Incomex AI Portal
KB-6839

O7 postdeploy live dry-run (Contabo) — 02-code-cli-runner-survey

3 min read Revision 1
dieu44iu-cutterv0.6o7postdeploylive-dryruncontabo

O7 Report 02 — Code / CLI runner survey

  • macro: v0.6-o7-postdeploy-live-dryrun-contabo
  • gate: G1
  • result: PASS (decision: thin read-only sidecar runner)

cli.py — no orchestrate subcommand

/opt/incomex/dot/iu-cutter-v0.6/cli.py is the v0.4 entrypoint. Its subparsers are only: demo, run, selftest. It rejects --production. It has no knowledge of the v0.6 orchestrator package.

This is by design — cutter_agent/orchestrator/__init__.py states the v0.6 package is purely additive and "does not modify any v0.5-ratified module under cutter_agent/". The CLI was never re-wired.

orchestrator package is complete

cutter_agent/orchestrator/ ships the full O1–O4 surface:

  • runner.pyOrchestratorRunner.cut(...) / .resume(...); drives the per-run state machine; refuses Mode.LIVE while __execution_enabled__ is False.
  • discover.pyLiveReadOnlyDiscoverer (injected read-only SELECT callable), LiveDryRunDiscoverer.from_live(...) (seeds the in-memory simulator from live read-only facts), InMemoryDiscoverer.
  • run_context.py, state_store.py, kb_reporter.py (DryRunReporter — writes locally, "never hits the network"), approval.py (validate_sovereign_approval — local structural validation), enums.py, errors.py, gates.py, policy.py, batch.py, phases/ (11 phase bodies).

Canonical live-dry-run recipe (from tests/test_orchestrator_o4_live_dryrun.py)

live       = LiveReadOnlyDiscoverer(select_callable)
discoverer = LiveDryRunDiscoverer.from_live(live, doc_prefix="ICX-CONST")
store      = StateStore(runs_dir)
kb         = DryRunReporter(runs_dir)
runner     = OrchestratorRunner(store=store, kb=kb, discoverer=discoverer)
runner.cut(document_id=..., mode=Mode.DRYRUN)      # -> pause SG_1
runner.resume(run_id, approval_kb_id=sg1)          # -> pause SG_2
runner.resume(run_id, approval_kb_id=sg2)          # -> CLOSEOUT_REPORTED

The only production-specific piece is select_callable — a Callable[[str, Mapping], Sequence[Mapping]] issuing read-only SELECTs.

Decision (G1)

No architecture redesign. No modification of the deployed v0.6 artifact. A thin sidecar runner is authored at /opt/incomex/dot/iu-cutter-v0.6-o7-sidecar/o7_live_dryrun_runner.py that supplies a real read-only select_callable (psycopg2) and runs the recipe above. The sidecar keeps the deployed artifact byte-identical (manifest sha256 stays valid) and is trivially removable. See report 05.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.6-o7-postdeploy-live-dryrun-contabo/02-code-cli-runner-survey.md