90000x · 10 — Carry-Forward

Phase: I (carry-forward component) Status: complete list of next-step work

A. Operator apply runbook (one-shot)

The five migrations (037-041) are independent of each other in DDL terms (each is its own BEGIN/COMMIT) but dependent in semantics: 037 must apply first (it adds pending_review to the lifecycle CHECK that 038 writes), and 041 verifies the run-id from 040.

Recommended order: 037 → 038 → 039 → 040 → 041, all in one operator session.

Step 1 — Pre-apply snapshot

ssh into-VPS-as-workflow_admin
pg_dump -Fc -f /tmp/pre-90000x-$(date -u +%Y%m%dT%H%M%SZ).dump directus
psql -d directus -c "SELECT count(*) AS fn_count FROM information_schema.routines WHERE routine_schema='public';"
psql -d directus -c "SELECT count(*) AS dot_count FROM dot_iu_command_catalog;"

Step 2 — Apply (via pg_hba local trust socket — see [[feedback-pg-hba-local-trust-unblocks-role-channel]])

docker exec -i postgres psql -U workflow_admin -d directus < 037_staging_lifecycle_hardening.sql
docker exec -i postgres psql -U workflow_admin -d directus < 038_mark_writer_surface.sql
docker exec -i postgres psql -U workflow_admin -d directus < 039_verify_mark.sql
docker exec -i postgres psql -U workflow_admin -d directus < 040_cut_from_approved_manifest.sql
docker exec -i postgres psql -U workflow_admin -d directus < 041_verify_cut.sql

Migration bodies live in this pack — copy them out from reports 02-06 (fenced SQL).

Step 3 — Post-apply snapshot + verify

psql -d directus -c "SELECT count(*) AS dot_count FROM dot_iu_command_catalog;"   # expect: 36
psql -d directus -c "SELECT routine_name FROM information_schema.routines WHERE routine_name IN ('fn_iu_staging_cleanup','fn_iu_staging_unregister','fn_iu_mark_create_manifest','fn_iu_verify_mark','fn_iu_cut_from_manifest','fn_iu_verify_cut');"
# expect 6 rows
psql -d directus -c "SELECT * FROM iu_core_retention_policy WHERE target_table ILIKE '%staging%';"
# expect 2 rows
psql -d directus -c "SELECT conname, pg_get_constraintdef(oid) FROM pg_constraint WHERE conname='iu_staging_record_lifecycle_chk';"
# expect: lifecycle vocab includes 'pending_review'

Step 4 — SSOT bumps + commit (in cutter_agent repo)

# cutter_agent/iu_core/dot_commands.py
_REGISTRY = {
    ...,
    'dot_iu_staging_cleanup',
    'dot_iu_staging_unregister',
    'dot_iu_mark_article',
    'dot_iu_verify_mark_manifest',
    'dot_iu_cut_from_manifest',
    'dot_iu_verify_cut_result',
}
# bump pinning tests (see report 09)
# run pytest tests/
# commit with: "apply 037-041 + 90000x mark→cut pipeline; SSOT 30→36 DOT, +6 fn, +2 retention"

Step 5 — Run Phase G end-to-end proof (report 07)

Execute the 7-step block in 07-end-to-end-proof.md. Patch this pack to revision 2 with PASS-WITH-FIXTURE outcome.

Step 6 — Patch 00-summary.md verdict

Move IU_CORE_90000X_MARK_TO_CUT_AUTOMATED_PIPELINE_HARDENING_PARTIAL_WITH_EXACT_GAP → IU_CORE_90000X_MARK_TO_CUT_AUTOMATED_PIPELINE_HARDENING_PASS once Phase G is green.

B. 100000x roadmap (next macro)

The macro layer above 90000x should be:

1. First real Điều 37 cut. User provides the article text (file or pasted). Operator runs the 7-step proof script with the real source instead of FIXTURE-NVSZ-PROOF-1. Verifies axis A/B/C against real Điều 37 piece structure (intro + N khoản + close). Stores approval_doc_id as an immutable KB path.
2. Wire 4 Codex MARK tests for Điều 37 / 37+38 / 37+38+39 — extend 09-test-plan-codex-mark-then-claude-verify.md from 80000x.
3. Operator dashboard view. Add v_iu_staging_dashboard view aggregating: pending_review backlog, approved-not-consumed (stuck workflow alert), expired-not-cleaned, consumed-last-24h. Wire to Nuxt.
4. MARK harness in cutter_agent/. Python harness that turns Agent MARK output (mark_report.md + coverage_proof.json + cut_manifest.yaml + determinism_digest.md from doc 02 of 80000x) into a fn_iu_mark_create_manifest call.
5. Systemd timer for cleanup. /etc/systemd/system/iu-staging-cleanup.timer calling fn_iu_staging_cleanup(p_apply := true) daily at 03:00 UTC. Author the unit file as a follow-up; do not install until operator opts in.
6. Inspection→certification stamps. Once first real cut succeeds and stays clean for 7 days, certify SPE-NVS, COL-IUS-001/002 via inspect_pen / inspect_stamp / inspect_gate / certified_at.
7. TD-411 dot_origin_whitelist. Replace hardcoded whitelist in fn_validate_dot_origin with a dot_origin_whitelist table; drop SUSPECT prefix from COL-IUS-001/002.
8. Qdrant probe. Add a post-cut V6 healthcheck that explicitly asserts iu_core_iu_chunks collection size unchanged via Qdrant API (currently the macro asserts by iu_vector_sync_point ledger, not Qdrant directly).

C. Memory updates to write (this conversation)

1. REFRESH [[feedback-channel-memory-drifts-verify-live]] — add: birth_registry.entity_code (not governed_entity_code); collection_registry_vector_policy in public (not iu_core); iu_core_retention_policy has no policy_name/gate_name; tac_birth_gate_config is (checker_id, mode, enabled, rationale); iu_vector_sync_point has no source_id column.
2. NEW [[feedback-staging-lifecycle-includes-pending-review]] — 7-state vocab post-037 {pending, pending_review, approved, consumed, rejected, expired, cleaned}; pending_review = manifest ready + awaiting fn_iu_verify_mark; pending = partial intake.
3. NEW [[feedback-mark-staging-record-has-three-payloads]] — fn_iu_mark_create_manifest writes 3 payload parts (cut_manifest, mark_report, coverage_proof); determinism_digest lives in iu_staging_record.metadata not in payload.
4. NEW [[project-iu-core-90000x-mark-to-cut-pipeline-hardening-partial-with-exact-gap-2026-05-25]] — project memory for this macro.

D. Files NOT touched by this macro

Surface	Why preserved
directus.production_documents	mission rule
Qdrant collections	mission rule
Nuxt deployment	mission rule
iu_core.retention_enabled gate	stays inert per default
Existing 4 staging DOTs (create/approve/consume/reject)	unmodified; the new MARK/VERIFY/CUT DOTs are additive
fn_iu_core_retention_cleanup	unmodified; staging gets its own worker
25000x mig 033 auto-instantiate path	unmodified
dot_iu_command_run audit retention	unchanged
PR #669	not touched
1305 pinning tests	unchanged (no SSOT bump at authoring time)

E. If something blocks Phase G after apply

Symptom	Likely cause	Fix
fn_iu_create signature mismatch	live signature differs from assumed (unit_kind, content_text, section_type, piece_role, canonical_address, source_position)	discover via \df+ fn_iu_create, regenerate mig 040 piece-create call
fn_iu_collection_add_piece link_role refused	live vocab from [[feedback-iu-sql-link-link-role-vocab-eleven]]	switch to 'represents' or other valid role
composer_gate stays closed	gate management surface is per-checker_id in tac_birth_gate_config	toggle via direct UPDATE (channel allows)
Axis A holes on Codex MARK output	Codex didn't normalize positions	reject manifest, return for re-MARK

F. End state after full apply + Phase G green

• 7-stage operating flow LIVE: INPUT → MARK → VERIFY MARK → APPROVE → CUT → VERIFY CUT → CLEANUP-15D.
• 36 DOTs, +6 fns, +2 retention rows, 3 CHECK refinements.
• Phase G fixture proof PASS.
• Pinning tests bumped, D9 conformance bumped, 1 commit.
• First real Điều 37 cut unblocked (100000x macro).

Cross-links

• [[feedback-pg-hba-local-trust-unblocks-role-channel]] — the apply channel.
• [[feedback-honest-channel-block-beats-partial-trigger]] — why this is PARTIAL_WITH_EXACT_GAP, not fake PASS.
• [[feedback-birth-execution-plan-hard-gate-precedes-apply]] — birth-already-clean; no plan needed.
• 80000x pack — operational doctrine.