6000x-input-contract-qdrant-ops-closeout — Final report

Verdict: IU_CORE_6000X_INPUT_CONTRACT_PARTIAL_WITH_EXACT_GAP Date: 2026-05-24 Repo: /Users/nmhuyen/iu-cutter-build/repo/iu-cutter (commit b478822, clean entering macro) Branch: main Prior macro: 6000x-authority-closeout

One-paragraph summary

The 6000x-input-contract macro pivoted every action through a live-verified Input Contract Matrix (report 02) per the lesson [[feedback-authority-discovery-real-verify]]. Four EXECUTABLE_NOW branches executed cleanly: PR #669 comment posted explaining the unrelated Counting Contract Check failure (live meta_catalog drift, not in our patch); Mac user-cron pilot verified (4 fires logged, exit 0, 7/7 surfaces); auto-refresh id 18 + DIEU-35 axes A/B/C re-verified byte-identical to 6000x; retention dry-run re-run (0 rows eligible across all 3 policies, gate stays false). One branch closed at exact gap by a technical policy: Qdrant onboarding for DIEU-35/28/32 — all 86 IUs are lifecycle_status='draft' but the 2400x convention is enacted-only (content-addressed point ids drift with draft body churn); user choice was "skip + record exact gap" so the enacted-only convention is preserved and the 60 enacted IUs / 61 points already indexed remain untouched. Three branches recorded as BLOCKED_EXTERNAL_AUTHORITY: PR merge (frontend/DevOps cut window), VPS cron install (host-owner), retention enable (deliberate deferral with 0 eligible rows today anyway). No mutation to PG, Qdrant, or Nuxt this macro beyond the one PR comment.

Authority granted (this macro, recorded verbatim)

From the macro body + user's responses to in-line authority questions:

1. PR #669 comment — Post a single comment explaining the pre-existing Counting Contract Check (meta_catalog CAT-ALL drift) is unrelated to our patch. Forbidden: merge, rebase, image rebuild, incomex-nuxt restart, branch update.
2. Qdrant onboarding scope — Initially "All three corpora (DIEU-35 + 28 + 32 = 86 IUs)"; revised after lifecycle discovery to "Skip Qdrant write — record exact gap". Forbidden: index draft IUs, override the enacted-only convention, promote draft→enacted in this macro.
3. Mac cron verification — Read-only verification of installed pilot. No install/uninstall this macro.
4. Retention — Dry-run only; gate stays false. Forbidden: enable, delete rows, cleanup.

Durable changes (this macro)

• GitHub: 1 comment on Huyen1974/web-test PR #669 explaining unrelated Counting Contract Check failure. Comment URL: https://github.com/Huyen1974/web-test/pull/669#issuecomment-4527166744
• PG: no mutation. Retention dry-run only (3 policies × 0 rows_eligible; gate stays false).
• Qdrant: no mutation. iu_core_iu_chunks unchanged at 61 pts / 60 unique (60 enacted IUs from 2400x); production_documents untouched (out of scope).
• Mac crontab: no mutation. Pre-existing IU Core cron line + daily_check.py line both preserved.
• Repo: new KB report tree under knowledge/dev/laws/dieu44-trien-khai/v0.6-iu-core-6000x-input-contract-qdrant-ops-closeout-open-goal/ (7 reports + commit on main).

Live state at macro end

DOT:               144/144 (unchanged — no migration applied this macro)
Tests:             1163/1163 PASS in 0.78s (pre and post)
Healthcheck:       7/7 GREEN (overall_ok=true)
Envelope:          163 rows · in_sync=true (view=163, table=163)
Qdrant:            iu_core_iu_chunks → 61 sync_points / 60 unique
                   (DIEU-35/28/32 NOT onboarded — see report 03)
production_docs:   untouched (out of macro scope; 9213+ pts per 2400x)
Auto-refresh log:  id 18 still durable
                   (actor=iu_lifecycle_trigger, outcome=skipped_in_sync)
Trigger errors:    0 rows total
Gates:             6 IU Core write gates inert + retention gate false
                   = 7/7 closed; 0 enabled
PR open:           Huyen1974/web-test #669 OPEN/MERGEABLE
                   (1 unrelated CI failure; PR comment posted)
Mac cron:          4 fires logged since 6000x install (all exit 0)
Authority frame:   Input Contract Matrix pre-condition for every branch
                   (report 02)

Limitations recorded (this macro)

• Qdrant onboarding closed at exact gap. 86 IUs in DIEU-35/28/32 are all lifecycle_status='draft'. The 2400x convention is enacted-only because content-addressed Qdrant point ids drift with draft body churn. User explicitly preserved the convention. To unblock, either (a) promote 86 IUs draft→enacted (a separate governed mutation needing its own audit), or (b) ratify a separate draft-vector policy with a chunk-id stability strategy.
• PR #669 merge is the frontend/DevOps cut. Merge fires deploy-vps.yml (gated on workflow_run of main) which redeploys incomex-nuxt. The macro deliberately did not merge.
• VPS cron install remains BLOCKED. The macro forbade VPS sudo / systemd. On contabo the SSH user is root, so "user-level cron" and root-cron are the same thing — the no-sudo path the macro envisioned doesn't apply. Production-grade monitoring still needs the host-owner cut.
• Retention enable deliberately deferred. Gate stays false; 0 eligible rows across all 3 policies today (cutoffs Feb/Apr 2026). Pairing with a Linux-host cron + 7 consecutive overall_ok=true ticks is the right next step (report 05 §7).

Lessons

1. Input Contract Matrix is the right pre-condition for live action

Every branch in the macro mapped to one of 4 classifications (EXECUTABLE_NOW / EXECUTABLE_IF_GATE_PASS / AUTHOR_MODE_ONLY / BLOCKED_EXTERNAL_AUTHORITY) and each classification was discovered by a live command, not by trusting a prior report. The matrix surfaced the Qdrant lifecycle-policy gap before writing any embeddings — which is exactly the "discover-first" rule turned into procedure.

2. Authority is a grant, not a capability

The gh auth status token carries admin+push on Huyen1974/web-test (verified live this macro). That is the capability. The user's explicit grant excludes merge. We operated at the grant, not the capability — capability is the lower bound, grant is the upper bound, and over-reaching to the capability is an authority violation even when technically possible. Same principle applied to draft Qdrant indexing (technically possible; user said no; no override).

3. "Skip + record exact gap" is a first-class outcome

When the user chose to preserve the enacted-only convention rather than override it for 86 draft IUs, the right move was document the gap precisely so a future macro can act on it without re-discovering the constraint. Report 03 §6 carries the complete re-onboarding command package (discovery SQL + apply driver pattern + per-actor rollback) ready to run the moment lifecycle promotion happens.

4. PR-failure provenance matters

The PR #669 Counting Contract Check failure looked alarming (UNSTABLE merge status) until grep-and-read showed the failing job tests live meta_catalog state, not our patch. Posting a single PR comment with the boundary greps converts "scary failure" into "unrelated production drift, route to frontend/DevOps". This is the right shape for an automated agent that ships an open PR but doesn't own the merge.

Next-macro options

• 6700x — Paired retention + monitoring on Linux host. Install cron/systemd timer on a long-running Linux host (the BLOCKED row 29), then flip iu_core.retention_enabled=true after 7 overall_ok=true cron ticks. Authority transfer needed from host-owner.
• 6800x — DIEU-35/28/32 Qdrant onboarding (post-lifecycle). When the 86 draft IUs are promoted to enacted (or a draft-vector policy is ratified), re-run the apply driver from report 03 §6 — same code path 2400x already proved, just with the updated discovery SQL. ~86 OpenAI embedding calls; bounded gate-flip window; per-IU boundary enforced by 3-layer guard.
• 6900x — Stale-log monitor / sleep-detector. Build the sub-package that inverts the cron's silent-skip behaviour: a separate process (or an in-cron sentinel) that pages when the jsonl log doesn't grow for >15 min. Closes the Mac-cron pilot's biggest blindspot.
• Frontend/DevOps merges PR #669 → deploy-vps.yml fires → incomex-nuxt redeploys → /admin/iu-three-axis becomes UI-live (row 24).

Constitutional close-out

• No hardcode: every collection name, env var, cron path, gate key, SQL function name discovered from dot_config, process.env, $HOME, pg_proc, or v_iu_qdrant_collection_active.
• DOT 144/144 unchanged (no migration this macro).
• Five-layer boundary intact: PG, Directus, Qdrant, operator_runtime, text-as-code all touched only through their declared interface. No direct PG from Nuxt; no bypassing Directus; no cross-IU vector; no production_documents access.
• Reversibility:
  • PR comment → editable / deletable via gh.
  • PG / Qdrant / Mac crontab → no mutation, trivially reversible.
  • Retention → gate never flipped.
• AgentData: 7 reports for this macro (this file + 6); upload + list + read + search verified at macro close.
• No secret logged anywhere (PR comment text, KB reports, commit messages all scrubbed).
• No merge / no tag / no release.
• No fake PASS — every PASS row in the rollout matrix links to a live command run this macro; gaps are recorded as PARTIAL_WITH_EXACT_GAP / DONE_WITH_EXTERNAL_BLOCKER / BLOCKED / NOT_STARTED / DEFERRED, not papered over.

End state: same shape as 6000x-authority-closeout — rolls forward by one merge (PR #669), one host-owner cron install, and one lifecycle-promotion event (DIEU-35/28/32 draft→enacted) away from "fully live". No unsafe state remains.

AgentData verification (post-upload, populated at end of macro)

7 reports uploaded under knowledge/dev/laws/dieu44-trien-khai/v0.6-iu-core-6000x-input-contract-qdrant-ops-closeout-open-goal/:

• 01-final-report.md (this file)
• 02-input-contract-matrix.md
• 03-qdrant-onboarding-blocked-by-lifecycle.md
• 04-pr-669-comment-handoff.md
• 05-ops-monitoring-and-retention-reverify.md
• 06-rollout-matrix.md
• 07-auto-refresh-and-real-corpus-reverify.md

Verification performed: mcp__agent-data__list_documents filtered to the macro slug returns 7 rows; one get_document round-trip on the final-report returns the file byte-for-byte; search_knowledge for the macro slug returns the final-report as top hit. See macro transcript for the exact tool-call evidence.