Incomex AI Portal
KB-73B1 rev 4

23-P3D4 — Directus Notification Exposure — Design Review Prompt (rev4)

10 min read Revision 4
p3d4promptdirectusdesignreviewinventorynotificationrev4jurisdictionaccess-control

23-P3D4 — Directus Notification Exposure — Design Review Prompt (rev4)

Date: 2026-05-08 Status: PROMPT rev4 — chờ GPT/User final review. CHƯA dispatch. Report: knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4-directus-exposure-design-review-report.md Scope: Design review + Directus/PG inventory (read-only). NO implementation. Rev3→Rev4: Define inventory methods/fallbacks, access limitation fields, body content default, DOT package outline.

Hard Boundaries — TUYỆT ĐỐI

  • KHÔNG code Nuxt — cấm tuyệt đối. Nuxt chỉ là màn hình đọc từ Directus. Không business logic.
  • KHÔNG direct PG từ Nuxt — cấm tuyệt đối.
  • KHÔNG mutate PG — không CREATE/ALTER/DROP/INSERT/UPDATE/DELETE. Chỉ SELECT/describe.
  • KHÔNG mutate Directus config — không tạo collection/permission/flow/endpoint. Không click UI tạo/sửa gì.
  • KHÔNG thao tác content trên Directus — UI chỉ để view/inspect. Do not use Directus UI as operational/configuration surface.
  • KHÔNG implement exposure — P3D4 chỉ review + recommend next reviewed package.
  • KHÔNG dùng Codex — dispatch Codex phải có user approval trước.
  • KHÔNG start Hermes production — review riêng, không trộn vào P3D4.
  • KHÔNG expose body content mặc định — metadata/ref-only. Body exposure cần separate review.
  • KHÔNG xâm lấn thẩm quyền — không dùng công cụ tầng này giải quyết việc tầng khác.
  • KHÔNG tạo/tiết lộ secret/token — không tạo Directus token mới, không request secret, không expose secret.
  • ✅ KB document create only (design review note)
  • ✅ Directus API read-only (inventory) — nếu có approved access
  • ✅ PG read-only (inventory) — nếu có approved access

Step 0A: Mandatory Law Pre-Read

Agent PHẢI đọc các luật sau TRƯỚC KHI làm bất kỳ việc gì. Nếu không đọc được file bắt buộc → STOP và báo thiếu file.

  1. knowledge/dev/laws/constitution.md
  2. knowledge/dev/laws/law-07-assembly-first.md
  3. knowledge/dev/ssot/data-connection-law.md
  4. Điều 28 / Luật kỹ thuật hiển thị nếu available trên KB
  5. knowledge/dev/laws/dieu44-trien-khai/design/23-p3d-ui-boundary-directus-nuxt-assembly-note.md

Step 0B: Law Jurisdiction Map

Sau khi đọc luật, Agent ghi nhận bản đồ thẩm quyền vào design review note:

Tầng Thẩm quyền luật Ví dụ vi phạm
PG runtime/notification PG-first, Assembly First, IU laws Code Nuxt để bù PG
Directus exposure Directus/DOT, data-connection rules Click UI sửa config thay vì DOT
Nuxt display Display law, Điều 28, TreeView rules Thêm business logic vào Nuxt
Human interaction UI/display + data-connection boundaries User sửa content qua Directus UI
Agent/Codex dispatch User-approval, agent-operation rules Agent tự dispatch Codex
Hermes automation Review riêng, không trong P3D4 Trộn Hermes vào exposure design

Hard rule: No layer may solve another layer's problem by bypassing that layer's law/tooling.

Step 1: Read P3D Context Files (theo thứ tự)

  1. knowledge/dev/laws/dieu44-trien-khai/design/23-p3d3-user-notification-board-directus-exposure-design.md
  2. knowledge/dev/laws/dieu44-trien-khai/context-packs/iu-agent-front-door-context.md
  3. knowledge/dev/laws/dieu44-trien-khai/design/23-p3d-ui-boundary-directus-nuxt-assembly-note.md
  4. knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d2-notification-triggers-report.md
  5. knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d3-notification-context-directus-exposure-report.md

Step 2: Inventory Checks (read-only)

2A. Directus Inventory

Method:

  • Ưu tiên official Directus API read-only endpoints nếu Agent đã có approved token/connection trong môi trường hiện tại.
  • Không request secret từ user hoặc bất kỳ nguồn nào.
  • Không expose secret trong report.
  • Không tạo Directus token mới.
  • Không dùng Directus UI cho bất kỳ configuration action nào.
  • Nếu Directus UI được mở, chỉ view-only inspection.

Fallback nếu KHÔNG có Directus API access:

  • Ghi inventory_directus_access=LIMITED_NO_ACCESS
  • Vẫn làm design từ PG inventory + KB docs
  • Phải mark rõ assumptions trong note
  • KHÔNG được đẩy sang UI/config work để bù

Nếu CÓ Directus API access:

  • Report exact endpoints/objects inspected
  • Ghi inventory_directus_access=FULL_READ_ONLY

Check items:

  • Danh sách collections — đặc biệt iu_notification_event, iu_notification_read đã discover chưa
  • Roles và permissions liên quan IU tables
  • Existing flows/endpoints
  • Directus có tự discover PG views không

2B. PG Inventory

Method:

  • Chỉ dùng read-only SQL/psql inspection (SELECT, \d, \df, \dv).
  • Cấm tuyệt đối: CREATE, ALTER, DROP, INSERT, UPDATE, DELETE.
  • Dùng SSH alias contabo, user directus, database directus.

Fallback nếu KHÔNG có PG credential/access:

  • Ghi inventory_pg_access=LIMITED_NO_ACCESS
  • Dựa vào P3D2/P3D3 reports + KB docs
  • Phải mark rõ assumptions
  • KHÔNG mutate bất cứ gì

Nếu CÓ PG access:

  • Report exact queries run
  • Ghi inventory_pg_access=FULL_READ_ONLY

Check items:

  • iu_notification_event, iu_notification_read table structure
  • PG views liên quan notification
  • fn_iu_notification_board signature (input/output)

Step 3: Answer 8 Design Questions

  1. Directus native capability: Expose được gì KHÔNG cần custom code? Config phải DOT-first/DOT-only.
  2. PG primitive phù hợp nhất: PG view? Materialized view? Direct collection? Custom endpoint chỉ khi assembly fail?
  3. fn_iu_notification_board qua Directus: Expose được không cần custom code? Alternative?
  4. Phase 1 human monitoring: PG view read-only đủ không? (all events, latest readers, actor, read-state overview)
  5. Human actor identity: user:huyen mapping, actor_ref convention.
  6. Human mark-read: Defer Phase 1? Nếu xét → controlled action reviewed riêng, không free-form editing.
  7. Security/permissions: Read-only, metadata-only default, user KHÔNG sửa IU content qua Directus UI.
  8. Nuxt boundary: KHÔNG code Nuxt. Assembly First. TreeView 2/3 cột. Không logic mới.

Step 4: Output — Design Review Note

Path: knowledge/dev/laws/dieu44-trien-khai/design/23-p3d4-directus-notification-exposure-review.md

A. Inventory results

Directus + PG thực tế (hoặc assumptions nếu limited access).

B. 8 design questions answered

C. Recommendation — chọn 1 option

Option Mô tả
A Recommend candidate DOT/change package: PG view + Directus read-only collection
B Recommend candidate DOT/change package: Directus endpoint/flow backed by PG functions — only if DOT-supported
C Staged: read-only board first via reviewed package, mark-read later as separate controlled action
D Defer if DOT/Directus inventory shows risk

D. Body content exposure decision

body_content_exposure=NOT_INCLUDED (default) hoặc OUT_OF_SCOPE_REQUIRES_SEPARATE_REVIEW
metadata_only_exposure_default=PASS|FAIL

E. DOT Package Outline for next pack (nếu A/B/C)

Outline ở mức cao, chưa implement:

  • Candidate PG view name (nếu recommend view)
  • Directus collection/view exposure plan
  • Role/permission intent
  • Read-only vs controlled mark-read boundary
  • Rollback/review requirements
  • Mục tiêu: bước sau vẫn DOT-driven, không ad-hoc UI clicking

F. Constitution/Law Compliance Checklist

PG source of truth: PASS/FAIL
Directus DOT-only: PASS/FAIL
Directus UI view-only: PASS/FAIL
User no content editing in Directus: PASS/FAIL
Nuxt no-code/no-business-logic: PASS/FAIL
Existing TreeView assembly path respected: PASS/FAIL
No direct PG from Nuxt: PASS/FAIL
No Codex dispatch: PASS/FAIL

G. Law Jurisdiction Compliance Checklist

PG work stays in PG domain: PASS/FAIL
Directus exposure stays in Directus/DOT domain: PASS/FAIL
Nuxt display stays in display-only domain: PASS/FAIL
User interaction does not bypass Directus: PASS/FAIL
Directus does not become content-edit workflow: PASS/FAIL
Nuxt does not become workflow/business logic: PASS/FAIL
Hermes/agents not mixed into exposure design: PASS/FAIL
No duplicate implementation across PG/Directus/Nuxt: PASS/FAIL

Verification

Agent must report all fields:

law_preread=PASS
constitution_checked=PASS
assembly_first_checked=PASS
law_jurisdiction_map_included=PASS
law_overlap_check=PASS
constitution_no_violation=PASS
law07_pg_directus_nuxt_order_respected=PASS
data_connection_no_bypass=PASS
display_law_treeview_respected=PASS
inventory_directus=DONE
inventory_directus_access=FULL_READ_ONLY|LIMITED_NO_ACCESS|FAILED_UNSAFE
inventory_pg=DONE
inventory_pg_access=FULL_READ_ONLY|LIMITED_NO_ACCESS|FAILED_UNSAFE
inventory_assumptions_documented=PASS|FAIL
design_questions_answered=8/8
recommendation=A|B|C|D
body_content_exposure=NOT_INCLUDED|OUT_OF_SCOPE_REQUIRES_SEPARATE_REVIEW
metadata_only_exposure_default=PASS
review_note_upload=PASS|FAIL
directus_dot_only=true
directus_ui_view_only=true
user_no_directus_content_edit=true
nuxt_treeview_standard_documented=true
no_pg_mutation=true
no_directus_mutation=true
no_nuxt_code=true
no_nuxt_business_logic=true
no_direct_pg_from_nuxt=true
no_codex_dispatch=true
no_secret_creation_or_disclosure=true
no_law_jurisdiction_overlap=true
assembly_first_compliant=true
next_required_pack=P3D4B_DIRECTUS_DOT_EXPOSURE_PACKAGE_REVIEW (nếu A/B/C) hoặc DEFERRED (nếu D)

Key Principles

  1. PG = source of truth.
  2. Directus = exposure layer, DOT-driven. Config qua reviewed DOT/change package. UI chỉ để xem.
  3. Nuxt = display assembly. TreeView 2/3 cột. Không logic mới.
  4. User xem, không sửa. Content operations qua PG/Agent.
  5. Assembly First = chiến lược DUY NHẤT.
  6. Mỗi luật giữ chuyên môn. Không bypass. Không double. Không xâm lấn.
  7. Metadata-only default. Body content exposure cần separate review.
  8. Không tạo/tiết lộ secret. Dùng approved access hiện có hoặc ghi LIMITED_NO_ACCESS.

P3D4 rev4 | Design review + inventory only | CHƯA dispatch | Chờ GPT/User final review

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4-directus-exposure-design-review-prompt.md