KB-48F7

dot-iu-cutter v0.5 — Post-CUT · VERIFY Execution (Read-Only PASS; write-VERIFY packaged for next macro) (doc 2 of 6)

8 min read Revision 1

dot-iu-cutterv0.5post-cut-verify-governed-recording-release-readinessverify-execution-or-package-resultread-only-verify-passbody-hash-sha256-roundtrip-60nt15-kt3-dieu42lifecycle-draft-uniformwrite-verify-gated-on-leg-bdieu442026-05-20

dot-iu-cutter v0.5 — Post-CUT · VERIFY Execution (Read-Only) + Write-VERIFY Package Gap

doc 2 of 6 · 2026-05-20

phase                : G2 — VERIFY execution
outcome              : READ-ONLY VERIFY PASS (all 22 structural facts pass)
                       write-VERIFY (cutter_governance.verify_result row) is
                       packaged for the next macro — its FK depends on leg-B
                       cut_change_set + review_decision rows existing first
production_mutation  : NONE this phase

1. Read-only VERIFY queries — ALL PASS

1.1 Quantitative

metric	expected	observed	match
ICX-CONST IUs	60	60	✓
Distinct canonical_address among ICX-CONST	60	60	✓
UV rows for ICX-CONST IUs	60	60	✓
UV rows with version_seq=1 for ICX-CONST IUs	60	60	✓
Distinct content_hash on UV (ICX-CONST)	60	60	✓
anchored_exact (version_anchor_ref::text == content_anchor_ref)	60	60	✓
uv_unit_id_match (UV.unit_id == IU.id for the anchored UV)	60	60	✓
ICX-CONST IUs with `identity_profile->>'publication_type_ref' = 'law'`	60	60	✓ (A-4)
section_type = principle	15	15	✓ NT15
section_type = section	3	3	✓ KT3
section_type = article	42	42	✓ DIEU42
birth_registry entries for ICX-CONST IUs	60	60	✓
body_hash_match_60 (`uv.content_hash == encode(digest(uv.body,'sha256'),'hex')` per row)	60	60	✓

The last one is the strongest provenance proof: per row, the persisted UV body bytes hash to the persisted content_hash (the canonical fn_content_hash). This proves end-to-end that the body bytes are intact — no truncation, encoding drift, or transport corruption.

1.2 Categorical / boundary

check	observed	acceptable
`lifecycle_status != 'draft'` count among ICX-CONST	0	✓ (A-3 — uniformly 'draft')
`created_by != 'cutter_exec/DOT-991/constitution-cut'` count	0	✓ (correct emitter)
`unit_kind != 'law_unit'` count	0	✓ (constant)
Điều 44 intrusion (addr contains '%dieu-44%' / '%điều-44%' / 'DIEU-44')	0	✓ excluded
canonical_address contains 'draft' or 'obsolete' tokens	0	✓
Unexpected recent IUs (≤30 min, NOT ICX-CONST)	0	✓ no other table mutation
Unexpected recent UVs (≤30 min, unit_id not in ICX-CONST IUs)	0	✓
ICX-CONST IUs with non-NULL parent_or_container_ref	0	✓ all top-level (OD-W3)
Distinct content_profile on ICX-CONST UVs	1	✓ homogeneous (canonical column DEFAULT)

2. Writer_digest equivalence — empirically reconfirmed

The CUT line emitted writer_digest = d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28 (ratified pin). Re-verified consistency :

60 distinct canonical_address (matches cutwrite output count) ✓
unit_kind constant 'law_unit' (cutwrite OD-W2) ✓
section_type set {principle, section, article} with 15/3/42 cardinality ✓
60 distinct content_hash, each a sha256 hex of the corresponding UV body ✓
idempotency_key is offline-only (deterministic from the above three) ✓

⇒ writer_digest input tuple is preserved end-to-end on every row. Equivalence proven. No re-ratification required.

3. Reconstruction proof (implicit)

iu_distinct_addr = 60 AND every ICX-CONST IU has its anchored UV with matching content_hash AND birth_registry entry. No address gaps. No duplicates. The 60-row constitution snapshot rebuilt deterministically (per cutwrite) maps 1:1 to the 60 persisted rows. Reconstruction property holds.

4. Write-VERIFY (verify_result row) — PACKAGE GAP

4.1 Why we cannot write verify_result in this macro

cutter_governance.verify_result live schema has FK / NOT NULL on change_set_id and review_decision_id — both reference rows that DO NOT yet exist (no leg-B was written). Inserting verify_result now would either FK-fail or require fabricating leg-B rows (FORBIDDEN per prompt).

Additionally verify_result requires :

executor_tool_revision (NOT NULL no-default)
verifier_tool_revision (NOT NULL no-default)
manifest_id (NOT NULL no-default ; refers to manifest_envelope)
manifest_version (NOT NULL no-default)

All of these are part of the leg-B governed-recording context; verify_result naturally writes AFTER cut_change_set + review_decision + manifest_envelope are populated.

4.2 Recommended verify_result row shape (for the next macro)

verify_result row (per VW-* axis ; minimal seed) :
  verify_result_id         : gen_random_uuid()
  change_set_id            : <FK to the leg-B cut_change_set row>
  manifest_id              : <FK to manifest_envelope>
  manifest_version         : (e.g. cutwrite writer_digest or a SemVer for the
                              canonical-path CUT)
  review_decision_id       : <FK to review_decision>
  verify_kind              : 'axis_1_round_trip'  (default)
  axis_1_status            : 'pass'   (computed from THIS doc §1.1 row 12 :
                                       body_hash_match_60=60)
  axis_1_drift_count       : 0
  axis_1_drift_unit        : 'canonical_token'  (default)
  axis_2_status            : 'pass'   (computed from §1.2 boundary checks)
  findings (jsonb)         : { iu_count: 60, uv_count: 60, anchored_exact: 60,
                               distinct_canonical: 60, distinct_content_hashes: 60,
                               nt: 15, kt: 3, dieu: 42, dieu_44_intrusion: 0,
                               body_hash_match: 60, lifecycle_uniform: 'draft' }
  verdict                  : 'pass'
  verdict_rationale        : 'first controlled canonical CUT structurally
                              verified ; lifecycle=draft per A-3 ruling'
  executor_signature_id    : <FK to dot_pair_signature (executor; DOT-991)>
  verifier_signature_id    : <FK to dot_pair_signature (verifier; DOT-992)>
  executor_tool_revision   : 'f20c79c+canonical-A4'  (the canonical adapter
                              variant ; record the patch sha)
  verifier_tool_revision   : (a separate DOT-992 verifier tool revision)
  tool_revision_match      : false   (executor ≠ verifier ; that is the
                                       SoD invariant)
  verified_at              : now()  (default)
  state                    : 'complete' (default 'pending' overridable)
  canonicalization_rule_used : 'canon-md-v0.1.0' (default)

4.3 Gating

verify_result write is gated on :

leg-B execution macro completes (doc 3 of this report set)
cutter_verify role authoring + signing a verifier signature (dot_pair_signature row) for DOT-992 lane
Sovereign approval of the next macro

5. Disposition

G2 (VERIFY execution) :
  read-only structural VERIFY    : PASS — all 22 facts confirmed (§1)
  writer_digest equivalence      : PASS (§2)
  reconstruction proof           : PASS (§3)
  write-VERIFY (verify_result)   : PACKAGED — gated on leg-B (§4)
production_mutation              : NONE
next                             : G3 leg-B package (doc 3)

doc 2 of 6.