dot-iu-cutter v0.5 WS-Q5 Registry Substrate — Production Apply Report

Phase: v0_5_WS_Q5_registry_substrate_production_apply · Date: 2026-05-18 Authority consumed (NOT reopened): GPT sovereign approval …WS-Q5-registry-substrate-production-apply-sovereign-approval-2026-05-18.

⚠️ GATING BANNER

production_apply_status: BLOCKED
tables_created: 0 ; production_changed: false ; rollback_executed: false
improvisation: NONE ; self_advance: PROHIBITED ; decision_authority: GPT / User ONLY

---

1. Executive summary

The WS-Q5 production apply was attempted exactly as authorized. All three mandatory pre-apply checks passed (P1 read-only preflight, P2 fresh backup, P3 command integrity). The apply command (psql -U directus … -v ON_ERROR_STOP=1 -f <12-CREATE-TABLE artifact>) opened a transaction and failed on the first statement with ERROR: permission denied for schema cutter_governance. ON_ERROR_STOP=1 halted execution; the transaction never committed and was rolled back on session close. Zero of the 12 tables were created. Production is byte-for-byte unchanged.

Root cause: the schema cutter_governance is owned by workflow_admin; the package-pinned connection role directus has USAGE (so preflight/reads worked) but not CREATE. The approved command package did not pin a privileged apply role. This is an authorization-scoping gap in the package — not a DDL defect and not schema drift.

Per the approved procedure, because nothing was created the rollback package's precondition ("12 tables freshly created and empty") is unmet and rollback is not applicable; the correct action is STOP_AND_ESCALATE. No role switch, GRANT, schema-owner change, package edit, or any improvisation was performed (all explicitly forbidden).

2. Required report fields

production_apply_status: BLOCKED            # apply attempted; failed permission; 0 objects
apply_attempt_detail: FAILED_PERMISSION_DENIED (psql RC=3, aborted at CREATE TABLE #1)

backup_status: PASS
  backup_timestamp_utc: 20260518T054609Z
  backup_path_safe: <VPS:redacted-home>/wsq5_apply_backup_20260518T054609Z/prod-directus-preWSQ5-20260518T054609Z.dump
  backup_format: PostgreSQL custom dump (-Fc), header-verified v1.15-0
  backup_bytes: 68250747
  backup_sha256: c95f1da871f27dc2a38d8fb0dfbd277e6f77fdf24a5d9e1021907dbf5f228f3c
  secrets_recorded: none

preflight_result: PASS
  sysid: 7611578671664259111 (== required)
  cutter_governance_exists: yes
  target_12_absent: yes (NONE present)
  drift: none
  baseline: p=12 f=19 u=2 c=1 ; r=12 v=12 i=18

tables_created: 0
  authorized_scope: 12 WS-Q5 registry tables only
  created: NONE (apply aborted before any object)

verification_summary: NOT_APPLICABLE (apply blocked) + BASELINE RECONFIRMED UNCHANGED
  sysid unchanged; cg tables = 12; constraints p=12 f=19 u=2 c=1; views=12;
  0 of 12 targets present; zero data loss; no side effects.

rollback_status_if_any: NOT_APPLICABLE_NO_OBJECTS_CREATED (rollback package
  precondition unmet; not executed; correct = STOP_AND_ESCALATE)

downstream_not_executed: confirmed — no DML/seed, no GRANT/role change,
  no evidenced_by vocab amend, no Cap-4 checker change, no index DDL,
  no Directus mutation, no vector/NoSQL, no CUT, no VERIFY, no data backfill,
  no deploy/restart, no git commit, no self-advance.

next_recommended_cycle: GPT/User re-authorization of the apply with the
  correct privileged role (schema owner workflow_admin) OR an explicitly
  sovereign-approved minimal privilege provisioning, then re-run the same
  P1–P3 + apply + verification. (Choice of remedy = GPT/User decision; the
  DDL artifact itself, sha256 1ab61204…b2c723f, is unchanged and sound.)

3. Root cause & remediation options (for GPT/User — NOT executed)

root_cause: package/preflight pinned apply connection = psql -U directus;
  has CREATE on cutter_governance = false; schema owner = workflow_admin.
  Package omitted a privileged-apply-role pin.
defect_class: authorization scoping in the approved command package
  (NOT DDL correctness, NOT drift). DDL artifact validated by P3 + prior
  isolated dry-run PASS.
remediation_options (require fresh sovereign approval — none taken):
  A. Re-authorize apply executed as the schema owner role workflow_admin
     (same artifact, same P1–P3, same verification). Smallest change.
  B. Sovereign-approved minimal GRANT (CREATE on schema to an apply role)
     as a separate privilege cycle, then apply — heavier; introduces a
     privilege change that is currently forbidden.
  C. Re-issue the production-apply-command-package with an explicit
     apply-role pin, re-review, then apply.
agent_recommendation (advisory only, non-binding): Option A — least
  privilege change, artifact already proven, fastest safe path; the
  failure was purely a connection-identity gap.
prohibited_without_new_approval: any role switch, GRANT, ALTER SCHEMA
  OWNER, package edit, retry — all deferred to GPT/User.

4. Risks / blockers

blocker_B1: apply cannot proceed under the role the approved package pins;
  needs sovereign decision on the privileged-apply-role question.
risk_R1: production integrity — NONE realized. Verified unchanged
  (sysid + full baseline catalog counts identical pre/post; zero data loss).
risk_R2: stale backup if remediation is delayed — backup
  20260518T054609Z is point-in-time; a fresh P2 backup MUST be taken at
  the re-authorized apply (mandatory P2 re-run).
risk_R3: concurrent DDL between now and re-apply — mitigated by mandatory
  P1 preflight re-run at the re-authorized attempt.
no_partial_state: confirmed — transaction aborted at statement 1, auto
  rolled back; no orphan objects/constraints.

5. Git / repo access note

working_directory: /Users/nmhuyen (NOT a git repo)
iu_cutter_code_repo: not present locally; /opt/incomex absent on this host
vps_access: SSH alias 'contabo' -> docker exec postgres (read-only catalog +
  pg_dump backup + one blocked apply attempt; no successful mutation)
code_changed: false ; commit_made: false ; deploy: none

6. Quality / behavior self-audit

mandatory_P1_P2_P3: ALL PASS
apply_executed_as_authorized: yes (exact package, ON_ERROR_STOP=1)
production_unchanged: yes (verified)
rollback_decision_correct: yes (NOT applicable -> STOP_AND_ESCALATE)
improvisation: NONE
forbidden_actions_taken: NONE
secrets_leaked: NONE
report_states_status_and_routes_to_GPT_User: yes

7. Final status

status: PRODUCTION_APPLY_BLOCKED__PRIVILEGED_ROLE_GAP__PRODUCTION_UNCHANGED
production_apply_status: BLOCKED
production_apply_authorized_state: requires GPT/User re-authorization
next_action: route to GPT/User — decide privileged-apply-role remedy (A/B/C)
self_advance: PROHIBITED

Companion files: production-apply-execution-log, production-apply-verification-result.