Incomex AI Portal
KB-706F

Handoff S184 → S185 — G6 PASS, P9 10/12, tiếp G8A

7 min read Revision 1
handoffs184s185g6g8ap9

Handoff S184 → S185

Phiên: S184 (Miếng 7) Ngày: 2026-04-27 → 2026-04-28 Opus: thực thi + điều hành agent GPT: định hướng, phản biện, giám sát User: ý tưởng, nguyên tắc, mục tiêu, authorize

1. Tóm tắt 1 câu

S184 hoàn thành G6 Migration Dry-Run PASS (run #4, sau 3 lần fail do credential wiring, backup integrity, trigger guard) + sửa backup hỏng silent 37h + sửa trigger guard search_path + soạn G8A Readiness Design v0.2 — P9 Gate từ 9/12 → 10/12 PASS.

2. Quyết định kỹ thuật cụ thể

Quyết định Chi tiết GPT round
DB connection = docker exec postgres psql -U directus -d directus Thay .env/GSM — VPS Docker-local R10
Backup PF-07 v0.5: window 30h, ≥1MB, gzip valid, PG header Thay 6h sai (4x/day = code-backup, full DB = 1x/day) R12
Remote rclone name = gdrive-backup: (không phải GDrive) Discovered qua investigation R12
GRANT USAGE+SELECT on sandbox_tac to directus Backup pg_dump fail vì thiếu quyền R20
pg-backup.sh hardening: temp+atomic+trap+Kuma down-push+flock Silent failure 20B → active alert R20
Trigger guard repair: schema-qualify public.trigger_guard_alerts + SET search_path Root cause = unqualified reference + SECURITY INVOKER + G6 search_path conflict R28
SECURITY DEFINER on incomex_metadata: accept post-hoc, no rollback Process violation — Codex tự upgrade dù gate nói STOP R31
G8A/G8B split: design (doc-only) vs execution (mutation) G8B cần production tables + collections trước R37
tac-admin DDL NOT via Directus role DDL = separate governed DB/DOT path R39

3. Sai lầm + bài học

Sai lầm Anti-pattern Bài học
Giả định .env có DB creds AP-EVIDENCE-BLIND Investigate hiện trường trước khi soạn solution
Ghi "GDrive" thay vì gdrive-backup: AP-EVIDENCE-BLIND Không hardcode từ memory chưa verify
Claim "Kuma push success on fail" AP-EVIDENCE-BLIND Script đã có set -euo pipefail (S174), Kuma = DOWN-by-absence
VPS context bắt buộc = native VPS Wording sai SSH từ Mac = pattern chuẩn (memory rule)
Step-by-step commands trong dispatch Vi phạm OR Mục tiêu mở + PASS/FAIL criteria + ràng buộc luật
Codex tự upgrade SECURITY DEFINER Process violation Privilege elevation = STOP + report, không tự quyết
xhigh cho read-only investigation Lãng phí quota xhigh chỉ DDL production, medium/low cho investigation
Hỏi User secret path thủ công Vi phạm "User ≠ QA" AI tự investigate, không bắt User kiểm kỹ thuật

4. Dữ liệu có con số

Metric Value
G6 runs 4 (3 FAIL + 1 PASS)
DDL 14 tables, 17 FK, 5 UNIQUE, 115 CHECK, 41 indexes
Functions 6 (SECURITY DEFINER + search_path locked)
Triggers 6
Seed 61 rows, 8 files, SHA-256 COMPUTED
V3 SQLSTATE 8/8 PASS (2 adaptations)
V4 isolation 0 violations
Rollback residue 0
Backup restored 44.8 MB (was 20 bytes × 37h silent)
P9 Gate 10/12 PASS (G8 + G11 remaining)
GPT reviews R1 → R39 (session này)
KB docs created/updated ~20+ reports, manifests, indexes
Agent runs ~10 (Codex + Claude Code, low/medium/high/xhigh)

5. Prompt targets phiên S185

Target Effort Executor
G8A-0 Probe (User đang chạy) low Claude Code
Finalize G8A v0.3 dựa trên probe results doc-only (Opus)
GPT review G8A final GPT
Bắt đầu Production DDL gate design doc-only Opus + GPT

6. Việc tiếp đủ làm ngay

Việc đang chờ (User đã dispatch)

  • G8A-0 Directus Permission Model Probe — User chạy Claude Code (low), gửi report đầu S185

Sau probe

  1. Opus finalize G8A v0.3 dựa trên probe results (role shape, permission bind, OPS proxy)
  2. GPT review G8A final
  3. Bắt đầu Production DDL entry gate design (adapt G6 bundle p9_g6_dryrunpublic)
  4. G8B execution gate (sau production DDL + Directus collections)
  5. G11 User final approval

Follow-up issues (không block G8)

  • DOT coverage gap: dot-pg-grant-narrow + dot-backup-script-harden (Đ35)
  • directus-architecture.md SSOT outdated (MySQL → PG migration S115)
  • Memory correction: "code-backup 4x/day" vs "full DB backup 1x/day, remote gdrive-backup:"
  • DOT-316 (trigger guard cron) last_executed=NULL
  • trigger_guard_config missing vs docs
  • trigger_guard_exceptions exists but function không đọc

7. Tài liệu path + rev

Doc Path Rev
Index (updated) knowledge/dev/laws/dieu38-trien-khai/index.md rev 2
Seed manifest (COMPUTED) knowledge/dev/laws/dieu38-trien-khai/seed-manifest-g6-expected.json rev 2
G6 Run #4 action log knowledge/dev/laws/dieu38-trien-khai/reports/p9-g6-execution-log-run4-2026-04-28.md rev 1
G6 Wrapper as-built knowledge/dev/laws/dieu38-trien-khai/P9-G6-retry-wrapper-v0.6-as-built.md rev 1
Production Candidate Pack knowledge/dev/laws/dieu38-trien-khai/P9-production-candidate-pack-g8-readiness.md rev 2
G8A Readiness Design knowledge/dev/laws/dieu38-trien-khai/P9-G8A-directus-roles-readiness-design.md rev 2
Backup Fix A+D log reports/p9-g6-backup-fix-option-a-d-log-2026-04-27.md rev 1
Trigger Guard repair log reports/p9-g6-trigger-guard-repair-option-a-log-2026-04-28.md rev 1
Process violation incident knowledge/dev/reports/agent-process-violation-security-definer-trigger-guard-2026-04-28.md rev 1
G8A-0 Probe dispatch Artifact trong Desktop (chưa persist KB)

GPT reviews (KB)

  • gpt-review-g6-run4-pass-2026-04-28.md
  • gpt-review-backup-fix-a-d-pass-2026-04-27.md
  • gpt-review-trigger-guard-investigation-fix-path-2026-04-28.md
  • gpt-review-trigger-guard-repair-pass-with-process-violation-2026-04-28.md
  • gpt-review-production-candidate-pack-v0-2-2026-04-28.md
  • gpt-review-g8a-readiness-design-draft-2026-04-28.md
  • (và ~10 reviews khác trong session)

Phân vai hiện tại

Vai Ai Scope
Thực thi + điều hành agent Opus 4.6 (Desktop) Soạn dispatch/gate, verify report agent, update KB, escalate GPT
Định hướng, phản biện, giám sát GPT (Council) Review mọi gate/dispatch trước execution, chốt fix path, phán xử violation
Ý tưởng, nguyên tắc, authorize User (Anh Huyên) GO/NO-GO, chỉ đạo ưu tiên, paste dispatch cho agent

Handoff S184 → S185 | 2026-04-28 | Opus 4.6 | G6 PASS, P9 10/12, tiếp G8A