dot-iu-cutter v0.4 — PG-backed Dry-run RERUN#4 — SUCCESS

Date: 2026-05-17 · Verdict: PASS — all execution gates PASS. · execution_status = SUCCESS · ORCH_EXIT=0 Authorized by: GPT (RERUN#3 FAIL_ACCEPTED_GATE_INCOMPLETE; bounded harness-hardening phase + RERUN#4). Accepted code commit (unchanged): e93424b5ff7fa5e4b8406131977ce4339cd0856a (parent db4aa58). Plan: command-review r1 · verification-plan r3 · rollback-plan r1 · risk-review r1.

1. Harness serialization fix summary

Root cause of RERUN#3 FAIL was a dry-run-harness (not SUT) defect: dr_harness_v0_4.py serialised its own result dict with json.dump(res, …) and no default=str; an S10 idempotency replay legitimately yields a real psycopg3 uuid.UUID entry_id (accepted phases.mark() correctly returns the existing row) → TypeError. Fix (gitignored harness only): json.dump(res, f, indent=2, sort_keys=True, default=str) — report-only. It does NOT touch cutter_agent, does NOT change scenario semantics, does NOT mask SUT errors (failures still detected via res[...]['status']=='FAIL' → sys.exit(1)), and preserves UUID semantics for the system-under-test (only the on-disk report renders a UUID as its string form). Orchestrator unchanged — it computes the harness sha at runtime (no hardcoded literal), so the new sha self-propagates; ACCEPTED pin and teardown prod-dump shred untouched.

2. SHA256

Artefact	SHA256
Corrected harness dr_harness_v0_4.py	c963caed68446f8c9da585cc25fa291e647e7baf42e44e42f3a82e888332b96e (was ddf14a94…)
Orchestrator run_dryrun_v0_4.sh (UNCHANGED)	2ddffd1d071cc9b87ec05c4dd1fbeeb41ee2c3c0a9d2bcfa2d7228cf66a7e484
Roles matrix dr_roles_matrix.sql (unchanged)	2a409696dc3f60cb6328a77afd345e7638685f8d70cb5c0995b40f5841a57584
Current-run prod dump (shredded at teardown; sha ref only)	c0428b5f4690649a445791a2dbed58a22c4db56725c5c3916784eccbbc07f4b6

3. No iu-cutter code change / no commit proof

git -C /opt/incomex/dot rev-parse HEAD = e93424b5ff7fa5e4b8406131977ce4339cd0856a; branch main; git status --short -- iu-cutter = clean (empty). The only edited file is the gitignored .dryrun-v0.4-2026-05-17/dr_harness_v0_4.py (dry-run artefact, untracked). No git add, no commit, no cutter_agent/iu-cutter source or tests touched. RESULT.json accepted_commit=e93424b…0856a.

4. Run timeline (C-01 → C-13, all PASS)

C-01 OK head=e93424b…0856a
C-02 OK roles.sql sha=2a409696… harness sha=c963caed…
C-03 OK dump sha=c0428b5f… size=681140729 prod_sysid=7611578671664259111
C-04 OK no published host port
C-05 OK cg tables=12 views=12
C-06 OK matrix exec=18 verify=15 ro=12 ro_login=f
C-07 OK dr_sysid=7640844057988476971 != prod 7611578671664259111
C-08 OK harness sha verified=c963caed…
C-10a/C-11a happy r3 baseline EXACT total=15
C-10b/C-11b negatives/idempotency delta=0 on all 12 tables
C-12 OK sql_verbs={INSERT SELECT SET UPDATE} no-forbidden no-leak dr.env=600
ALL GATES PASS -> SUCCESS; C-13 teardown; DONE protected_untouched=true dr_env=gone

5. Happy path — 15-row result (verification-plan r3 §2.3, EXACT)

decision_backlog_entry=1  decision_backlog_history=5  decision_backlog_dependency=0
decision_backlog_sweep_log=1  manifest_envelope=1  manifest_unit_block=1
review_decision=1  dot_pair_signature=2  cut_change_set=1
cut_change_set_affected_row=1  verify_result=1  canonical_address_alias=0
TOTAL = 15  ✅  (baseline_match=true, baseline_total=15)

Scenario outcomes (out/happy.json, failures=[]): S1/S2/S3_neg/S4_MARK/SWEEP/S5_REVIEW/S6_CUT all PASS; S7_VERIFY PASS, final_status=verified_complete. The full canonical MARK → SWEEP → REVIEW → CUT → VERIFY completes; dot_pair_signature=2 against the deployed dot_pair_signature_check XOR — DOT signature cross-reference fix + DOT lane-overlap prevention VALIDATED end-to-end (DOT-991→change_set only, DOT-992→verify_result only).

6. Negative / idempotency Δ=0 result

out/negatives.json (failures=[], now serialised correctly): S8 (cross-table refused pre-SQL both ways) PASS · S9 (server 42501 → STOP disposition — the expected proof, not masked) PASS · S10 (replay resolved to existing entry by PK, no insert; entry_id rendered as string) PASS · S11 (phase txn rolled back, atomicity) PASS · S12 (delete & truncate both refused) PASS. C-11b shell post-count == C-11a baseline on all 12 tables → negatives_delta0=true (the shell Δ=0 post-count ran — RERUN#3's blocking gap is closed). No SUT error masked: all scenarios explicitly evaluated; harness exit 0 only because zero status==FAIL.

7. Current-run prod dump teardown proof

prod-directus-20260517T125651Z.sql (sha c0428b5f…) → CURRENT_RUN_DUMP_ABSENT_OK — the patched teardown shredded it on the SUCCESS exit path (only dr_roles_matrix.sql remains in $WD). Shred-on-all-exit-paths preserved.

8. Net-zero / safety

DR container pg-dry-run-v0.4-db-adapter-2026-05-17 + network dr-net-v0.4-2026-05-17 gone (exact-name; dr_env_after=gone). 3 protected prior dry-run envs PROTECTED_BYTE_IDENTICAL (protected_untouched=true). Production: sysid pre==post 7611578671664259111; StartedAt 2026-04-17T05:35:18.48439927Z before==after; read-only pg_dump only; no write/CUT/VERIFY; not restarted. forbidden_sql_absent=true (verbs only INSERT/SELECT/SET/UPDATE), secret_leak_absent=true, dr.env=600 + shredded.

Honest note: RESULT.json retains vestigial fail_gate=G_HARNESS_NEG/fail_detail keys from RERUN#3 — the orchestrator emit() merges keys into the pre-existing file and never deletes stale ones (only orch.log is reset per run). Authoritative signals (execution_status=SUCCESS, ORCH_EXIT=0, orch.log ALL GATES PASS, all boolean gate keys true) are unambiguous; this is a cosmetic carry-over, not a gate failure. (Minor harness-tooling hygiene note for a future cycle: reset/seed RESULT.json per run.)

9. Hardcode / scale / label control statement

No fixed IP/DSN/password/container/vector-collection introduced. DR DB host = container name via dry-run-only dr.harness.env; passwords openssl-generated at runtime then shredded; container/network names are the required exact-name safety identifiers (command-review/rollback exact-name teardown — mandated, not a forbidden hardcode). The harness fix added only default=str to a report json.dump (no literal). No runtime label/key hardcoding. No STOP-class hardcode / label-key issue.

10. Metadata / label hardcoding absent statement

No metadata or label registry schema change. No label columns added. SQL / deployed cutter_governance schema remains SSOT; JSONB carries no hidden authority (the DOT lane↔reference decision is the centralised, schema-binding-tested SIGNATURE_LANE_REFERENCE_KIND from accepted commit e93424b, unchanged this cycle). No vector/NoSQL integration.

11. Verdict & next (no self-advance)

RERUN#4 = PASS. All execution gates PASS: happy r3 15-row baseline EXACT, negative/idempotency Δ=0 on all 12 tables, no forbidden SQL, no secret leak, protected & production untouched, net-zero teardown. The v0.4 DOT-pair signature cross-reference fix and DOT lane-overlap prevention (commit e93424b) are VALIDATED end-to-end against a restored production-schema isolated PG dry-run. No iu-cutter code change, no commit, no production touch. Next step requires a separate GPT review + sovereign authorization (no self-advance to any production / CUT / VERIFY / deploy / migration).