O9 Report 06 — First-run command package (G6)

• macro: v0.6-o9-first-automated-production-run-readiness
• date_utc: 2026-05-21 · host: Contabo vmi3080463
• gate covered: G6 — exact runnable first-run command package
• result: G6 PASS — package complete. Execute ONLY after the Report 05 / §0 preconditions are all satisfied.

0. Preconditions — ALL must be TRUE before step 1

PRE-1  explicit valid SG_1 sovereign approval exists           — OPEN (Report 05)
PRE-2  sovereign authorises the execution_enabled flip (GAP7)  — OPEN (Report 05)
PRE-3  F4 BACKUP_GPG_FPR provisioned + public key imported     — OPEN (Report 02 §4)
PRE-4  GAP8 target intaken + Mode.DRYRUN green                 — OPEN (Report 04 §3/§4)
PRE-5  O9 grant package applied (2 SELECTs to cutter_exec)     — packaged (Report 03 §4)
PRE-6  deployed tree == fdcf580 (88/88 sha256)                 — PASS (Report 01)
PRE-7  full suite 471/471 green on the deployed tree           — PASS (Report 01)
PRE-8  execution_enabled() == False at rest                    — PASS (Report 01)

If any of PRE-1..PRE-4 is OPEN → do not proceed; this remains an approval-ready package only.

1. Environment

set -a; . /opt/incomex/docker/.env; set +a      # DOT_CUTTER_* + BACKUP_GPG_FPR
cd /opt/incomex/dot/iu-cutter-v0.6
# also update the stale config drift (Report 01 §1.1):
#   orchestrator.config.json deployed_source_commit -> fdcf580351b943dc67807ed7337a14fe7e4fc540

2. Grant precheck + apply (as workflow_admin)

-- precheck (Report 03 §4), then:
GRANT SELECT ON cutter_governance.verify_result              TO cutter_exec;
GRANT SELECT ON cutter_governance.cut_change_set_affected_row TO cutter_exec;
-- post-verify both has_table_privilege(...,'SELECT') = true.

3. Fresh backup readiness check

python3 /var/lib/cutter/backup_runner.py --selftest     # expect: SELFTEST: PASS
# (the real encrypted dump runs inside Phase 4 of the orchestrator — step 5)

4. execution_enabled — scoped, single-run enable (sovereign act)

what:   edit cutter_agent/orchestrator/__init__.py:36
        __execution_enabled__ = False   ->   True
who:    the sovereign, as the GAP7 act — NOT any macro/agent
scope:  SINGLE-RUN. Flip True immediately before step 5; flip back to False
        immediately after step 7/8 (success OR failure). NEVER leave True at rest.
guard:  execution_enabled() is evaluated at call time + the adapter re-checks
        (_assert_live_allowed) — defence in depth.

5. Orchestrator invocation — Mode.LIVE, SG_1 cut

The orchestrator phase order and the SG_1 pause point:

source_pin -> mark -> cutplan -> pre_write_backup -> grant_probe
   |== cut(mode=LIVE) runs these 5, then PAUSES ==|
   --> AWAITING_CUT_AUTHORIZATION  (SG_1)  ... exit 0, prints run_id
resume(run_id, approval=SG_1) --> cut_leg_a -> structural_verify
   -> leg_b_record -> write_verify --> PAUSES at AWAITING_LIFECYCLE_AUTHORIZATION (SG_2)

# first_run.py — staged by the operator; reads orchestrator.config.json for paths.
import sys; sys.path.insert(0, "/opt/incomex/dot/iu-cutter-v0.6")
sys.path.insert(0, "/var/lib/cutter")
import psycopg2
from backup_runner import backup_runner
from cutter_agent.orchestrator.enums import Mode
from cutter_agent.orchestrator.runner import OrchestratorRunner
from cutter_agent.orchestrator.state_store import StateStore
from cutter_agent.orchestrator.kb_reporter import KBReporter          # production reporter
from cutter_agent.orchestrator.live_execution import (
    ProductionLiveExecutionAdapter, Psycopg2ConnectionShim)
from cutter_agent.orchestrator.governance_writers import (
    make_governance_writer, make_verify_writer)

def connection_provider(role):                 # role -> cutter_exec / cutter_verify kwargs
    import os
    user = os.environ["DOT_CUTTER_EXEC_DB_USER"] if role == "cutter_exec" \
        else os.environ["DOT_CUTTER_VERIFY_DB_USER"]
    pwd  = os.environ["DOT_CUTTER_EXEC_DB_PASSWORD"] if role == "cutter_exec" \
        else os.environ["DOT_CUTTER_VERIFY_DB_PASSWORD"]
    return Psycopg2ConnectionShim(psycopg2.connect(
        host=os.environ["DOT_CUTTER_DB_HOST"], port=os.environ["DOT_CUTTER_DB_PORT"],
        dbname=os.environ["DOT_CUTTER_DB_NAME"], user=user, password=pwd,
        sslmode=os.environ["DOT_CUTTER_DB_SSLMODE"]))

adapter = ProductionLiveExecutionAdapter(
    connection_provider=connection_provider,
    backup_runner=backup_runner,
    governance_writer=make_governance_writer(),
    verify_writer=make_verify_writer())

runner = OrchestratorRunner(
    store=StateStore(sidecar_root="/var/lib/cutter/runs"),
    kb=KBReporter(...),                         # endpoint from orchestrator.config.json
    discoverer=<LIVE discoverer for the GAP8 target>,
    db_provider=adapter)

r1 = runner.cut(document_id="<o9-firstrun-target>", mode=Mode.LIVE,
                actor="sovereign@incomex")
print("PAUSED:", r1.final_state, "run_id:", r1.run_id)   # AWAITING_CUT_AUTHORIZATION

Then the sovereign authors the SG_1 approval doc (using the printed run_id):

gate: SG_1_cut_authz
run_id: <r1.run_id>
signed_utc: <fresh ISO-8601 UTC, within 24h>
allowance: explicit

r2 = runner.resume(run_id=r1.run_id,
                   approval_kb_id="/var/lib/cutter/approvals/sg1-<run_id>.md")
print("AFTER SG_1:", r2.final_state)            # AWAITING_LIFECYCLE_AUTHORIZATION
# SG_1-ONLY first run: STOP HERE. Do NOT mint SG_2. New IUs remain 'draft'.

6. Expected outputs (SG_1 cut, target = N units)

public.information_unit:  +N rows, lifecycle_status='draft'
public.unit_version:      +N rows
public.iu_lifecycle_log:  +0   (no enactment under SG_1-only)
cutter_governance:        +1 cut_change_set, +1 manifest_envelope,
                          +1 review_decision, +1 verify_result, + signature rows
backup:                   /var/lib/cutter/backups/<run_id>.sql.gpg  (encrypted)
sidecar:                  /var/lib/cutter/runs/<run_id>/{state.json,kb/}

7. Verification queries (after resume)

SELECT count(*) FROM public.information_unit;     -- = 158 + N
SELECT count(*) FROM public.information_unit WHERE lifecycle_status='draft';  -- = 98 + N
SELECT count(*) FROM public.iu_lifecycle_log;     -- = 60  (UNCHANGED — no enact)
SELECT count(*) FROM cutter_governance.cut_change_set;   -- = 3
SELECT count(*) FROM cutter_governance.verify_result;    -- = 3
-- every new IU lifecycle_status='draft'; ICX-CONST 60 enacted UNCHANGED.

8. Compensation / revert readiness

GAP6 planner:   cutter_agent/orchestrator/compensation.py — non-mutating plan;
                soft-revert is the default (hard_delete_default=False).
before-run:     pre_run_snapshot_queries() -> /var/lib/cutter/rollback/<run_id>/pre.json
on failure:     adapter ROLLBACK; flip execution_enabled False; HOLD; route to GPT.
catastrophic:   gpg --decrypt /var/lib/cutter/backups/<run_id>.sql.gpg (Report 02 §1).

9. Disable command (MANDATORY post-run, success or failure)

edit cutter_agent/orchestrator/__init__.py:36  ->  __execution_enabled__ = False
verify: python3 -c "from cutter_agent.orchestrator import execution_enabled; \
        assert execution_enabled() is False"

10. STOP conditions (abort, re-arm kill-switch, escalate)

- any fn_iu_create returns status != 'created'        -> adapter ROLLBACK, STOP
- backup_runner returns an incomplete envelope        -> StopInvariantFailed, STOP
- a cutplan row lacks body/title/unit_kind/section_type -> fail fast pre-connect
- grant_probe reports any matrix deviation            -> StopGrantDelta, STOP
- governance/verify writer returns incomplete ids     -> ROLLBACK, STOP
- row counts drift from pre.json unexpectedly         -> STOP, snapshot, escalate
- ANY unhandled error  -> flip execution_enabled False, HOLD, route to GPT

11. Verdict

command_package: COMPLETE — env, grants, backup, scoped enable, invocation,
                 expected outputs, verification, compensation, disable, STOP
runnable_when:   PRE-1..PRE-4 closed (approval + killswitch + F4 key + GAP8 target)
g6:              PASS