Incomex AI Portal
KB-3D60

dot-iu-cutter v0.5 — First Snapshot CUT-plan Dry-run · CI/Test Requirements + How S1 Feeds S2 (S1; doc 4 of 5)

5 min read Revision 1
dot-iu-cutterv0.5cut-plan-dryruns1ci-requirementss1-feeds-s2test-plan2026-05-19

dot-iu-cutter v0.5 — First Snapshot CUT-plan Dry-run · CI/Test Requirements + S1 to S2 Feed

doc 4 of 5 · review_design_only, no_execution, no_code · 2026-05-19 · sub-phase S1

1. CI / test requirements BEFORE any implementation (required item 8)

The S2 entrypoint (the cutplan module plus its unittest file) must not be committed until all of the following are green, mirroring the ratified MARK entrypoint lineage:

  • T-1 import isolation: the cutplan module imports only the standard library (argparse, hashlib, json, os, re, sys, pathlib); a test asserts the DB-adapter, phases, ledger, signing and any driver or network modules are not reachable from its import graph.
  • T-2 digest gate: a manifest whose digest does not equal 9d908a62 leads to exit 3 BLOCKED (file-sha gate likewise).
  • T-3 candidate-count gate: count not equal to 60 leads to exit 3 BLOCKED.
  • T-4 Dieu 44 exclusion: Dieu 44 never appears in the IU-mapping or write-set preview; a fixture that places Dieu 44 into candidates leads to exit 3 BLOCKED; excluded_count is 4.
  • T-5 uniqueness and overlap: a duplicate-address or span-overlap fixture leads to exit 3 BLOCKED.
  • T-6 determinism: two in-process builds produce an identical cut_plan_digest (re_run_equal true).
  • T-7 reconstruction parity: reconstruction_ok true is re-asserted from the manifest.
  • T-8 idempotency keys: 60 OD-1 keys, all distinct, deterministic, independent of any human or scenario label (reuses the existing idempotency-key helper semantics; the key excludes human labels).
  • T-9 guard matrix: wrong mode, missing a no-write flag, scope other than enacted_only, or a DB environment variable present each lead to exit 2 REFUSED.
  • T-10 net-zero: after a run there is no DB effect and no file outside the scratch directory; the git working tree stays empty.
  • T-11 artifact schema: all 5 fixed-name files are emitted with the documented schema; the PASS path is exit 0; the BLOCKED path emits only the report file with status BLOCKED.

Gate before commit (same as MARK): the full unittest suite green, the cutplan module sha-pinned in the commit doc, a byte-compile check clean, the run performed with no DB environment, and a branch/HEAD/tree precheck. Transport of any byte artifact is byte-faithful (base64 or content-addressed) per the project artifact-transport standard.

2. How this S1 package feeds S2 implementation (required item 9)

  • S1 is the ratified specification (this package): objective and scope, exact command shape, input contract, artifact schemas, validation rules, failure modes, CI gates. No code.
  • S2 consumes S1 as:
    • the authoritative contract for the cutplan module (mode cut-plan-only, the exact flags in doc 2 section 1, guard semantics, the 5 fixed-name artifacts and schemas in doc 2 section 2);
    • the test plan: the cutplan unittest file implements T-1 through T-11 verbatim;
    • the acceptance bar: an S2 commit is allowed only when T-1 through T-11 are green and the entrypoint is sha-pinned, byte-compile clean and no-DB, committed to the feature branch only (no merge, push, tag or deploy), exactly as the MARK entrypoint commit (afb7bfc).
  • S2 is separately gated: S2 (design, then authoring, then CI, then commit) requires its own GPT/User approval. This S1 package does not authorize S2 coding. After an S2 commit, a separate command-review authorizes the first cut-plan dry-run execution (mirrors the MARK first-dry-run gate).
  • Downstream after S1 plus S2: S3 the executor/verifier credential cycle; S4 the production CUT command-review plus a separate explicit production-write approval. Each independently gated.

3. Quality-gate mapping

  • QG1 objective and exact scope: PASS (doc 1 section 1)
  • QG2 proposed non-production command shape: PASS (doc 2 section 1, contract, not run)
  • QG3 input contract (digest/version/count/exclusion): PASS (doc 1 section 2)
  • QG4 expected artifacts (5): PASS (doc 2 section 2)
  • QG5 validation rules: PASS (doc 3 section 1, VAL-1 through VAL-9)
  • QG6 explicit write statement (artifact-only): PASS (doc 2 section 3)
  • QG7 failure modes and fail-closed: PASS (doc 3 section 2)
  • QG8 CI/test before implementation: PASS (this doc section 1, T-1 through T-11)
  • QG9 S1 to S2 feed: PASS (this doc section 2)
  • QG10 STOP after upload, route GPT/User: PASS (doc 5 section 3)

doc 4 of 5. Nothing executed. Self-advance PROHIBITED.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.5-constitution-first-snapshot-cut-plan-dryrun-command-review/dot-iu-cutter-v0.5-cut-plan-dryrun-ci-requirements-and-s2-feed-2026-05-19.md