dot-iu-cutter v0.5 — S2 Planner Commit & Writer Design Bridge · Commit Precheck + Test Result

Phase: v0_5_s2_planner_commit_and_writer_design_bridge · Date: 2026-05-19 · doc 1 of 5 Authorized by GPT ruling …s2-to-cut-capability-readiness-gpt-ruling-2026-05-19 (P_track: COMMIT_REVIEW_AND_COMMIT_S2_PLANNER_IF_STILL_CLEAN; R1 targeted-suite gate).

kb_read: confirmed · kb_upload: confirmed (this doc)
production_mutation: NONE · git_action: local feature-branch commit ONLY (no merge/push/tag)
self_advance: PROHIBITED

1. Pre-commit precheck (read-only, before git add)

repo_path:     /Users/nmhuyen/iu-cutter-build/repo/iu-cutter
branch:        feature/constitution-snapshot-mark-dryrun   (NOT main)
pre_commit_HEAD: afb7bfcc9b7bbb953bb00159479c9611e6ac4bd1
working_tree:  exactly 2 untracked files, zero tracked-file diff:
                 ?? cutter_agent/cutplan.py
                 ?? tests/test_cutplan_snapshot.py
file_sha256 (byte-exact == S2 readiness report pinned values):
  cutter_agent/cutplan.py            548eabc5530260555ff448ce6f3acded9728fe51c4ae61de658e9a97c4d828f1
  tests/test_cutplan_snapshot.py     06e871e73496089f5a88f072fb0a1e4f5d4ac720e1cb73bd737bc12d699a578a
  cutter_agent/dryrun.py (committed) f1f42e83ca23ba0b328f79cf04a8391ac699d1b307eb1b22b52c305f2efa1422
precheck_verdict: CLEAN — only the expected S2 files present, byte-exact, no other change.

2. Local test result (no DB env; net-zero)

cmd_prefix: env -u PG_DSN -u DATABASE_URL -u DIRECTUS_URL -u PGPASSWORD -u PGHOST -u PGUSER
tests.test_cutplan_snapshot        : Ran 15 tests … OK        (15/15 GREEN — S1 gate of record)
tests.test_dryrun_snapshot_mark    : Ran 21 tests … OK        (21/21 GREEN — MARK precedent)
unittest discover -s tests         : Ran 128 tests … FAILED (failures=1)
py_compile cutplan.py + test       : OK
post_commit_recheck tests.test_cutplan_snapshot : Ran 15 tests … OK  (still green after commit)

2a. The single discover failure = KNOWN PRE-EXISTING BASELINE issue (not a regression)

failing_test: tests/test_security_boundaries.py::TestNoSecretPrinted
  ::test_source_has_no_hardcoded_dsn_or_secret  (assertNotIn "PGPASSWORD" in non-test *.py)
classification: PRE-EXISTING at ratified baseline afb7bfc — proven in the prior phase by
  moving both S2 files aside (pure afb7bfc still failed the identical test, pointing at the
  RATIFIED cutter_agent/dryrun.py:474 DB-env REFUSAL guard tuple
  ("PG_DSN","DATABASE_URL","DIRECTUS_URL","PGPASSWORD") — an env-var NAME the code refuses
  to read, NOT a hardcoded secret). cutplan.py:50 mirrors the same ratified guard idiom.
regression?: NO. S2 introduces no new defect class. The MARK entrypoint commit afb7bfc was
  itself ratified on the targeted-suite gate (tests.test_dryrun_snapshot_mark 21/21) with
  this same latent full-discover failure ⇒ identical, GPT-ratified precedent (R1).
remediation: tracked as a SEPARATE pre-existing item (over-broad security-test heuristic vs
  the DB-env refusal-guard token in dryrun.py/cutplan.py) — out of S2 scope.

3. Commit-gate decision

gate: R1 (GPT ruling 2026-05-19) — ratify the targeted-suite commit gate.
result: PROCEED with the S2 planner commit (doc 2). Tree still CLEAN; targeted suite GREEN;
  py_compile OK; only the 2 expected byte-exact files; the lone discover failure is the
  GPT-ratified pre-existing baseline issue, not an S2 regression.

doc 1 of 5. Local CI net-zero. No production mutation. Self-advance PROHIBITED.