IU CUT Operational Pipeline — 06 D30 + D31 Protection (14/14 PASS)
06 — D30 + D31 protection verification
D30 — No collateral mutation (5/5 PASS)
| Check | Baseline | Final | Verdict |
|---|---|---|---|
| event_outbox total | 135,816 | 135,822 | +6 background only |
| event_outbox delta classification | — | 6×(trigger / system / issue_opened) | background — no pilot-origin rows |
| production_documents | absent | absent | OK |
| pg_cron | not installed | not installed | OK |
| MARK/CUT alias signature md5 | (pre-snapshot) | eb7e8ce2a29f0140dba6c3382679e313 | unchanged |
| iu_route_worker_cursor.iu_outbound_default.last_run_at | 2026-05-22 11:31:41 | 2026-05-22 11:31:41 | frozen (§15.5 silent gap preserved as historical-warn) |
| iu_vector_sync_point | 152 | 152 | unchanged |
D31 — Signal-only contract refusals (9/9 PASS)
- D31-a (body denylist, gate ON): job_queue_payload_safe_check REFUSED. PASS.
- D31-b (vector denylist, gate ON): same constraint REFUSED. PASS.
- D31-c (secret denylist, gate ON): same constraint REFUSED. PASS.
- D31-d (cannot MARK before COPIED): REFUSED —
fn_cut_mark_staged_file: cannot mark from status requested — must be 'copied'. PASS. - D31-e (cannot CUT before MARK_VERIFIED): REFUSED —
fn_cut_apply: cannot cut from status requested — must be 'mark_verified'. PASS. - D31-f (cannot COMPLETE before CUT_VERIFIED): REFUSED —
fn_cut_complete: cannot complete from status requested — must be 'cut_verified'. PASS. - D31-g (illegal direct state transition): REFUSED —
illegal cut_request transition requested->mark_verified (legal={copied}). PASS. - D31-h (COPY path traversal): REFUSED —
fn_cut_copy_to_staging: source_path must not contain ... PASS. - D31-i (vector_excluded=true on copy staging row): staging_kind=agent_intermediate, payload_type=source_text, vector_excluded=t. PASS — and
iu_staging_record_vector_excluded_chkwould refusefalse.
D31 — gate-off behavior
When queue.job_substrate.enabled=false (the safe default at start and end of mission), fn_cut_request_signal returns {"skipped": true, "reason": "queue.job_substrate.enabled=false"} without attempting to enqueue. The cut_request lifecycle functions still work end-to-end when the substrate gate is off — the signal jobs simply aren't created.
D31 — stale worker not falsely healthy
Per [[feedback-protect-legacy-silent-passive-heartbeat-from-false-heal]], the legacy iu_outbound_default queue_heartbeat row remains in the warn state (last_tick_status='warn', metadata.marker='legacy_silent_passive', last_tick_at=2026-05-22 11:31:41 — age ~4.2 days, still >stale_threshold). fn_queue_stale_check() continues to surface it.
The 7 new signal jobs created by this mission are state='queued' with no claimant — there is currently no worker for cut.* job_kinds. This is by design (Phase 4 added the queue API surface but a real heartbeat caller for cut.* steps is carry-forward CF-1 for the next pack).
Forbidden actions checklist (all observed)
| Forbidden | Observed |
|---|---|
| Update law text | not touched |
| Patch START-HERE | not touched |
| Modify MARK/CUT alias bodies | alias md5 unchanged |
| Mutate event_outbox | +6 background, 0 pilot-origin |
| Write Qdrant | no Qdrant calls |
| Install pg_cron | not installed |
| Touch production_documents | absent |
| Add broad worker | not added |
| Change runtime.phase | still phase2_governance |
| Manual Agent file copy via tokens | source bytes flowed server-side only (lo_export to pg_read_file) |
| Store body in queue payload | refused by CHECK (D31-a/b/c) |
| Skip state-machine | refused (D31-d/e/f/g) |
| Path traversal | refused (D31-h) |
| Vector inclusion in NVSZ row | refused by iu_staging_record_vector_excluded_chk |
| Run CUT before mark_verified | refused (D31-e) |
D30/D31 verdict: 14/14 PASS.