O8 production-run readiness & command package (Contabo) — 02-production-prerequisite-survey
O8 Report 02 — Production prerequisite survey
- macro:
v0.6-o8-production-run-readiness-command-package - date_utc: 2026-05-21 · host:
vmi3080463(Contabo) - gate covered: G2 production prerequisite survey (no mutation)
The O5 release planning fixed the O8 entry conditions as GAP-3..8 all
CLOSED (KB v0.6-o5-release-live-production-planning/04 §4). This
report re-surveys each, live, plus the GAP-9 discovered in Report 01.
1. Roles / principals
| Role | Present | Notes |
|---|---|---|
context_pack_readonly |
✅ | read-only discovery role; proven in O3/O4/O7 |
cutter_exec |
✅ | canonical IU writer (fn_iu_create/fn_iu_enact) |
cutter_verify |
✅ | verifier lane (verify_result) |
cutter_ro |
✅ | non-login guard principal |
cutter_governance schema fully provisioned (review_decision,
verify_result, cut_change_set, manifest_envelope, dot_pair_signature,
registries). DB substrate is ready.
2. Secrets / config (names only — no values read or logged)
| Item | Status |
|---|---|
/opt/incomex/secrets/.env.production |
present (640 root:incomex) — RO role creds |
/opt/incomex/docker/.env |
present (600 root:root) — AGENT_DATA_API_KEY |
DOT_CUTTER_EXEC/VERIFY_DB_* |
present per O5 doc 02 (executor/verifier DSN parts) |
BACKUP_GPG_FPR / GPG public key |
MISSING — gpg --list-keys empty keyring |
orchestrator.* config keys |
ABSENT — /opt/incomex/dot/config/ has none |
/var/lib/cutter/{runs,batches,locks} |
ABSENT — directories do not exist |
3. Backup / restore tooling
pg_dump 16.13, pg_restore, gpg 2.4.4, psql all present on PATH.
A pg-restore-test-* postgres:16 container exists (restore-test
precedent). But the GPG keyring holds no key, so the
pre_write_backup phase's GPG-encrypted narrow dump cannot be produced
— and the phase has no live body anyway (GAP-9).
4. Governance recording / review_decision path
cutter_governance.review_decision currently holds 3 rows (v0.5
Constitution cycle). The DQ_4 question — which principal writes
review_decision + leg-B records (cutter_exec vs a directus SECDEF
probe) — is not pinned. Roles exist; the doctrine decision is open.
5. Rollback / disable mechanism
Kill-switch (__execution_enabled__=False) is the primary disable and
is ON-by-safety. cutter orchestrate void does not exist (no
orchestrate CLI). sql/lifecycle/rollback_runbook.sql is present in
the v0.6 tree but is a lifecycle-DDL teardown runbook that
explicitly REFUSES post-Phase-7 state — it is not a per-document
cut-revert. See Report 05.
6. GAP status table (re-surveyed live)
| GAP | Definition | O8 status |
|---|---|---|
| GAP-1 | v0.6 code on Contabo | ✅ CLOSED (O6B) |
| GAP-2 | v0.6 deploy path | ✅ CLOSED (O6B) |
| GAP-3 | BACKUP_GPG_FPR provisioned |
❌ OPEN — empty GPG keyring |
| GAP-4 | governance principal pinned (DQ_4) | ⚠️ PARTIAL — roles present, principal unpinned |
| GAP-5 | orchestrator.* config + /var/lib/cutter/* |
❌ OPEN — none provisioned |
| GAP-6 | rollback runbook deployed + revert dry-run-tested | ❌ OPEN — see Report 05 |
| GAP-7 | GPT ruling authorizing the execution flip | ❌ OPEN — see Report 07 |
| GAP-8 | harmless target document selected | ❌ OPEN/BLOCKED — see Report 03 |
| GAP-9 | live-execution wiring for the 5 mutating phases | ❌ OPEN — decisive; not in O5's list |
G2 = SURVEYED. DB substrate ready; code substrate, secrets/config, backup, rollback, approval and target are not ready. O8 entry conditions are not met.