KB-6277
dot-iu-cutter v0.5 — production-leg-a-only mode · Test Result (37/37 + 95/95) (doc 2)
8 min read Revision 1
dot-iu-cutterv0.5production-legA-mode-final-approval-readyr1-test-resultno-db-connectionfail-closed-coveragebaseline-security-boundary-unchangeddieu442026-05-20
dot-iu-cutter v0.5 — production-leg-a-only mode · Test Result
doc 2 of 4 · 2026-05-20 · evidence-only ; tests are pure, no DB connect. Re-runs the targeted suites (78 pre-R1 + 17 new R1 = 95) and confirms wider regression (139 passed + 1 baseline-known unchanged).
targeted_pass_count : 95/95 # was 78/78 R1_new_tests : 17/17 PASS wider_pass_count : 139/140 # 1 baseline pre-existing (W-3 era) production_mutation : NONE DB_connection_count : 0
1. Test environment
python : python3 (Apple Darwin) ; pytest -q
repo HEAD: f20c79c (post-R1 commit) ; feature branch ; tree clean
networking: not used in any test ; no psycopg/socket/requests/sqlalchemy at
module load (asserted by test_no_psycopg_or_socket_at_import).
2. Targeted suites (the 4 ratified suites)
tests.test_prod_iu_adapter : 37/37 PASS (was 20 ; +17 new R1 tests)
tests.test_cutwrite_snapshot : 22/22 PASS (byte-identical regression)
tests.test_dryrun_snapshot_mark : 21/21 PASS (byte-identical regression)
tests.test_cutplan_snapshot : 15/15 PASS (byte-identical regression)
total targeted : 95/95 PASS in 0.18 s
3. The 17 new R1 tests (tests.test_prod_iu_adapter)
TestProductionLegAOnlyCli (15 tests) :
test_no_sovereign_approval_refused PASS
test_no_grant_approval_refused PASS
test_wrong_intent_token_refused PASS
test_missing_intent_token_refused PASS
test_missing_backup_sha_refused PASS
test_malformed_backup_sha_refused PASS
test_missing_provider_module_refused PASS
test_unloadable_provider_module_blocked PASS
test_malformed_provider_spec_refused_as_value_error PASS
test_db_env_refused_in_production_leg_a_only PASS
test_wrong_writer_digest_refused PASS
test_happy_path_commits_180_legA_statements PASS
asserts: 1 BEGIN + 1 SET CONSTRAINTS ALL DEFERRED + 1 SELECT current_user
+ 60 INSERT INTO public.information_unit + 60 INSERT INTO
public.unit_version + 60 UPDATE public.information_unit
+ conn.committed=True ; conn.rolled_back=False
+ NO DELETE / TRUNCATE / DROP / ALTER / GRANT / REVOKE /
cutter_governance in any statement
test_principal_wrong_aborts_no_commit PASS
asserts: G4 raises BEFORE BEGIN ⇒ no rollback either ; no INSERT/UPDATE
emitted ; conn.committed=False.
test_drift_detected_rollback_no_commit PASS
asserts: BEGIN issued ; G5 raises ; conn.rolled_back=True ; no writes.
test_cut_once_pre_existence_rollback_no_commit PASS
asserts: BEGIN issued ; G6 raises (icx=7) ; conn.rolled_back=True ;
no writes ; conn.committed=False.
Direct adapter seam (2 tests) :
test_execute_leg_a_only_capture_rollback_path PASS
asserts: mid-leg_a_in_txn exception ⇒ conn.rolled_back=True ;
conn.committed=False ; original exception re-raised.
test_execute_leg_a_only_success_summary PASS
asserts: summary={iu_inserted:60, uv_inserted:60, anchor_updates:60,
writer_digest:d99a31d4…, txn:COMMITTED,
leg_b_status:DEFERRED_TO_POST_CUT_GOVERNED_RECORDING_PACKAGE} ;
conn.committed=True.
4. Regression / import-isolation invariants (unchanged-green)
TestImportIsolation:
test_no_psycopg_or_socket_at_import : PASS (cutprod, prod_iu_adapter ;
bans psycopg / psycopg2 / socket / requests / sqlalchemy at module load ;
cutprod imports added in R1 = argparse, importlib, os, re, sys + relative
cutter_agent.prod_iu_adapter ; none banned).
test_default_provider_refuses : PASS (ProductionAccessNotAuthorized
still raised by the default _default_provider ; only operator-injected
providers can attempt a real connection).
TestGuards (all unchanged) :
test_g1_no_approval_refused / g23_real_rowset_and_digest /
g2_identity_mismatch_refused / g7_backup_gate_refused /
g4_principal / g5_drift / g6_cut_once /
execute_cut_blocked_gap_b1 : 8/8 PASS
TestLegASql (unchanged) :
test_leg_a_ordering_and_allowlist : PASS (60·60·60 ordering, anchor
UPDATE column-scope, no forbidden SQL).
test_column_allowlist_rejects_foreign_column : PASS
test_table_allowlist_rejects_foreign_table : PASS
TestLaneOverlap (unchanged) :
test_dot991_executor_row_valid / test_negative_invariants : 2/2 PASS
TestCutprodCli (unchanged) :
test_plan_only_ok / production_blocked_gap_b1 / wrong_mode_refused /
wrong_writer_digest_refused / db_env_refused : 5/5 PASS
5. Wider regression (entire tests/ excluding the live-DB suite)
discovered tests (excl. tests/test_real_postgres_adapter.py) : 140
passed : 139
failed : 1
the 1 failure :
test = tests.test_security_boundaries::TestNoSecretPrinted
::test_source_has_no_hardcoded_dsn_or_secret
reason = assertNotIn("PGPASSWORD", text) fires on
cutter_agent/cutwrite.py (the ratified W-3 file)
baseline = documented in prior memory (W-3 closeout / Final-Bridge / first
approval package) as "pre-existing baseline" ; existed BEFORE
this R1 commit and is unchanged.
R1 contribution to this failure : ZERO. The PGPASSWORD literal is in the
pre-existing _DB_ENV_GUARD tuple (the defensive list of env vars the
composer refuses to accept) ; the test stops at the first match
(cutwrite.py) so the cutprod tuple is not visible in the error but is
semantically identical and equally well-justified.
classification : known baseline ; not introduced by R1 ; not in the leg-A
critical path ; separate remediation later.
no other regressions.
6. Zero-mutation invariants this phase
production_DB_connection_attempts : 0 (default provider refuses ; stub
provider in tests returns FakeConn)
production_rows_written : 0
production_rows_updated : 0
production_rows_deleted : 0 (cutter_exec has no DELETE privilege
anywhere ; tests assert no DELETE)
GRANT / REVOKE executions : 0
VERIFY executions : 0
deploy / restart / docker rebuild : 0
git push / merge / tag : 0 (no remote configured ; reversible
via git reset --hard 152e7db)
secrets in logs / argv / KB : 0
doc 2 of 4. No production mutation. Self-advance PROHIBITED.