Incomex AI Portal
KB-5324

P9 Gate C Seed Log 2026-04-28

7 min read Revision 1
dieu38p9gate-cseedexecution-logpasss186

P9 Gate C Seed Log — 2026-04-28

Session: S186
Scope: Gate C ONLY — seed 61 rows into 8 TAC vocab/config tables
Executor: Claude Code via SSH contabo
Result: PASS
Mutation: INSERT only via /opt/incomex/data/tac/gate-c/production_seed_candidate.sql single transaction

0. 3 câu Tuyên ngôn

  1. Vĩnh viễn: Seed được lấy từ KB canonical G6 seed files, verify SHA nguồn, retarget deterministic p9_g6_dryrun.public. trong folder riêng, candidate SHA được ghi lại.
  2. Nhầm được không: Guard V-C1/V-C2/V-C3/V-C4 chặn schema dry-run, DDL/destructive DML, target ngoài 8 seed tables, và non-seed table inserts. Execution dùng transaction + ON_ERROR_STOP=1.
  3. 100% tự động: Sau khi User GO, toàn bộ precheck → persist → SHA verify → retarget → execute → post-verify → upload log chạy không cần thao tác tay trong DB.

1. Rules / Law Read

  • Local skill read: .claude/skills/incomex-rules.md (36 mục, 8 bước).
  • KB search in main process:
    • search_knowledge("operating rules SSOT")
    • search_knowledge("hiến pháp v4.0 constitution")
    • search_knowledge("Gate C TAC seed 61 rows seed-tac files p9_g6_dryrun")
  • Relevant KB seed source: knowledge/dev/laws/dieu38-trien-khai/seed-g6/*.sql.
  • No background agent used.

2. Pre-checks

2.1 VPS identity

HOST=vmi3080463
CONTAINERS=incomex-agent-data incomex-nuxt uptime-kuma postgres incomex-nginx incomex-directus incomex-qdrant

2.2 Gate A intact

tables=14
functions=7
triggers=6

2.3 Directus health + Gate B intact

Health: {"status":"ok"}
TOKEN=****d495
GATE_B_COLLECTIONS=14
tac_birth_gate_config
tac_change_set
tac_change_set_member
tac_cs_lifecycle_vocab
tac_logical_unit
tac_lu_lifecycle_vocab
tac_pub_lifecycle_vocab
tac_publication
tac_publication_member
tac_publication_type_vocab
tac_review_state_vocab
tac_section_type_vocab
tac_unit_version
tac_uv_lifecycle_vocab

2.4 Pre-seed row counts

 tac_birth_gate_config      | 0
 tac_change_set             | 0
 tac_change_set_member      | 0
 tac_cs_lifecycle_vocab     | 0
 tac_logical_unit           | 0
 tac_lu_lifecycle_vocab     | 0
 tac_pub_lifecycle_vocab    | 0
 tac_publication            | 0
 tac_publication_member     | 0
 tac_publication_type_vocab | 0
 tac_review_state_vocab     | 0
 tac_section_type_vocab     | 0
 tac_unit_version           | 0
 tac_uv_lifecycle_vocab     | 0

3. Seed Source SHA Verification

Persisted source files to /opt/incomex/data/tac/gate-c/source/. Source files were not modified in place.

1c928c993f66cc68fd8d7252328916fd1eb71b8d9380b693489c63564daf923e  seed-tac-pub-lifecycle.sql
1f707c4d23901990462c0ad2121849e0cc58bd07b32f9802630e571c9bc09cc3  seed-tac-birth-gate-config.sql
4b9f27937009ebc705bf09aa9b37dac372506a3e6f9173f72310be690f53774c  seed-tac-publication-type.sql
4f7b9682e1d5b8a0bd3540f9b2ffcfa9f6a7628f6e166547d1bad26529f2e573  seed-tac-uv-lifecycle.sql
9412966e89253caa11ca52217578b2b45599987cc908218d00fa965619b2bd57  seed-tac-review-state.sql
d5a3d167572e087ab38a31629b42bdb21a2e41088c1129d01ede3fcce08b77d4  seed-tac-section-type.sql
f3860099c55f5c848525ac35e78410735401bc7b75a8a2cc50cbf8b1f7a3b793  seed-tac-cs-lifecycle.sql
f71158717a05d8edacf79ba7574f6b9afecfb89691eb2b6933a8e14e4af31dac  seed-tac-lu-lifecycle.sql
SOURCE_SHA_VERIFY=PASS

4. Canonicalization / Candidate Verify

Retargeted into /opt/incomex/data/tac/gate-c/retargeted/, then combined into /opt/incomex/data/tac/gate-c/production_seed_candidate.sql.

V-C1 p9_g6_dryrun count=0
V-C2 ddl_destructive_count=0
INSERT_TARGETS:
tac_birth_gate_config
tac_cs_lifecycle_vocab
tac_lu_lifecycle_vocab
tac_pub_lifecycle_vocab
tac_publication_type_vocab
tac_review_state_vocab
tac_section_type_vocab
tac_uv_lifecycle_vocab
TARGET_COUNT=8

V-C4 note

The literal substring guard from the prompt (grep "INSERT INTO public.$T") false-positives for non-seed tac_publication because allowed seed table tac_publication_type_vocab has that prefix. I did not treat that as a data violation; I applied exact-boundary matching and logged it.

tac_logical_unit exact_hits=0
tac_unit_version exact_hits=0
tac_publication exact_hits=0
tac_change_set exact_hits=0
tac_publication_member exact_hits=0
tac_change_set_member exact_hits=0
V-C4_EXACT PASS: no INSERT into non-seed tables
CANDIDATE_SHA=f058a16bd31d4a235039f17a0d071b7e629946949d9ff2988de9a93a9c8eaf91

5. Execution

Command shape:

docker exec -i postgres psql -U directus -d directus -v ON_ERROR_STOP=1 -X \
  < /opt/incomex/data/tac/gate-c/production_seed_candidate.sql \
  2>&1 | tee /opt/incomex/data/tac/gate-c/seed-output.txt

Output:

BEGIN
INSERT 0 3
INSERT 0 4
INSERT 0 5
INSERT 0 4
INSERT 0 7
INSERT 0 17
INSERT 0 10
INSERT 0 11
COMMIT
PSQL_EXIT=0

6. Post-verification

6.1 Exact row counts

tac_birth_gate_config      | 11
tac_change_set             | 0
tac_change_set_member      | 0
tac_cs_lifecycle_vocab     | 7
tac_logical_unit           | 0
tac_lu_lifecycle_vocab     | 3
tac_pub_lifecycle_vocab    | 4
tac_publication            | 0
tac_publication_member     | 0
tac_publication_type_vocab | 10
tac_review_state_vocab     | 5
tac_section_type_vocab     | 17
tac_unit_version           | 0
tac_uv_lifecycle_vocab     | 4
TOTAL_TAC_ROWS=61

PASS: 8 seed tables match manifest, 6 core/member tables remain 0.

6.2 Sample rows

tac_lu_lifecycle_vocab: active | Hoạt động | Logical unit có ≥1 version enacted | 10
tac_uv_lifecycle_vocab: draft | Bản nháp | Mới tạo, chưa approve, sửa tại chỗ | 10
tac_review_state_vocab: unreviewed | Chưa rà soát | | 10
tac_pub_lifecycle_vocab: proposed | Đề xuất | Mutable, MAY reference draft | 10
tac_cs_lifecycle_vocab: draft | Nháp | | 10
tac_section_type_vocab: heading | Tiêu đề | Navigation heading | active | soft=100 | hard=300
tac_publication_type_vocab: law | Luật | Văn bản pháp lý | active | highest
tac_birth_gate_config: BG-LU-02 | block | true | Hard invariant

6.3 Gate A unchanged

tables=14
functions=7
triggers=6

6.4 Gate B unchanged

TOKEN=****d495
GATE_B_COLLECTIONS=14

7. Secret Hygiene

SECRET_SCAN=PASS

No full token, password, bearer token, or env secret included in this report.

8. Hard Exclusions Confirmed

  • No DDL.
  • No INSERT into 6 core/member tables.
  • No Directus metadata changes.
  • No roles/policies/permissions/token changes.
  • No registry/birth/catalog/DOT writes.
  • No Gate B rework.
  • No G11.
  • No DELETE/TRUNCATE/UPDATE.
  • No corpus migration.
  • All VPS/DB commands executed via ssh contabo.
  • Source canonical files were not edited in place.

9. Verdict

GATE C PASS.

Seeded 61 rows into 8 TAC vocab/config tables. 6 non-seed TAC tables remain empty. Gate A and Gate B remain intact.

STOP after Gate C. Await GPT review before G8B roles/permissions.