KB-66A1

O8C real-DB rollback-only proof readiness (Contabo) — 07-next-command-package

4 min read Revision 1

dieu44iu-cutterv0.6o8creal-db-rollback-proofmilestone-ratifylive-execution-wiringcontabo

O8C Report 07 — Next command package (G6)

macro: v0.6-o8c-real-db-rollback-proof-readiness
date_utc: 2026-05-21 · host: vmi3080463 (Contabo)
gate covered: G6 next command package

Two packages. §A runs on the developer Mac (source commit + artifact); §B runs on the Contabo VPS (runtime provisioning). No production run is performed or authorised here.

§A — MAC command package: O8C milestone / version ratify

Host: developer Mac — /Users/nmhuyen/iu-cutter-build/repo/iu-cutter, branch main at 703559c (the O8B-deployed commit). Required because __version__/__milestone__ are source constants the test suite pins (Report 02); the VPS is not the SSOT.

Edit cutter_agent/orchestrator/__init__.py:

__version__   = "0.6.0-O8B-live-execution-wiring"   # keeps 0.6.0 prefix
__milestone__ = "O8B"                               # deployed state of record
__live_wiring__ = "O8B-deployed-703559c"            # or drop the marker
__execution_enabled__ = False                       # UNCHANGED — stays False

Relax the 3 milestone-pinning test assertions so future bumps need no test edits (make them milestone-agnostic):
- tests/test_orchestrator_o4_live_dryrun.py:177 assertEqual(__milestone__,"O4") → assert it is a non-empty str (or assertIn(__milestone__, KNOWN_MILESTONES)).
- tests/test_orchestrator_o1_state_machine.py:22 widen the set to include "O7","O8","O8A","O8B" (or drop the set check, keep the __version__.startswith("0.6.0") check at line 30).
- tests/test_orchestrator_o2_e2e.py:30 widen {"O2","O3","O4"} likewise.
Test: python3 -m unittest discover -s tests → expect 394/394.
Commit on main (parent 703559c): chore(orchestrator/O8C): ratify milestone O8B + milestone-agnostic test pins.
Artifact: git archive HEAD → iu-cutter-v0.6-<short>.tar.gz + regenerated DEPLOY-MANIFEST with per-file sha256 (exclude .git/.env/secrets/caches; expect 82 files).
Deploy to Contabo (O8B method): sha-verify transfer; timestamped backup of iu-cutter-v0.6; side-by-side promote; kill-switch stays OFF; no service restart. Post-deploy: 394/394 on the promoted tree.

This is a small change — per the O8B ruling's scope-sizing note, the Mac operator should bundle it with the F2/F3 source work below into one larger macro rather than running it alone.

§B — VPS command package: GAP5 runtime provisioning (NOT a production run)

Host: Contabo VPS. Deliberately not executed in O8C (out of the rollback-proof scope). Runtime only — touches no source, no DB, no service.

# orchestrator runtime directories
install -d -o root -g root -m 0750 /var/lib/cutter/runs
install -d -o root -g root -m 0750 /var/lib/cutter/state
install -d -o root -g root -m 0750 /var/lib/cutter/backups
# orchestrator run config — author from credentials.example.json shape;
# DB wiring already exists as DOT_CUTTER_* in /opt/incomex/docker/.env.

No systemd / cron / docker service is installed or started.

§C — remaining blockers before the first orchestrator-managed run

F2:   cutplan content-enrichment (body/title/unit_kind/section_type/owner_ref)  — Mac
F3:   production governance_writer + verify_writer off the N=60 pin             — Mac
F4:   provision BACKUP_GPG_FPR + backup_runner                                 — VPS+config
GAP5: /var/lib/cutter dirs + orchestrator config  (§B)                         — VPS
GAP6: per-cut revert / compensation path                                       — Mac
GAP7: sovereign SG_1 / SG_2 ruling — the single-run kill-switch flip            — sovereign
GAP8: select/author a safe low-stakes target document + cutplan                — content

The first production run stays BLOCKED until F2/F3/F4 + GAP5/6/8 are closed and GAP7 is ruled. O8C performs no production run and authorises none.