dot-iu-cutter v0.5 — S2→CUT Capability Readiness · Recommended Minimal Unblock Path

doc 4 of 5 · 2026-05-19 · recommendation only — nothing executed, no command invented.

1. Technical direction decision (required: choose A–E)

chosen: D — SPLIT INTO TWO CAPABILITIES: CUT planner (S2) first, production writer second.
rejected:
  A (S2 ready to commit as-is, only extra tests): partial — S2 the PLANNER is green &
    sound, but "output sufficient for production row-set" is FALSE (preview targets the
    v0.4 ledger families, not the real birth-gated information_unit/unit_version). So A
    overclaims; the planner is commit-ready, the production-row-set claim is not.
  B (small fix → planner, not writer): the planner already works; the only "fix" is
    re-binding the preview to the real schema + ruling N-2 — that is a bounded design
    sub-phase, not a trivial patch, so it is folded into D's planner-revision step.
  C (build a new manifest→information_unit writer): TRUE but it is only the SECOND half;
    stating C alone hides that the planner half is independently commit-reviewable now.
  E (blocked for missing info): NO — the production schema is now fully characterised
    (doc 3). The gap is implementation + a mapping ruling + vocab + credentials + approval,
    not missing information.
rationale: the planner and the governed birth-gated writer are genuinely distinct
  capabilities with different risk classes (planner = net-zero LOW; writer = first
  irreversible governed write MEDIUM-HIGH). Splitting lets the safe, fully-evidenced
  planner advance now while the writer gets its own design→author→CI→review→approval
  cycle, exactly mirroring the ratified MARK lineage.

2. Minimal unblock sequence — fewest steps, each a SEPARATE GPT/User gate

# ---- Capability 1: CUT planner (S2) — READY NOW ----
P-1  GPT/User commit-gate ruling on S2: ratify the TARGETED-SUITE commit gate
     (precedent: MARK afb7bfc was ratified on tests.test_dryrun_snapshot_mark 21/21 with
     the SAME latent full-discover security-test failure, re-proven pre-existing in doc 1).
     RECOMMENDED = R1: approve committing the 2 untracked files as-is
     (cutplan.py 548eabc5… + test_cutplan_snapshot.py 06e871e7…), and open a SEPARATE
     pre-existing-defect remediation item for the over-broad security test vs the
     dryrun.py/cutplan.py DB-env guard token. (R2 = remediate-first if GPT prefers.)
P-2  (after P-1=R1) commit ONLY the 2 files to feature/constitution-snapshot-mark-dryrun
     — no merge/push/tag/deploy; record shas in the commit doc; full no-DB precheck.
P-3  separate command-review → GPT/User execution approval for the FIRST cut-plan dry-run
     (artifact-only, net-zero; the N-1 deterministic manifest regen + sha-verify
     [file 7d56f3ce… / digest 9d908a62…] is its mandatory precheck). Mirrors the MARK
     first-dry-run gate.
# ---- Capability 2: production CUT writer — separate, larger track ----
W-1  design ruling: manifest→information_unit/unit_version field mapping + N-2
     (NGUYEN_TAC/KIEN_TRUC_SECTION = IU rows vs structural containers, DIEU leaf) +
     unit_kind/section_type/publication_* vocab choices; re-bind cutplan's
     write_set_preview to the REAL birth-gated target as the design artifact.
W-2  dot_config vocab prerequisite review/seed plan for ICX-CONST (separately gated;
     vocab seeding itself is a production write — its own approval).
W-3  design → author → CI → commit a birth-gate-compliant manifest→IU writer
     (information_unit + unit_version + IU↔version anchoring txn + hierarchy +
     G-CUT-ONCE idempotency on UNIQUE(canonical_address)); mirror the MARK lineage,
     feature branch only.
W-4  cutter_exec/cutter_verify credential + production signing cycle build + GPT review.
W-5  production CUT command-review + a SEPARATE explicit production-DB-write approval +
     the governed VERIFY plan for the birth-gated model. Only then is a runnable
     production CUT command authorable.
note: P-1..P-3 can proceed independently of W-*; they unblock the safe planner half
  without touching production. No production write occurs until W-5.

3. What was done now without any production mutation

- re-verified repo/branch/HEAD/tree + S2 file shas (read-only);
- ran local suites (15/15 cutplan, 21/21 MARK, 128/1 discover) with no DB env — net-zero;
- independently re-proved the full-discover failure pre-exists at baseline afb7bfc and
  restored S2 files byte-exact;
- characterised the production birth-gated IU substrate read-only (doc 3);
- did NOT edit cutplan.py (would break the pinned sha the commit-gate rests on and pre-empt
  the W-1 mapping ruling); did NOT commit; prepared the commit/command-review package (doc 5).

doc 4 of 5. Nothing executed/committed. Self-advance PROHIBITED.