O8A live-execution wiring authoring (Contabo) — 01-precheck-live-code-survey
O8A Report 01 — Precheck (live) & code survey
- macro:
v0.6-o8a-live-execution-wiring-authoring - date_utc: 2026-05-21 · host:
vmi3080463(Contabo · 38.242.240.89) - gate covered: G0 PRECHECK-LIVE + CODE SURVEY
1. Live precheck
| Check | Result |
|---|---|
| Running on Contabo | PASS — hostname=vmi3080463, root |
| v0.6 deployed tree present | PASS — /opt/incomex/dot/iu-cutter-v0.6 (HEAD 6625f76) |
__version__ / __milestone__ |
0.6.0-O4-live-dryrun-orchestration / O4 |
execution_enabled |
PASS — False (kill-switch OFF) |
| v0.4 skeleton intact | PASS — /opt/incomex/dot/iu-cutter untouched |
| O8 ruling readable in KB | PASS — reviews/dot-iu-cutter-v0.6-o8-blocked-live-write-gap-gpt-ruling-2026-05-21.md |
| Production mutation intended | NONE — authoring + sandbox-proof macro only |
2. Code survey — the five mutating phases
Inspected cutter_agent/orchestrator/phases/{pre_write_backup→backup, cut_leg_a, leg_b_record, write_verify, lifecycle_enact}.py in the
deployed tree. Confirmed the O8 GAP-9 finding exactly:
gap_9_confirmed: true
finding: >
Each mutating phase has ONLY a Mode.DRYRUN path. After the kill-switch
guard the body unconditionally calls discoverer.simulate_*(). There is
no Mode.LIVE write branch and no live-write adapter/discoverer. The
Discoverer protocol is read-only; LiveDryRunDiscoverer is documented
"simulator-only phase bodies ... no production write path is reachable".
risk: >
Flipping __execution_enabled__ to True would let a Mode.LIVE run fall
THROUGH the kill-switch guard into the simulator — a live-labelled run
that mutates nothing (structural false-PASS hazard).
Phase-by-phase (deployed tree, pre-O8A):
| Phase | Mode.LIVE branch? | What it called |
|---|---|---|
| pre_write_backup | none | deterministic sha simulator |
| cut_leg_a | none | discoverer.simulate_iu_creates |
| leg_b_record | none | deterministic UUID + _record_manifest_envelope |
| write_verify | none | discoverer.verify_result_count_for + deterministic UUID |
| lifecycle_enact | none | discoverer.simulate_fn_iu_enact |
The kill-switch was a value-import (from .. import __execution_enabled__) — captured once at import time, so it could not
be re-evaluated for a sandbox proof.
3. Authoring workspace
To keep the O7-certified deployed artifact byte-identical and verifiable, O8A authors in an isolated side-by-side copy:
/opt/incomex/dot/iu-cutter-v0.6-o8a-staging/ (cp -a of the v0.6 tree)
Rollback of the whole macro: rm -rf /opt/incomex/dot/iu-cutter-v0.6-o8a-staging.
The deployed iu-cutter-v0.6 and the iu-cutter v0.4 skeleton are NOT
touched (proven in Report 07).
G0 = PASS. O8 GAP-9 reproduced precisely; isolated workspace ready.