dot-iu-cutter v0.5 — Post-Enactment Closeout · Remaining Risk and Backlog

doc 5 of 6 · 2026-05-20 · post-enactment closeout

phase   : G4 — remaining risk + backlog enumeration
outcome : LIST_PUBLISHED

1. Risk register (open, post-enactment)

R-1_StubSigning_in_governance_chain:
  level         : MEDIUM
  description   : Executor + verifier dot_pair_signature rows used StubSigning
                  per ratified D-4. The Constitution is now ratified under
                  Stub signatures, which is acceptable for v0.5 but creates
                  retroactive-replay risk if real-crypto is later mandated.
  mitigation    : KB pins payload_hash for both sigs; replay-with-real-crypto
                  remains feasible by signing the same payload bodies later.
  owner         : sovereign

R-2_Family_B_DDL_not_git_tracked:
  level         : MEDIUM
  description   : Lifecycle vocab + log + fn_iu_enact + immut triggers +
                  fn_iu_apply_edit_draft patch were applied as sovereign SQL
                  bundles, not via repo-tracked migrations. Re-creation in a
                  recovered environment requires the KB authoring docs.
  mitigation    : md5(prosrc) for each function is pinned in KB; backup
                  sha256 076213737cac72174a42a508eacf6e4ac24f8cd52257b1ef…
                  contains the substrate.
  owner         : sovereign  (see backlog B-DDL-RATIFY)

R-3_supersede_retire_transitions_stubbed:
  level         : LOW-NOW, MEDIUM-AT-NEXT-DOC
  description   : fn_iu_enact returns 'transition_not_yet_implemented' for
                  supersede / retire. If the next law document amends or
                  retires any ICX anchor, this becomes blocking.
  mitigation    : current canonical-immutability triggers prevent ad-hoc
                  workaround; design must be done before next document.
  owner         : sovereign / next xhigh macro

R-4_v0_5_code_not_deployed_to_contabo:
  level         : MEDIUM
  description   : /opt/incomex/dot HEAD at contabo is still v0.4 (e93424b).
                  All v0.5 executions used sidecar staging from laptop into
                  the container netns. A contabo restart that loses sidecar
                  staged artefacts would leave the running daemon out of sync
                  with what the constitution was actually cut by.
  mitigation    : KB documents the sidecar paths and md5 pins; live PG state
                  is independent of the v0.5 code; future docs require either
                  deploy or continued sidecar runs.
  owner         : sovereign

R-5_read_role_lacks_governance_USAGE:
  level         : LOW (closeout-specific)
  description   : context_pack_readonly has no USAGE on cutter_governance.
                  Future closeout-style audits cannot independently verify
                  governance rows without role escalation.
  mitigation    : KB SSOT chain is authoritative; alternate read role
                  (e.g., cutter_audit_ro) could be granted; not blocking.
  owner         : sovereign (operational hygiene)

R-6_no_remote_for_repo:
  level         : LOW
  description   : git remote -v = empty. Code SSOT lives only on laptop.
                  Loss of laptop = loss of code (KB still has fingerprints,
                  not the .py sources).
  mitigation    : push when sovereign authorizes (tag candidate drafted in
                  doc 03 §6); even an offline bundle file would suffice.
  owner         : sovereign

R-7_fn_iu_create_md5_drifted_from_v0_5_canonical_survey:
  level         : LOW
  description   : Survey-memory pin = dcade99af1ef…; current md5(prosrc) =
                  3017892a5ac6…. fn_iu_create is OFF the post-enactment
                  critical path (60 IUs already born and locked) but a
                  fingerprint drift on a SECURITY DEFINER function deserves
                  an audit trail to confirm it was the A-4 publication_type
                  patch wave and nothing else.
  mitigation    : add a short KB note showing pg_get_functiondef for
                  fn_iu_create against the A-4 patch authoring doc.
  owner         : sovereign / next operational macro

R-8_pre_existing_test_baseline_265-1:
  level         : INFORMATIONAL
  description   : 264/265 full-discover (1 baseline: cutwrite.py DB_ENV_GUARD
                  heuristic on PGPASSWORD). Pre-existing in v0.4 baseline.
                  Documented in M4 ratification closeout.
  mitigation    : tracked; no action required for v0.5 release.
  owner         : sovereign / cleanup macro

2. Backlog

Items below are surfaced — none of them are authorized in this closeout.

B-DDL-RATIFY:
  title         : Ratify Family-B lifecycle DDL into git (operator runbook track)
  priority      : HIGH
  effort        : LOW (1 small PR-equivalent commit)
  depends_on    : sovereign ruling between OPT_R1/R2/R3 (doc 03 §3)

B-DEPLOY-V0_5-CONTABO:
  title         : Deploy iu-cutter @ 32cfa93 to /opt/incomex/dot on contabo
  priority      : MEDIUM-HIGH
  effort        : MEDIUM
  depends_on    : sovereign deploy ruling; minimum-viable plan in doc 03 §5

B-AUTOMATION-ORCHESTRATOR-DESIGN:
  title         : First xhigh design macro for one-command pipeline
  priority      : MEDIUM (no harm in waiting until next document is queued)
  effort        : XHIGH
  depends_on    : sovereign ruling on the brief in doc 04

B-FN-IU-ENACT-SUPERSEDE-RETIRE:
  title         : Implement supersede/retire transitions in fn_iu_enact
  priority      : MEDIUM (BLOCKING when next document needs it)
  effort        : HIGH
  depends_on    : confirmed scope for the next law document; OR a sovereign
                  decision to implement eagerly before that need

B-STUBSIGNING-CRYPTO-DESIGN:
  title         : Design replacement of StubSigning with real crypto
  priority      : MEDIUM-LOW (acceptable for v0.5)
  effort        : XHIGH
  depends_on    : sovereign architectural ruling; not safe in a high macro

B-TAG-V0_5:
  title         : Create tag v0.5-constitution-cut-enacted at 32cfa93
  priority      : LOW
  effort        : TRIVIAL (1 sovereign command)
  depends_on    : sovereign ruling (proposed wording in doc 03 §6)

B-REMOTE-CONFIG-PUSH:
  title         : Configure git remote + initial push (after tag)
  priority      : LOW (until R-6 escalates)
  effort        : TRIVIAL
  depends_on    : B-TAG-V0_5 ruling; sovereign remote-host decision

B-AUDIT-RO-ROLE:
  title         : Grant a closeout-audit read role USAGE on cutter_governance
  priority      : LOW
  effort        : TRIVIAL
  depends_on    : sovereign hygiene ruling

B-FN-IU-CREATE-FINGERPRINT-NOTE:
  title         : Author small KB note pinning fn_iu_create md5 to A-4 patch
  priority      : LOW
  effort        : TRIVIAL
  depends_on    : nothing; can be done in a small macro

B-DB-ENV-GUARD-BASELINE-CLEAN:
  title         : Resolve cutwrite.py DB_ENV_GUARD heuristic baseline test
  priority      : LOW
  effort        : LOW
  depends_on    : nothing

3. Macro-routing recommendation

recommended_next_macros (in priority order):
  1_RECOMMENDED:
    B-DDL-RATIFY  (HIGH priority, LOW effort)
    effort        : high  (operational; not architectural)
    why_first     : closes the largest gap (R-2) with the smallest risk;
                    no PG mutation; no deploy; pure repo hygiene
  2_OPTIONAL:
    B-FN-IU-CREATE-FINGERPRINT-NOTE  (TRIVIAL — can fold into #1)
  3_OPTIONAL:
    B-DB-ENV-GUARD-BASELINE-CLEAN    (LOW — fold or defer)
  4_ARCHITECTURAL_GATE:
    B-AUTOMATION-ORCHESTRATOR-DESIGN  (XHIGH; sovereign approval)
  5_OPERATIONAL_GATE:
    B-DEPLOY-V0_5-CONTABO            (MEDIUM-HIGH; sovereign approval)

NOT_RECOMMENDED_AS_NEXT:
  - StubSigning replacement (premature; xhigh-only)
  - supersede/retire impl (premature unless next doc queued)
  - tag + push (low value until orchestrator/deploy gates settle)

4. STOP

Risks + backlog catalogued; macro-routing recommendation surfaced. Proceed to doc 06 (final closeout report).