O8C Report 06 — Gap closure / sharpening matrix (G5)

• macro: v0.6-o8c-real-db-rollback-proof-readiness
• date_utc: 2026-05-21 · host: vmi3080463 (Contabo)
• gate covered: G5 gap closure / sharpening

Status legend: CLOSED / PARTIAL / OPEN — each carries an exact next action.

F1 — real-DB integration proof of ProductionLiveExecutionAdapter

status: PARTIAL  (substantially advanced by O8C)
done:   - connection_provider seam proven to reach the live directus DB
          as the genuine cutter_exec / cutter_verify roles (PROOF-4)
        - adapter's exact cut_leg_a SQL contract (fn_iu_create) executed
          real-DB rollback-only, status='created', 158->159->ROLLBACK (PROOF-5)
        - adapter's verify-path SQL valid on the real schema (PROOF-6)
        - kill-switch gates all 6 methods even with a real DB wired (PROOF-2)
residue: - the adapter METHOD BODIES (cut_leg_a / lifecycle_enact / leg_b_record
           / write_verify) executing end-to-end vs. the live DB — blocked by the
           kill-switch (its first line); needs the GAP-7 sovereign flip
         - host has psycopg2 only; the adapter expects psycopg v3
           (conn.execute) — a Pg3 shim or a psycopg3 install is required in
           the production connection_provider
next_action: at the first sovereign-gated run (post-GAP-7), exercise the full
             method bodies in a rollback-only transaction first; ship psycopg3
             (or the Pg3 shim) in the production connection_provider.

F2 — cutplan body/title (content) enrichment

status: OPEN  (sharpened by O8C)
finding: O8C exercised the live fn_iu_create and pinned its exact input
         contract — to return status='created' a cutplan row must supply:
           canonical_address (non-empty, unique),
           title (non-empty), body (non-null), actor (non-empty),
           unit_kind  -> must resolve via vocab.unit_kind.*   ('law_unit' OK),
           section_type -> must be an EXPLICIT vocab value (vocab.section_type.*)
             — it lands in identity_profile.primary_section_type_ref; NULL is
             rejected with "section_type: Multiple, choose: …",
           publication_type -> must resolve 'explicit' (adapter hardcodes 'law' — OK).
next_action: the orchestrator cutplan phase must emit content-enriched rows
             carrying body + title + unit_kind + an explicit vocab section_type
             + owner_ref; extend cut_leg_a's pre-flight guard (currently
             body/title only) to section_type/unit_kind, or pin the cutplan
             row contract. Non-mutating phase — Mac source work.

F3 — generalise LegB / Verify recorder off the N=60 Constitution pin

status: OPEN  (sharpened)
finding: leg_b_record / write_verify ship the txn-owning SEAM; the default
         governance_writer / verify_writer REFUSE (proven still gated, PROOF-2).
         The concrete writers wrap the Constitution-N=60-pinned v0.5
         LegBRecorder / VerifyRecorder.
next_action: author production governance_writer + verify_writer that wrap
             LegBRecorder / VerifyRecorder generalised off the N=60 pin; then
             real-DB rollback-only-prove them the way O8C proved fn_iu_create.
             Mac source work.

F4 — GPG key backup (BACKUP_GPG_FPR)

status: OPEN
finding: no BACKUP_GPG_FPR (or any *GPG* key) in /opt/incomex/docker/.env;
         `gpg --list-keys` on the host returns no keys. pre_write_backup's
         default backup_runner therefore correctly REFUSES.
next_action: provision a dedicated backup GPG keypair, publish BACKUP_GPG_FPR,
             inject a backup_runner doing the narrow pg_dump + gpg --encrypt;
             rollback-only-prove pre_write_backup. VPS provisioning + config.

GAP5 — orchestrator config + /var/lib/cutter directories

status: OPEN
finding: /var/lib/cutter does NOT exist; /opt/incomex/dot/config has only
         credentials.example.json + environment.sh — no orchestrator config.
next_action: VPS runtime command package (Report 07 §B) — create
             /var/lib/cutter/{runs,state,backups} with correct ownership +
             author the orchestrator run config. Runtime only — NOT source.
             (Deliberately NOT executed in O8C — out of rollback-proof scope.)

GAP6 — per-cut revert / compensation

status: OPEN
finding: each adapter method owns ONE atomic txn (intra-phase failure =>
         ROLLBACK, proven). Cross-phase compensation — reverting an
         already-committed cut/enact — is unaddressed.
next_action: design + author a per-cut revert/compensation path (a tested
             inverse of cut_leg_a / lifecycle_enact) before the first run.

GAP7 — sovereign SG_1 / SG_2 approval

status: OPEN  (intentionally — O8C must not flip the kill-switch)
finding: the kill-switch flip for the first production run is gated on a
         sovereign SG_1 / SG_2 ruling. O8C kept execution_enabled=False.
next_action: author the sovereign SG_1 / SG_2 approval docs (single-run-scoped
             kill-switch flip, per O8 Report 04 toggle design). This gate also
             unblocks the F1 residue.

GAP8 — safe target document

status: OPEN
finding: no harmless target document has been selected for the first
         orchestrator-managed production run.
next_action: select/author a low-stakes target document + its cutplan;
             dry-run it; pair it with GAP7 for the first authorised run.

Roll-up

Item	Status	Blocking the first production run?
F1	PARTIAL	yes — needs GAP7 flip for the residue
F2	OPEN (sharpened)	yes — cutplan content contract
F3	OPEN (sharpened)	yes — leg_b / verify writers
F4	OPEN	yes — backup is mandatory pre-write
GAP5	OPEN	yes — runtime dirs/config
GAP6	OPEN	recommended before run
GAP7	OPEN	yes — the authorising gate
GAP8	OPEN	yes — needs a target

O8C closed the deployed-state ratification and the real-DB rollback-only integration proof (the hardest part of F1). The first orchestrator-managed production run remains blocked on F2/F3/F4 + GAP5/6/7/8 — each now has an exact next action.