dot-iu-cutter v0.5 WS-Q5 Registry Substrate — Isolated Dry-run Execution Log

Phase: v0_5_WS_Q5_registry_substrate_DDL_correction_and_isolated_dry_run · Date: 2026-05-18

⚠️ GATING BANNER

environment: isolated_ephemeral_local — PROVEN not production (see §1)
production_sql_executed: none
secrets_recorded: none           # QG6 — trust-auth local socket, no password/credential
self_advance: PROHIBITED

---

1. Dry-run environment (QG2 — proven NOT production)

kind: freshly-created ephemeral local PostgreSQL cluster (initdb), socket-only
host: local UNIX domain socket /tmp/wsq5dr/sock  (redacted-safe path)
tcp_listener: NONE — listen_addresses='' ; psql 127.0.0.1:54329 -> "Connection
  refused" (verified) => not network-reachable, fully isolated
database: dr_wsq5  (purpose-created, throwaway)
admin_role: dr_admin  (throwaway, trust-auth local socket — NO password set,
  NO credential recorded anywhere — QG6)
server_version: PostgreSQL 14.17 (Homebrew, local)
dry_run_system_identifier: 7641097877796842211
production_system_identifier: 7611578671664259111  (VPS directus PG — NOT
  reachable this session; /opt/incomex absent)
proof_not_production: dry_run sysid 7641097877796842211 != prod 7611578671664259111
  AND host is a local ephemeral socket cluster AND no prod DSN/credential exists
  in this session AND production PG is version 16 (this is 14.17)
timestamp_utc: 2026-05-18T05:22Z (cluster start) .. teardown same session
actor_tool: Claude Code agent via psql 14.17 / initdb / pg_ctl (Bash tool)
lifecycle: created -> applied -> verified -> rolled back -> STOPPED + dirs
  removed (ephemeral env destroyed; nothing persisted)

2. Commands executed (in order)

1. initdb -D <cluster> -U dr_admin --auth=trust -E UTF8                 -> OK
2. pg_ctl start  (-k <sock> -c listen_addresses='' -p 54329)            -> OK
3. CREATE DATABASE dr_wsq5;                                             -> OK
4. TCP isolation probe psql 127.0.0.1:54329                             -> Connection refused (expected)
5. psql -v ON_ERROR_STOP=1 -f wsq5_ddl_corrected.sql (sha 1cf31237…)    -> rc=0
6. catalog-level verification query battery (TV/KC/CV/NH/AO)            -> see verification-result file
7. psql -v ON_ERROR_STOP=1 -f wsq5_rollback.sql (sha f4835326…)         -> rc=0
8. post-rollback catalog re-check                                      -> clean
9. pg_ctl stop -m immediate ; rm -rf cluster + socket                   -> teardown OK

3. Results

DDL_apply:
  command: psql ON_ERROR_STOP=1 -f wsq5_ddl_corrected.sql
  result: SUCCESS  rc=0
  psql_output: "CREATE SCHEMA" + 12x "CREATE TABLE"
  tables_created: 12 in cutter_governance
  duration_seconds: ~0.0236
  errors: none

verification:
  command: catalog-level query battery (pg_catalog / information_schema)
  result: ALL PASS  (full breakdown in isolated-dryrun-verification-result file)
  errors: none

rollback_test:
  command: psql ON_ERROR_STOP=1 -f wsq5_rollback.sql  (exact inverse, NO CASCADE)
  result: SUCCESS  rc=0
  psql_output: 12x "DROP TABLE"  (no CASCADE, no NOTICE)
  post_state: 0 tables + 0 constraints remaining in cutter_governance
  duration_seconds: ~0.0177
  errors: none

teardown:
  pg_ctl stop: OK ; cluster dir + socket removed ; environment destroyed

4. Fidelity notes / limitations (transparency)

N-1 version: dry-run PG 14.17 vs production PG 16. WS-Q5 DDL uses only
    text/timestamptz/jsonb/boolean/integer + PK/FK/UNIQUE — all identical
    semantics across PG14/16; structurally representative.
N-2 self-contained: WS-Q5 DDL has NO cross-schema FK and NO ALTER of existing
    objects, so a restored-production-dump base is NOT required for a faithful
    STRUCTURAL dry-run. This was a structural dry-run on a clean cluster, not
    a restored-prod-dump dry-run (no VPS access this session).
N-3 NOT exercised here (residual for prod command-review/sovereign cycle):
    the negative checks "name collides with one of the 12 existing prod
    tables" and "no ALTER side-effect on existing tables" cannot be tested
    without the real prod schema — flagged, NOT silently skipped.
N-4 scaffold: a single "CREATE SCHEMA IF NOT EXISTS cutter_governance;" was
    prepended for the empty cluster (see AD-4 correction note §3); production
    artifact must NOT create the schema.

5. Statements

• QG2: environment proven not production (distinct sysid, socket-only/no TCP, no prod credential, ephemeral, torn down). QG6: no secrets recorded (trust-auth local socket, no password/credential anywhere).
• No production SQL/write/migration/DML-seed; no Directus/vector; no CUT/VERIFY; no deploy/restart; no git commit.
• No repo/VPS access in this session.
• Self-advance PROHIBITED — doc 2 of 4; STOP after package complete → route GPT/User.

Companion files: AD4-correction-note, isolated-dryrun-verification-result, isolated-dryrun-report.