KB-79C6
P9 G6 Execution Log Run 2 2026-04-27 — FAIL PF-07
16 min read Revision 1
dieu38p9g6execution-logrun2failpf-07docker-execs184
P9 G6 — Execution Log
Phiên: S184 | Ngày: 2026-04-27 Agent: Codex CLI executor Bám: P9-G6-execution-prompt.md v0.2 + precedence errata Status: FAIL
0. Run metadata
| Field | Value |
|---|---|
| RUN_START_TS | 2026-04-27 11:46:40+00 |
| Workspace | /tmp/g6_run_20260427_114640 |
| DDL bundle path | /tmp/g6_run_20260427_114640/ddl/g6_execution_bundle.sql |
| Seed manifest path | /tmp/g6_run_20260427_114640/seed-manifest-g6-expected.json |
| Target schema | p9_g6_dryrun |
| Execution host | vmi3080463 |
| Run #2 audit link | knowledge/dev/laws/dieu38-trien-khai/reports/p9-g6-execution-log-2026-04-27.md |
| Credential override | docker exec postgres psql -U directus -d directus |
0A. 3 câu Tuyên ngôn
| Câu | Trả lời cụ thể cho G6 |
|---|---|
| Vĩnh viễn? | G6 kiểm chứng gốc schema/constraint/trigger trước production; không sửa vụ việc, không mở G8/G11. |
| Nhầm được không? | Schema cô lập, pre-flight fail-stop, grep hard exclusions, V4 production-isolation, rollback/residue verify. |
| 100% tự động? | Runner thực hiện pre-flight → DDL → seed → V1-V4 → rollback → log; mọi fail dừng và rollback nếu schema đã thuộc current run. |
0B. Documents read / version evidence
- Local skill: .claude/skills/incomex-rules.md, 36 mục/8 bước.
- OR: knowledge/dev/ssot/operating-rules.md, v7.57-draft.
- Constitution: knowledge/dev/laws/constitution.md, v4.6.3.
- Prompt: knowledge/dev/laws/dieu38-trien-khai/P9-G6-execution-prompt.md, OFFICIAL v0.2.
- Errata: knowledge/dev/laws/dieu38-trien-khai/P9-G6-precedence-errata.md, OFFICIAL.
- Manifest: knowledge/dev/laws/dieu38-trien-khai/seed-manifest-g6-expected.json, hash_status=PENDING_COMPUTE.
- Seed canonical files: 8 files in knowledge/dev/laws/dieu38-trien-khai/seed-g6/, 61 rows.
- Package/source/handoff/review: P9-G6-dry-run-package.md v0.2, P9-G6-source-extraction-note.md, handoff-s183-e-r3-e7-e6.md, GPT review R4.
- Retry wrapper: G6 RETRY DISPATCH v0.4, Docker exec credential override.
Required quotes:
- Package §6.7 / patch: "KHÔNG cần pgcrypto extension" / built-in sha256 path; G6 forbids CREATE EXTENSION.
- Package HE-08: "KHÔNG INSERT dot_action_log".
- Errata §1: "Cho execution G6, prompt v0.2 SUPERSEDES package v0.2 nếu có xung đột wording."
- Package patch log: invalid partial index on publication_member was removed/deferred; enacted lock is enforced by trigger.
0C. 5-GATE + Assembly Gate
| Gate | Answer |
|---|---|
| G1 đọc luật đủ | Read prompt, package, source extraction, errata, handoff, GPT R4, OR, constitution, and relevant Điều 24/33/35 snippets. |
| G2 count before WHERE | 14 tables, 6 functions, 6 triggers, >=21 indexes, 61 seed rows, PF-Pre + PF-01..PF-10. |
| G3 cross-law | Điều 33 E1 isolated DDL ok, no CREATE EXTENSION; Điều 24 no taxonomy/entity label writes; Điều 35 no dot_tools/dot_action_log writes. |
| G4 naming | All DDL uses p9_g6_dryrun.tac_* or p9_g6_dryrun.fn_tac_*; grep tests run on actual bundle + seed files. |
| G5 ambiguity | PF-01 errata understood: pre-existing p9_g6_dryrun = STOP, no auto-DROP. |
| Assembly | PostgreSQL solves G6; Directus only read-only preflight checks; Nuxt out of scope. |
PF-Pre.1 Required CLI tools
Exit code: 0
/usr/bin/jq
/usr/bin/rclone
/usr/bin/sha256sum
/usr/bin/curl
/usr/bin/docker
host psql not required by v0.4 docker exec override
PF-v0.4 Step 1 container exact check
Exit code: 0
postgres_running=true
PF-v0.4 Step 2 psql connectivity
Exit code: 0
current_user | current_database | version
--------------+------------------+----------------------------------------------------------------------------------------------------------------------
directus | directus | PostgreSQL 16.13 (Debian 16.13-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
(1 row)
PF-v0.4 Step 3 identity verify
Exit code: 0
current_user | current_database | version
--------------+------------------+----------------------------------------------------------------------------------------------------------------------
directus | directus | PostgreSQL 16.13 (Debian 16.13-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
(1 row)
DO
PF-v0.4 Step 4 CREATE SCHEMA permission
Exit code: 0
can_create_schema
-------------------
t
(1 row)
DO
PF-v0.4 Step 5 schema p9_g6_dryrun absent
Exit code: 0
?column?
----------
(0 rows)
DO
PF-Pre.3 Directus readiness evidence
PF-Pre.3 COVERED: wrapper v0.4 says do not reopen GSM for Directus token.
Evidence: prior KB S183 E6/E7 PASS, FAC E6 4/4 PASS + E7 19 DOTs registered ids 971-989.
Runtime verification uses read-only PostgreSQL SELECTs against public.taxonomy_facets and public.dot_tools.
PF-Pre.4 Manifest JSON semantic verify
Exit code: 0
3 active,draft_only,retired knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-lu-lifecycle.sql
4 draft,enacted,superseded,retired knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-uv-lifecycle.sql
5 unreviewed,in_review,review_passed,review_failed,needs_re_review knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-review-state.sql
4 proposed,enacted,superseded,retired knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-pub-lifecycle.sql
7 draft,submitted,review_passed,approval_passed,enacted,rejected,withdrawn knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-cs-lifecycle.sql
17 heading,article,paragraph,definition,principle,rationale,process,technical_spec,governance_process,checklist,instruction_block,reference_mapping,matrix,invariant_list,open_decision_list,appendix,changelog knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-section-type.sql
10 law,policy,sop,constitution,knowledge,design_note,report,memo,draft,working knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-publication-type.sql
11 BG-LU-02,BG-LU-03,BG-LU-04,BG-LU-05,BG-LU-06,BG-UV-01,BG-UV-02,BG-UV-03,BG-UV-04,BG-UV-05,BG-UV-06 knowledge/dev/laws/dieu38-trien-khai/seed-g6/seed-tac-birth-gate-config.sql
PF-Pre.4 SHA-256 raw output for 8 seed files
Exit code: 0
f71158717a05d8edacf79ba7574f6b9afecfb89691eb2b6933a8e14e4af31dac seed-tac-lu-lifecycle.sql
4f7b9682e1d5b8a0bd3540f9b2ffcfa9f6a7628f6e166547d1bad26529f2e573 seed-tac-uv-lifecycle.sql
9412966e89253caa11ca52217578b2b45599987cc908218d00fa965619b2bd57 seed-tac-review-state.sql
1c928c993f66cc68fd8d7252328916fd1eb71b8d9380b693489c63564daf923e seed-tac-pub-lifecycle.sql
f3860099c55f5c848525ac35e78410735401bc7b75a8a2cc50cbf8b1f7a3b793 seed-tac-cs-lifecycle.sql
d5a3d167572e087ab38a31629b42bdb21a2e41088c1129d01ede3fcce08b77d4 seed-tac-section-type.sql
4b9f27937009ebc705bf09aa9b37dac372506a3e6f9173f72310be690f53774c seed-tac-publication-type.sql
1f707c4d23901990462c0ad2121849e0cc58bd07b32f9802630e571c9bc09cc3 seed-tac-birth-gate-config.sql
PF-Pre.5 Workspace
Exit code: 0
PF-Pre.5 PASS: workspace=/tmp/g6_run_20260427_114640
/tmp/g6_run_20260427_114640/action-log.md
/tmp/g6_run_20260427_114640/ddl/g6_execution_bundle.sql
/tmp/g6_run_20260427_114640/preflight/pf-pre-directus.txt
/tmp/g6_run_20260427_114640/preflight/pf-pre-manifest.txt
/tmp/g6_run_20260427_114640/preflight/pf-pre-tools.txt
/tmp/g6_run_20260427_114640/preflight/pf-pre-workspace.txt
/tmp/g6_run_20260427_114640/preflight/pf-v04-01-container.txt
/tmp/g6_run_20260427_114640/preflight/pf-v04-02-connectivity.txt
/tmp/g6_run_20260427_114640/preflight/pf-v04-03-identity.txt
/tmp/g6_run_20260427_114640/preflight/pf-v04-04-create-permission.txt
/tmp/g6_run_20260427_114640/preflight/pf-v04-05-schema-absent.txt
/tmp/g6_run_20260427_114640/preflight/seed-sha256sum.raw
/tmp/g6_run_20260427_114640/seed-manifest-g6-expected.json
/tmp/g6_run_20260427_114640/seed/seed-tac-birth-gate-config.sql
/tmp/g6_run_20260427_114640/seed/seed-tac-cs-lifecycle.sql
/tmp/g6_run_20260427_114640/seed/seed-tac-lu-lifecycle.sql
/tmp/g6_run_20260427_114640/seed/seed-tac-pub-lifecycle.sql
/tmp/g6_run_20260427_114640/seed/seed-tac-publication-type.sql
/tmp/g6_run_20260427_114640/seed/seed-tac-review-state.sql
/tmp/g6_run_20260427_114640/seed/seed-tac-section-type.sql
/tmp/g6_run_20260427_114640/seed/seed-tac-uv-lifecycle.sql
DDL bundle SHA-256
Exit code: 0
bea9bab68502cc2220e07b7500c78f56bb585ea49e03ec9e9d110a41df63ac4c /tmp/g6_run_20260427_114640/ddl/g6_execution_bundle.sql
Grep hard-exclusion tests on bundle + seed files
Exit code: 0
Test 1: no CREATE EXTENSION
grep: /tmp/g6_run_20260427_114640/ddl/grep-tests-output.txt: input file is also the output
/tmp/g6_run_20260427_114640/ddl/g6_execution_bundle.sql:3:-- Forbidden: CREATE EXTENSION, public.tac_* writes, Directus/DOT/label/system_issues writes.
Test 2: no public.tac_ writes/references in DDL/seed
grep: /tmp/g6_run_20260427_114640/ddl/grep-tests-output.txt: input file is also the output
/tmp/g6_run_20260427_114640/ddl/g6_execution_bundle.sql:3:-- Forbidden: CREATE EXTENSION, public.tac_* writes, Directus/DOT/label/system_issues writes.
Test 3: no client credential flags inside DDL/seed
grep: /tmp/g6_run_20260427_114640/ddl/grep-tests-output.txt: input file is also the output
Test 4: seed inserts schema-qualified
/tmp/g6_run_20260427_114640/seed/seed-tac-section-type.sql:6:INSERT INTO p9_g6_dryrun.tac_section_type_vocab
/tmp/g6_run_20260427_114640/seed/seed-tac-lu-lifecycle.sql:6:INSERT INTO p9_g6_dryrun.tac_lu_lifecycle_vocab (code, name, description, sort_order) VALUES
/tmp/g6_run_20260427_114640/seed/seed-tac-birth-gate-config.sql:6:INSERT INTO p9_g6_dryrun.tac_birth_gate_config (checker_id, mode, enabled, rationale) VALUES
/tmp/g6_run_20260427_114640/seed/seed-tac-cs-lifecycle.sql:6:INSERT INTO p9_g6_dryrun.tac_cs_lifecycle_vocab (code, name, description, sort_order) VALUES
/tmp/g6_run_20260427_114640/seed/seed-tac-publication-type.sql:6:INSERT INTO p9_g6_dryrun.tac_publication_type_vocab
/tmp/g6_run_20260427_114640/seed/seed-tac-pub-lifecycle.sql:6:INSERT INTO p9_g6_dryrun.tac_pub_lifecycle_vocab (code, name, description, sort_order) VALUES
/tmp/g6_run_20260427_114640/seed/seed-tac-review-state.sql:6:INSERT INTO p9_g6_dryrun.tac_review_state_vocab (code, name, description, sort_order) VALUES
/tmp/g6_run_20260427_114640/seed/seed-tac-uv-lifecycle.sql:6:INSERT INTO p9_g6_dryrun.tac_uv_lifecycle_vocab (code, name, description, sort_order) VALUES
Test 5: DDL object creation schema-qualified
11:CREATE TABLE p9_g6_dryrun.tac_lu_lifecycle_vocab (
20:CREATE TABLE p9_g6_dryrun.tac_uv_lifecycle_vocab (
29:CREATE TABLE p9_g6_dryrun.tac_review_state_vocab (
38:CREATE TABLE p9_g6_dryrun.tac_pub_lifecycle_vocab (
47:CREATE TABLE p9_g6_dryrun.tac_cs_lifecycle_vocab (
56:CREATE TABLE p9_g6_dryrun.tac_section_type_vocab (
71:CREATE TABLE p9_g6_dryrun.tac_publication_type_vocab (
83:CREATE TABLE p9_g6_dryrun.tac_birth_gate_config (
92:CREATE TABLE p9_g6_dryrun.tac_logical_unit (
115:CREATE TABLE p9_g6_dryrun.tac_unit_version (
150:CREATE TABLE p9_g6_dryrun.tac_publication (
176:CREATE TABLE p9_g6_dryrun.tac_publication_member (
194:CREATE TABLE p9_g6_dryrun.tac_change_set (
218:CREATE TABLE p9_g6_dryrun.tac_change_set_member (
PASS
PF-01 schema p9_g6_dryrun absent
schema_exists=0
PF-01 PASS: schema absent
PF-02 public tac_* conflict check
Exit code: 0
total_violations | objects
------------------+---------
0 |
(1 row)
DO
PF-03 PG version + pg_catalog.sha256
Exit code: 0
version_num | version_ok
-------------+------------
160013 | t
(1 row)
sha256_exists
---------------
1
(1 row)
DO
PF-04 FAC-07/08/09 active
Exit code: 0
fac_count | fac_ids | fac_codes
-----------+----------+------------------------
3 | {8,9,10} | {FAC-07,FAC-08,FAC-09}
(1 row)
DO
PF-05 19 DOT-TAC-* active
Exit code: 0
dot_count | dot_ids_min | dot_ids_max
-----------+-------------+-------------
19 | 971 | 989
(1 row)
id | code | status
-----+-----------------------------+--------
971 | DOT-TAC-SCHEMA-ENSURE | active
972 | DOT-TAC-COLLECTION-REGISTER | active
973 | DOT-TAC-ROLE-ENSURE | active
974 | DOT-TAC-BIRTH-GATE | active
975 | DOT-TAC-SEGMENTER | active
976 | DOT-TAC-VECTOR-SYNC | active
977 | DOT-TAC-LABEL-SYNC | active
978 | DOT-TAC-SCHEMA-VERIFY | active
979 | DOT-TAC-COLLECTION-VERIFY | active
980 | DOT-TAC-ROLE-VERIFY | active
981 | DOT-TAC-BIRTH-VERIFY | active
982 | DOT-TAC-SEG-VERIFY | active
983 | DOT-TAC-DAILY-INVARIANT | active
984 | DOT-TAC-ENACT-GATE | active
985 | DOT-TAC-HASH-DRIFT | active
986 | DOT-TAC-VECTOR-VERIFY | active
987 | DOT-TAC-LABEL-VERIFY | active
988 | DOT-TAC-LABEL-FACET-VERIFY | active
989 | DOT-TAC-LABEL-FORMAT-VERIFY | active
(19 rows)
DO
PF-06 public.fn_tac_log_checker_issue present
Exit code: 0
proname | prosecdef | args
--------------------------+-----------+--------------------------------------------------------------------------------------------------------------------------------------------------------
fn_tac_log_checker_issue | t | p_checker_id text, p_severity text, p_entity_code text, p_summary text, p_issue_signature text DEFAULT NULL::text, p_details jsonb DEFAULT NULL::jsonb
(1 row)
DO
PF-07 backup freshness <6h
Exit code: 1
RUN_START_TS=2026-04-27 11:46:40+00
Local backup fresh check failed; trying rclone listing
2026/04/27 13:46:43 CRITICAL: Failed to create file system for "GDrive:incomex-backup": didn't find section in config file ("GDrive")
PF-07 FAIL: no fresh backup evidence <6h
STOP
FAIL_REASON: PF-07 backup freshness failed
Post-stop residue verification
STOP occurred before CREATE SCHEMA, DDL bundle execution, seed insertion, and V1-V4.
Manual read-only verification after STOP:
docker exec postgres psql -U directus -d directus -Atc "SELECT count(*) FROM information_schema.schemata WHERE schema_name='p9_g6_dryrun';"
0
Residue verdict: PASS, schema residue = 0. Table/function/trigger/sequence residue is vacuously 0 because schema does not exist.
Execution boundary
- DDL executed: NO
- DML/seed executed: NO
- CREATE SCHEMA executed: NO
- Rollback needed: NO, current run never touched schema
- G8/G11/P9 production migration: NO
- Git commit/push: NO
Conclusion
- Verdict: FAIL
- Reason: PF-07 backup freshness failed
- Total elapsed: 3s
- STOP after action log: yes; no G8/G11/P9 production migration executed.