IU Core 8000x — Governance Promotion Package Design Note

Package shape

ops/governance-promotion-package-8000x/
├── README.md                       # operator runbook
├── 00_preflight.sql                # READ-ONLY freeze + drift guard
├── 01_author_manifest.sql          # WRITES 1 + 86 rows to cutter_governance
├── 02_create_review_decision.sql   # WRITES 1 row to cutter_governance
├── 03_promote_candidates.sql       # calls fn_iu_enact for 86 IUs
├── 04_rollback.sql                 # per-IU rollback via fn_iu_retire
└── 05_postflight_verify.sql        # READ-ONLY 8-step verification

Determinism

• envelope_id = ('cf0000' || substr(md5('IU_CORE_8000X:envelope:' || candidate_hash), 1, 26))::uuid
• review_decision_id = same pattern with ':rd:' instead of ':envelope:'
• change_set_id = same pattern with ':cs:'
• All IDs are stable across re-runs. Re-running 01/02 raises PK violation (idempotency by collision), which is the correct safety: a manifest must be authored once.

Drift guard

Every write-step file (01/02/03) re-reads the live candidate set and asserts:

• count = 86
• hash = 29b36fa4fd95dd871a0b949c2e37407c0647294752a909aac45794e8815b43bb

A drift between freeze (macro time) and write time triggers RAISE EXCEPTION inside DO, which rolls the transaction back.

Row shapes (matched to live cutter_governance NOT NULL contract)

Column shapes were discovered from cutter_agent/ledger_v2_canonical_cut.py (the v0.5 ratified writer for the first controlled ICX-CONST CUT). The 8000x package uses identical column lists so the writers stay schema-compatible.

manifest_envelope (15 columns)

Column	Value source for 8000x
envelope_id	deterministic UUID (envelope_id formula)
operation_kind	'cut'
status	'applied'
source_doc_ref	NULL
escalation_ref	NULL
cut_change_set_ref	deterministic change_set_id
created_by	'iu-core-8000x/governance_authorship'
created_at	2026-05-24T00:00:00+00:00
reviewer	'GPT/User'
reviewed_at	same
rationale	references candidate_hash + frozen DIEU set
superseded_by_envelope_id	NULL

manifest_unit_block (12 columns × 86 rows)

Column	Value
envelope_id	envelope_id
unit_local_id	canonical_address
block_role	'unit'
source_span	{iu_id, uv_id, content_anchor_ref, doc_code, section_type, section_code, unit_kind} (jsonb)
render_order	ROW_NUMBER() OVER (ORDER BY canonical_address)
target_unit_id	iu_id
proposed_canonical_address	canonical_address
proposed_authority	'incomex_council'
payload_summary	{doc_code, section_type, unit_kind, lifecycle_status, parent_or_container_ref} (jsonb)
candidate_edges	NULL
report_summary	NULL
decision_backlog_ref	NULL
created_at	2026-05-24T00:00:00+00:00

review_decision (24 columns)

Column	Value
review_decision_id	deterministic UUID (rd formula)
governance_event_kind	'lifecycle_promotion_draft_to_enacted'
manifest_id	envelope_id (FK)
manifest_version	tool_revision string
review_scope	'manifest'
status	'decided'
verdict	'approve'
findings	{corpus_filter, candidate_count, candidate_hash, lifecycle_uniform_draft, parent_orphans, canonical_duplicates, policy_version, macro_tag, compensation_primitives_present, rationale} (jsonb)
reviewer_class	'sovereign'
reviewer_identity	{reviewer:'GPT/User', kb_doc_id: this KB path} (jsonb)
risk_class_assessment	'standard'
cut_change_set_ref	deterministic change_set_id
decision_at	2026-05-24T00:00:00+00:00
decided_by	'GPT/User'
tool_revision	iu-core-8000x@compensation-primitives-2026-05-24
cross_signed_by_dot_verifier	false
version	'1.0.0'
created_at / updated_at	decision_at

Why we don't use a governed authoring function

cutter_agent/orchestrator/governance_writers.py provides GenericLegBRecorder / GenericVerifyRecorder that emit the same row shapes. We chose raw deterministic SQL instead because:

1. The harness has no live execution adapter wired in for the cutter_governance schema — invoking those Python writers from a one-off macro requires standing up a ProductionLiveExecutionAdapter plus the signing.SigningInterface, which is a separate macro.
2. The raw SQL package is operator-transparent: an operator with sovereign PG can read every INSERT exactly.
3. Idempotency by deterministic UUID + PK collision is simpler than replicating the writers' uniqueness key calculations for a one-off lifecycle-promotion event (which is not a CUT or a VERIFY).

Why we don't use Directus REST

cutter_governance.* collections are not in the Directus write allowlist exposed to the harness (S177 hardening; verified by mcp__claude_ai_Incomex_VPS__directus_read returning 403 on every governance collection). This is correct sovereign-isolation behaviour and the package respects it by escalating to operator psql.