IU Core — 500x integrated auto-cut + operator runtime — Final report

• Macro: IU_CORE_500X_INTEGRATED_AUTOCUT_AND_OPERATOR_RUNTIME_OPEN_GOAL
• Date: 2026-05-22
• Host: MacBook/dev /Users/nmhuyen/iu-cutter-build/repo/iu-cutter
• Production: VPS vmi3080463, container postgres (postgres:16), DB directus
• Outcome: IU_CORE_500X_INTEGRATED_AUTOCUT_OPERATOR_RUNTIME_PASS

1. Final status

IU Core moved from "operator surface explain-only + composer events live" to a governed operator runtime plus a proven first integrated auto-cut → composer flow. Migration 018 + runtime/280 are durably applied; DOT is 113/113. OperatorRuntime turns the explain-only DOT one-command surface into a guarded plan / apply / verify executor — proven end-to-end against production with a bounded, fully-reversible footprint. No unsafe production state exists; no forbidden action was taken.

2. What changed

• Production (durable): migration 018 (2 tables / 2 views / 2 functions / 1 config gate), runtime/280 (17 command-catalog rows), 4 dot_iu_command_run ledger rows from the operator-runtime proof. information_unit unchanged at 160; iu_piece_collection 2.
• Repo: 018_operator_runtime.sql (+rollback), runtime/280 (+runtime/rollback), sandbox/130, sandbox/140, operator_runtime.py, runtime/110 DOT 106→113, dot_commands/operator_runtime registered in iu_core/__init__.py, test_iu_core_540x_operator_runtime.py (+53), 7 DOT-count test files updated.

3. Repo / branch / HEAD

Branch main; HEAD 5edd132 → 194f5ca (code) → 0985cd0 (KB). No push / merge / tag.

4. Production backup + gates

Gate 3 PASS — pg_dump -Fc /opt/incomex/backups/directus-pre-iucore-540x-20260522T091458Z.dump, 76,009,613 bytes, sha256 ec7f0c3f42e6b76f4d7c59ad835d71b348db4901e1e033e86e6790c49c40b060, valid archive. All 16 mandatory gates PASS. See doc 01.

5. 500x state verification

Production verified at the 500x closeout surface (DOT 106/106, iu=160, coll=2, 4 composer events on the delayed lane, 7 500x AgentData reports present + searchable, 879 tests) — no repair needed. See doc 01.

6. Operator-runtime substrate — migration 018

2 tables (dot_iu_command_catalog, dot_iu_command_run), 2 views (v_dot_iu_command_registry, v_dot_iu_command_run_health), 2 functions (fn_dot_iu_operator_runtime_enabled, fn_dot_iu_command_log), 1 config gate (iu_core.operator_runtime_enabled). runtime/280 seeds the 17-row catalog from dot_commands.DOT_COMMANDS, test-locked. DOT 106 → 113. See doc 02.

7. Operator-runtime executor — operator_runtime.py

OperatorRuntime — plan / apply / verify under the live gates, a ledger row per invocation, fail-closed on unknown command / unsafe plan / shut gate, structurally unable to bypass governed SQL (_assert_governed). Injected SqlExecutor keeps it DB-free at import. See doc 03.

8. Proven dot_iu_* commands

sandbox/130 (9/9) exercises the substrate; sandbox/140 (6/6) exercises dot_iu_create_file_from_pieces (→ fn_iu_compose) + dot_iu_validate_collection + dot_iu_checkpoint_collection; the durable proof drives dot_iu_healthcheck (plan/apply/verify) and dot_iu_add_piece (refused) through the real runtime. Every one of the 17 catalogued commands resolves to a governed plan that passes _assert_governed (test_governed_plan_passes_safety_check).

9. Integrated auto-cut → composer

sandbox/140 — first integrated auto-cut → composer flow, BEGIN…ROLLBACK: 3 birth-gate pieces minted by fn_iu_compose, collection validates, 1 collection_created + 3 piece_added_to_collection on the 'delayed' lane, worker dry-run 5 attempts / 0 dead-lettered, manifest digest present. The autocut_bridge approval package is locked to the probe payload by a test. A durable integrated run is the recorded next-macro slice. See doc 04.

10. Text-as-code roundtrip / import proposal

CollectionManifest serialise → parse → roundtrip byte-identical; validate_collection_manifest clean; propose_collection_import non-destructive (acceptable=true, executes=false, IMPORT_IS_DESTRUCTIVE=False). See doc 04.

11. Composer events / worker / no dedupe regression

sandbox/140: composer events 1 + 3, all 'delayed', no dedupe — the 500x delayed-lane fix holds under the integrated path. Worker dry-run only, 0 sent external, 0 dead-lettered. See docs 04, 05.

12. Observability / DOT / no-hardcode / five-layer

v_dot_iu_command_registry + v_dot_iu_command_run_health are live. DOT 113/113. No-hardcode 0 hits across 7 new files. Five-layer classified — PG real/additive, Directus none, Nuxt render-only, AgentData 7 reports, Qdrant none. See doc 05.

13. Rollback / disable readiness

rollback/018, runtime/rollback/280 present; disable via the operator-runtime gate / composer gate / master gate; the 4 proof ledger rows deletable by actor. See doc 05.

14. Tests

932 passed (was 879; +53 in test_iu_core_540x_operator_runtime.py; 7 DOT-count test files updated for the 106→113 inventory).

15. KB / AgentData reports

7 reports under v0.6-iu-core-500x-integrated-autocut-operator-runtime-open-goal/, uploaded to AgentData and verified by list_documents + get_document + search_knowledge.

16. Exact blockers

None. Every approved branch completed. The one deliberate deferral — a durable integrated auto-cut → composer run — is recorded as the next macro's first slice (doc 07); no unsafe production state results.

17. No forbidden action

No external downstream delivery; no production CUT; no destructive text-as-code import; no broad lifecycle mutation; no ungoverned IU creation; no destructive cleanup; no deploy / restart; no daemon; no cron; no execution_enabled flip; no secret logged; no push / merge / tag. GPT handoff not used as task input.