KB-5D61
IU Core 3000x — 01 Macro and gates
5 min read Revision 1
iu-core3000xdieu44macrogatesauto-refreshnuxt-blockerqdrant-retrieval
01 — Macro and gates (3000x)
1. Macro
IU_CORE_3000X_NUXT_REDEPLOY_AUTO_REFRESH_RETRIEVAL_OPEN_GOAL
Pivots the 2400x exit handoff into the next sustainable closeout. The mission asked for three intertwined slices:
- Slice A — Nuxt env flip + redeploy. The 2400x report carried a
deploy-gated blocker: set
IU_CORE_DIRECTUS_COLLECTION=iu_three_axis_envelopeand restartincomex-nuxt. Live discovery in 3000x revealed this is premature — see doc 04. - Slice B — Auto-refresh hook (migration 023). Replace the manual
fn_iu_three_axis_envelope_refreshwith a drift-gated, audited wrapper + reserved trigger gate, packaged via operator commands. Executed in full. - Slice C — Retrieval / drift hardening. Vector search against
iu_core_iu_chunks; payload audit; per-IU boundary re-verification;production_documentsnon-interference proof.
2. Host + tooling
- Working directory:
/Users/nmhuyen/iu-cutter-build/repo/iu-cutter(MacBook, branchmain). - Local tools:
psql 16,pg_dump 16,git 2.x,python3 3.12, SSH aliascontabo → root@38.242.240.89. - Remote target: VPS
vmi3080463; containerspostgres,incomex-directus,incomex-nuxt,incomex-qdrant(all healthy at session start). - DB:
directuson containerpostgres, roledirectus.
3. Mandatory gates (all PASS)
| # | Gate | Result |
|---|---|---|
| G1 | Correct host + tools (MacBook + psql/pg_dump/SSH) | PASS |
| G2 | Target identity confirmed (directus DB, incomex-nuxt) |
PASS |
| G3 | Fresh pg_dump -Fc backup before any DB mutation |
PASS — see §4 |
| G4 | Nuxt config/container snapshot captured pre-decision | PASS — see doc 04 |
| G5 | Rollback path exists for every mutation | PASS — see doc 06 |
| G6 | DOT / no-hardcode / five-layer baseline clean | PASS — 132/132 pre-, 136/136 post- |
| G7 | Candidate scope discovered, not hardcoded | PASS — collection/env vars discovered |
| G8 | Operation bounded + reversible | PASS — 023 is additive; rollback file exists |
| G9 | Rollback / disable / cleanup file authored before apply | PASS — rollback/023 + runtime/rollback/330 |
| G10 | Commands/events/vocab registry/DOT-backed | PASS — runtime/110 SSOT bumped 132→136 |
| G11 | Refresh hook does not create second source of truth | PASS — iu_three_axis_envelope_refresh_log is audit-only; the wrapper delegates to 022 fns |
| G12 | Vector sync cannot cross IU boundary | PASS — payload audit at 61/61 (doc 05) |
| G13 | Directus registration remains read-only | PASS — Administrator READ unchanged |
| G14 | Nuxt redeploy gated; only incomex-nuxt would be touched |
PASS — no redeploy performed; exact blocker recorded (doc 04) |
| G15 | All write gates inert at end | PASS — composer/delivery/operator_runtime/structure_ops/vector_sync/three_axis_auto_refresh = false |
| G16 | AgentData upload + search verification path exists | PASS — doc 07 §3 |
G3 backup anchor:
/opt/incomex/backups/directus-pre-iucore-3000x-20260523T071027Z.dump
- size: 77 599 842 bytes
- sha256:
95dd1d871b351d08fb076a43ccd6ee20dcdc290d06324f35f2666402cc5253cc
4. Approved mutation envelope
| # | Change | Status |
|---|---|---|
| 1 | Migration 023 — iu_three_axis_envelope_refresh_log + fn_iu_three_axis_envelope_refresh_if_stale + v_iu_three_axis_envelope_refresh_status + dot_config.iu_core.three_axis_auto_refresh_enabled |
APPLIED — additive DDL, gate=false |
| 2 | Runtime/330 smoke (dry-run + live drift-gated refresh) on prod | APPLIED — 2 audit log rows; outcome=skipped_in_sync confirms cache in_sync after 2400x |
| 3 | runtime/110 DOT SSOT bump (132→136) | APPLIED — D9 verdict ok across all 7 layers |
| 4 | External operator commands (7 new) in cutter_agent/iu_core/dot_commands.py |
APPLIED — registry now 17 governed + 7 external |
| 5 | Nuxt env flip + redeploy | NOT PERFORMED — exact blocker recorded; redeploying would be a no-op (doc 04) |
| 6 | Trigger on information_unit / iu_metadata_tag for auto-refresh |
NOT INSTALLED — reserved gate only; trigger work deferred to next macro |
5. Forbidden — none triggered
- No broad service restart (no restart performed at all).
- No destructive vector reindex (Qdrant retrieval was read-only).
- No cross-IU vector or chunk (61/61 boundary re-audited).
- No hardcoded secret / connector / embedder (Qdrant api-key discovered
from
incomex-agent-dataenv, not logged). - No external downstream workflow delivery.
- No direct Nuxt business logic introduced.
- No bypassing Directus / API layer.
- No push / merge / tag.
- No GPT handoff treated as task input.