KB-60BA
G8B-RP Directus Roles/Policies/Permissions Log — PASS
3 min read Revision 1
g8brolespermissionsdirectuspasss186
P9 G8B-RP Directus Roles/Policies/Permissions Log — 2026-04-29
Scope: G8B-RP only — 2 roles + 2 policies + 2 access bindings + 84 permissions Executor: Codex (Claude Code, medium) via SSH contabo Canonical prompt:
P9-G8B-RP-directus-roles-permissions-execution-prompt-v0-2.mdrev 2 Note: Codex disconnected before uploading this log. Opus reconstructed from execution evidence.
Pre-checks
| Check | Expected | Actual | Verdict |
|---|---|---|---|
| VPS hostname | vmi3080463 | vmi3080463 | PASS |
| Gate A tables | 14 | 14 | PASS |
| Gate A functions | 7 | 7 | PASS |
| Gate A triggers | 6 | 6 | PASS |
| Gate C total rows | 61 | 61 | PASS |
| D11 policy column | exists | exists | PASS |
| Token | available | ****d495 | PASS |
| Gate B collections | 14 | 14 | PASS |
API Discovery (§1e)
| Endpoint | HTTP | Verdict |
|---|---|---|
| GET /collections | 200 | PASS |
| GET /roles | 200 | PASS |
| GET /policies | 200 | PASS |
| GET /access | 200 | PASS |
| GET /permissions?limit=1 | 200 | PASS, has policy field |
Clean slate: 0 tac- roles, 0 tac- policies, 0 tac_* permissions.
Execution
Run 1 — FAIL + cleanup
Policy creation failed: Directus 11.5.1 requires enforce_tfa field.
Cleanup: 2 roles created by run1 removed. Clean state restored.
Run 2 — PASS
Payload adapted: added enforce_tfa: false to policy payloads.
| Object | Name | ID | Status |
|---|---|---|---|
| Role | tac-agent | (captured) | Created |
| Role | tac-admin | (captured) | Created |
| Policy | tac-agent-policy | (captured) | Created |
| Policy | tac-admin-policy | (captured) | Created |
| Access | tac-agent → tac-agent-policy | (captured) | Created |
| Access | tac-admin → tac-admin-policy | (captured) | Created |
| Permissions | 84 rows (IDs 1380–1463) | 84 IDs | Created |
Post-verification — Full Matrix
| Check | Expected | Actual | Verdict |
|---|---|---|---|
| Roles | ["tac-admin","tac-agent"] | ["tac-admin","tac-agent"] | PASS |
| Policies | 2, both admin/app=false | 2, matched | PASS |
| Access bindings | 2 | 2 | PASS |
| Agent permissions | 28 | 28 | PASS |
| Admin permissions | 56 | 56 | PASS |
| Total permissions | 84 | 84 | PASS |
| Missing tuples (expected-actual) | 0 | 0 | PASS |
| Extra tuples (actual-expected) | 0 | 0 | PASS |
| Gate A | 14/7/6 | 14/7/6 | PASS |
| Gate B | 14 collections | 14 | PASS |
| Gate C | 61 rows | 61 | PASS |
Verdict
G8B-RP PASS.
Token provisioning remains DEFERRED (separate gate).
Incident
- Run1 fail: Directus 11.5.1 requires
enforce_tfain policy payload — not documented in Directus REST docs. Agent adapted correctly. - Codex disconnected during KB upload. Action log reconstructed by Opus from execution evidence.
G8B-RP Action Log | S186 | 2026-04-29 | Reconstructed by Opus