11000x · 10 — Evidence bundle pointer

Repo (Mac, /Users/nmhuyen/iu-cutter-build/repo/iu-cutter)

• Branch: main
• Parent commit (pre-11000x): d88d08b
• 11000x commit: to be created after this report (commit message in 00-pass-summary.md)
• Working-tree files at report time:
  • NEW: sql/iu-core/029_piece_event_runtime_substrate.sql
  • NEW: sql/iu-core/030_event_outbox_event_domain_add_piece.sql
  • NEW: sql/iu-core/rollback/029_piece_event_runtime_substrate.rollback.sql
  • NEW: sql/iu-core/rollback/030_event_outbox_event_domain_add_piece.rollback.sql
  • NEW: tests/test_iu_core_piece_event_runtime.py
  • NEW: ops/piece-event-runtime-package-11000x/{README.md,04-bounded-live-proof.sql,05-operator-runbook.md}
  • NEW: ops/product-factory-foundation-package-11000x/README.md
  • EDIT: sql/iu-core/runtime/110_iu_core_dot_conformance_scan.sql (SSOT inventory + D9 VALUES)
  • EDIT: cutter_agent/iu_core/healthcheck.py (+8th surface: SURFACE_SQL + _verdict)
  • EDIT: tests/test_iu_core_ddl.py (EXPECTED_COUNTS sum 156→163)
  • EDIT: 13 other tests/test_iu_core_*.py files (pinning DOT counts)
  • EDIT: tests/test_iu_core_5000x_healthcheck.py (HAPPY_RESULTS + surface count 7→8)

VPS state (contabo / docker exec postgres)

• PG version: PostgreSQL 16.13 (Debian) / db=directus / writer=workflow_admin
• Pre-mutation backup: /root/backups/directus-pre-iucore-11000x-20260525T000257Z.dump
  • Size: 79.4 MB
  • sha256: c62ed38a342eec3b3e8d11b1d46d7597ac065c8769782a8439b4ec2178089fed
• Migration 029 applied: COMMIT confirmed; post-apply healthcheck() = ok=true
• Migration 030 applied: COMMIT confirmed; post-apply CHECK contains 'piece'
• Bounded proof applied + ROLLED BACK: 0 rows of mutation persist

D9 conformance live (post-apply)

D9_conformance|table|25|25|t
D9_conformance|view|24|24|t
D9_conformance|function|59|59|t
D9_conformance|trigger|6|6|t
D9_conformance|config|12|12|t
D9_conformance|event_type|21|21|t
D9_conformance|route|16|16|t

Total: 163 / 163 / ok.

Tests

$ python3 -m pytest tests/ -q
1324 passed in 0.80s

KB reports under …/v0.6-iu-core-11000x-piece-event-runtime-product-factory-open-goal/

• 00-pass-summary.md
• 01-baseline-channel-pack.md
• 02-migration-029-substrate.md
• 03-migration-030-check-extension.md
• 04-emit-hooks-design.md
• 05-healthcheck-eighth-surface.md
• 06-bounded-live-proof-transcript.md
• 07-product-factory-foundation.md
• 08-d9-conformance.md
• 09-regression-matrix-and-lessons.md
• 10-evidence-bundle-pointer.md ← this file

10 reports total.

Subsequent verification commands an auditor can run

# 1. Live D9 from VPS
ssh contabo "docker exec postgres psql -U workflow_admin -d directus \
   -A -F'|' -t -f /tmp/110.sql 2>&1 | grep D9_conformance"

# 2. Live 8th-surface healthcheck verdict
ssh contabo "docker exec postgres psql -U workflow_admin -d directus \
   -tAc 'SELECT public.fn_iu_piece_event_runtime_healthcheck()'"

# 3. Substrate inventory live (must return 7)
ssh contabo "docker exec postgres psql -U workflow_admin -d directus -tAc \"
  SELECT
    (SELECT count(*) FROM pg_class WHERE relname='v_piece_event_outbox') +
    (SELECT count(DISTINCT proname) FROM pg_proc WHERE proname IN ('fn_iu_piece_emit_event','fn_iu_lifecycle_log_emit_piece_event_trg','fn_iu_piece_event_runtime_healthcheck')) +
    (SELECT count(*) FROM pg_trigger WHERE tgname='trg_iu_lifecycle_log_emit_piece_event' AND NOT tgisinternal) +
    (SELECT count(*) FROM public.dot_config WHERE key LIKE 'piece_event_runtime.%')
\""
# Expected: 7

# 4. Gate state — must both be safe defaults
ssh contabo "docker exec postgres psql -U workflow_admin -d directus -tAc \"
  SELECT key, value FROM public.dot_config
   WHERE key LIKE 'piece_event_runtime.%'
   ORDER BY key
\""
# Expected:
#   piece_event_runtime.dry_run_only|true
#   piece_event_runtime.emit_enabled|false

# 5. No piece events persisted
ssh contabo "docker exec postgres psql -U workflow_admin -d directus -tAc \
  \"SELECT count(*) FROM public.event_outbox WHERE event_domain='piece'\""
# Expected: 0

All 5 should reproduce the values in this report.