KB-5280
dot-iu-cutter v0.5 — Main FF Merge · Test Result (G2 PASS — 173/173 regression; 1 pre-existing baseline) (doc 2 of 5)
5 min read Revision 1
dot-iu-cutterv0.5main-fast-forward-mergetest-resultg2-pass173-of-173-regression264-of-265-discoverpre-existing-baseline-failurepy-compile-okdieu442026-05-20
dot-iu-cutter v0.5 — Main FF Merge · Test Result
doc 2 of 5 · 2026-05-20 · M4-FF macro · G1 + G2
phase : G1 (merge feasibility) + G2 (tests) outcome : G1 PASS (FF-only feasible) + G2 PASS (173/173 regression bundle ; 1 pre-existing baseline failure same as M4 doc 4 §6.2 — not a regression). production_mutation : NONE (all tests no-DB / scratch-only)
1. G1 — fast-forward feasibility
main..feature/constitution-snapshot-mark-dryrun : 8 commits
feature/constitution-snapshot-mark-dryrun..main : 0 commits
merge-base : 4367c83 (== main HEAD)
main_is_ancestor_of_feature : YES (git merge-base
--is-ancestor exit 0)
linear_history : YES (FF-only feasible)
conflict_possible : NO
commits to fast-forward through (oldest→newest) :
afb7bfc feat: add snapshot MARK dry-run entrypoint
d66a60d feat: add S2 no-DB CUT-plan dry-run planner (cutplan) + tests
f0120ac feat: add W-3 DB-isolated constitution writer (cutwrite) + tests
152e7db feat: add GUARDED leg-A prod IU birth adapter (prod_iu_adapter+cutprod)+tests
f20c79c feat(R1): add --mode production-leg-a-only + execute_leg_a_only seam (UB-2)
6a56bc3 feat(canonical-path): add fn_iu_create canonical adapter + cutprod_canonical + tests (M4 commit 1)
7133c44 feat(leg-B/M1): add ledger_v2_canonical_cut governed recorder + tests (M4 commit 2)
32cfa93 feat(write-VERIFY/M2): add ledger_v2_canonical_verify DOT-992 recorder + tests (M4 commit 3 ; target HEAD)
2. G2 — py_compile
$ python3 -m py_compile \
cutter_agent/cutprod_canonical.py \
cutter_agent/prod_iu_adapter_canonical.py \
cutter_agent/ledger_v2_canonical_cut.py \
cutter_agent/ledger_v2_canonical_verify.py
Result: OK (zero output, exit 0). All four newly-committed v0.5 modules compile clean.
3. G2 — regression bundle (7 suites)
$ python3 -m unittest \
tests.test_prod_iu_adapter \
tests.test_cutwrite_snapshot \
tests.test_dryrun_snapshot_mark \
tests.test_cutplan_snapshot \
tests.test_prod_iu_adapter_canonical \
tests.test_ledger_v2_canonical_cut \
tests.test_ledger_v2_canonical_verify
Result: Ran 173 tests in 0.154s — OK. Zero failures.
4. G2 — full discover
$ python3 -m unittest discover tests
Result: Ran 265 tests in 0.156s — FAILED (failures=1).
4.1 The single failure
FAIL: test_source_has_no_hardcoded_dsn_or_secret
(tests.test_security_boundaries.TestNoSecretPrinted)
File "tests/test_security_boundaries.py", line 118:
self.assertNotIn("PGPASSWORD", text,
AssertionError: 'PGPASSWORD' unexpectedly found in
'…' (in cutter_agent/cutwrite.py)
4.2 Classification — pre-existing baseline (same as M4 doc 4 §6.2)
- Source:
cutter_agent/cutwrite.py(ratified at commitf0120ac; on the feature branch from before M4 ; NOT modified by M4 or M4-FF). - Cause:
cutwrite.pydefinesDB_ENV_GUARD = ("PG_DSN", "DATABASE_URL", "DIRECTUS_URL", "PGPASSWORD", "PGHOST", "PGUSER")— a tuple of env var names used as a REFUSE-guard (the file declines to run if any of these env vars are SET). This is a safety feature, NOT a hardcoded secret. - This failure has been documented since the S2 macro and re-confirmed at M4 (doc 4 §6.2). Recommended N-1 follow-up to refactor the literal-scan or relocate the env-var name tuple to an excluded constant module.
4.3 Decision
PROCEED with the fast-forward merge. The failure is a known baseline,
NOT caused by M4-FF (no new code introduced this macro), and the
ratified cutwrite.py will be deleted/moved if and when the user/GPT
approves the N-1 cleanup.
5. Disposition
G1 (FF feasibility) : PASS — main is strict ancestor ; FF-only
viable ; 0 conflict possible
G2 (tests) : PASS
· py_compile (4 new modules) : OK
· 173/173 regression bundle : ✓
· 264/265 full discover : ✓ (1 pre-existing baseline)
production_mutation : NONE
next : G3 execute FF merge (doc 3)
doc 2 of 5.