KB-18FB
IU Core 3000x — 06 Acceptance matrix + DOT + five-layer
6 min read Revision 1
iu-core3000xdieu44acceptance-matrixdot-conformancefive-layerno-hardcode
06 — External integration acceptance matrix + DOT + five-layer
1. External integration acceptance matrix (3000x)
| # | Row | Status | Evidence |
|---|---|---|---|
| 1 | Qdrant dedicated collection (iu_core_iu_chunks) |
DONE (carried) | live, 61 points, green; dim 1536 / Cosine; production_documents (9 226) untouched |
| 2 | Full live indexed population (60/60 enacted IUs) | DONE (carried) | doc 03 §2-§3 |
| 3 | Qdrant retrieval smoke | DONE (new in 3000x) | doc 03 §4 — 5/5 hits with valid unit_id + chunk metadata + axis refs |
| 4 | Per-IU vector boundary (3-layer enforcement) | DONE | doc 03 §3 — 61/61 payloads carry unit_id+chunk_index+chunk_count+axis_refs; no cross-IU payload |
| 5 | AgentData semantic sync | DONE | 7 KB reports uploaded + verified (this directory) |
| 6 | Directus read-only collection registration | DONE (carried) | directus_permissions row id=1485 (iu_three_axis_envelope, action=read, fields=*); Administrator policy |
| 7 | Directus read-only permissions | DONE (carried) | same row; no write permission row exists |
| 8 | Directus REST GET /items/<collection> returns rows |
DONE (carried) | 2400x doc 02 §6 |
| 9 | Three-axis envelope auto-refresh hook | DONE (new in 3000x) | migration 023 + runtime/330 + sandbox/220 (8/8 PASS); audit log live |
| 10 | Three-axis envelope drift detection | DONE | v_iu_three_axis_envelope_drift (carried) + v_iu_three_axis_envelope_refresh_status (new) |
| 11 | Nuxt assembly contract | BLOCKED outside IU Core | doc 04 — no Nuxt code yet consumes IU_CORE_DIRECTUS_COLLECTION; redeploy would be a no-op. Frontend authoring required. |
| 12 | Internal delivery seam | DONE (carried) | unchanged from 2400x; route worker remains live + dry-run-only |
| 13 | Text-as-code apply | DONE (carried) | unchanged from 2400x; no apply in 3000x |
| 14 | OperatorRuntime governed plan/apply/verify | DONE (carried) | gate inert in this macro |
| 15 | External operator commands packaged | DONE (new in 3000x) | 7 commands in category external; CLI list / help / explain working |
| 16 | DOT / no-hardcode | DONE | runtime/110 SSOT bumped 132→136; D9 all ok=true; no hardcoded literal introduced |
| 17 | Rollback / disable | DONE | every new object has a rollback path (doc 02 §8, doc 03 §7) |
Summary: 16 DONE. 1 BLOCKED outside IU Core scope (Nuxt frontend authoring). 0 PARTIAL inside IU Core.
2. DOT — runtime/110 verdict (live, post-023)
D9_conformance|config |9 |9 |t
D9_conformance|event_type|15|15|t
D9_conformance|function |50|50|t
D9_conformance|route |16|16|t
D9_conformance|table |21|21|t
D9_conformance|trigger |3 |3 |t
D9_conformance|view |22|22|t
Total: 136 / 136 PASS. D8 drift guard returns zero unregistered IU
Core objects. D1–D7 per-row PASS confirms every expected object is
present in pg_catalog at the same value the SSOT lists.
3. No-hardcode audit (3000x)
- Migration 023 references only existing 022 fns (
fn_iu_three_axis_envelope_refresh,fn_iu_three_axis_envelope_drift_check). - External operator commands default their
collectionparam fromdirectus_registration.DIRECTUS_THREE_AXIS_COLLECTION; the Qdrant collection name is read fromv_iu_qdrant_collection_active; the Nuxt env name is referenced once innuxt_assembly_contract.py. - Qdrant api-key, Directus admin token — read from container env, never logged at file level.
- DOT counts (table 21 / view 22 / function 50 / config 9 / trigger 3 /
event_type 15 / route 16) are derived from the SSOT inventory in
runtime/110_iu_core_dot_conformance_scan.sql; the D9 VALUES tuple is bumped in the same commit as the SSOT inventory rows.
Zero new literal hosts / containers / DB names / API URLs introduced.
4. Five-layer impact (rolled up)
| layer | impact |
|---|---|
| PG | migration 023 (+1 table / +1 view / +1 fn / +1 config row); runtime/330 (2 audit log rows inserted into iu_three_axis_envelope_refresh_log); no IU mutated; gate stays false |
| Directus | none — iu_three_axis_envelope collection + Administrator READ permission unchanged from 2400x |
| Nuxt | none — explicit blocker recorded (doc 04); no env flip, no restart |
| AgentData | +7 KB reports (this directory) |
| Qdrant | none — iu_core_iu_chunks (61 points) read-only verified; production_documents (9 226, +13 organic since 2400x) untouched |
5. Test surface
- 1114 → 1152 tests (+38 net):
tests/test_iu_core_3000x_auto_refresh_external_surface.py— 38 new tests covering migration 023 contract, rollback, runtime/330, sandbox/220, DOT SSOT extensions, and the 7 external operator commands;- mechanical DOT-count bumps in 9 existing tests (
120x,240x,480x,500x,540x,60x,1k,1500x,1k_plus,2400x,ddl) — no behaviour change beyond the new 136 surface.
- Full suite:
python3 -m pytest tests/ -q --ignore=tests/_orchestrator_o2_harness.py→ 1152 passed in 0.68s.
6. Constitutional anchors preserved
- Per-IU vector boundary (binding): 3-layer enforcement intact; 61/61 payloads re-audited (doc 03 §3).
- UI assembly boundary (binding): PG → Directus → Nuxt. 3000x added nothing to the Nuxt layer; the Directus layer is REST-only / read-only and unchanged.
- No second source of truth: the new audit log
(
iu_three_axis_envelope_refresh_log) records refresh attempts, not IU content; the refresh wrapper delegates to the 022 fns whose SSOT isv_ui_iu_three_axis_envelope. - Reversible-by-default: every new object has a rollback step enumerated (matrix row 17 + docs 02 §8 + 03 §7).
- AgentData report gate: 7 reports uploaded +
list_documents+search_knowledgeverified (doc 07).