Incomex AI Portal
KB-D221

IU Core 1k — 06 Final report (IU_CORE_1K_VECTOR_OPERATOR_UI_DELIVERY_ACCEPTANCE_PASS)

6 min read Revision 1
iu-core1kfinal-reportPASSdot-iu-cutter

IU Core — 1k vector / operator / UI / delivery / acceptance — Final report

  • Macro: IU_CORE_1K_VECTOR_SYNC_OPERATOR_UI_DELIVERY_ACCEPTANCE_OPEN_GOAL
  • Date: 2026-05-22
  • Host: MacBook/dev /Users/nmhuyen/iu-cutter-build/repo/iu-cutter
  • Production: VPS vmi3080463, container postgres (postgres:16), DB directus
  • Outcome: IU_CORE_1K_VECTOR_OPERATOR_UI_DELIVERY_ACCEPTANCE_PASS

1. Final status

IU Core moved from "production-grade core + internal delivery + text-as-code apply" toward a production-ready operating surface: a durable vector/semantic-sync foundation, a concurrency-safe operator runtime (finding F-960x-1 closed), a verified delivery gate, a re-hardened text-as-code apply gate, and a clear next rollout package. DOT 113 -> 121. No unsafe production state; no forbidden action.

2. What changed

  • Production (durable): migration 019 — 2 tables, 1 view, 4 functions, 1 config gate (vector-sync substrate + runtime lease). 3 iu_vector_sync_point dryrun rows. Nothing else: IU data unchanged.
  • Repo (commit c16d4a0): sql/iu-core/019_vector_sync_runtime_lease .sql (+rollback), sandbox/170 + sandbox/180, vector_sync.py (new connector), operator_runtime.py (+RuntimeLease), runtime/110 DOT bump, test_iu_core_1k_vector_sync_lease.py (+39), 7 prior test files DOT-count-updated.
  • KB (commit a236ed3): 7 reports.

3. Repo / branch / HEAD

Branch main; HEAD 5b743c0 -> c16d4a0 (code) -> a236ed3 (KB). No push / merge / tag.

4. Production backup + gates

Gate 3 PASS — pg_dump -Fc /opt/incomex/backups/directus-pre-iucore-1k-20260522T142308Z.dump, 76,411,584 bytes, sha256 59222fbabbb4027b72e0c68a11cb221ab4cdb3f54b763adfb7a6887b5ddfa17a, 3159 entries. All 17 mandatory gates PASS.

5. Current-state verification

Production verified at the 960x handoff (DOT 113/113, iu=163, coll=3, membership=8, cmd_run=18, change_log=56, route_attempt=68, dead-letter 0) — no repair needed.

6. Vector / semantic sync

Migration 019 vector-sync substrate (gate / registry / governed upsert / drift view) + vector_sync.py connector. Bounded dry-run proven durably — 3 iu_vector_sync_point rows. sandbox/170 7/7 (a real drift-view defect found + fixed). Qdrant reachable at incomex-qdrant:6333; external apply blocked on the api-key secret + an embedder — exact blocker recorded, no secret logged.

7. AgentData / Qdrant

AgentData-side sync: 7 reports uploaded + verified. Qdrant-side: connector + gate + registry built; external write is a gated, secret-blocked next slice — no external store touched.

8. Operator / UI / API surface

Read-only views + CLIs (now incl. v_iu_vector_sync_status + the vector_sync CLI) — no deploy/restart. The Directus/Nuxt UI exposure stays a documented deploy-gated runbook.

9. Delivery gate / internal verification

Delivery gate fully built; sandbox/150 8/9 — fail-closed gates, idempotency, projection, dead-letter all PASS. The one non-pass (T4 positive delivery) is correct post-960x state (backlog drained); recorded as F-1k-1. External delivery remains blocked.

10. Text-as-code hardening

sandbox/160 re-verified 8/8; two bounded flows covered (reversible reorder/remove/add + no-op idempotent). APPLY_IS_DESTRUCTIVE=False holds; destructive apply forbidden.

11. OperatorRuntime concurrency

Finding F-960x-1 CLOSED. Migration 019 dot_iu_runtime_lease + atomic acquire/release; RuntimeLease context-manager gate window; sandbox/180 7/7 proves two instances cannot both hold the lease.

12. Piece-platform acceptance flows

Six end-to-end flows evidenced (create from pieces, auto-cut->composer, text-as-code apply, render/export, semantic sync plan, healthcheck) — each durable or sandbox, each DOT-traceable.

13. DOT / no-hardcode / five-layer

DOT 121/121, D8 drift 0. No-hardcode PASS (0 real violations). Five-layer classified — PG additive/durable, Directus/Nuxt none, AgentData 7 reports, Qdrant plan+dryrun.

14. Tests

1020 passed (was 981; +39). DOT-count assertions updated 113 -> 121 across test_iu_core_ddl.py + 6 prior-macro files.

15. KB / AgentData reports

7 reports under v0.6-iu-core-1k-vector-operator-ui-delivery-acceptance-open-goal/, uploaded to AgentData and verified by list_documents + get_document + search_knowledge.

16. Findings

  • F-960x-1 — CLOSED. OperatorRuntime gate-window concurrency — fixed by the durable lease; sandbox/180 T2 proves it.
  • F-1k-1 — NEW (low severity). sandbox/150's positive-delivery probes (T4/T6) discover an undelivered event from the live backlog; 960x's runtime/300 drained that backlog, so T4 cannot demonstrate "+1 row". Not a defect, not unsafe — the delivery seam's fail-closed / idempotent / projection / dead-letter behaviour is fully proven (8/9). Fix: make sandbox/150 self-seed a synthetic event inside its BEGIN...ROLLBACK.

17. Exact blockers

  • Qdrant external apply — needs the api-key secret wired into the connector's HttpPoster (VPS deployment secret, not this repo) + an embedder. Connector + gate + dry-run complete; no unsafe state.
  • Directus/Nuxt UI — deploy-gated integration outside this repo; runbook recorded.

18. No forbidden action

No external downstream delivery; no uncontrolled CUT; no destructive text-as-code or vector reindex; no broad lifecycle mutation; no ungoverned IU creation; no destructive cleanup; no deploy / restart; no daemon; no cron; no execution_enabled flip; no secret logged; no push / merge / tag. GPT handoff not used as task input.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.6-iu-core-1k-vector-operator-ui-delivery-acceptance-open-goal/06-final-report.md