KB-60AE
dot-iu-cutter v0.5 — Updated GRANT + Production CUT (R1) Command Package (doc 3)
13 min read Revision 1
dot-iu-cutterv0.5production-legA-mode-final-approval-readyupdated-grant-cut-packager1-runnable-commanddirectus-apply-principalscoped-least-privilegeub-2dieu442026-05-20
dot-iu-cutter v0.5 — Updated GRANT + Production CUT (R1) Command Package
doc 3 of 4 · 2026-05-20 · supersedes (only) doc 3 of the prior approval package by fixing the runnable shape to R1 (committed) ; supersedes doc 2 of the prior package only by pinning GD-1 to
directusper ruling. All other prior package docs (verification plan, rollback/compensation, post-CUT obligation) remain authoritative and binding.
1. Pinned identity (unchanged) — the FIRST CUT operates ONLY on this
manifest_file_sha256 : 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179
manifest_file_bytes : 84157
manifest_digest : 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f
candidate_count : 60 (NT15 · KT3 · DIEU42)
source_document_version_id : icxconst-008a06ace23a96ea6cd456146e805c97
region_sha256 : 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c
writer_digest : d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28
exclusions : Điều 44 (controlled_draft tier_2 UOSL) · draft · obsolete
docprefix : ICX-CONST
target_db : directus
2. GRANT package — SCOPED to apply principal directus (GD-1 RULED)
apply principal : directus (RULED ; owns public.* ; smallest blast radius)
target DB : directus
target schema : public
-- (1) cutter_exec — DOT-991 executor lane, leg-A birth writer
GRANT SELECT, INSERT ON public.information_unit TO cutter_exec;
GRANT UPDATE (version_anchor_ref,
content_anchor_ref) ON public.information_unit TO cutter_exec;
GRANT SELECT, INSERT ON public.unit_version TO cutter_exec;
GRANT SELECT ON public.dot_config TO cutter_exec;
-- (2) cutter_verify — DOT-992 verifier lane, VW-1..VW-12 read-only on public.*
GRANT SELECT ON public.information_unit TO cutter_verify;
GRANT SELECT ON public.unit_version TO cutter_verify;
explicitly NOT granted (defence-in-depth · append-only) :
DELETE / TRUNCATE / REFERENCES / TRIGGER / GRANT OPTION on public.* : NONE
DDL on public.* : NONE
any UPDATE on unit_version : NONE
UPDATE on information_unit columns other than version_anchor_ref +
content_anchor_ref : NONE
any write privilege for cutter_verify on public.* : NONE
(forward-comp
= separate
later pkg)
any privilege on cutter_governance.* : already
correct
(v0.4 CD-1..13)
any privilege on source_document* / Directus app / vector / NoSQL : NONE
changes to context_pack_readonly / directus / workflow_admin /
cutter_ro relacl : NONE
-- Rollback (exact byte-inverse) — sovereign-issued only on STOP or postpone
REVOKE SELECT, INSERT ON public.information_unit FROM cutter_exec;
REVOKE UPDATE (version_anchor_ref, content_anchor_ref)
ON public.information_unit FROM cutter_exec;
REVOKE SELECT, INSERT ON public.unit_version FROM cutter_exec;
REVOKE SELECT ON public.dot_config FROM cutter_exec;
REVOKE SELECT ON public.information_unit FROM cutter_verify;
REVOKE SELECT ON public.unit_version FROM cutter_verify;
2.1 Post-GRANT verification (same harness as the prior package doc 2 §6.1)
Run as directus immediately after the GRANTs. Expected exact row:
ce_iu_S=t ce_iu_I=t ce_iu_D=f ce_iu_T=f
ce_iu_upd_van=t ce_iu_upd_can=t ce_iu_upd_idp=f ce_iu_upd_caddr=f
ce_uv_S=t ce_uv_I=t ce_uv_U=f ce_uv_D=f
ce_dc_S=t ce_dc_I=f
cv_iu_S=t cv_iu_I=f cv_uv_S=t cv_uv_I=f
context_pack_readonly / directus / workflow_admin / cutter_ro ACL must be byte-identical to doc 1 §4 of the prior approval package (no collateral edit).
3. Production CUT (R1, committed) — runnable command
The runnable seam was authored in commit f20c79c on feature branch
feature/constitution-snapshot-mark-dryrun (doc 1 + doc 2). The repo ships
NO real connection provider ; the operator authors a small sovereign-side
module (NOT in this repo) that returns a Callable[[dict], conn] bound to
cutter_exec credentials from the approved .env / secret store.
3.1 EXACT command (after all sovereign approvals close)
python -m cutter_agent.cutprod \
--mode production-leg-a-only \
--fail-closed --exclude-dieu-44 \
--manifest <path/to/manifest.json> \
--snapshot-artifact <path/to/constitution-normalized-17660443e0f23e99.md> \
--expect-manifest-digest 9d908a62fcf01bb88e05a1af4335b960710006ddcfd21c811ca63efb33dd324f \
--expect-manifest-file-sha 7d56f3ce066950ccef3de4156c5afeea81b2450b8e38393205b52c1fca012179 \
--expect-candidate-count 60 \
--expect-region-sha 17660443e0f23e994e1807cf8e22920951a9e70c598956dbd0e752f4f5cae80c \
--source-version-id icxconst-008a06ace23a96ea6cd456146e805c97 \
--expect-writer-digest d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28 \
--i-have-sovereign-production-write-approval <kb-doc-id-from-A4-C5> \
--i-have-grant-execution-approval-kb-id <kb-doc-id-from-A3-U-W4b> \
--production-intent CONFIRM-LEG-A-ONLY-CONSTITUTION-CUT \
--fresh-backup-sha256 <64-hex-of-the-fresh-pre-CUT-backup> \
--connection-provider-module <sovereign-operator-module>:get_provider
3.2 EXACT writes (this command performs ONLY these)
single DB connection : 1 (cutter_exec ; PostgreSQL connection_limit=2)
single transaction : 1 (ONE atomic txn, BEGIN…COMMIT, owned by the
adapter ; SET CONSTRAINTS ALL DEFERRED inside)
ordering :
SET CONSTRAINTS ALL DEFERRED
INSERT INTO public.information_unit (…) × 60 # rows from cutwrite
INSERT INTO public.unit_version (…) × 60 # rows from cutwrite
UPDATE public.information_unit
SET version_anchor_ref=%s, content_anchor_ref=%s
WHERE id=%s × 60 # column-scoped
total leg-A statements : 180 (1 + 60 + 60 + 60 = also issued plus pre-txn
connected-guard SELECTs ; verified by tests
test_happy_path_commits_180_legA_statements)
NO writes outside this set :
no cutter_governance.* row (leg-B = post-CUT package per doc 6 prior pkg)
no DELETE / TRUNCATE / DDL / GRANT / REVOKE
no UPDATE on unit_version
no UPDATE on information_unit cols other than the 2 anchor cols
no source_document / source_document_version mutation
no Directus app / vector / NoSQL write
3.3 STOP / fail-closed (per-guard, exit codes)
exit 2 REFUSED (no DB connect attempted) on ANY of :
--mode not 'production-leg-a-only'
--fail-closed or --exclude-dieu-44 missing
--expect-writer-digest != d99a31d4… (ratified pin)
ANY DB env var present (PG_DSN / DATABASE_URL / DIRECTUS_URL /
PGPASSWORD / PGHOST / PGUSER)
--i-have-sovereign-production-write-approval missing
--i-have-grant-execution-approval-kb-id missing
--production-intent != CONFIRM-LEG-A-ONLY-CONSTITUTION-CUT (literal)
--fresh-backup-sha256 missing or not 64-hex
--connection-provider-module missing
exit 3 BLOCKED on ANY of :
provider module not loadable (ImportError / AttributeError / ValueError)
factory not callable / does not return a Callable
G1 approval resolver returns false
G2 pinned manifest / region / source-version identity mismatch
G3 writer_digest from cutwrite.run_dry != d99a31d4… / cardinality != 60 /
factory NOOP_ALREADY_APPLIED
G7 backup_gate callable returns false
G4 SELECT current_user != 'cutter_exec' ⇒ no txn opened
G5 in-txn drift mismatch ⇒ atomic ROLLBACK, 0 rows
G6 in-txn count(ICX-CONST%) != 0 (G-CUT-ONCE) ⇒ atomic ROLLBACK, 0 rows
leg_a_in_txn raises mid-flight (allowlist / L1 / L2 / FK / UNIQUE / OS) ⇒
atomic ROLLBACK, 0 rows
any psycopg / socket / network error ⇒ atomic ROLLBACK
any SIGINT / SIGTERM during the txn ⇒ driver-level ROLLBACK
exit 0 CUT_OK_LEG_A — single STDOUT line :
CUT_OK_LEG_A iu_inserted=60 uv_inserted=60 anchor_updates=60
writer_digest=d99a31d4… txn=COMMITTED
leg_b=DEFERRED_TO_POST_CUT_GOVERNED_RECORDING_PACKAGE
approval_id=<kb> grant_approval_id=<kb> backup_sha=<64-hex>
3.4 Pre-execution checklist (operator must verify ALL)
[ ] PC-0 GD-1 ruled (apply principal = directus) ; A-3 U-W4b GRANT executed
and §2.1 structural verify PASS ; A-4 C5 sovereign production-write
approval doc id resolvable.
[ ] PC-1 repo HEAD = f20c79c on feature branch ; tree clean ;
file shas match doc 1 §2.
[ ] PC-2 recompute pinned identity (manifest file sha 7d56f3ce… ; digest
9d908a62… ; count 60 ; source_version icxconst-008a06… ; region
17660443…) — any mismatch ⇒ ABORT before running the command.
[ ] PC-3 doc-1 §3 read-only drift catalog query : ZERO drift (IU 19, UV 16,
L1 f38c94d0…, L2 078ba005…, vocab 6/6).
[ ] PC-4 count(ICX-CONST%) on public.information_unit == 0 (G-CUT-ONCE
precondition ; otherwise NO-OP).
[ ] PC-5 fresh logical backup of public.information_unit + unit_version +
dot_config taken by an authorized operator (NOT the Agent ;
NOT cutter_exec) ; age ≤ 60 minutes from txn open ; restorability
test-verified ; sha256 recorded for --fresh-backup-sha256.
[ ] PC-6 caller env has none of {PG_DSN, DATABASE_URL, DIRECTUS_URL,
PGPASSWORD, PGHOST, PGUSER}.
[ ] PC-7 sovereign-authored connection-provider module installed (NOT in
this repo) ; its sha256 recorded ; its DSN sourced from the
approved secret store ; never argv / KB / logs.
[ ] PC-8 plan-only smoke run BEFORE the production-leg-a-only run :
`python -m cutter_agent.cutprod --mode plan-only …` ⇒ stdout
contains PLAN_OK iu=60 uv=60 writer_digest=d99a31d4…
leg_a_statements=180 leg_b=GAP-B1(unavailable) production=REFUSED
(this run does NOT touch the DB).
3.5 What does NOT change vs the prior package
verification plan after CUT : prior pkg doc 4 (VW-1..VW-12 by
cutter_verify / DOT-992 ; SoD).
rollback / compensation : prior pkg doc 5 (R-1 / R-2 atomic
abort ; R-3 forward-compensation
ONLY ; NEVER hard delete).
post-CUT governed recording (leg-B) : prior pkg doc 6 (126 rows ;
≤24 h audit-debt window ;
INV-A..INV-I cross-bindings).
backup restore conditions : prior pkg doc 5 §4 (sovereign
declaration of catastrophic breach
only).
4. Status
GRANT package : READY ; apply principal = directus (RULED)
production_legA_command : READY ; uses R1 mode shipped in commit f20c79c
operator dependency : sovereign-authored --connection-provider-module
(NOT in this repo)
remaining sovereign approvals : A-3 U-W4b GRANT execution · A-4 C5 production
write approval (KB id supplied to --i-have-…)
production mutation this phase : NONE
self_advance : PROHIBITED
doc 3 of 4. No production mutation. Self-advance PROHIBITED.