07 — 4000x final report + next macro

1. Status

IU_CORE_4000X_UI_RUNTIME_ACCEPTANCE_PASS

• 23 of 24 acceptance-matrix rows DONE (doc 06).
• 1 row DONE_WITH_EXTERNAL_BLOCKER — Nuxt UI package authored and verified; deploy = copy + image rebuild + single-container restart, owned by frontend / DevOps.
• Zero unsafe state at exit. All write gates inert. Auto-refresh trigger installed but inert (gate false).

2. What changed in this macro

2.1 Code (new commit on main, parent c426de4)

• sql/iu-core/024_three_axis_envelope_auto_refresh_trigger.sql — migration 024: error log table + trigger function + 2 statement-level AFTER triggers.
• sql/iu-core/rollback/024_three_axis_envelope_auto_refresh_trigger.rollback.sql — drops triggers → function → error log table.
• sql/iu-core/runtime/340_three_axis_envelope_auto_refresh_trigger_smoke.sql — durable controlled gate-cycle smoke.
• sql/iu-core/runtime/rollback/340_three_axis_envelope_auto_refresh_trigger_smoke.rollback.sql — delete-by-actor scoped to iu_lifecycle_trigger.
• sql/iu-core/sandbox/230_three_axis_envelope_auto_refresh_trigger_probe.sql — 7-probe BEGIN/ROLLBACK exercising every gate / drift / exception branch.
• sql/iu-core/runtime/110_iu_core_dot_conformance_scan.sql — SSOT extended with the 4000x objects; D9 verdict bumped to 22/22/51/5/9/15/16.
• cutter_agent/iu_core/dot_commands.py — extended dot_iu_external_healthcheck with the auto-refresh-trigger surface; new dot_iu_three_axis_envelope_trigger_status command. Registry: 17 governed + 8 external = 25.
• ui-package/nuxt-iu-three-axis/ — deploy-ready Nuxt UI package (README + pages/admin/iu-three-axis.vue + composables/useIuThreeAxis.ts + runtimeConfig.snippet.ts + compose.snippet.yml).
• tests/test_iu_core_4000x_auto_refresh_trigger_ui_runtime.py — 25 new tests across 7 contract classes (migration 024 + rollback / runtime/340 / sandbox/230 / runtime/110 SSOT / external healthcheck extension / vector boundary preservation / Nuxt UI package / no-hardcode).
• 14 existing tests get mechanical DOT-count bumps (120x, 240x, 480x, 500x, 540x, 60x, 1k_vector_sync_lease, 1k_plus, 1500x, 2400x, 3000x, structure_op_layer, ddl).

2.2 Production durable changes

• Migration 024 applied to live directus DB on container postgres (vmi3080463). CREATE TABLE / CREATE FUNCTION / CREATE TRIGGER x2 + 1 INDEX. Triggers immediately inert (gate stays false).
• Runtime/340 ran: 1 row added to iu_three_axis_envelope_refresh_log, id=14, actor=iu_lifecycle_trigger, outcome=skipped_in_sync. Gate flipped true and back to false in the same transaction.
• DOT scan re-run on prod: all 7 layers ok=true (22 / 22 / 51 / 5 / 9 / 15 / 16 = 140).

2.3 Production transient

• None. Gate iu_core.three_axis_auto_refresh_enabled is false at exit (and was true only inside runtime/340's transaction).

3. Backup

pg_dump -Fc against the live postgres container, taken BEFORE migration 024:

• File: /opt/incomex/backups/directus-pre-iucore-4000x-20260523T084654Z.dump
• Size: 77 626 154 bytes
• sha256: f18ae2f6512adabc186c84dbb87323e7f334c17e72f688e043915aca8a8970b7
• Recovery: docker exec postgres pg_restore -U directus -d directus -c against the dump.

4. Tests

• tests/test_iu_core_4000x_auto_refresh_trigger_ui_runtime.py — 25 passed (7 contract classes).
• 14 existing tests updated for the DOT-count bump (mechanical, no behaviour change).
• Full suite: python3 -m pytest tests/ -q --ignore=tests/_orchestrator_o2_harness.py → 1138 passed in 0.62 s.

5. Live verification (after 4000x)

Checked via docker exec postgres psql -U directus -d directus: iu_three_axis_envelope carries 163 rows; gate=false; cache_healthy=t, current_in_sync=t; refresh_log carries ≥1 row under actor='iu_lifecycle_trigger'; trigger_error_log is empty. Qdrant collection iu_core_iu_chunks returns status=green / 61 points. Directus REST aggregate count = 163.

All checks PASS.

6. Rollback / disable readiness

layer	rollback
Migration 024	sql/iu-core/rollback/024_…rollback.sql
Runtime/340 audit rows	sql/iu-core/runtime/rollback/340_…rollback.sql (delete-by-actor iu_lifecycle_trigger)
Auto-refresh gate	already false; setting it true re-enables, false disables — no DDL required
Trigger function	DROP FUNCTION step inside the 024 rollback
Triggers	DROP TRIGGER step inside the 024 rollback
Error log	DROP TABLE step inside the 024 rollback
External healthcheck extension	git revert of the dot_commands.py hunk; runtime SQL has no dependency
Nuxt UI package	git rm -r ui-package/nuxt-iu-three-axis/; nothing was deployed
DOT SSOT	revert runtime/110 to the 3000x state
Prior rollbacks	unchanged — every 023 / 022 / 020 / 014 / … rollback still applies cleanly

7. DOT / no-hardcode / five-layer status

• DOT 136 → 140 / 140 PASS (table 21→22, function 50→51, trigger 3→5).
• No hardcoded literal introduced. Verified by TestNoHardcodedSecretOrConnector (4 assertions) — no Bearer token, no api-key, no container hostname, no secret value in any source / KB file.
• Five-layer impact classified in doc 06.

8. KB / AgentData

The 8 reports in this directory have been uploaded to AgentData with mcp__agent-data__upload_document and verified via list_documents + get_document + search_knowledge.

9. Decision — IU Core readiness

IU Core is end-user-flow ready, modulo the Nuxt deploy step. Every IU Core layer is durably proven against live production:

• per-IU vector boundary verified at the payload level (one chunk = one IU, axis_refs present on every chunk);
• three-axis envelope cache stays coherent automatically via the migration 024 trigger when the operator chooses to enable it;
• four-surface external healthcheck makes the IU Core / Directus / Qdrant / trigger health a single SQL call;
• Nuxt UI package + 1500x assembly contract + the four 3000x operator commands cover the entire end-user surface; the only residual is the frontend developer's copy + image rebuild + container restart.

10. Recommended next macro

Option A (smallest, ops slice) — IU_CORE_4200X_NUXT_UI_PILOT_DEPLOY

Copy ui-package/nuxt-iu-three-axis/{pages,composables,*snippet*} into the VPS Nuxt repo, merge snippets, docker compose up -d --build nuxt, run dot_iu_nuxt_config_verify and smoke the route, then flip the gate true for a 10-minute pilot and back to false.

Option B (durable trigger pilot, no Nuxt) — IU_CORE_4100X_TRIGGER_PRODUCTION_PILOT

Flip the auto-refresh gate true in a controlled try/finally for the full session; observe refresh_log rows accumulate; flip the gate false at the end. Add a cron-scheduled call to dot_iu_external_healthcheck that POSTs the 4-row JSON to a chosen dashboard.

Option C — IU_CORE_4500X_RETENTION_AND_PARTITIONING

Add retention CLI + partition policy for both iu_three_axis_envelope_refresh_log and iu_three_axis_envelope_trigger_error_log.

11. Verification gate before the next macro

The next macro should start only after GPT / User verified via AgentData list_documents + search_knowledge that the 8 reports in this directory are present and searchable, AND that production reports iu_three_axis_envelope=163, cache_healthy=t, refresh_log carries the runtime/340 row (id ≥ 14), trigger_error_log empty, gate false, DOT 140/140, 1138 tests passing on the 4000x commit.