dot-iu-cutter v0.5 WS-Q5 — Seed + Privilege Authoring Report

Phase: v0_5_WS_Q5_seed_and_privilege_command_authoring · Nature: authoring_only / no_execution · Date: 2026-05-18 Authority consumed (NOT reopened): GPT closeout …WS-Q5-production-apply-closeout-gpt-review-2026-05-18 (next_phase: v0_5_WS_Q5_seed_and_privilege_command_authoring, authoring_only__no_execution).

⚠️ GATING BANNER

dml_executed: none ; grant_executed: none ; revoke_executed: none   # QG2
production_write: none ; directus_mutation: none ; git_commit: false
readonly_catalog_used: yes (role grounding only — QG4)
execution_authorized: false ; self_advance: PROHIBITED
decision_authority: GPT / User ONLY

---

1. Executive summary

Authored the full seed + privilege command package for the 12 live-but-empty WS-Q5 registry tables: a deterministic INSERT-only seed draft, its rollback/compensation draft, a least-privilege GRANT draft, the matching REVOKE draft, and a catalog/data verification plan. Nothing was executed — no DML, no GRANT/REVOKE, no production write. The only production contact was read-only catalog SELECT to ground role names (QG4). Every seed value traces to WS-2/WS-3/v0.4 authority (QG1); items not covered by authority are flagged as open decisions, not assumed.

A material finding: the live schema's source_family_registry.grammar_profile_ref is NOT NULL FK but WS-2 D3 authorized only 2 grammar profiles, so only 3 of the 9 requested source families are seedable now (OD-SF1). The package is therefore READY for GPT command-review of the executable subset, with the remaining families/keys explicitly gated on GPT/User decisions.

2. What was read

- GPT closeout review (reauthorized apply CLOSED_PASS_LIVE; next=authoring-only)
- production-apply package (apply command pkg = exact live 12-table schema;
  verification-result = 12 tables LIVE, empty, catalog-verified)
- WS-Q5 ddl-authoring set (DDL draft / rollback / verification-plan / report /
  design-delta) — schema shape cross-check
- v0.5-schema-Q5 command-review-planning set (open-decisions/risk register;
  verification & rollback master plan — RSV/USV/CAV/QG6 doctrine)
- WS-2 D1 (metadata_key_registry), D2/D3/D4 (source_family/grammar/authority),
  D5/D6 (entity registry + address namespacing); WS-3 report
- read-only production catalog: pg_roles, pg_namespace, role_table_grants,
  role_column_grants (role grounding only)

3. What was authored (6 files, this directory)

1 seed-data-draft.sql.md            : 31 INSERT rows / 8 tables; FK-safe order;
                                      plain INSERT (no ON CONFLICT, justified)
2 seed-rollback-compensation.sql.md : R-A exact DELETE (pre-data, no CASCADE)
                                      + R-B lifecycle-retire (data exists)
3 privilege-grant-draft.sql.md      : 12-table least-privilege GRANT, per role
4 privilege-rollback-draft.sql.md   : 1:1 inverse REVOKE
5 seed-privilege-verification-plan  : pre-seed gate + seed + privilege checks
6 this report

4. Seed groups included / excluded

INCLUDED (executable, authority-traced):
  matcher_config_registry        8  (WS-2 D3 matcher_ref set)
  address_template_registry      2  (WS-2 D6 + BR-A1 locked scheme; QG7)
  grammar_profile                2  (WS-2 D3 Profile A internal / B vn-law)
  grammar_profile_level          8  (WS-2 D3 level_definitions: A=3, B=5)
  grammar_profile_status_marker  2  (WS-2 D3 Profile A ✅/📋 — exact UTF-8)
  entity_kind_registry           5  (WS-2 D5 seed set verbatim)
  source_family_registry         3  (WS-2 D2 — DOCUMENT families only)
  metadata_key_registry          1  (v0.4 §4 idempotency_key — only authority-named)
EXCLUDED / NOT SEEDED (flagged, not assumed):
  source_family_registry (6 more) : OD-SF1 — NOT NULL grammar FK vs only 2
                                    profiles; non-document families have no
                                    WS-2 grammar binding
  entity_kind extras              : OD-EK1 — customer/contract/invoice/report/
                                    process_step are WS-2 D5 illustrative
                                    natural-keys, not the D5 seed set
  metadata_key extras             : OD-MK1 — D1 gave no concrete key list
  entity_reference_registry  (0)  : WS-2 D5 — real pilot binding only
  source_document_registry   (0)  : OD-SEQ1 — precedence undecided
  source_document_version_registry(0)
  authority_override         (0)  : WS-2 D4 — only for a real misclassified IU

5. Role / grant assumptions (grounded by read-only catalog — QG4)

roles_confirmed_exist: cutter_ro (NOLOGIN), cutter_exec (LOGIN),
  cutter_verify (LOGIN), workflow_admin (owner/super), directus  — none assumed
current_state_12_new_tables: only directus SELECT (pre-existing) + workflow_admin
  owner; cutter_ro/exec/verify have ZERO grants -> this package adds them
proposed_model (least privilege, mirrors baseline cg pattern):
  cutter_ro     SELECT x12
  cutter_exec   SELECT+INSERT x12  + UPDATE(lifecycle) col-scoped x8
  cutter_verify SELECT x12  (read-only verification)
NOT proposed (QG3): GRANT ALL, PUBLIC, DELETE/TRUNCATE/REFERENCES/TRIGGER,
  table-wide UPDATE, WITH GRANT OPTION, owner/role-membership change
directus & workflow_admin: untouched

6. Open decisions (route GPT/User — none self-resolved, QG1/QG5)

OD-SF1  HIGH  source_family NOT NULL grammar FK vs 2 profiles -> only 3/9
              seedable. Options: (a) ratify generic profile; (b) NULLable
              (out-of-scope DDL); (c) seed 3 now, defer 6. No self-resolve.
OD-EK1  MED   add customer/contract/invoice/report/process_step as entity_kinds?
OD-MC1  MED   matcher_definition concrete match expression (WS-2 deferred)
OD-MK1  MED   metadata-key bootstrap set beyond idempotency_key
OD-SM1  MED   status marker must be inserted as exact UTF-8 (no ASCII norm)
OD-PV1  MED   keep vs defer cutter_exec UPDATE(lifecycle) column grant
OD-PV2  LOW   confirm cutter_verify SELECT-only (no verify-write on registries)
OD-PV3  LOW   confirm cutter_* already hold schema USAGE (re-check at cmd-review)
OD-PV4  MED   seed-execution role (cutter_exec vs workflow_admin) — exec phase
BR-A1   HIGH  (carried) address separator final lock = GPT/User
OD-SEQ1 MED   (carried) source_document precedence -> 3 registries left empty

7. Ready / not ready for GPT command-review

ready_for_GPT_command_review: YES — for the executable subset (31 seed rows /
  8 tables + the least-privilege grant matrix). Drafts are internally
  consistent, FK-safe, rollback-paired, and verification-covered.
NOT ready for full-substrate execution until GPT/User resolves: OD-SF1
  (blocks the other 6 families), BR-A1 (address separator lock), and
  the role-policy decisions OD-PV1/PV2/PV4.
recommended_next: GPT command-review of this package; on PASS, a SEPARATE
  sovereign-approved execution phase (pre-seed gate -> seed -> verify ->
  grant -> verify), never combined, never self-advanced.

8. Explicit non-execution statement

No DML was executed. No GRANT/REVOKE was executed. No production write, no Directus mutation, no CUT/VERIFY, no deploy/restart, no git commit, no index DDL, no vocab/Cap-4 change occurred. Production was contacted ONLY by read-only catalog SELECT to ground role names and current grant state. The 12 WS-Q5 tables remain empty; no privilege was changed. This phase produced a reviewable command package only.

9. Git / repo access note

working_directory: /Users/nmhuyen  (NOT a git repo)
iu_cutter_code_repo: not present locally; no branch/HEAD/git-status available
git_status_iu_cutter: N/A — no repo in this session
vps_access: SSH alias 'contabo' -> docker exec postgres — READ-ONLY catalog
  only (pg_roles / pg_namespace / role_*_grants); zero mutation, zero write
code_changed: false ; commit_made: false ; deploy: none
no_write_outside_KB_uploads: confirmed (only the 6 KB docs uploaded)

10. Quality-gate self-audit

QG1 seed values trace to WS-2/WS-3 authority: PASS (non-authority -> flagged)
QG2 no DML/GRANT executed:                    PASS
QG3 no broad GRANT ALL / PUBLIC / owner chg:  PASS
QG4 role names grounded by read-only catalog: PASS (all 5 confirmed present)
QG5 rollback/compensation safe for seed rows: PASS (R-A known-rows / R-B retire)
QG6 verification has row-count + FK checks:   PASS (§1.1 + FKV-1..6 + more)
QG7 address template = locked separator:      PASS ('/' docprefix, '-' level)
QG8 report states ready/not-ready:            PASS (§7)

11. Final status

status: WS_Q5_SEED_AND_PRIVILEGE_COMMAND_PACKAGE_AUTHORED__NOT_EXECUTED
ready_for_GPT_command_review: yes (executable subset)
blocking_open_decisions: OD-SF1, BR-A1, OD-PV1/PV2/PV4 (+ MED flags)
next_action: route to GPT/User for command-review
self_advance: PROHIBITED (no execution, no downstream cycle)

Companion: seed-data-draft, seed-rollback-compensation-draft, privilege-grant-draft, privilege-rollback-draft, seed-privilege-verification-plan.