Incomex AI Portal
KB-2E32

GPT Actions / Agent Data recurrence investigation — 2026-05-13

6 min read Revision 1
reportgpt-actionsagent-datanginxopsclientresponseerror2026-05-13

GPT Actions / Agent Data recurrence investigation — 2026-05-13

Metadata

  • Agent: Codex
  • Timezone: Asia/Ho_Chi_Minh
  • Mission: kiểm tra lỗi GPT Actions/AgentData tái phát sau một thời gian sử dụng.
  • Status: DONE

Files / luật đã đọc

  • .claude/skills/incomex-rules.md
  • Agent Data search_knowledge("operating rules SSOT"): knowledge/dev/ssot/operating-rules.md v7.58, knowledge/dev/ssot/vps/vps-operating-rules.md v1.0
  • Agent Data search_knowledge("hiến pháp v4.0 constitution"): knowledge/dev/laws/constitution.md hiện hành v4.6.3; không viện dẫn v3.9/DFL v1.1
  • Agent Data luật liên quan mission: reports lịch sử GPT Action/Agent Data 2026-04-03, 2026-04-11, 2026-05-12

3 câu Tuyên ngôn

  • Vĩnh viễn: điều tra phải phân biệt rõ lỗi nằm ở GPT Actions runtime, nginx/proxy, backend, hay key/header; fix đề xuất phải có evidence log và không chỉ reset action thủ công.
  • Nhầm được không: chỉ ghi presence X-API-Key=true/false, không ghi secret; đối chiếu access/error logs và health endpoints để tránh đoán.
  • 100% tự động: nếu root cause là cache/schema/runtime ngoài VPS thì đề xuất guard/monitor hoặc alias schema để lần sau hệ thống tự phát hiện thay vì chờ người dùng báo.

Kết luận chính

  • Có một request ChatGPT/OpenAI tới VPS at 2026-05-13 07:49:14 UTC: GET /api/documents/..., status 200.
  • Trong live tail window 2026-05-13 14:59–15:03 Asia/Ho_Chi_Minh, không thấy GPT/OpenAI request nào tới các action đang báo lỗi: /api/health, /api/kb/list, /api/chat, /items/tasks/OPS.
  • Production smoke trực tiếp: /api/health=200, /api/kb/list với key 200, không key 401; /api/chat với key và body đúng 200, body sai 422, không key 401; OPS tasks với key 200, không key 403.
  • Evidence hiện tại nghiêng về lỗi ở GPT Actions runtime/OpenAI connector/schema cache trước khi request tới VPS, không phải VPS/nginx/backend.

Evidence rút gọn

VPS/container state

2026-05-13 09:57:18 CEST +0200
vmi3080463
NAMES                STATUS                  PORTS
incomex-agent-data   Up 28 hours (healthy)   8080/tcp
incomex-nuxt         Up 18 hours (healthy)   8080/tcp
incomex-nginx        Up 12 days              0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:443->443/tcp, [::]:443->443/tcp
incomex-directus     Up 4 days (healthy)     8055/tcp
incomex-qdrant       Up 8 weeks (healthy)    6333-6334/tcp

Real ChatGPT traffic found

52.231.39.203 - - [13/May/2026:07:49:14 +0000] "GET /api/documents/knowledge/dev/laws/dieu44-trien-khai/reports/p3d-birth-system-b3f1c-f-dot-dot-health-hardcode-autoscale-audit-report.md?full=true&search=true&top_k=5 HTTP/1.1" 200 15095 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot" "-"

Live tail window observation

No ChatGPT-User, OpenAI, or other GPT user-agent entries appeared for /api/health, /api/kb/list, /api/chat, /ops/items/tasks, or ops.incomexsaigoncorp.vn/items/tasks during the monitored window.

Production smoke outputs

--- health no-key
status=200 time_total=1.277463 bytes=533
{"status":"healthy","version":"0.1.0",...}

--- kb-list key-present
status=200 time_total=2.150954 bytes=288
{"items":[...],"count":2862,"returned_count":1,...}

--- kb-list no-key
status=401 time_total=0.113517 bytes=179
<html>...401 Authorization Required...</html>

--- chat key-present with wrong schema field `limit`
status=422 time_total=0.070765 bytes=111
{"detail":[{"type":"extra_forbidden","loc":["body","limit"],"msg":"Extra inputs are not permitted","input":1}]}

--- chat no-key
status=401 time_total=0.058443 bytes=179
<html>...401 Authorization Required...</html>

--- chat key-present with correct schema field `top_k`
status=200 time_total=1.002810 bytes=1425
{"response":"MOKE_PROMPT_REVIEW ...","session_id":"45aeaa54-d806-47f5-a616-8f5efded2fec",...}

--- ops tasks key-present
status=200 time_total=0.191737 bytes=1423
{"data":[...]}

--- ops tasks no-key
status=403 time_total=0.066746 bytes=153
<html>...403 Forbidden...</html>

Header/key evidence

Current nginx access log does not log host, request_time, or key presence. It only logs remote IP, timestamp, request, status, bytes, referer, user-agent, x-forwarded-for. Header presence was therefore verified by controlled status-gate smoke tests only; no key value was logged.

Proposed fixes

  1. Re-import/save GPT Builder schemas: Agent Data https://vps.incomexsaigoncorp.vn/api/openapi.json; OPS current schema on https://ops.incomexsaigoncorp.vn.
  2. Ensure both actions use API Key header X-API-Key; Agent Data should not use Bearer/Authorization.
  3. Add nginx diagnostic access log for action endpoints only with host, request, status, request_time, upstream_response_time, user-agent, and x_api_key_present=true/false via map, never key value.
  4. Add synthetic reachability monitor for GPT action path; Uptime-Kuma proves server health but not GPT Actions runtime delivery.

OR / TD update

  • OR update: not changed. Reason: investigation only, no new operating rule safely confirmed beyond report evidence.
  • TD update: proposed task to add diagnostic nginx log format and GPT-action reachability monitor.

Final status

DONE for investigation. MERGE/deploy N/A because no production config was changed.