Incomex AI Portal
KB-56D1

IU Core MVP Sandbox — 11 Final Report

6 min read Revision 1

IU Core MVP Sandbox — 11 Final Report

Date: 2026-05-21 Macro: v0.6-iu-core-mvp-sandbox-execution-hardening-rollback-drill Result: IU_CORE_MVP_SANDBOX_HARDENING_PASS Production mutation: NONE · Production DDL: NONE · Deploy: NONE · Push/merge/tag: NONE · Trigger attached: NONE

Outcome

IU_CORE_MVP_SANDBOX_HARDENING_PASS — the IU Core MVP DDL package was applied, seeded, verified, rollback-drilled and hardened against a real restore-test PostgreSQL sandbox. One genuine defect (H1) was caught and fixed; one runbook defect (H2) was hardened; one residual gap (H3) is documented. Repo committed locally; production untouched.

What changed (repo)

  • Repo /Users/nmhuyen/iu-cutter-build/repo/iu-cutter, branch main.
  • HEAD d22e3614ce2667 (parent d22e361, 6 files, +606, additive).
  • NEW sql/iu-core/sandbox/010_sandbox_probe_seed.sql + .rollback.sql, 020_sandbox_verification.sql, 030_drill_reparent_behaviour.sql.
  • sql/iu-core/README.md — apply-command note + sandbox/ section.
  • tests/test_iu_core_ddl.py — +6 TestSandboxPackage tests.
  • DDL 001..005 + rollback/001..005 + cutter_agent/iu_core/ — unchanged (needed no patch; proven correct against a live PG instance).

Sandbox proof

  • Container pg-restore-test-20260520T031054Z (id 0cbc668c76f9), image postgres:16, DB restore_test, role postgres, volume 46dbcc89…, port 5432 unpublished, restart no.
  • Non-production proven: distinct container/db/role/volume from the live postgres/directus; the incomex-directus app connects to postgres:5432/directus, not the sandbox.

Branch outcomes

Branch Result
B0 Precheck PASS — MacBook host, repo at d22e361, KB + VPS OK
B1 Sandbox discovery PASS — restore_test identified + proven non-prod
B2 Forward DDL apply PASS — 001–005 applied, 3→10 tables, 0 errors
B3 Probe seed PASS — 7 tables seeded + iu_core_probe_source; H1 fixed
B4 Verification PASS — 25/25 checks
B5 Rollback drill PASS — guard 4/4 REFUSED; clean cycle 5/5+5/5; 030 6/6
B6 Hardening PASS — H1 fixed, H2 hardened, H3 documented
B7 Tests PASS — targeted 39/39, full 525/525, zero regressions
B8 Commit PASS — 4ce2667, not pushed/merged/tagged
B9 Production approval package PASS — report 10 authored
B10 KB reports PASS — 11 reports uploaded

DDL apply result

001–005 applied to restore_test: 7 tables, 2 views, 7 functions, 30 indexes, constraints CHECK 28 / FK 11 / PK 7 / UNIQUE 6, 0 triggers, 0 rows pre-seed. information_unit/unit_version unchanged (98/105).

Verification result

020_sandbox_verification.sql25/25 PASS (structural, views resolve, functions execute fail-closed, probe data shape, 8 negative constraint tests). 030_drill_reparent_behaviour.sql6/6 PASS (multi-level v_iu_tree depth, fn_iu_tree_is_descendant, cycle rejection).

Rollback drill result

  • Row-loss guard: 4/4 table rollbacks REFUSED with rows present; no data lost.
  • Full forward+rollback cycle on a pristine DB iu_core_drill: 5/5 forward + 5/5 rollback clean → 0 objects, dependencies intact; drill DB then dropped.
  • Forward DDL idempotency: 5/5 re-apply, 0 errors.

Test commands / results

python3 -m unittest tests.test_iu_core_ddl   -> Ran 39 tests  OK
python3 -m unittest discover -s tests        -> Ran 525 tests OK

Findings

  • H1 (FIXED) — probe seed anchor selection bug + rollback anchor mismatch; would have orphaned a depth-1 iu_tree_path row.
  • H2 (HARDENED)psql -1 redundant with self-transacted files; README
    • next production package corrected.
  • H3 (RESIDUAL) — sandbox lacks event_outbox/event_type_registry; the gate-OPEN emit path is untested in sandbox (gate-CLOSED proven). Production directus has both tables — verify gate-OPEN there post-apply.

Reports uploaded (11)

knowledge/dev/laws/dieu44-trien-khai/v0.6-iu-core-mvp-sandbox-execution-hardening-rollback-drill/ 01 precheck · 02 sandbox-discovery · 03 forward-ddl-apply · 04 probe-seed · 05 verification-queries · 06 rollback-drill · 07 hardening-patches · 08 tests · 09 commit-artifact-status · 10 next-production-approval-package · 11 final-report.

Forbidden actions — none taken

No production DB write, no live Directus write, no production DDL, no CUT/VERIFY on production, no deploy/restart, no execution_enabled flip, no trigger attached to live tables, no VPS runtime-tree edit, no secret logged, no push/merge/tag, no sandbox ruling called production approval, no fake PASS. GPT session handoffs were not used as task input.

v0.6-iu-core-mvp-production-ddl-apply — apply sql/iu-core/001..005 to the production directus database under a sovereign-approved gate, using the hardened command block in report 10. DDL-only, 0 rows, no trigger. After that: a separate trigger-attach + route-enable macro (R1–R7 re-affirmed), and exercise the gate-OPEN fn_iu_emit_event path (H3).

Route

STOP. Route to GPT/User for production-DDL-apply approval.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.6-iu-core-mvp-sandbox-execution-hardening-rollback-drill/11-final-report.md