IU Core Constitution/DOT Hygiene — 07 Final report

Macro: IU_CORE_CONSTITUTION_DOT_HYGIENE_REPAIR_SCALE_READINESS_OPEN_GOAL Date: 2026-05-21 · Outcome: IU_CORE_CONSTITUTION_DOT_HYGIENE_REPAIR_PASS

1. Final status — PASS

An audit + safe-repair pass over the whole IU Core surface before scale. The foundation is hygiene-clean: no-hardcode, DOT 100%, five-layer sync, reversibility, and evidence-first all PASS. No new feature; no forbidden action.

2. What changed

• Repo: new runtime/110 DOT conformance scan; stale sql/iu-core/README.md status header rewritten; both READMEs updated; +6 tests.
• KB: 2 pointer-only prompt stubs marked explicitly (rev 2); 7 hygiene reports uploaded.
• Production: nothing — read-only query_pg survey only.

3. Repo

Branch main; HEAD 41d4fd7 → b9532a3 (parent 41d4fd7). Commit b9532a3 — chore(iu-core): DOT conformance scan + stale README status repair — 4 files, +326/-20. Tree clean. No push/merge/tag. Reversal: git reset --hard 41d4fd7.

4. Production survey / gate result

Target identity PASS — production directus DB positively confirmed (IU 158, UV 165, tree 158, outbox 93,686). Zero drift from the worker-live macro close-out. No production mutation performed → no backup required. The narrow inert-DOT-metadata approval was deliberately not exercised (the scan landed as a repo script, not a stored object).

5. No-hardcode matrix (doc 02)

0 open VIOLATION_TO_FIX. Every literal classified DISCOVERED_SSOT / CONFIG_DEFAULT / REGISTRY_VALUE / TEMP_SANDBOX_ONLY / TEST_FIXTURE_ONLY. No DSN/host/IP/container/secret anywhere in sql/iu-core or cutter_agent/iu_core. The one historical hardcode (H3) was already fixed.

6. DOT visibility matrix (doc 03)

runtime/110_iu_core_dot_conformance_scan.sql enumerates all 33 objects (9 tables, 5 views, 12 functions, 2 triggers, 2 config gates, 1 event type, 2 routes) against an SSOT inventory. Live conformance proven 33/33 — every D9 class ok=true. HYG-3 closed.

7. Five-layer sync (doc 04)

PG = primary (all 33 objects). Directus / Nuxt / AgentData / Qdrant = intentionally unaffected and justified (additive sidecar, no consumer, no vector write — consistent with dry_run=false/no-delivery boundary). HYG-5 closed.

8. Repaired violations (doc 05)

R1 stale README status header · R2 missing consolidated DOT scan · R3 pointer-only prompt stubs marked · R4 five-layer impact documented. HYG-3/4/5 closed; HYG-1/2 were already satisfied by the prior macros' practice.

9. Remaining blockers (doc 06)

Worker invocation/scheduling (HYG-6) — architecture, deferred to the next macro, disabled-by-default. The dry_run=false chain and "no organic IU events" stand unchanged, out of scope by the forbidden list. No unsafe production state remains.

10. Automation / rollback / disable

Every operational path has disable + rollback + verify automation (doc 05 table). The new runtime/110 is the standing DOT conformance check. Only worker scheduling is open — and it is correctly deferred, not broken.

11. Tests

619 passed (was 613; +6 — TestDotConformanceScan). py_compile clean on all cutter_agent/iu_core modules.

12. KB reports

7 docs in …/v0.6-iu-core-constitution-dot-hygiene-repair-scale-readiness-open-goal/ (01 precheck/survey, 02 no-hardcode, 03 DOT visibility, 04 five-layer, 05 repairs, 06 scale-readiness ruling, 07 final).

13. Next macro

First durable structure-op — a live StructureStore driving one reparent_piece on the 158-IU tree, with worker-scheduling design (HYG-6) folded in. Full package in doc 06.

Forbidden actions — none taken

No dry_run=false; no downstream delivery; no daemon/service; no deploy/restart; no IU lifecycle mutation; no durable structure-op; no production CUT; no production VERIFY beyond read-only; no execution_enabled flip; no destructive cleanup; no secret logged; no push/merge/tag; no GPT handoff used as task input.