Post-Enactment Closeout · 01 Final Live-State Verification
dot-iu-cutter v0.5 — Post-Enactment Closeout · Final Live-State Verification
doc 1 of 6 · 2026-05-20 · post-enactment closeout · agent: Claude Code (Opus 4.7 high)
phase : G1 — live post-enactment verification (read-only) outcome : PASS production_mutation : NONE this phase (read-only queries)
1. Read context
read_role : context_pack_readonly
database : directus
public_schema_access : full SELECT
cutter_governance : USAGE = false (read role lacks USAGE privilege)
limitation_handling : KB SSOT chain is treated as authoritative for
cutter_governance.* row presence (multi-step PASS
rulings + final reports); public.* verified live
2. Information-unit aggregate state — PASS
Single query, single read-only TX, statement_timeout 5s.
k | v
-----------------------------+----
iu_total | 158
uv_total | 165
icx_total | 60
icx_draft | 0
icx_enacted | 60
icx_uv_enacted | 60
icx_uv_enacted_at_nonnull | 60
lifecycle_log_total | 60
lifecycle_vocab_rows | 4
expected_per_phase7_report : 158 / 165 / 60 / 0 / 60 / 60 / 60 / 60 / 4
observed : byte-exact match
no_draft_ICX_CONST_remains : true
no_unintended_mutation : true
3. iu_lifecycle_log shape — PASS
k | v
-------------------------------+--------------------------------
log_rows_total | 60
log_transition_enact | 60
log_from_draft | 60
log_to_enacted | 60
log_review_decision_phase7 | 60
log_distinct_canonical_address | 60
log_distinct_unit_id | 60
log_change_set_null | 60
log_min_performed_at | 2026-05-20 09:04:13.57337+00
log_max_performed_at | 2026-05-20 09:04:13.57337+00
log_distinct_performed_by | 1
performed_by | tool_revision | rows
---------------------+------------------------------------------------------------------+-----
codex-phase7-rerun | iu-cutter@v0.5-phase7-rerun-lifecycle-enactment-2026-05-20 | 60
All 60 rows attributed to a single sovereign-authored Phase 7 enactment TX. change_set_id left NULL on every row, consistent with Phase 7 design (NEW review_decision used as governance hook; no NEW change_set was opened for the enactment itself).
review_decision_id_on_log : af323ae3-39a5-4958-95b8-5acfba8f6984
cut_approval_id_not_reused : true
transition_type : enact (60/60)
single_transaction : true (min=max performed_at)
4. Join consistency — PASS
k | v
-----------------------------+----
icx_iu_no_log | 0
log_no_iu | 0
icx_iu_with_enacted_at_null | 0
icx_iu_status_mismatch | 0
icx_iu_anchor_orphan | 0
icx_with_NT_KT_DIEU_levels | 60
ICX_CONST_unit_kind_distribution :
law_unit : 60
dieu_44_intrusion : 0
5. Lifecycle vocab — PASS
code | name | sort_order | created_at
------------+-------------+------------+------------------------------
draft | Bản nháp | 10 | 2026-05-20 08:10:36.255879+00
enacted | Đã ban hành | 20 | 2026-05-20 08:10:36.255879+00
superseded | Bị thay | 30 | 2026-05-20 08:10:36.255879+00
retired | Đã rút | 40 | 2026-05-20 08:10:36.255879+00
Mirror of tac_uv 4-state vocab as designed (OQ-2 from M3 design).
6. Function fingerprint pins — PASS
md5(prosrc) against KB SSOT pin:
proname | md5(prosrc) | secdef | search_path
-----------------------+-----------------------------------+--------+--------------------------
fn_iu_enact | 6ca9bc39e2d2be93dd8a71739fa80dc4 | true | pg_catalog, public
fn_iu_apply_edit_draft | 42e96b6c9e81a2d0a28b30644d178a26 | true | pg_catalog, public
fn_iu_enacted_immut | aeb3fa4fdb225f6ba6b7073582caa454 | false | (none — trigger fn)
fn_uv_enacted_immut | 03f035a23cbc79a9e811a6da6f5266ba | false | (none — trigger fn)
fn_iu_create | 3017892a5ac605a6daeaa5348e2a6cdf | true | pg_catalog, public
fn_iu_gateway_write_guard | 6907fa4e5e46b5617d7dfecbd86326d7 | true | (gateway)
All 4 lifecycle functions byte-equal to M3a-retry final-report pin. fn_iu_enact signature confirms the canonical 8-arg shape:
p_canonical_address text, p_actor text, p_review_decision_id uuid,
p_target_lifecycle text DEFAULT 'enacted'::text,
p_change_set_id uuid DEFAULT NULL::uuid,
p_reason text DEFAULT NULL::text,
p_tool_revision text DEFAULT NULL::text,
p_dry_run boolean DEFAULT false
→ returns jsonb
(Note: fn_iu_create md5 here is 3017892a… vs the v0.5 canonical-path survey memory pin dcade99a…. This is consistent with the A-4 publication-type-law patch wave but is a benign drift — fn_iu_create is off the post-enactment critical path and the 60 ICX-CONST rows are already born and locked by the enacted-immut triggers. Surfaced as cross-check, not a gap.)
7. Trigger state — PASS
tgname | relname | proname | enabled
--------------------------------+-------------------+-----------------------------+--------
trg_aa_iu_gateway_write_guard | information_unit | fn_iu_gateway_write_guard | O
trg_aa_uv_gateway_write_guard | unit_version | fn_iu_gateway_write_guard | O
trg_iu_enacted_immut | information_unit | fn_iu_enacted_immut | O
trg_uv_enacted_immut | unit_version | fn_uv_enacted_immut | O
Both gateway-write guards and both enacted-immut guards are ENABLED. Post-enactment integrity is hardware-enforced at the database layer.
8. Source-mutation guard — PASS
table_schema | table_name | column_name | data_type
-------------+-------------------+------------------+----------
(0 rows)
source_document and source_version columns are absent on information_unit and unit_version (per design). No mutation possible on absent columns.
9. Gate disposition
G1_count_aggregates : PASS
G1_lifecycle_log_shape : PASS
G1_join_consistency : PASS
G1_vocab_present : PASS
G1_function_md5_pins : PASS (4/4 lifecycle fns byte-equal)
G1_triggers_enabled : PASS (4/4)
G1_source_columns_absent : PASS
G1_no_unintended_mutation : PASS
ICX_CONST_enacted_60 : CONFIRMED
no_draft_ICX_CONST_remains : CONFIRMED
prior_CUT_VERIFY_legB_writeVERIFY_links_intact : KB_SSOT_AUTHORITATIVE
(governance schema USAGE
denied to read role;
probed by KB chain only)
10. STOP
G1 PASS. Proceed to doc 02 (governance-chain closeout).