Incomex AI Portal
KB-5C62

P7B Sandbox Execution Prompt C2-v0.2

6 min read Revision 1
dieu38p7bsandboxexecution-promptc2

⚠️ P7B SANDBOX EXECUTION — NOT TO RUN UNTIL USER APPROVES CỔNG 2 ⚠️

Version: C2-v0.2 — Patched per GPT review (A–D) Prompt cho: Agent CLI (claude-go / codex-webtest) trên VPS Scope: Dựng sandbox_tac trong directus DB, seed 76 units, verify Phiên: S182 | Design doc: P7B v0.3 OFFICIAL trong KB Status: READY — NOT TO RUN UNTIL USER APPROVES CỔNG 2 Chia nhỏ: Xem C2A + C2B prompts riêng cho execution 2 giai đoạn

Mục tiêu

Tạo schema sandbox_tac trong database directus trên VPS Contabo. Seed 76 units từ P7A staging. Chạy checkers + round-trip verify. KHÔNG đụng production.

Ràng buộc cứng

  • DDL/DML CHỈ trong sandbox_tac.*
  • KHÔNG đọc/ghi bất kỳ public.* table nào (kể cả directus_collections)
  • KHÔNG tạo Directus collection
  • KHÔNG sửa source documents trong KB
  • KHÔNG ghi vào incomex_metadata DB
  • KHÔNG tự chạy CREATE EXTENSION — nếu thiếu pgcrypto → STOP báo User
  • KHÔNG ghi dot_tools — nếu Đ33 yêu cầu → STOP hỏi User chọn Option A/B
  • Bất kỳ lỗi nào → DROP SCHEMA sandbox_tac CASCADE → report
  • Lưu action log đầy đủ (mỗi command + result + timestamp)

Tài liệu bắt buộc đọc từ KB

  1. knowledge/dev/laws/dieu38-trien-khai/P7B-sandbox-pg-prototype-design-v0-3.md
  2. knowledge/dev/laws/dieu38-trien-khai/P7-pilot-migration-plan-v0-2.md
  3. knowledge/dev/laws/dieu38-trien-khai/C1A-segmentation-operating-model.md
  4. knowledge/dev/laws/dieu38-trien-khai/P5-schema-draft-v0-2.md
  5. P7A Step 1–3 segmentation proposal (từ S182 handoff hoặc search KB)

Phase 0 — Pre-flight

Tất cả PF PHẢI PASS. Bất kỳ PF nào FAIL → STOP, báo User, KHÔNG chạy DDL.

PF-0: Detect runtime DB user

source /opt/incomex/.env
SANDBOX_USER="${PG_USER_DIRECTUS:-workflow_admin}"
echo "Runtime DB user: $SANDBOX_USER"

Tất cả lệnh psql dùng $SANDBOX_USER:

docker exec postgres psql -U "$SANDBOX_USER" -d directus -c "..."

PF-1: pgcrypto

docker exec postgres psql -U "$SANDBOX_USER" -d directus \
  -c "SELECT extname FROM pg_extension WHERE extname='pgcrypto'"
  • PASS: 1 row. FAIL: 0 rows → STOP báo User/DBA. Agent KHÔNG tự chạy CREATE EXTENSION.

PF-2: CREATE SCHEMA privilege

docker exec postgres psql -U "$SANDBOX_USER" -d directus \
  -c "SELECT has_database_privilege('$SANDBOX_USER', 'directus', 'CREATE')"
  • PASS: t. FAIL: → STOP.

PF-3: PG version

docker exec postgres psql -U "$SANDBOX_USER" -d directus -c "SELECT version()"
  • PASS: PG ≥13. FAIL: → STOP.

PF-4: Directus visibility

KHÔNG query public.directus_collections. Dùng Directus Admin UI hoặc API.

Option mặc định (UI): Agent báo User kiểm Directus Admin → Data Model → không có sandbox_tac tables.

Option API (nếu User cho phép):

curl -s http://localhost:8055/collections -H "Authorization: Bearer $DIRECTUS_TOKEN" | grep -c "sandbox_tac"
  • PASS: 0. FAIL:DROP SCHEMA sandbox_tac CASCADEABORT → report "GĐ-1 failed"

PF-5: Production clean

docker exec postgres psql -U "$SANDBOX_USER" -d directus \
  -c "SELECT count(*) FROM pg_catalog.pg_tables WHERE schemaname='public' AND tablename LIKE '%logical_unit%'"
  • PASS: 0. FAIL:ABORT.

PF-6: Password GSM

ls -la /opt/incomex/.env
  • PASS: exists, chmod 600. FAIL: → STOP.

Phase 1 — Create Schema + Tables

Chỉ chạy sau PF-0→PF-6 PASS.

Chạy DDL từ P7B §6.2. Mọi SQL prefixed sandbox_tac..

Thứ tự: schema → vocab tables → core tables + indexes → functions → triggers.

Sau DDL → chạy PF-4 Directus check. PF-4 FAIL → DROP CASCADE + ABORT.

Nếu DDL ERROR: → DROP CASCADE → report → STOP.

Phase 2 — Seed Data

Thứ tự (P7B §7.1)

  1. section_type_vocab (11 rows, heading body_required=FALSE, description_required=FALSE)
  2. publication_type_vocab (1 row)
  3. logical_unit ROOTs (3, parent=NULL, capture UUID via RETURNING)
  4. logical_unit depth-1 (~38, lookup parent UUID)
  5. logical_unit depth-2 (~35, lookup parent UUID)
  6. unit_version (76, body = actual source, trigger auto-hash)
  7. publication (3, pilot-v0, proposed)
  8. publication_member (76)

Source docs cho body

Parse 3 KB files theo P7A segmentation. 5 structural nodes body=NULL. 71 content units body = extracted text.

Nếu seed ERROR: → DROP CASCADE → report → STOP.

Phase 3 — Verify

Row counts (76/76/3/76), duplicate address (0), parent doc_code (0), orphan (0), PM consistency (0), content hash non-NULL + consistent, length flags, round-trip DFS (3 docs), code blocks preserved (10/10 P5), production unchanged (PF-5 re-run).

Phase 4 — Report

Action log: reports/p7b-sandbox-execution-log-YYYY-MM-DD.md. PASS/FAIL per P7B §12.2.

DOT Registration Decision Point

Default: Option B (action log only). Nếu Đ33 bắt buộc → STOP hỏi User.

Rollback

DROP SCHEMA IF EXISTS sandbox_tac CASCADE;

Verify: SELECT count(*) FROM pg_catalog.pg_namespace WHERE nspname='sandbox_tac' → 0.

Patch log

C2-v0.1 → C2-v0.2

# Điểm Sửa
A DB user consistency PF-0 detect user từ .env, $SANDBOX_USER throughout
B PF-4 cross-read Bỏ SQL query public. Dùng UI/API.
C pgcrypto remediation STOP, không tự CREATE EXTENSION
D DOT registration Default Option B, STOP nếu cần

P7B Execution Prompt C2-v0.2 | READY | S182 | 2026-04-26 | Opus 4.6 GPT: PASS | NOT TO RUN UNTIL USER APPROVES CỔNG 2