KB-6672
dot-iu-cutter v0.5 — Post-CUT · Lifecycle draft→enacted Assessment (G4 — report-only; no canonical transition function exists; 3 sovereign options) (doc 4 of 6)
7 min read Revision 1
dot-iu-cutterv0.5post-cut-verify-governed-recording-release-readinesslifecycle-enactment-assessmentdraft-to-enacted-gapno-canonical-transition-functionfn-iu-enact-neededsovereign-architectural-decisiondieu442026-05-20
dot-iu-cutter v0.5 — Post-CUT · Lifecycle draft→enacted Assessment
doc 4 of 6 · 2026-05-20 · REPORT ONLY — NO MUTATION this phase
phase : G4 — lifecycle assessment outcome : report-only ; canonical transition function does NOT exist today ; 3 sovereign architectural options production_mutation : NONE this phase (no lifecycle change ; no SQL)
1. Current state of all 60 ICX-CONST IUs
lifecycle_status (distinct set on the 60 rows) : {'draft'}
non-draft count : 0
reason : `fn_iu_create()` does NOT
expose a `p_lifecycle_status`
parameter ; the canonical
path INSERTs IU with column
DEFAULT lifecycle_status='draft'
(per A-3 ruling, accepted).
2. Live DB function search — NO canonical transition function
search_filter : function name contains enact / publish / promote / lifecycle / transition
OR name in {fn_iu_apply_edit_draft, fn_iu_save}
hits (and their relevance) :
fn_iu_apply_edit_draft (SECURITY DEFINER ; uuid p_draft_id, text p_actor) :
purpose : applies an edit DRAFT to an existing IU. NOT a draft→enacted
lifecycle transition function. (It does write to UV but per
its name applies the canonical "draft IU was the edit
proposal — now publish that edit" workflow, not "enact this
law".)
suitability for OUR CUT : low — we have IUs that were ALREADY born as
drafts via fn_iu_create ; there is no edit draft to apply.
fn_iu_save (SECURITY DEFINER ; p_address text, p_body text, p_actor text,
p_title text, p_reason text, p_mode='auto') :
purpose : an "auto-mode" save endpoint. Possibly creates an edit
draft OR applies an edit ; ambiguous. Not exposed as a
draft→enacted transition either.
fn_law_enacted_immutable (trigger function ; not callable directly)
fn_law_enacted_must_have_enforcement (trigger)
fn_nrm_enacted_immutable / _must_have_approval / _enforcement (triggers)
fn_tac_enacted_immut / _pm_enacted_lock (triggers)
purpose : these are TRIGGERS that GUARD the 'enacted' lifecycle state
AFTER it is set — they enforce immutability and required
fields once a row reaches 'enacted'. They are not callable
transition functions.
NOT found :
fn_iu_enact — does not exist
fn_iu_publish — does not exist
fn_iu_promote — does not exist
fn_iu_lifecycle_transition — does not exist
fn_law_enact — does not exist
⇒ The production schema enforces an "enacted is immutable" doctrine
via triggers but provides no canonical transition path from draft to
enacted. The gateway trigger on direct UPDATE means we CANNOT just
issue UPDATE information_unit SET lifecycle_status='enacted' either
(blocked unless app.canonical_writer marker is set to an allowed value,
and the only allowed values are fn_iu_create / fn_iu_apply_edit_draft
— neither does an enactment transition).
3. Three sovereign architectural options
3.1 OPT-E1 — extend canonical with fn_iu_enact (recommended)
scope :
- DB-team authors `public.fn_iu_enact(p_canonical_address text, p_actor text,
p_review_decision_id uuid)`
SECURITY DEFINER ; sets `app.canonical_writer` marker (probably new
allowed value e.g. 'fn_iu_enact' added to the policy) ; UPDATEs
lifecycle_status='draft' → 'enacted' ; runs `fn_law_enacted_must_have_*`
invariant precheck ; emits an audit record into cutter_governance
(e.g. a new manifest_envelope or a decision_backlog event).
estimated_complexity : moderate — schema extension, new function, policy
key update, role grant
suitability for the 60 ICX-CONST IUs : excellent ; one call per IU (or
bulk variant fn_iu_enact_batch)
cutter_agent integration : add `cutter_agent/lifecycle_enact_adapter.py`
that loops fn_iu_enact() over the 60 addresses
sovereign_dependencies : (a) DB-team approval and authoring of fn_iu_enact ;
(b) policy update of allowed_marker_values ;
(c) review_decision row for the enactment event
preference : RECOMMENDED — preserves canonical-path doctrine, audit
trail, and lane separation.
3.2 OPT-E2 — model "drafts are the constitution" and skip enactment
scope : downstream consumers query by canonical_address pattern, not
lifecycle_status. The 60 IUs remain lifecycle='draft' as a deliberate
state because nothing in their lifecycle has actually changed — the
constitution is enacted, but our governance ledger has not yet
observed it.
trade_off : weaker semantic invariant — anyone filtering by
`lifecycle_status='enacted'` will not see the constitution.
Requires every downstream consumer to know the convention.
suitability for the 60 ICX-CONST IUs : OK if downstream is willing.
preference : NOT RECOMMENDED unless downstream consumers will be updated.
3.3 OPT-E3 — controlled exemption marker for one-shot draft→enacted UPDATE
scope :
- operator (workflow_admin) sets a one-shot exemption marker value
accepted by the gateway trigger (e.g. add 'constitution_first_enact'
to `iu_create.gateway.allowed_marker_values`) ; issues UPDATE
information_unit SET lifecycle_status='enacted' WHERE
canonical_address LIKE 'ICX-CONST%' ; removes the marker afterwards.
risks :
- sets precedent for ad-hoc exemptions ; the design doc Pack 22-P3
explicitly warns against making exempt markers "permanent back doors"
- bypasses the canonical lifecycle transition path that OPT-E1 would
install
preference : NOT RECOMMENDED unless OPT-E1 cannot be done in time.
4. What this macro does about lifecycle: nothing
Per the prompt's forbidden list :
"Không enactment mutation draft→enacted"
⇒ This macro performs no lifecycle change. The 60 IUs remain 'draft'.
5. Disposition
G4 (lifecycle assessment) : PASS report-only
production_mutation : NONE
recommendation : OPT-E1 (canonical fn_iu_enact extension)
surfaced for sovereign architectural decision
in a SEPARATE macro/cycle. Out of scope here.
next : G5 release readiness plan (doc 5)
doc 4 of 6.