Incomex AI Portal
KB-5322

07 - Runtime Disable & Safety

3 min read Revision 1
dot-iu-cutterv0.6O6rollbackdisableG7

07 - Runtime Disable & Safety

O6 · doc 7 of 8 · 2026-05-21 · Gate G7 — rollback / disable proof.

1. Host state after O6: 100% UNCHANGED

Because O6 blocked before G3, no deploy, no provisioning, and no mutation of any kind occurred. Rollback is therefore a true no-op.

filesystem:
  /opt/incomex/dot/iu-cutter (v0.4): UNTOUCHED
    git status --short iu-cutter = empty (tracked tree clean)
  /opt/incomex/dot/iu-cutter-v0.6:   NOT CREATED
  /var/lib/cutter/*:                 NOT CREATED
  new files written to the host:     NONE
git:
  /opt/incomex/dot HEAD: e93424b — no new commit, no tag, no push
config / secrets:
  .env / .env.production:            NOT read for values, NOT modified
services:
  systemd / docker / cron for cutter: none existed, none created,
                                      none started or restarted

2. Execution kill-switch state

execution_enabled (local v0.6, per KB SSOT): False
execution_enabled (Contabo):                 N/A — no v0.6 artifact on host
Mode.LIVE:                                    structurally unreachable
flip_attempted_in_O6:                         NO

There is no v0.6 orchestrator on Contabo, so there is no Contabo-side kill-switch to set; the local switch remains False per the SSOT. When v0.6 is eventually deployed, the deploy plan (doc 03) asserts execution_enabled=False as a post-deploy check.

3. Rollback plan (for the future executed deploy)

side_by_side_deploy (doc 03 chosen strategy):
  rollback: rm -rf /opt/incomex/dot/iu-cutter-v0.6
  effect:   removes only what the deploy created; v0.4 never at risk
  cost:     seconds; no service, no DB, no .env involved
in_place_promotion (deferred, post-O7 only):
  rollback: git -C /opt/incomex/dot checkout -- iu-cutter
            (or restore the timestamped pre-state backup)
disable_levels (inherited from O5 doc 05):
  L0 kill-switch: orchestrator.__execution_enabled__ = False (default)
  L1 withhold SG_1/SG_2 approval docs
  L2 cutter orchestrate void --run-id
  L3 do not deploy / remove the deployed dir

4. Side-effect attestation

service_restart:        NONE
deploy_side_effect:     NONE
remote_push:            NONE
hard_delete:            NONE
source_document / source_version mutation: NONE
real_crypto_replacement: NONE
secret_logged:          NONE

5. G7 result

G7_rollback_disable: PASS
host_mutation:       NONE — rollback is a no-op
kill_switch:         False (local SSOT); no Contabo artifact to flip
disable_plan:        documented (L0–L3) + future-deploy rollback defined
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.6-o6-release-deploy-postdeploy-dryrun-readiness/07-runtime-disable-safety-2026-05-21.md