_ref : set on all 60 (== uv.id::text)
version_anchor_ref : set on all 60 (== uv.id ; uuid)
owner_ref          : owner from cutwrite (per p_owner_ref)
parent_or_container_ref : NULL (top-level ; OD-W3)
identity_profile JSON :
  title                          : per cutwrite identity_profile.title
  owner_lookup_ref               : == p_owner_ref
  primary_section_type_ref       : ∈ {principle, section, article}
  publication_type_ref           : 'law' (per A-4 defensive patch)
doc_code           : NULL (canonical fn_iu_create does not write to this col)
section_code       : NULL (same)
section_type col   : NULL (value lives in identity_profile.primary_section_type_ref)
created_by         : 'cutter_exec/DOT-991/constitution-cut'
created_at         : per now() at fn_iu_create execution

2.2 cutter_governance schema — DISCOVER FIRST

schema_exists_in_directus_db : YES  (35 tables + views ; visible as `directus`)
mcp_query_pg_role            : context_pack_readonly — lacks USAGE on
                               cutter_governance ; the schema was invisible
                               in initial mcp probe. ssh-as-directus confirmed.

tables_relevant_to_leg_B (NOT NULL no-default columns count) :
  cut_change_set                  : 24 cols ; 7 NOT NULL no-default
                                    (rollback_key, manifest_id, manifest_version,
                                     review_decision_id, executor_tool_revision,
                                     verifier_tool_revision, emitted_by)
  cut_change_set_affected_row     :  8 cols ; 3 NOT NULL no-default
                                    (change_set_id [FK], target_table,
                                     target_row_id, operation_kind)
  manifest_envelope               : 12 cols ; 6 NOT NULL no-default
                                    (envelope_id, operation_kind, status,
                                     source_doc_ref, created_by, created_at)
  manifest_unit_block             : 13 cols ; 5 NOT NULL no-default
                                    (envelope_id [FK], unit_local_id,
                                     block_role, source_span, render_order,
                                     created_at)
  dot_pair_signature              : 16 cols ; 6 NOT NULL no-default
                                    (signature_kind, signer_dot_id,
                                     signer_tool_revision, payload_hash,
                                     payload_envelope, signature_payload)
  decision_backlog_entry          :  6 cols ; 1 NOT NULL no-default (kind)
  decision_backlog_history        :  9 cols ; 5 NOT NULL no-default
                                    (history_id, entry_id [FK],
                                     entry_version_after, change_kind,
                                     changed_by, changed_at)
  review_decision                 : 25 cols ; ~14 NOT NULL no-default
                                    (governance_event_kind, manifest_id,
                                     manifest_version, review_scope, status,
                                     verdict, findings (jsonb), reviewer_class,
                                     reviewer_identity (jsonb),
                                     risk_class_assessment, decision_at,
                                     decided_by, cross_signed_by_dot_verifier
                                     (bool), version, created_at, updated_at)
  verify_result                   : 26 cols ; FK to cut_change_set +
                                     review_decision_id (must exist first)

privilege state (verified as directus inspecting cutter_exec / cutter_verify) :
  cutter_exec     INSERT on cut_change_set                     : YES
  cutter_exec     INSERT on cut_change_set_affected_row        : YES
  cutter_exec     INSERT on manifest_envelope                  : YES
  cutter_exec     INSERT on manifest_unit_block                : YES
  cutter_exec     INSERT on dot_pair_signature                 : YES
  cutter_exec     INSERT on decision_backlog_entry/history     : YES
  cutter_exec     INSERT on review_decision                    : YES
  cutter_verify   SELECT/INSERT on verify_result               : YES
  ⇒ v0.4 CD-1..CD-13 grant matrix is already in place ; no GRANT delta needed
    for leg-B writes (the grants survive macroscopically).

2.3 GAP-B1 (production-shaped row-builder) — CONFIRMED in code

cutter_agent/ledger.py (192 lines, ratified-by-test ; in-repo at f20c79c) :

write_cut_change_set builds a 6-key dict : {change_set_id, decision_backlog_entry_id, executor_signature_id, verifier_signature_id, manifest_id, content_hash}
vs live cut_change_set's 24 columns (above)
MISSING NOT NULL no-default fields : rollback_key, manifest_version, review_decision_id, executor_tool_revision, verifier_tool_revision, emitted_by (and decision_backlog_entry_id lives in a different column; live has it nullable, fine)
EXTRA field in ledger.py not in live shape : content_hash
Similar gaps exist for write_manifest_envelope, write_review_decision, write_signature, write_verify_result (each ledger.py method builds a partial row that does NOT match the live NOT NULL invariants).

⇒ ledger.py is the dry-run skeleton (the v0.4 design-time placeholder). It CANNOT be used as-is to write leg-B against the live schema. A new production-shaped builder is required ; see doc 3 for the recommended shape + sovereign-gated execution plan.

3. Disposition

G0 (SSOT + live state)   : PASS
G1 (VERIFY survey)       : PASS — canonical row shape understood ;
                                  cutter_governance schema and grants
                                  surveyed ; ledger.py GAP-B1 confirmed
no_production_mutation   : confirmed
next                     : G2 read-only VERIFY (doc 2) ; G3 leg-B
                           package-or-execute decision (doc 3)

doc 1 of 6.