O8E pre-production hardening (Contabo) — 01-precheck-live-o8d-baseline
O8E Report 01 — Precheck-live & O8D baseline verification (G0 + G1)
- macro:
v0.6-o8e-pre-production-hardening-bundle - date_utc: 2026-05-21 · host: Contabo
vmi3080463· Python 3.12.3 - gates covered: G0 precheck-live + G1 O8D baseline verification
- result: G0 PASS · G1 PASS
1. G0 — PRECHECK-LIVE
| Check | Evidence | Verdict |
|---|---|---|
| Running on VPS/Contabo | hostname=vmi3080463, uname Ubuntu 6.8.0-90 |
PASS |
/opt/incomex/dot/iu-cutter-v0.6 exists |
dir present, 83 files, mtime 2026-05-21 08:27–08:29 | PASS |
Active tree == O8D cad989a |
DEPLOY-MANIFEST.txt → source_commit cad989a7…d04ee3, artifact_sha256 44cb586a…e5d8e; per-file sha256 verified 83/83, 0 mismatch, 0 missing, 0 extra |
PASS |
execution_enabled = False |
orchestrator/__init__.py:35 __execution_enabled__ = False; execution_enabled() → False |
PASS |
| v0.4 skeleton untouched | /opt/incomex/dot/iu-cutter owner 501:staff, mtime 2026-05-20 06:21 (pre-O8B); dot repo HEAD e93424b |
PASS |
| KB read works | directus DB knowledge_documents — 55 O8-series docs enumerated |
PASS |
| KB upload works | agent-data MCP https://vps.incomexsaigoncorp.vn/api/mcp-gpt-full tools/list → upload_document present |
PASS |
| No cutter service/daemon running | systemctl — no cutter units; ps aux — no cutter/orchestrator procs |
PASS |
The deployed tree is the O8D artifact cad989a, verified not by a git
object (the deployed tree carries no .git) but by the artifact manifest's
per-file sha256 — the sanctioned O8D evidence path. The pre-O8D tree is
retained at iu-cutter-v0.6.pre-o8d-20260521T062850Z (rollback anchor).
2. G1 — O8D BASELINE VERIFICATION
py_compile: compileall cutter_agent + cli.py — exit 0
import check: milestone=O8B version=0.6.0-O8B-live-execution-wiring
exec_enabled=False live_wiring=O8B-deployed-703559c
Psycopg2ConnectionShim + ProductionLiveExecutionAdapter import OK
full suite: python3 -m unittest discover -s tests → Ran 412 tests OK
targeted: discover -p 'test_orchestrator_o8*.py' → 46/46 OK
discover -p 'test_orchestrator_o3*/o4*' → 4/4 OK
Targeted note: invoking the targeted modules by explicit dotted name
(tests.test_orchestrator_o8d_patch) raises one ModuleNotFoundError
(_orchestrator_o2_harness) — a sys.path artifact of explicit naming, not
a code defect: under unittest discover the tests/ dir is on the path and
the harness import resolves (full suite 412/412 OK).
Kill-switch refusal proof (Mode.LIVE / Mode.DRYRUN)
refuse_if_killswitch_off(ctx{mode=LIVE}, 'cut_leg_a') → ProductionExecutionNotAuthorized PASS
refuse_if_killswitch_off(ctx{mode=DRYRUN},'cut_leg_a') → no-op (no exception) PASS
execution_enabled() before = False · after = False
tests/test_orchestrator_o8a_live_wiring.py independently proves
test_all_five_phases_refuse_and_do_not_touch_adapter,
test_live_phase_without_adapter_fails_closed,
test_cut_leg_a_dryrun_uses_simulator — Mode.LIVE routes to the adapter or
fails closed; the simulator is never reachable from Mode.LIVE.
Production row counts — unchanged from O8D
| Table | O8D baseline | O8E precheck |
|---|---|---|
| public.information_unit | 158 | 158 |
| public.unit_version | 165 | 165 |
| public.iu_lifecycle_log | 60 | 60 |
Independently read out-of-band via the read-only query_pg MCP — identical
to the O8D Report 08 baseline. No persistent production mutation since O8D.
3. Verdict
g0_precheck_live: PASS
g1_o8d_baseline: PASS
deployed_artifact: cad989a (83/83 sha256 verified)
milestone / version: O8B / 0.6.0-O8B-live-execution-wiring
execution_enabled: False (before and after)
full_test_suite: 412 / 412 OK
row_counts: 158 / 165 / 60 — unchanged from O8D
v0.4_skeleton: untouched
simulator_fallback: impossible from Mode.LIVE (proven)