dot-iu-cutter v0.5 WS-Q5 Registry Substrate — Production Verification Command Package

Phase: v0_5_WS_Q5_registry_substrate_production_preflight_and_command_package · Date: 2026-05-18 Verifies: production-apply-command-package (post-apply state).

⚠️ GATING BANNER

phase: production_command_package_authoring
verification_executed: false       # QG4 — this is the PLAN of post-apply checks, NOT a run
checks_run: 0
verification_method: catalog-level ONLY (pg_catalog / information_schema)   # QG6
rendered_string_equality: FORBIDDEN  (carry C-07 / v0.3 false-negative lesson)
execution_authorized: false
self_advance: PROHIBITED

Every check is a catalog-level structural assertion — never pg_get_*def() rendered-string equality (the C-07 false-negative root cause). Outcome vocabulary: PASS | FAIL(detail). To be run ONLY in the approved apply phase, immediately after COMMIT;, against the same production DB.

---

1. Baseline (captured by preflight, for before==after diff)

pre_apply:  tables(r)=12  pk(p)=12  fk(f)=19  unique(u)=2  check(c)=1  view(v)=12  sysid=7611578671664259111
post_apply (expected):
            tables(r)=24  pk(p)=24  fk(f)=27  unique(u)=6  check(c)=1  view(v)=12  sysid=7611578671664259111
delta:      +12 tables, +12 PK, +8 FK, +4 UNIQUE; CHECK/view/sysid UNCHANGED; 0 rows in new tables

2. Table existence — 12 (catalog)

-- TV-1: exactly the 12 new tables present in cutter_governance
SELECT tablename FROM pg_tables WHERE schemaname='cutter_governance'
  AND tablename IN ('matcher_config_registry','address_template_registry',
  'grammar_profile','grammar_profile_level','grammar_profile_status_marker',
  'source_family_registry','source_document_registry',
  'source_document_version_registry','entity_kind_registry',
  'entity_reference_registry','authority_override','metadata_key_registry')
  ORDER BY 1;          -- EXPECT 12 rows, exact names
-- TV-2: all relkind='r' (ordinary table, not view/matview/partition)
SELECT c.relname,c.relkind FROM pg_class c JOIN pg_namespace n ON n.oid=c.relnamespace
  WHERE n.nspname='cutter_governance' AND c.relname = ANY (ARRAY[<12 names>]);
  -- EXPECT relkind='r' for all 12
-- TV-3: total cutter_governance table count = 24
SELECT count(*) FROM pg_tables WHERE schemaname='cutter_governance';   -- EXPECT 24

3. Columns / types / nullability / no DEFAULT (information_schema)

-- CV-1/CV-2: per-table column name + data_type set matches the apply artifact
SELECT table_name, column_name, data_type, is_nullable, column_default
  FROM information_schema.columns
 WHERE table_schema='cutter_governance' AND table_name = ANY (ARRAY[<12 names>])
 ORDER BY table_name, ordinal_position;
-- assert: no extra/missing column; data_type in {text, 'timestamp with time
-- zone', jsonb, boolean, integer} per draft; structural compare, NOT a DDL
-- string compare.
-- CV-4: NO column has a DEFAULT
SELECT count(*) FROM information_schema.columns
 WHERE table_schema='cutter_governance' AND table_name = ANY (ARRAY[<12 names>])
   AND column_default IS NOT NULL;          -- EXPECT 0

4. Constraints — PK / FK / UNIQUE (pg_constraint, STRUCTURAL)

-- KC-1: exactly 12 PK named pk_<table>
SELECT conname FROM pg_constraint c JOIN pg_namespace n ON n.oid=c.connamespace
  JOIN pg_class t ON t.oid=c.conrelid
 WHERE n.nspname='cutter_governance' AND c.contype='p'
   AND t.relname = ANY (ARRAY[<12 names>]) ORDER BY 1;   -- EXPECT 12, all pk_*

-- KC-2/KC-3: exactly 8 FK, exact name + referenced table, schema-qualified
-- BOTH sides to cutter_governance (resolve conrelid/confrelid/conkey/confkey
-- to names — NEVER pg_get_constraintdef text; this is the C-07 fix).
SELECT c.conname,
       sn.nspname  AS src_schema,  st.relname AS src_table,
       tn.nspname  AS ref_schema,  tt.relname AS ref_table
  FROM pg_constraint c
  JOIN pg_class st ON st.oid=c.conrelid   JOIN pg_namespace sn ON sn.oid=st.relnamespace
  JOIN pg_class tt ON tt.oid=c.confrelid  JOIN pg_namespace tn ON tn.oid=tt.relnamespace
 WHERE c.contype='f' AND st.relname = ANY (ARRAY[<12 names>])
 ORDER BY 1;
-- EXPECT exactly these 8 rows, src_schema=ref_schema='cutter_governance':
--   fk_grammar_profile_address_template_ref      -> address_template_registry
--   fk_grammar_profile_level_profile             -> grammar_profile
--   fk_grammar_profile_level_matcher             -> matcher_config_registry
--   fk_gpsm_profile                              -> grammar_profile
--   fk_source_family_registry_grammar_profile    -> grammar_profile
--   fk_source_document_registry_family           -> source_family_registry
--   fk_sdvr_source_document                      -> source_document_registry
--   fk_entity_reference_registry_kind            -> entity_kind_registry

-- KC-4: exactly 4 UNIQUE, exact name + exact column set (conkey resolved to
-- attnames, ORDER-insensitive set compare)
SELECT c.conname, t.relname,
       (SELECT array_agg(a.attname ORDER BY a.attnum)
          FROM pg_attribute a
         WHERE a.attrelid=c.conrelid AND a.attnum = ANY(c.conkey)) AS cols
  FROM pg_constraint c JOIN pg_class t ON t.oid=c.conrelid
  JOIN pg_namespace n ON n.oid=t.relnamespace
 WHERE n.nspname='cutter_governance' AND c.contype='u'
   AND t.relname = ANY (ARRAY[<12 names>]) ORDER BY 1;
-- EXPECT 4:
--   uq_grammar_profile_level_name           {grammar_profile_ref, level}
--   uq_source_document_registry_docprefix   {address_docprefix}
--   uq_sdvr_doc_checksum                    {source_document_ref, content_checksum}
--   uq_entity_reference_registry_natural    {entity_kind, source_system, natural_key}

-- KC-5: no CASCADE/SET — all 8 FK confdeltype/confupdtype = 'a' (NO ACTION)
SELECT c.conname, c.confdeltype, c.confupdtype
  FROM pg_constraint c JOIN pg_class t ON t.oid=c.conrelid
  JOIN pg_namespace n ON n.oid=t.relnamespace
 WHERE n.nspname='cutter_governance' AND c.contype='f'
   AND t.relname = ANY (ARRAY[<12 names>]);   -- EXPECT all 'a'/'a'

-- KC-6: ZERO new CHECK + ZERO trigger on the 12 new tables
SELECT count(*) FROM pg_constraint c JOIN pg_class t ON t.oid=c.conrelid
  JOIN pg_namespace n ON n.oid=t.relnamespace
 WHERE n.nspname='cutter_governance' AND c.contype='c'
   AND t.relname = ANY (ARRAY[<12 names>]);   -- EXPECT 0
SELECT count(*) FROM pg_trigger g JOIN pg_class t ON t.oid=g.tgrelid
  JOIN pg_namespace n ON n.oid=t.relnamespace
 WHERE n.nspname='cutter_governance'
   AND t.relname = ANY (ARRAY[<12 names>]) AND NOT g.tgisinternal;  -- EXPECT 0

5. No enum / no unintended objects / additive-only

-- NH-3: 0 enum types newly created
SELECT count(*) FROM pg_type ty JOIN pg_namespace n ON n.oid=ty.typnamespace
 WHERE n.nspname='cutter_governance' AND ty.typtype='e';   -- EXPECT 0

-- AO-1: schema-wide before==after diff — ONLY +12 tables + their constraints
SELECT relkind, count(*) FROM pg_class c JOIN pg_namespace n ON n.oid=c.relnamespace
 WHERE n.nspname='cutter_governance' GROUP BY relkind ORDER BY relkind;
-- EXPECT r=24, v=12 (UNCHANGED), i = baseline 18 + (constraint-backed indexes
--   for the 12 PK + 4 UNIQUE = +16) -> 34; NO standalone/extra index, NO
--   sequence, NO function, NO matview created.
SELECT contype, count(*) FROM pg_constraint c JOIN pg_namespace n ON n.oid=c.connamespace
 WHERE n.nspname='cutter_governance' GROUP BY contype ORDER BY contype;
-- EXPECT p=24, f=27, u=6, c=1 (CHECK UNCHANGED — no new CHECK)

-- AO-2/AO-3: existing 12 tables UNCHANGED (no ALTER side-effect)
--   re-list existing-12 column sets + their PK/FK; assert identical to the
--   preflight baseline inventory (negative check — additive-only).

-- AO-4: identity unchanged
SELECT system_identifier FROM pg_control_system();   -- EXPECT 7611578671664259111

-- AO-5: zero rows in all 12 new tables (no DML seed authorized)
SELECT relname, n_live_tup FROM pg_stat_user_tables
 WHERE schemaname='cutter_governance' AND relname = ANY (ARRAY[<12 names>]);
-- EXPECT n_live_tup = 0 for all 12  (also cross-check SELECT count(*) per table)

6. Negative checks (any TRUE => the apply FAILED — STOP, run rollback)

NG-1  any of the 12 names already existed pre-apply with a different shape
      -> plain CREATE TABLE aborts the transaction (conflict surfaced).
NG-2  any FK resolves to a table OUTSIDE cutter_governance -> FAIL.
NG-3  any CASCADE / SET NULL / SET DEFAULT referential action present -> FAIL.
NG-4  any CHECK / trigger / DEFAULT / sequence / enum created -> FAIL.
NG-5  any GRANT / role / ownership change detected -> FAIL.
NG-6  any row present in a new table post-apply -> FAIL (no seed authorized).
NG-7  any ALTER to an existing cutter_governance table -> FAIL.
NG-8  system_identifier changed -> FAIL (wrong target / identity touched).

7. Pass criterion

production_apply_verified_PASS iff:
  TV-1..TV-3 PASS  AND  CV-1/CV-2/CV-4 PASS  AND  KC-1..KC-6 PASS
  AND NH-3 PASS  AND  AO-1..AO-5 PASS  AND  every NG-* is FALSE.
fail_action: if ANY check FAIL or ANY NG-* TRUE -> DO NOT proceed; the apply
  transaction must be rolled back (rollback-command-package) and routed to
  GPT/User. No schema self-fix. No rendered-string re-interpretation.

8. Statements

• QG6: every check catalog-level (pg_catalog / information_schema); ZERO pg_get_*def() rendered-string equality; KC-2/KC-3 hard-code the schema-qualified structural compare to prevent recurrence of the C-07 / v0.3 false-negative. QG4: nothing executed — plan only.
• No DML, no GRANT/role, no index execution, no Directus, no CUT/VERIFY, no deploy, no git commit.
• Self-advance PROHIBITED — doc 4 of 5; verification NOT executed (no apply has occurred). STOP → route GPT/User.

Companion files: preflight-result, production-apply-command-package, production-rollback-command-package, command-review-report.