KB-743F

dot-iu-cutter v0.5 — Write-VERIFY · Rollback / Compensation Status (NOT REQUIRED) (doc 6 of 7)

4 min read Revision 1

dot-iu-cutterv0.5write-verify-dot992-executionrollback-or-compensationnot-requiredg-verify-once-honoreddieu442026-05-20

dot-iu-cutter v0.5 — Write-VERIFY · Rollback / Compensation Status

doc 6 of 7 · 2026-05-20 · M2 macro

phase                : G6.5 — rollback / compensation status
outcome              : NOT REQUIRED — G5 commit succeeded ; rollback-smoke
                       proved atomic-or-nothing semantics ; no out-of-scope
                       side effect detected ; G-VERIFY-ONCE active.
production_mutation  : NONE (this phase records the status only)

1. Atomic-or-nothing proof

smoke_run            : BEGIN → recorder.record() → ROLLBACK
                       (2 INSERTs emitted, 0 persisted ; counts byte-identical)
commit_run           : BEGIN → recorder.record() → COMMIT
                       (2 INSERTs emitted, 2 persisted in single txn)
no_dual_partial_state: at no point did the DB hold a partial M2 record.

2. Why no compensation is needed

1. Intended scope (2 rows) was the only mutation observed.
2. FK + XOR CHECK invariants were satisfied at COMMIT.
3. SoD invariant (tool_revision_match=false) was enforced.
4. G6 post-write verification confirms all linkage matches plan.
5. No IU / UV / anchor / source_document / leg-B row was mutated.
6. No deploy, restart, merge, push, tag, secret read, or external side effect.
7. G-VERIFY-ONCE guard prevents accidental duplicate.

3. Forward compensation paths (if a future defect surfaces)

VW-1 verify_result row was orphaned / inconsistent :
  governed soft-correct path :
    - INSERT a SECOND verify_result row with prior_verify_result_id pointing
      to 18278460-… (the M2 row) — supersession semantics
    - new dot_pair_signature (verifier ; DOT-992) cross-references the new
      verify_result row
    - new findings explicitly note the defect class + remediation
    - this is a governed correction, not a destructive rollback
  forbidden                       : hard DELETE of M2 rows ; UPDATE of M2 columns ;
                                    bypass governance ; backdated signatures ;
                                    silent overwrite without supersession chain.

VW-2 a future signing-scheme upgrade revokes the StubSigning placeholder :
  governed path :
    - INSERT a new dot_pair_signature (verifier ; DOT-992) with the real
      crypto signature and prior_signature_id pointing to f5c3ee34-…
    - INSERT a new verify_result with prior_verify_result_id 18278460-… and
      the new verifier_signature_id
    - existing M2 rows remain as the historical record of the StubSigning era.

4. Audit-debt window status

leg-A canonical CUT committed_at : 2026-05-20T04:18:21.854512Z
audit-debt window 24h            : expires 2026-05-21T04:18:22Z
leg-B governed recording at      : 2026-05-20T05:18:20Z   (~13h before expiry)
write-VERIFY committed at        : 2026-05-20T06:03:30Z   (~22.2h before expiry)
audit-debt remaining at G6 close : ~22.2 hours

5. Disposition

G6.5 (rollback/compensation status) : NOT REQUIRED
  · atomic-or-nothing semantics      : proven (smoke vs commit)
  · in-scope mutation only           : verified by G6
  · G-VERIFY-ONCE active             : verified (count for change_set = 1)
production_mutation                  : NONE this phase
next                                 : G7 final report (doc 7)

doc 6 of 7.