KB-7647
VPS ↔ Macbook Audit — Bước 1: Điều tra
8 min read Revision 1
reportauditvpssyncs166-audit2026-04-05
VPS ↔ Macbook Audit — Bước 1: Backup + Điều tra
Session: S166-AUDIT | Date: 2026-04-05 | Status: ĐIỀU TRA XONG — chờ duyệt
0. BACKUP
| Repo | Branch | Status |
|---|---|---|
| web-test | backup/pre-sync-20260405 |
✅ Created |
| agent-data-test | backup/pre-sync-20260405 |
✅ Created |
Bảng 1 — Chỉ VPS có
/opt/incomex/scripts/ (11 files chỉ VPS)
| File | Dòng | Nội dung | Đề xuất vị trí macbook |
|---|---|---|---|
| apply-docker-log-config.sh | 15 | Docker log rotation config | web-test/scripts/vps/ |
| backup-to-gdrive.sh | 127 | Full VPS backup → Google Drive (nightly) | web-test/scripts/vps/ |
| cdn-cache-warm.sh | 62 | CDN cache warming | web-test/scripts/vps/ |
| check-config-integrity.sh | 47 | Docker/nginx config check | web-test/scripts/vps/ |
| cron-env.sh | 8 | Cron env loader (DIRECTUS_ADMIN_TOKEN) | web-test/scripts/vps/ |
| disk-monitor.sh | 18 | Disk space alert | web-test/scripts/vps/ |
| dot-api-health.sh | 57 | Agent Data API health check | web-test/scripts/ |
| dot-kb-restore.sh | 58 | KB document restore wrapper | web-test/scripts/ |
| dot-kb-verify.sh | 134 | KB verification cron (DOT_KB_VERIFY) | web-test/scripts/ |
| mysql-backup.sh.retired | 47 | RETIRED MySQL backup | Không cần (retired) |
| reconcile-tasks.sh | 4 | Tasks reconcile wrapper | agent-data-test/scripts/ |
| test-all-connections.sh | 194 | Full connectivity test | web-test/scripts/vps/ |
| test-mcp-connectivity.sh | 89 | MCP health ping | web-test/scripts/vps/ |
/opt/incomex/dot/bin/ (24 DOT tools chỉ VPS)
| File | Mô tả | Đề xuất |
|---|---|---|
| TEMPLATE-DOT-SCRIPT | Template cho DOT mới | web-test/dot/bin/ |
| dot-accuracy-verify | Đ32 accuracy check | web-test/dot/bin/ |
| dot-doc-generate | Đ38 doc generate | web-test/dot/bin/ |
| dot-doc-partition | Đ38 doc partition | web-test/dot/bin/ |
| dot-doc-render | Đ38 doc render | web-test/dot/bin/ |
| dot-gov-seed | Đ37 governance seed | web-test/dot/bin/ |
| dot-gov-verify | Đ37 governance verify | web-test/dot/bin/ |
| dot-misclass-scanner | Đ32 misclass scanner | web-test/dot/bin/ |
| dot-nrm-amend | Đ38 normative amend | web-test/dot/bin/ |
| dot-nrm-binding | Đ38 normative binding | web-test/dot/bin/ |
| dot-nrm-config | Đ38 normative config | web-test/dot/bin/ |
| dot-nrm-discover | Đ38 normative discover | web-test/dot/bin/ |
| dot-nrm-enact | Đ38 normative enact | web-test/dot/bin/ |
| dot-nrm-impact | Đ38 normative impact | web-test/dot/bin/ |
| dot-nrm-lifecycle | Đ38 normative lifecycle | web-test/dot/bin/ |
| dot-nrm-retire | Đ38 normative retire | web-test/dot/bin/ |
| dot-nrm-sync | Đ38 normative sync | web-test/dot/bin/ |
| dot-nrm-verify | Đ38 normative verify | web-test/dot/bin/ |
| dot-orphan-scanner | Đ32 orphan scanner | web-test/dot/bin/ |
| dot-script-lint | Đ35 script lint | web-test/dot/bin/ |
| dot-task-close | Task close | web-test/dot/bin/ |
| dot-task-create | Task create | web-test/dot/bin/ |
| dot-task-list | Task list | web-test/dot/bin/ |
| dot-task-update | Task update | web-test/dot/bin/ |
VPS config/infrastructure (chỉ VPS)
| File | Mô tả |
|---|---|
| /opt/incomex/.env.local | VPS env (credentials) — KHÔNG sync |
| /opt/incomex/docker/docker-compose.yml | Docker stack (5 containers) |
| /opt/incomex/docker/nginx/conf.d/default.conf | Nginx reverse proxy |
| crontab (72 lines, 30+ jobs) | Cron schedule — xem export riêng |
PG objects (incomex_metadata)
| Object | Type | Ghi chú |
|---|---|---|
| kb_documents | TABLE | key TEXT PK, data JSONB, updated_at TIMESTAMPTZ |
| kb_documents_history | TABLE | Full version history (Phase 2) |
| kb_audit_log | TABLE | Audit trail |
| fn_kb_snapshot() | FUNCTION | INSERT (Phase 2) + RETURN NEW/OLD |
| fn_kb_audit() | FUNCTION | Audit logger |
| fn_kb_truncation_guard() | FUNCTION | Truncation warning |
| fn_kb_updated_at() | FUNCTION | Auto-timestamp |
| fn_kb_restore(text, timestamptz) | FUNCTION | Restore from any version |
| trg_kb_snapshot_update | TRIGGER | BEFORE UPDATE |
| trg_kb_snapshot_delete | TRIGGER | BEFORE DELETE |
| trg_kb_audit | TRIGGER | AFTER INSERT/UPDATE/DELETE |
| trg_kb_truncation_guard | TRIGGER | BEFORE UPDATE |
| trg_kb_updated_at | TRIGGER | BEFORE INSERT/UPDATE |
PG schema exported: web-test/sql/vps_pg_schema_incomex_metadata_kb_20260405.sql (259 lines)
Bảng 2 — Cả hai có, nội dung KHÁC
/opt/incomex/scripts/ (4 scripts)
| File | Khác gì | Ai mới hơn? |
|---|---|---|
| reconcile-knowledge.py | VPS: +1 line updated = 0, f-string format difference |
VPS mới hơn (minor fix) |
| reconcile-knowledge.sh | Wrapper script, minor diff | Cần diff chi tiết |
| reconcile-tasks.py | Cần diff chi tiết | Cần kiểm tra |
| smoke-test.sh | VPS thiếu "Vấn đề Hệ thống" category |
Macbook mới hơn |
| test-agent-connections.sh | Cần diff chi tiết | Cần kiểm tra |
/opt/incomex/dot/bin/ (37 DOT tools)
| Nhóm | Files | Ghi chú |
|---|---|---|
| S164C .bak cleanup | dot-accuracy-verify, dot-apr-health, dot-birth-backfill, dot-birth-trigger-setup, dot-collection-create, dot-collection-field-sync, dot-collection-health, dot-coverage-inspector, dot-cron-matrix-setup, dot-cron-pivot-setup, dot-dot-coverage, dot-dot-health, dot-dot-register, dot-entity-deprecate, dot-entity-retire, dot-inspect-pen, dot-label-trigger-setup, dot-matrix-declare, dot-matrix-health, dot-matrix-retire, dot-matrix-update, dot-migration-s127d-legacy-origin, dot-migration-s128b-dead-links, dot-migration-s155-p1b, dot-pg-audit-ensure, dot-pg-triggers-ensure, dot-pg-views-ensure, dot-pivot-declare, dot-pivot-health, dot-pivot-virtual-create, dot-production-truth-gate, dot-schema-birth-registry-ensure, dot-schema-dot-origin-ensure, dot-schema-meta-catalog-add-composition, dot-schema-species-tree-ensure, dot-schema-taxonomy-pg-apply, dot-schema-trigger-registry-ensure | Likely VPS has S164C restored versions, macbook has original |
| Đ38 draft | dot-nrm-draft | VPS likely newer (Đ38 development) |
Config files
| File | Khác? |
|---|---|
| environment.sh | ✅ SAME — đồng bộ |
| docker-compose.yml | Chỉ VPS có (infra file) |
Bảng 3 — Chỉ macbook có
| File | Ghi chú |
|---|---|
| web-test/sql/kb_protection_phase2_*.sql (3 files) | Migration SQL — đã chạy trên VPS |
| web-test/sql/vps_pg_schema_*.sql | PG export — vừa tạo |
| (Không có DOT tools chỉ macbook) | 163 MB DOT = subset của 187 VPS DOT |
Tổng kết
| Hạng mục | Số lượng |
|---|---|
| Scripts chỉ VPS | 13 |
| DOT tools chỉ VPS | 24 |
| DOT tools DIFF | 37 |
| DOT tools SAME | 126 |
| Scripts DIFF | 5 |
| Chỉ macbook | 0 DOT, 3 SQL (mới tạo) |
Rủi ro chính:
- 24 DOT tools chỉ VPS — nếu VPS chết, mất hoàn toàn (đặc biệt Đ37, Đ38 tools)
- 37 DOT tools DIFF — nhiều khả năng do S164C .bak restore, cần xác nhận hướng nào đúng
- 13 VPS scripts không có trên macbook — cần backup về repo
- Crontab 72 lines — chưa có trong git
Đề xuất Bước 2:
- Kéo 24 VPS-only DOT tools về macbook
web-test/dot/bin/ - Kéo 13 VPS-only scripts về macbook
web-test/scripts/vps/ - Diff 37 DOT tools chi tiết → quyết định hướng (VPS→MB hoặc MB→VPS)
- Export crontab vào repo
web-test/crontab/production.crontab - Commit + push → VPS deploy from git (one-way: GH→VPS)
S166-AUDIT | Điều tra xong | 0 files sửa | Chờ user duyệt trước bước 2