P9 Gate A Production DDL Execution Log - 2026-04-28

Scope: Gate A only - production DDL in public schema. Authorization: User GO 2026-04-28. Executor: Claude Code via SSH contabo. Excluded: no seed, no Directus collections, no roles/permissions, no Gate B/C/G8B/G11/P9.

Verdict

REVIEW REQUIRED.

DDL execution itself completed and current read-only verification shows the intended Gate A objects exist: 14 public tac_* tables, 7 public fn_tac_* functions including the pre-existing whitelist fn_tac_log_checker_issue, 6 public trg_tac_* triggers, 17 FK, 5 UNIQUE, 19 CHECK constraints, 41 indexes, 0 rows, and Directus container health {"status":"ok"}.

However, during the first post-check run I used the stale probe expectation CHECK=115. The canonical production candidate generated from SHA-verified bundle contains 19 CHECK tokens, and PG catalog reports 19 CHECK constraints. Because the stale verifier treated this as fail, it attempted rollback. The rollback was blocked by the existing fn_evt_trigger_guard_drop() bug inserting NULL into trigger_guard_alerts.trigger_name; no TAC objects were dropped. Current catalog state remains Gate A objects present.

3 cau Tuyen ngon

1. Vinh vien: canonical DDL was persisted and transformed from SHA-verified G6 run4 source.
2. Nham duoc khong: prechecks blocked existing public tac_* residue and whitelisted only fn_tac_log_checker_issue; final verify asserts exact live catalog state.
3. 100% tu dong: execution and verification ran on VPS with captured outputs; rollback path exposed an existing trigger guard drop bug that needs review.

Sources Read

• .claude/skills/incomex-rules.md
• search_knowledge("operating rules SSOT")
• search_knowledge("hiến pháp v4.0 constitution")
• KB canonical prompt: knowledge/dev/laws/dieu38-trien-khai/P9-gate-a-production-ddl-execution-prompt.md v0.5 FINAL

Pre-execution + Execution Output

STEP 0/1: source SHA c23987f29911e92d43d9ab6cb5e4fe77d64547785d98588859dfcc6f02997cad matched.
Candidate SHA: c82db7da43f489f3dacb43fe2edf9a5d0eff433d358400a90872ea4072081aa1
Canonical lines: 566; candidate lines: 563.
V-T1: PASS no p9_g6_dryrun.
V-T2: PASS tables=14 functions=6 triggers=6.
V-T3: PASS exact six function names present.
V-T4: PASS 0 DML statement matches.
V-T5: PASS candidate does not reference fn_tac_log_checker_issue.
P1: PASS postgres container healthy; current_user=directus; current_database=directus; PostgreSQL 16.13.
P2: PASS public tac_* table baseline = 0.
P3: PASS only fn_tac_log_checker_issue present before Gate A; SECURITY DEFINER true.
P4: PASS public trg_tac_* baseline = 0.
P5: PASS Directus container health {"status":"ok"}; DB accessible SELECT 1.
P6: PASS schema backup /opt/incomex/data/tac/gate-a/pre-gate-a-schema-backup-20260428_110341.sql sha256 9328840b0cace30427cf5c797303b2845c298fd25c45fdeb9207131c619ee231.
P7: PASS event triggers evt_trigger_guard_ddl and evt_trigger_guard_drop enabled; public.trigger_guard_alerts present; fn_evt_trigger_guard search_path locked.
Execution: psql PIPESTATUS=0 0 0; psql_exit=0.

BEGIN
SET
CREATE TABLE x14
CREATE INDEX x27 explicit plus primary/unique indexes by constraints
COMMENT x3
CREATE FUNCTION x6
CREATE TRIGGER x6
WARNING: [TRIGGER-GUARD] DDL detected for six CREATE TRIGGER statements
COMMIT

Rollback Attempt Output

ERROR:  null value in column "trigger_name" of relation "trigger_guard_alerts" violates not-null constraint
DETAIL:  Failing row contains (143, null, public, t, f, 2026-04-28 09:03:46.272831+00, null, null).
CONTEXT:  SQL statement "INSERT INTO trigger_guard_alerts (trigger_name, table_name, expected_enabled, actual_enabled)
      VALUES (r.object_name, r.address_names[1], TRUE, FALSE)"
PL/pgSQL function fn_evt_trigger_guard_drop() line 7 at SQL statement

First Post-check Output

Q1: 14 public tac_* tables present.
Q2: 7 public fn_tac_* functions present: six new TAC functions plus fn_tac_log_checker_issue; six new functions SECURITY DEFINER and search_path=public, pg_catalog.
Q3: 6 public trg_tac_* triggers present.
Q4: catalog returned FK=17, UNIQUE=5, CHECK=19. Stale verifier expected CHECK=115 and marked fail.

Final Read-only Verify Output

# FINAL READ-ONLY VERIFY AFTER Q4 INCIDENT
timestamp=2026-04-28T11:06:20+02:00
candidate_sha=c82db7da43f489f3dacb43fe2edf9a5d0eff433d358400a90872ea4072081aa1
candidate_check_tokens=19
canonical_sha=c23987f29911e92d43d9ab6cb5e4fe77d64547785d98588859dfcc6f02997cad

Q1 tables: 14
- tac_birth_gate_config
- tac_change_set
- tac_change_set_member
- tac_cs_lifecycle_vocab
- tac_logical_unit
- tac_lu_lifecycle_vocab
- tac_pub_lifecycle_vocab
- tac_publication
- tac_publication_member
- tac_publication_type_vocab
- tac_review_state_vocab
- tac_section_type_vocab
- tac_unit_version
- tac_uv_lifecycle_vocab

Q2 functions:
- fn_tac_birth_gate_lu: SECURITY DEFINER, search_path=public, pg_catalog
- fn_tac_birth_gate_uv: SECURITY DEFINER, search_path=public, pg_catalog
- fn_tac_enacted_immut: SECURITY DEFINER, search_path=public, pg_catalog
- fn_tac_log_checker_issue: SECURITY DEFINER, search_path=public, pg_catalog
- fn_tac_pm_consistency: SECURITY DEFINER, search_path=public, pg_catalog
- fn_tac_pm_enacted_lock: SECURITY DEFINER, search_path=public, pg_catalog
- fn_tac_uv_compute_derived: SECURITY DEFINER, search_path=public, pg_catalog

Q3 triggers: 6
- trg_tac_birth_gate_lu on tac_logical_unit
- trg_tac_birth_gate_uv on tac_unit_version
- trg_tac_enacted_immut on tac_unit_version
- trg_tac_pm_consistency on tac_publication_member
- trg_tac_pm_enacted_lock on tac_publication_member
- trg_tac_uv_compute_derived on tac_unit_version

Q4 constraints:
- CHECK: 19
- FK: 17
- PRIMARY KEY: 14
- UNIQUE: 5

Q5 indexes: 41

Q6 table rows: 0 total across all 14 tac_* tables

Q7 trigger guard:
- evt_trigger_guard_ddl enabled
- evt_trigger_guard_drop enabled
- trigger_guard_alerts_total=86

Q8 Directus health:
- DIRECTUS_CONTAINER_HEALTH={"status":"ok"}
- db_accessible_after=1

Stop Point

STOP after Gate A evidence capture. No Gate B/C/G8B/G11/P9 executed.