KB-1144
dot-iu-cutter v0.5 — Write-VERIFY · Live Schema Survey (G0/G1 PASS) (doc 1 of 7)
10 min read Revision 1
dot-iu-cutterv0.5write-verify-dot992-executionverify-live-schema-surveyg0-passg1-passcutter-verify-roleverify-result-26-colsdot-pair-signature-xordieu442026-05-20
dot-iu-cutter v0.5 — Write-VERIFY · Live Schema Survey
doc 1 of 7 · 2026-05-20 · M2 macro · post-CUT leg-A + leg-B PASS
phase : G0 + G1 outcome : G0 PASS · G1 PASS · verify_result + dot_pair_signature live shape confirmed · cutter_verify INSERT confirmed production_mutation : NONE this phase (read-only catalog + ID probes) session_start_utc : 2026-05-20T05:35:00Z audit_debt_window : leg-A CUT @ 2026-05-20T04:18:22Z → expires 2026-05-21T04:18:22Z
1. G0 — SSOT + live state still PASS
KB_read : confirmed (M1 ruling + 7-doc leg-B package + 6-doc post-CUT package read)
KB_upload : confirmed (this 7-doc M2 report set)
mcp_query_pg_role : context_pack_readonly (no USAGE on cutter_governance)
ssh_directus_role : directus (read-only schema inspection on cutter_governance)
ssh_cutter_verify_role: cutter_verify (write — via host trust-auth inside
postgres container netns)
live state still pinned (re-verified post-leg-B):
ICX_CONST_law_units_total : 60
ICX_CONST_anchored_UV_v1 : 60
ICX_CONST_distinct_content_hash : 60
ICX_CONST_lifecycle_status=draft : 60 / 60 (A-3 uniform)
ICX_CONST_publication_type=law : 60 / 60 (A-4 uniform)
cutter_governance row counts (leg-B persisted at 2026-05-20T05:18:20Z) :
cut_change_set : 2 (1 v0.4 trial + 1 M1 canonical)
review_decision : 2 (1 v0.4 trial + 1 M1)
manifest_envelope : 2 (1 v0.4 + 1 M1)
manifest_unit_block : 61 (1 v0.4 + 60 M1)
dot_pair_signature : 3 (2 v0.4 + 1 M1 executor)
cut_change_set_affected_row : 61 (1 v0.4 + 60 M1)
decision_backlog_entry : 2 (1 v0.4 + 1 M1)
decision_backlog_history : 6 (5 v0.4 + 1 M1)
verify_result : 1 (v0.4 trial only — NO row for M1 yet)
M1 governance ids (FK targets for M2) — re-verified present:
change_set_id : 456c6830-a747-4b53-ac2f-665e25e12cd0 (state=committed)
review_decision_id : 29c88a7b-60f7-41bd-af45-43cc9b9f41c0
manifest_envelope_id : 638cf363-f45a-4bb3-b9bb-928c5e24c15b (operation_kind=cut, status=applied)
executor_signature_id : 3a249063-e33a-406a-9302-2e9e646a0938 (DOT-991, xref_cs=M1)
M1 payload_hash : 7468c7a976ab729c32d19e93001bf724f7cf2b1f59a41f5b8788ac6b627c6cfa
M1 manifest_version : d99a31d4a4be907c510ae15965e9f7bb3387e9e28676e9f32adf463828b1aa28
(writer_digest pin)
M1 verifier_tool_revision: 'pending' (sentinel; verify_result carries the real value)
2. G1 — verify_result + DOT-992 signature live schema
2.1 cutter_governance.verify_result (26 columns)
NOT NULL no-default (6) :
change_set_id uuid FK → cutter_governance.cut_change_set
manifest_id uuid (no FK enforced ; logical → manifest_envelope.envelope_id)
manifest_version text
review_decision_id uuid (no FK enforced ; logical → review_decision)
executor_tool_revision text
verifier_tool_revision text
NOT NULL with default (12) :
verify_result_id uuid default gen_random_uuid()
verify_kind text default 'axis_1_round_trip'
axis_1_status text default 'not_run'
axis_1_drift_unit text default 'canonical_token'
axis_2_status text default 'not_applicable'
verdict text default 'pending'
verified_at timestamptz default now()
state text default 'pending'
rollback_triggered boolean default false
canonicalization_rule_used text default 'canon-md-v0.1.0'
NULLABLE (8) :
axis_1_drift_count, findings (jsonb), verdict_rationale,
executor_signature_id (uuid FK → dot_pair_signature.signature_id),
verifier_signature_id (uuid FK → dot_pair_signature.signature_id),
tool_revision_match (boolean),
escalation_ref (uuid FK → decision_backlog_entry),
rollback_change_set_id_triggered (uuid FK → cut_change_set),
prior_verify_result_id (uuid FK → verify_result),
scenario_ref (text)
FK constraints (6) :
verify_result_change_set_id_fkey FOREIGN KEY (change_set_id) → cut_change_set(change_set_id)
verify_result_escalation_ref_fkey FOREIGN KEY (escalation_ref) → decision_backlog_entry(entry_id)
verify_result_executor_signature_id_fkey FOREIGN KEY (executor_signature_id)→ dot_pair_signature(signature_id)
verify_result_verifier_signature_id_fkey FOREIGN KEY (verifier_signature_id)→ dot_pair_signature(signature_id)
verify_result_prior_verify_result_id_fkey → verify_result(verify_result_id)
verify_result_rollback_change_set_id_triggered_fkey → cut_change_set(change_set_id)
PK : verify_result_pkey (verify_result_id)
UNIQUE constraints : NONE — G-VERIFY-ONCE enforced at application layer.
Triggers : NONE
2.2 cutter_governance.dot_pair_signature (16 columns ; constraint CHECK XOR)
NOT NULL no-default (6) :
signature_kind, signer_dot_id, signer_tool_revision,
payload_hash, payload_envelope (jsonb), signature_payload
NOT NULL with default :
signature_id uuid default gen_random_uuid()
signed_at timestamptz default now()
validation_state text default 'pending'
NULLABLE :
cross_reference_change_set_id, cross_reference_verify_result_id,
revoked_at, revocation_reason, revoked_by, prior_signature_id, scenario_ref
CHECK : dot_pair_signature_check —
( cross_reference_change_set_id IS NOT NULL XOR
cross_reference_verify_result_id IS NOT NULL )
FK : prior_signature_id → dot_pair_signature(signature_id)
PK : signature_id
2.3 Privileges (cutter_verify role)
verification_method : has_table_privilege('cutter_verify', schema.table, ACTION)
cutter_verify on cutter_governance.* :
verify_result INSERT=true SELECT=true UPDATE=false
dot_pair_signature INSERT=true SELECT=true UPDATE=false
cut_change_set INSERT=true SELECT=true UPDATE=false (read-only for M2)
review_decision INSERT=false SELECT=true UPDATE=false (read-only)
manifest_envelope INSERT=false SELECT=true UPDATE=false (read-only)
decision_backlog_entry INSERT=true SELECT=true UPDATE=false (not used in M2)
decision_backlog_history INSERT=true SELECT=true UPDATE=false (not used in M2)
⇒ v0.4 grant matrix is in place ; no GRANT delta needed for M2.
cutter_verify is the correct principal for verify_result + DOT-992 sig.
2.4 Existing rows (read-only inspection)
verify_result baseline (pre-M2) :
1 row : v0.4 trial verify_result_id=633f2c51-9a87-4bb4-a7f6-75342bf72ac7
change_set_id=7c963f27-… verdict='pass' state='complete'
dot_pair_signature baseline (pre-M2) :
c80efa35-… executor DOT-991 (v0.4 trial) xref_cs=7c963f27-…
0ac4bc03-… verifier DOT-992 (v0.4 trial) xref_vr=633f2c51-… ← verifier pattern proven
3a249063-… executor DOT-991 (M1) xref_cs=456c6830-…
The v0.4 verifier signature row PROVES the live pattern: a verifier signature
xrefs verify_result_id (not change_set_id), satisfying the XOR CHECK. M2
replicates this exact shape with M1-distinct values.
2.5 INSERT order (FK dependencies)
FK chain :
verify_result.executor_signature_id → dot_pair_signature.signature_id (M1 row exists)
verify_result.verifier_signature_id → dot_pair_signature.signature_id (M2 NEW row)
verify_result.change_set_id → cut_change_set.change_set_id (M1 row exists)
⇒ M2 must INSERT the verifier signature BEFORE verify_result (FK enforced).
verifier signature's cross_reference_verify_result_id refers to a
pre-generated verify_result_id, which is permitted because that column has
NO FK enforcement (verified live).
Plan :
1. INSERT cutter_governance.dot_pair_signature (verifier ; DOT-992 ;
xref_vr = <pre-gen vr_id>)
2. INSERT cutter_governance.verify_result (verifier_signature_id =
<sig_id from step 1>)
Atomic txn ; 2 rows total.
3. Disposition
G0 (SSOT + live state) : PASS
G1 (verify_result + DOT-992 schema survey) : PASS
· verify_result columns + NOT NULL inventory : confirmed
· verify_result FK chain : 6 FKs mapped
· dot_pair_signature XOR CHECK shape : confirmed
· cutter_verify INSERT privileges : confirmed
· v0.4 verifier signature pattern : confirmed
production_mutation : NONE
next : G2 existing-impl review (doc 2)
doc 1 of 7.