IU Core Hygiene — 02 No-hardcode classification matrix
IU Core Constitution/DOT Hygiene — 02 No-hardcode classification matrix
Every literal across sql/iu-core/, cutter_agent/iu_core/, and the IU Core
tests was classified. Result: zero open VIOLATION_TO_FIX in code.
Classification matrix
| Literal class | Examples | Classification | Evidence |
|---|---|---|---|
| DSN / host / IP / container / credential | — | none found | grep for postgres://, vmi*, IPv4, contabo, /opt/incomex, /root/, PGPASSWORD across sql/iu-core + cutter_agent/iu_core → 0 hits |
| Python vocabulary sets | DELIVERY_TARGET_KINDS, CUT_OPERATIONS, OBJECT_KINDS, LINK_ROLES, RELATION_TYPES, OPERATION_TYPES, OPERATION_STATUS_TRANSITIONS, IU_EVENT_VOCABULARY |
DISCOVERED_SSOT | each module docstring states it mirrors a specific sql/iu-core/NNN CHECK; test_*_match_sql tests assert agreement |
dot_config gate keys |
iu_core.routes_master_enabled, iu_core.route_worker_enabled |
CONFIG_DEFAULT | declared/seeded in runtime/060; runtime functions read them fail-closed (missing ⇒ off) |
| Route codes | iu.version_applied.workflow, iu_sql.iu_sql_link.insert |
REGISTRY_VALUE | rows in iu_outbound_route / iu_sql_event_route; resolved by lookup, never branched-on as a string |
| Worker name | iu_outbound_default |
REGISTRY_VALUE + CONFIG_DEFAULT | row in iu_route_worker_cursor; also the default parameter of fn_iu_route_worker_run/_health |
| Event type | iu / version_applied |
REGISTRY_VALUE | row in event_type_registry; event_stream/delivery_lane sourced from the registry (H3 fix) |
| DDL object names | table/view/function/trigger names | DISCOVERED_SSOT | the DDL migration is itself the declaration of record |
Worker batch limit 100, clamp 1..1000 |
fn_iu_route_worker_run |
CONFIG_DEFAULT | function default parameter, range-clamped in-body |
event_domain='iu' |
worker cursor scope | DISCOVERED_SSOT | the IU domain constant; cursor row carries it, claim query reads it from the row |
| Sandbox literals | sql/iu-core/sandbox/* |
TEMP_SANDBOX_ONLY | files marked SANDBOX-ONLY; test_sandbox_files_marked_sandbox_only enforces |
| Test literals | tests/test_iu_core_ddl.py fixtures |
TEST_FIXTURE_ONLY | static-validation fixtures, no runtime path |
Historical VIOLATION_TO_FIX — already closed
The one genuine behavioural hardcode in IU Core history — fn_iu_emit_event
hard-coding event_stream='workflow' and payload_classification='safe'
(finding H3) — was fixed before this macro: the function now sources both
from event_type_registry. runtime/040 check V5 is the standing drift
detector. No re-occurrence.
NEEDS_DOT_REGISTRATION — addressed this macro
Before this macro the 33 IU Core objects had no single registry/scan that
enumerated them as one set (per-layer scripts 040/070/100 only).
runtime/110_iu_core_dot_conformance_scan.sql now carries the SSOT inventory
(_iu_core_expect, 33 rows). See doc 03.
Verdict
No-hardcode matrix PASS — no VIOLATION_TO_FIX remains in code. Every
route/config/table/event/worker literal is DISCOVERED_SSOT, CONFIG_DEFAULT,
or REGISTRY_VALUE, and resolved by lookup rather than string-branching.