dot-iu-cutter v0.5 — Repo Authority Resolution: Candidate Inventory

Phase: v0_5_iu_cutter_repo_authority_resolution · Nature: read_only_investigation__no_mutation · Date: 2026-05-18 · doc 1 of 4

patch_applied: false ; git_init: false ; commit: false ; deploy: false
file_modification: NONE ; dry_run/cut/verify: NONE
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

---

1. Objective

Locate every candidate iu-cutter code location and record, per candidate, its git state and content, so GPT/User can rule which repo (if any) is the authoritative apply target for the BLOCKED snapshot-source MARK dry-run entrypoint patch (KB doc 2, shas f1f42e83… / 31143968…). No mutation of any kind performed.

2. Candidate inventory (live probe, read-only)

C1:
  path: /Users/nmhuyen/iu-cutter-build/repo/iu-cutter
  exists: YES (directory)
  is_git_repo: FALSE  (`git rev-parse --is-inside-work-tree` => false; no .git;
                       no .git in any parent up to /)
  branch: N/A   HEAD: N/A   remote: N/A
  top_level: .gitignore, README.md, cli.py, cutter_agent/, tests/, __pycache__/
  contains_cutter_agent: TRUE
  cutter_agent/: __init__.py canonicalization.py db_adapter.py idempotency.py
                 ledger.py phases.py signal.py signing.py state_machine.py  (9 modules)
  tests/: test_idempotency.py test_phase_contracts.py
          test_real_postgres_adapter.py test_security_boundaries.py
          test_state_machine.py  (5 tests)
  v0.4_skeleton_present: TRUE (full: 9 cutter_agent modules + 5 tests + cli.py)
  dryrun.py: ABSENT   test_dryrun_snapshot_mark.py: ABSENT
  likely_authoritative: TRUE  (KB SSOT names this path; most complete content)

C2:
  path: /Users/nmhuyen/.iu-cutter-stage/iu-cutter
  exists: YES (directory; stage dir mtime older — May 17)
  is_git_repo: FALSE  (no .git; no .git up-tree)
  branch: N/A   HEAD: N/A   remote: N/A
  top_level: README.md, cli.py, cutter_agent/, tests/, __pycache__/
             (NO .gitignore)
  contains_cutter_agent: TRUE
  cutter_agent/: same 9 module names as C1
  tests/: test_idempotency.py test_phase_contracts.py
          test_security_boundaries.py test_state_machine.py  (4 tests —
          MISSING test_real_postgres_adapter.py; NO .gitignore)
  v0.4_skeleton_present: TRUE but LESSER (4 tests, no .gitignore)
  dryrun.py: ABSENT   test_dryrun_snapshot_mark.py: ABSENT
  likely_authoritative: FALSE  (older/leaner stage copy; subset of C1;
                                KB code-authoring plan §1 calls it "older stage copy")

C3:
  path: /Users/nmhuyen/iu-cutter-build/repo
  exists: YES   is_git_repo: FALSE   contains_cutter_agent: FALSE
  note: pure parent of C1 (only child = iu-cutter/). Not a candidate.

C4:
  path: /Users/nmhuyen/iu-cutter-build
  exists: YES   is_git_repo: FALSE   contains_cutter_agent: FALSE
  top_level: db_adapter.py, test_real_postgres_adapter.py, repo/
  note: scratch/loose files beside repo/; NOT a repo. Not a candidate.

C5_VPS:
  path: /opt/incomex/dot , /opt/incomex/dot/iu-cutter
  exists: UNKNOWN — INSUFFICIENT ACCESS (see §3)
  is_git_repo: UNDETERMINED
  contains_cutter_agent: UNDETERMINED
  docker: no iu-cutter container among 9 running (agent-data, claude-kb,
          claude-mcp, directus, nginx, nuxt, qdrant, postgres, uptime-kuma)

3. Filesystem-wide negative search (local)

find /Users/nmhuyen -maxdepth 5 -type d -name .git | grep -iE 'cutter|dot|iu-'
  => (NONE)
find /Users/nmhuyen/iu-cutter-build /Users/nmhuyen/.iu-cutter-stage -name .git
  => (NONE — zero .git anywhere in either tree)
find /Users/nmhuyen -maxdepth 6 -type d -name cutter_agent
  => only C1 and C2 (no third cutter_agent tree)
other *dot* dirs (NOT iu-cutter): agent-data-test/dot, web-test/dot,
  "Documents/Manual Deploy/.../dot" — these are the DOT workflow trees,
  unrelated to the iu-cutter cutter_agent package (no cutter_agent inside).
git_binary: present (git version 2.39.5 Apple Git-154) — usable, but there is
  NO repository for it to act on locally.

4. VPS access boundary (exact missing access)

available_VPS_tools: list_docker (read-only), query_pg (read-only SELECT),
  pg_schema (information_schema), read_file (ALLOWLIST ONLY:
  /opt/incomex/docs, /opt/incomex/dot/specs, /var/log/nginx; binary rejected).
missing_for_repo_authority:
  - no shell / no `git` execution on VPS
  - no directory listing of /opt/incomex/dot or /opt/incomex/dot/iu-cutter
  - read_file('/opt/incomex/dot/iu-cutter/cutter_agent/__init__.py')
      => "[DENIED] path is outside the allowlist"
  - cannot enumerate .git, branch, HEAD, remote, or working tree on VPS
conclusion: VPS git-repo authority is UNDETERMINABLE with current tools
  (INSUFFICIENT_ACCESS for the VPS candidate specifically). No iu-cutter
  runtime container exists, but that does not prove absence of a checkout
  on the VPS host filesystem — it is simply unobservable here.

5. Statement

• QG1 PASS: zero file modification (read-only git/ls/find/read_file).
• QG2 PASS: no git init. QG3 PASS: no patch apply. QG4 PASS: no commit/deploy.
• QG5 PASS: candidate inventory complete (C1–C5 incl. VPS boundary).
• doc 1 of 4 → continues in evidence-review (2), recommendation (3), report (4). STOP after 4 docs → GPT/User. Self-advance PROHIBITED.