Trigger Guard v2 + Đ26 Complete — Report

Date: 2026-04-05 | Status: DEPLOYED + 4/4 TESTS PASS

---

Architecture: 2 Tầng Bảo Vệ

Tầng 1: PG Event Trigger (real-time)
  evt_trigger_guard_ddl   → log CREATE/ALTER TRIGGER
  evt_trigger_guard_drop  → log DROP TRIGGER
  Trên CẢ 2 DB: directus + incomex_metadata

Tầng 2: DOT-316 Cron (enforcement, daily 3:15AM)
  1. Self-check: event triggers còn sống?
  2. Expired exceptions: auto-enable + xóa exception
  3. Unauthorized disable: auto-enable + alert

Exceptions Pattern (NT-11)

trigger_guard_exceptions CHỈ lưu trigger CỐ Ý TẮT.

• 0 rows = mọi trigger phải ON (PG default, không cần khai)
• Muốn tạm tắt → INSERT exception + reason + thời hạn → rồi mới DISABLE
• Hết hạn → DOT tự enable + xóa exception

DB	Exceptions	Lý do
directus	27	trg_count_* (performance, cron refresh thay thế)
incomex_metadata	0	Tất cả trigger phải ON

Test Results

Test	Scenario	Result
1	DISABLE without exception → DOT auto-enables	PASS
2	INSERT exception → DISABLE → DOT respects	PASS
3	Exception expired → DOT auto-enables + removes	PASS
4	DROP event trigger → self-check warns	PASS

Đ26 Completion

Check	Status
pivot_count()	35 pivots, all working
pivot_results refresh	Cron */10 min OK
trg_auto_sync_registry_counts	ENABLED (S166)
dot-pivot-health	6/8 PASS, 2 WARN (data quality)
Nuxt /knowledge/pivot	200 OK, data matches PG
Trigger guard	Protects all 325 triggers

Remaining TDs (data quality, not functional)

• H4: 126 meta_catalog entries without dedicated pivot
• H6: 4 duplicate pivot definitions

PG Objects Created

Object	DB	Type
trigger_guard_exceptions	both	TABLE
trigger_guard_alerts	both	TABLE (kept from v1)
fn_evt_trigger_guard()	both	EVENT TRIGGER FUNCTION
fn_evt_trigger_guard_drop()	both	EVENT TRIGGER FUNCTION
evt_trigger_guard_ddl	both	EVENT TRIGGER
evt_trigger_guard_drop	both	EVENT TRIGGER

Compliance

[x] CP-01~14 ALL PASS [x] CQ-1~6 ALL PASS [x] NT-01~13 ALL PASS — NT-11 exceptions-only pattern

---

VPS git: dbbef66 | DOT-316 v2 | 325 triggers protected | Đ26 functional 100%