KB-7B01
O8D Mac patch / deploy / multi-gap proof — 09-gap-closure-matrix-next-packages
7 min read Revision 1
dieu44iu-cutterv0.6o8dgap-closure-matrixnext-command-packagesmulti-gap-proof
O8D Report 09 — Gap closure matrix & next command packages (G8)
- macro:
v0.6-o8d-mac-patch-deploy-multigap-proof - date_utc: 2026-05-21
- gate covered: G8 gap closure matrix + next packages
Status legend: CLOSED / PARTIAL / OPEN — each carries an exact next action.
F1 — full ProductionLiveExecutionAdapter end-to-end
status: PARTIAL (advanced by O8D)
o8d_did: - psycopg2->psycopg3 residue CLOSED — Psycopg2ConnectionShim
shipped + real-DB-proven (PROOF-3/PROOF-5): the adapter's exact
cut_leg_a SQL contract ran through the shim against the live DB.
residue: - the adapter METHOD BODIES (cut_leg_a/leg_b_record/write_verify/
lifecycle_enact) executing end-to-end as methods — still gated
by the kill-switch (their first line); needs the GAP7 flip.
next_package: at the first sovereign-gated run (post-GAP7), exercise the full
adapter method bodies in a rollback-only transaction first,
wiring connection_provider = lambda role:
Psycopg2ConnectionShim(psycopg2.connect(**cutter_<role>_kwargs)).
Mac: no further source work needed for the shim.
F2 — cutplan body/title content enrichment
status: PARTIAL (contract CLOSED by O8D; live-text residual)
o8d_did: - CutplanRow/MarkRow carry body/title/owner_ref/parent_ref;
- cutplan phase serialises them into the cutplan_rows pin;
- cut_leg_a guard extended to body/title/unit_kind/section_type;
- InMemoryDiscoverer + o2 harness produce content -> DRYRUN E2E;
- PROVEN real-DB: an F2-enriched CutplanRow drove fn_iu_create to
status='created' (Report 08 PROOF-4/PROOF-5).
residue: - the LIVE discoverer (LiveDryRunDiscoverer._shadow_mark_rows)
carries deterministic PLACEHOLDER body/title; sourcing the real
Constitution document text is not yet wired.
next_package: wire LiveReadOnlyDiscoverer/LiveDryRunDiscoverer to source the
actual unit body/title from the live information_unit / source
text (replace the O4-DRYRUN-SHADOW placeholder); then real-DB
rollback-only-prove a multi-row cut from genuine content. Mac
source work, localised to discover.py.
F3 — generalise LegB/Verify recorders off the N=60 pin
status: OPEN (sharpened — confirmed NOT localised)
finding: the N=60 pin lives in the v0.5-RATIFIED ledger_v2_canonical_cut.py /
ledger_v2_canonical_verify.py — PIN_CANDIDATE_COUNT=60,
EXPECTED_SECTION_TYPE={principle:15,section:3,article:42}, and the
hardcoded literal KEY NAME body_hash_match_60. Generalisation needs
an architecture ruling; O8D correctly did NOT patch it (G2 rule).
next_package: an F3-DESIGN macro — (1) parameterise the recorders off
PIN_CANDIDATE_COUNT (N becomes a per-run RunContext value),
(2) rename body_hash_match_60 -> body_hash_match_count,
(3) make EXPECTED_SECTION_TYPE a per-document expectation,
(4) keep the v0.5 Constitution-cut equivalence (writer_digest
d99a31d4…) as a frozen regression pin, (5) author production
governance_writer + verify_writer wrapping the generalised
recorders, (6) real-DB rollback-only-prove them. Needs sovereign
design ratification before code.
F4 — GPG key backup (BACKUP_GPG_FPR)
status: OPEN (unchanged — VPS provisioning, out of O8D source scope)
next_package: provision a dedicated backup GPG keypair on the VPS; publish
BACKUP_GPG_FPR in /opt/incomex/docker/.env; inject a backup_runner
doing the narrow pg_dump + gpg --encrypt; rollback-only-prove
pre_write_backup. VPS provisioning + config.
GAP5 — orchestrator config + /var/lib/cutter directories
status: OPEN (unchanged — VPS runtime; package ready since O8C Report 07 §B)
next_package (VERBATIM, VPS, runtime only — no source, no DB, no service):
install -d -o root -g root -m 0750 /var/lib/cutter/runs
install -d -o root -g root -m 0750 /var/lib/cutter/state
install -d -o root -g root -m 0750 /var/lib/cutter/backups
# author orchestrator run config from credentials.example.json shape;
# DB wiring already exists as DOT_CUTTER_* in /opt/incomex/docker/.env.
GAP6 — per-cut revert / compensation
status: OPEN (unchanged)
next_package: design + author a tested per-cut revert/compensation path —
the inverse of cut_leg_a / lifecycle_enact for an already-committed
cut/enact. Mac source work; recommended before the first run.
GAP7 — sovereign SG_1 / SG_2 approval
status: OPEN (intentionally — O8D must not flip the kill-switch)
next_package: author the sovereign SG_1 / SG_2 approval docs — the
single-run-scoped kill-switch flip (O8 Report 04 toggle design).
This gate also unblocks the F1 method-body residue.
GAP8 — safe target document
status: OPEN (unchanged)
next_package: select/author a low-stakes target document + its cutplan;
dry-run it; pair it with GAP7 for the first authorised run.
Roll-up
| Item | Pre-O8D | Post-O8D | Blocks first production run? |
|---|---|---|---|
| F1 | PARTIAL | PARTIAL (psycopg residue CLOSED) | yes — method bodies need GAP7 |
| F2 | OPEN | PARTIAL (contract CLOSED, real-DB-proven) | yes — live-text sourcing residual |
| F3 | OPEN | OPEN (sharpened — needs design ruling) | yes — leg_b/verify writers |
| F4 | OPEN | OPEN | yes — backup mandatory pre-write |
| GAP5 | OPEN | OPEN | yes — runtime dirs/config |
| GAP6 | OPEN | OPEN | recommended before run |
| GAP7 | OPEN | OPEN | yes — the authorising gate |
| GAP8 | OPEN | OPEN | yes — needs a target |
O8D advanced F1 (psycopg shim CLOSED) and F2 (content contract CLOSED & real-DB-proven; only live-text sourcing remains). F3 was triaged as non-localised and sharpened into an F3-DESIGN package. F4/GAP5/6/7/8 each carry an exact next package above.