Incomex AI Portal
KB-2386 rev 2

IU CUT Operational Pipeline — 00 Summary (PASS 2026-05-26)

7 min read Revision 2
iu-cut-pipelineoperational-cutcut-requestmark-verify-cut-verify-completedieu38-pilotphase4pass2026-05-26claude-opus-4-7mig-052

00 — Summary: IU CUT Operational Pipeline (COPY → MARK → VERIFY → CUT → VERIFY → COMPLETE)

Mission code: IU_CUT_OPERATIONAL_PIPELINE_COPY_QUEUE_STATUS_SURFACE Date: 2026-05-26 Channel: SSH contabo → docker exec postgres → psql workflow_admin@directus (PG 16.13) Authoring agent: claude-opus-4-7 Phase status:PASS — full pipeline live-applied + tested end-to-end on Điều 38 v3.0 DRAFT

Result token

IU_CUT_OPERATIONAL_PIPELINE_COPY_MARK_VERIFY_CUT_PASS

What landed

Surface Object Status
Migration mig 052 (single TX COMMITTED) applied
Substrate public.cut_request + public.cut_request_transition created
Functions 9 functions (fn_cut_request_add, fn_cut_copy_to_staging, fn_cut_mark_staged_file, fn_cut_verify_mark, fn_cut_apply, fn_cut_verify_cut, fn_cut_complete, fn_cut_request_transition, fn_cut_request_signal) created
Views 4 views (v_cut_requests_by_status, v_cut_request_ready_to_mark, v_cut_request_ready_to_cut, v_cut_request_ready_to_verify_cut) created
Vocab 13 dot_config rows under vocab.cut_request_status.* inserted
Aliases MARK/CUT operator aliases (fn_iu_op_*) unchanged (md5 stable)
Law text Điều 38 v3.0 DRAFT (knowledge/dev/laws/dieu38-normative-document-law.md, 6211 chars / 7736 bytes) 8 IUs created durably

Pipeline execution (Điều 38 v3.0 DRAFT)

cut_request_id  = 777b1297-18af-4f07-a362-0ad18b043f21
copy_staging_id = fbaecf00-5d88-4804-9ecd-44be811fdf88   (vector_excluded=true)
manifest_id     = ea5dbce0-636f-4cfa-8ea7-7852f0c1e2da
manifest_digest = eb68d77912ecb04c8b677e4f441632b1
source_hash     = fdacc492e62c40f1364392943a310769  (matches knowledge_documents.id=1090)
cut_run_id      = bb4d7cbf-3f48-4906-b147-17d098d423e4
pieces_count    = 8   (heading×2 + section×5 + paragraph×1)
final_status    = cleanup_scheduled
completed_at    = 2026-05-26 16:41:34
cleanup_scheduled_at = 2026-06-10 16:41:34   (15-day TTL)
Transition Time
NULL → requested 16:36:19
requested → copied 16:36:29
copied → mark_in_progress 16:38:33
mark_in_progress → marked 16:38:33
marked → mark_verified 16:38:46
mark_verified → cut_in_progress 16:41:13
cut_in_progress → cut_done 16:41:13
cut_done → cut_verified 16:41:26
cut_verified → completed 16:41:34
completed → cleanup_scheduled 16:41:34

10/10 transitions logged in cut_request_transition. 7/7 signal jobs enqueued (gate-respecting; payload signal-only, no body/vector/secret).

Verification axes (Điều 38)

verify_mark : axis_a_ok=t, axis_b_ok=t, axis_c_ok=t, verdict=approved
verify_cut  : axis_a_ok=t, axis_b_ok=t, axis_c_ok=t, no_vector_ok=t, pieces_count=8, problems=[], verdict=verified

State deltas vs baseline (pre-mission → post-mission)

Counter Baseline Final Δ Source
staging_records 5 7 +2 (source_copy + manifest) pilot
staging_payloads 10 14 +4 pilot
information_unit 192 200 +8 (Điều 38 IUs) pilot
iu_vector_sync_point 152 152 0 ✓ invariant
event_outbox 135816 135822 +6 (background trigger/system/issue_opened only) background
job_queue 6 13 +7 (signal jobs) pilot
cut_request 1 +1 pilot
cut_request_transition 10 +10 pilot
public.tables 271 273 +2 mig 052
public.views 56 60 +4 mig 052
public.fns 522 531 +9 mig 052
dot_config rows ~94 116 (≥+13 cut_request_status vocab + housekeeping) mig 052

Backups

pre  : /tmp/predmp_iu_cut_op_pipeline_20260526_162516.dump  83,432,265 B  md5=a5f8a6b362006aaf184403bedf34ed45
post : /tmp/postdmp_iu_cut_op_pipeline_20260526_164434.dump  83,484,873 B  md5=f515e704f690ae8822efcbbddedf50ce

Δ = +52,608 bytes (substrate + 8 IUs + transition log).

Gate states at exit (all safe)

iu_core.composer_enabled         = false   (flipped true for CUT step, restored)
iu_core.operator_runtime_enabled = false
iu_core.routes_master_enabled    = true    (pre-existing)
iu_core.route_worker_enabled     = true    (pre-existing, no caller for legacy iu_outbound_default)
queue.job_substrate.enabled      = false   (flipped true for signal jobs, restored)
queue.worker.enabled             = false
queue.heartbeat.enabled          = true
queue.runtime.phase              = phase2_governance
queue.dlq.replay_enabled         = false
queue.lease.reaper_enabled       = false
queue.lease.reaper_dry_run_only  = true

D30/D31 protection summary

D30 (no collateral mutation): 5/5 PASS — event_outbox delta background-only, prod_docs absent, pg_cron absent, MARK/CUT alias md5 stable, legacy worker cursor frozen at 2026-05-22.

D31 (signal-only contract refusals): 9/9 PASS — body/vector/secret denylist via CHECK; mark-before-copied, cut-before-mark_verified, complete-before-cut_verified all refused via state machine; illegal direct transition refused; .. path traversal refused; vector_excluded=true on copy staging row.

See 06-d30-d31-protection.md.

Compliance

  • ✅ Hard Gate 0 (real shell + workflow_admin write) passed
  • ✅ Single-TX migration with dry-run BEGIN/ROLLBACK first
  • ✅ Reuses existing MARK/CUT aliases (no alias body change)
  • ✅ No event_outbox mutation (background-only delta)
  • ✅ No Qdrant write
  • ✅ No production_documents touch
  • ✅ No pg_cron install
  • ✅ NVSZ vector_excluded=true on copy staging row
  • ✅ Queue payload signal-only (refs, never source body)
  • ✅ COPY is DOT/system-driven (pg_read_file server-side; Agent prompt never carries source bytes)
  • ✅ Gates safe at exit

Carry-forward

See 08-next-batch-plan.md. Key items: (1) wire real heartbeat caller for the cut.* job_kinds, (2) write durable cleanup executor (15-day TTL), (3) add reverse transitions (cut_failed → mark_verified) for recovery, (4) document Đ38 IU lifecycle (DRAFT IUs will need retire on enactment).

  • Parent: [[project-dieu45-phase3b-queue-cutter-hardening-pass-2026-05-26]]
  • Parent: [[project-dieu45-phase3-mark-cut-queue-pilot-dieu37-write-channel-pass-2026-05-26]]
  • Channel: [[feedback-mcp-query-pg-is-context-pack-readonly-no-phase3-writes]]
  • Recovery pattern: [[feedback-mark-pieces-live-in-iu-staging-payload-cut-manifest-not-in-iu-staging-record-metadata]]
  • Vocab: [[feedback-fn-iu-create-vocab-validation-is-data-side-via-dot-config-not-code-hardcoded]]
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.6-iu-cut-operational-pipeline-copy-mark-verify-cut/00-summary.md