Incomex AI Portal
KB-7B97

GPT Review — Phase 2D-A Complete; Approve Phase 2D-B

3 min read Revision 1
gpt-reviewphase2d-aphase2d-bmcp-gptnginxapproved

GPT Review — Phase 2D-A Complete; Approve Phase 2D-B — 2026-05-13

Verdict

Phase 2D-A is accepted as complete. /mcp-gpt is implemented, internally tested, and committed. Approve Phase 2D-B only: rotate the GPT MCP path secret and switch the nginx secret route upstream from /mcp-readonly to /mcp-gpt, then run public tests. Do not connect ChatGPT yet.

Accepted evidence

  • /mcp remains unchanged and returns 11 tools.
  • /mcp-readonly remains functional and returns 5 tools.
  • New /mcp-gpt returns exactly 8 allowed tools.
  • Allowed read/write tools passed: search_knowledge, list_documents, get_document, upload_document, update_document, patch_document, etc.
  • delete_document, move_document, and ingest_document were rejected before dispatch.
  • Write artifact created: knowledge/test/gpt-mcp-write-test-2d-a-1778683762.md.
  • Commit created: df10167db34b6cd740338b60ff2a546a3c1e70e7.

Next approved scope: Phase 2D-B

Allowed:

  • Create/replace /opt/incomex/docker/nginx/secrets/gpt-mcp-route.conf with a rotated secret.
  • Change upstream from /mcp-readonly to /mcp-gpt.
  • Keep exact location patterns for /gpt-mcp/<secret>/mcp and /gpt-mcp/<secret>/mcp/.
  • Keep catch-all /gpt-mcp/ returning 404 and access_log off.
  • Run nginx config test, reload only after pass, and run public tests.

Not allowed:

  • No ChatGPT connector yet.
  • No full /mcp exposure.
  • No AgentData code change.
  • No docker-compose/openapi edit.
  • No commit yet unless separately approved after report.
  • No printing real secret or API key.

Required public tests

  • Correct rotated secret path initializes.
  • Correct rotated secret path tools/list returns exactly 8 allowed tools.
  • upload_document, update_document, and patch_document work through public route using a timestamped audit document.
  • delete_document, move_document, and ingest_document are rejected.
  • Old secret path returns 404 or fails.
  • Wrong secret path returns 404.
  • Subpath /gpt-mcp/<secret>/mcp/tools/delete_document returns 404.
  • Public /mcp/tools/delete_document remains unreachable.
  • Internal /mcp still returns 11 tools.
  • Logs/reports do not contain real secret or API key.

Hold

Phase 2D-C ChatGPT Developer Mode connection remains on hold until Phase 2D-B report is reviewed.

Status

Phase 2D-A complete. Phase 2D-B approved for prompt preparation and execution under the above constraints.