06 — Final rollout matrix · acceptance · ruling

1. Product readiness matrix (26 rows)

#	Layer / capability	State	Evidence
1	IU Core core (migrations 001–020)	DONE	DOT 144/144 PASS; 1163 tests pass; backup directus-pre-iucore-5000x-…dump sha 8a0df45e…
2	Three-axis metadata (014)	DONE	163 envelope rows; 330 derived tags; 17 vocab
3	Composer / piece-native (015–017)	DONE	500x durable composed-from-scratch IUs + bounded text-as-code apply
4	Operator runtime + lease (018–019)	DONE	540x sandbox 9/9 + 1k vector-sync lease durable
5	Vector boundary + UI assembly substrate (020)	DONE	per-IU CHECK + v_ui_iu_three_axis_envelope
6	Qdrant + Directus registration (021)	DONE	1500x runtime/310 active row
7	Three-axis envelope table (022)	DONE	2400x runtime/320 163 upserts
8	Drift-gated refresh + status + gate (023)	DONE	3000x runtime/330
9	Auto-refresh statement-level trigger (024)	DONE	4000x runtime/340 + 5000x runtime/350
10	EXCEPTION swallow safety (4000x)	DONE	sandbox/230.5
11	Trigger error log surface (4000x)	DONE	runtime/110 SSOT
12	Auto-refresh production pilot — statement-level (5000x)	DONE	runtime/350.4: 3 rows updated → 1 trigger fire
13	Auto-refresh production pilot — dual-table (5000x)	DONE	runtime/350.6: information_unit + iu_metadata_tag both fire
14	Auto-refresh production pilot — gate-off real-time (5000x)	DONE	runtime/350.9: gate closed mid-tx, post-close UPDATE adds 0 rows
15	7-surface monitoring healthcheck (5000x)	DONE	cutter_agent/iu_core/healthcheck.py 7/7 surfaces green, exit 0; tests 10/10
16	Retention substrate — table/view/function/gate (5000x)	DONE	migration 025 applied; sandbox/240 7/7 PASS; gate inert
17	Retention forward-looking policies seeded (5000x)	DONE	3 policies registered (refresh_log 30d / trigger_error 90d / cmd_run 90d)
18	DOT 144/144 (5000x)	DONE	runtime/110 verdict 23/23/52/5/10/15/16
19	External healthcheck — 4 surfaces (4000x)	DONE	preserved
20	Trigger-only status command (4000x)	DONE	preserved
21	Operator command registry (4000x)	DONE	17 governed + 8 external = 25
22	Directus REST flow (real user flow pilot)	DONE	axis A doc filter (DIEU-28/32/35), axis C depth distribution 118+42+3=163, axis B dict shape confirmed
23	Qdrant retrieval + per-IU boundary	DONE	61 pts / 60 unique IUs / KT-B chunk 1/2; every payload carries axis_refs; production_documents 9226 untouched
24	All write gates inert	DONE	composer / delivery / operator_runtime / structure_ops / vector_sync / three_axis_auto_refresh / retention = false
25	UI assembly factory — schema-driven khuôn (5000x)	DONE	ui_factory.py + 4 templates + 2 descriptors + 8 generated files; tests 15/15; deterministic regeneration (digests stable on rerun)
26	Nuxt UI deploy to live incomex-nuxt	DONE_WITH_EXTERNAL_BLOCKER	factory artifact ready under ui-package/nuxt-three-axis-factory/generated/iu_three_axis_envelope/; deploy = copy + image rebuild + single-container restart by frontend / DevOps

Summary: 24 DONE + 1 DONE_WITH_EXTERNAL_BLOCKER + 0 PARTIAL + 0 BLOCKED. (Row 26 is the externalised residual; rows 25 + 12–17 are the 5000x DONEs that did not exist at the close of 4000x.)

2. DOT conformance — runtime/110 against live prod

D9_conformance | config     | 10  | 10  | t
D9_conformance | event_type | 15  | 15  | t
D9_conformance | function   | 52  | 52  | t
D9_conformance | route      | 16  | 16  | t
D9_conformance | table      | 23  | 23  | t
D9_conformance | trigger    |  5  |  5  | t
D9_conformance | view       | 23  | 23  | t

Total: 144 / 144 PASS. D8 drift guard returned zero rows after runtime/110 SSOT was bumped to register migration 025's four new objects.

3. No-hardcode audit

Domain	Verification
Nuxt collection name	factory template references useRuntimeConfig().public[<<CONFIG_KEY>>]; the collection literal iu_three_axis_envelope appears in the descriptor JSON and the generated compose.snippet.yml env default only — never in template body or generated Vue page
Nuxt field names	every IU-Core-specific field name in the generated Vue/TS came from the descriptor at render time; TestFactoryTemplatesSchemaAgnostic enforces this by grepping template body for IU literals
Qdrant api-key	container env QDRANT__SERVICE__API_KEY discovered at runtime via docker inspect; healthcheck SQL never references it
Directus token	container env NUXT_DIRECTUS_SERVICE_TOKEN discovered at runtime via docker inspect; never written into source or KB report bodies
SQL function names	every operator command target is in runtime/110 SSOT (TestDotCommands)
Retention target tables	seeded as DATA rows in iu_core_retention_policy, not as string literals in code

4. Five-layer impact (final)

layer	impact
PG	migration 025 (+1 table, +1 view, +1 function, +1 config); runtime/350 (+2 audit rows under actor=iu_5000x_pilot); runtime/110 SSOT inventory bumped; gates all inert
Directus	none — retention table not registered as a collection; 2400x state preserved (iu_three_axis_envelope + READ perm)
Nuxt	none on the live container; factory + 2 generated artifact trees authored under ui-package/nuxt-three-axis-factory/ (in iu-cutter repo, never copied to live Nuxt)
AgentData	+7 KB reports under .../v0.6-iu-core-5000x-…/
Qdrant	none — read-only retrieval / payload audit; iu_core_iu_chunks 61 points untouched; production_documents 9226 untouched

5. Ruling

IU Core is production-pilot ready and rollout-ready, modulo the single externally-owned residual (row 26).

The 5000x macro shifted the open boundary from "Nuxt one-off page authored" (4000x) to "Nuxt UI factory authored + 7-surface healthcheck + retention substrate + multi-invariant trigger pilot". Every IU Core layer now has:

• a durable production proof (one or more runtime scripts);
• a sandboxed regression probe (BEGIN/ROLLBACK);
• a runtime/110 SSOT registration;
• a rollback path;
• a healthcheck verdict rule;
• a retention policy (or an opt-out reason captured in the policy table).

The remaining row 26 is precisely the "frontend / DevOps copy + image rebuild + container restart" step that has been externalised since 2400x (Directus apply) and 2000x (Qdrant apply).