P3D — B3-F1c-d Dispatch Bridge Shape Probe Prompt (DRAFT — Patched R2)

Date: 2026-05-13 Mode: READ-ONLY PROBE + COMPILE-ONLY. No mutation. No execution. Decision: Option C — Agent Data API Bridge (pending probe) Patches: R1 (11 items) + R2 (6 items)

Mission

Probe Agent Data internals to compile a new endpoint that calls public.fn_birth_onboarding_full_scan(). Then compile revised Directus Flow seed targeting Agent Data. Upload all to KB. Do NOT execute.

Hard boundaries

ALLOWED:
  Read Agent Data source code (read-only)
  Read docker-compose.yml and .env (variable NAMES only, REDACT all secret values)
  Read-only PG queries (privilege check, constraint check, role discovery)
  KB artifact writes

FORBIDDEN:
  Modify any file on VPS
  Any PG DDL/DML
  docker compose build/up/restart
  Function invocation (DML-affecting)
  Directus Flow/dot_config/dot_tools mutation
  Exposing secrets (passwords, tokens, API keys, full DB URLs, connection strings) in report or artifacts

⚠️ SECRET REDACTION RULE (applies to entire probe)

When inspecting .env, docker-compose, DATABASE_URL, or any config containing credentials:

Report variable NAME and whether it exists: YES
Report scheme/driver (e.g., postgresql+asyncpg://): YES if needed
Report hostname/service name (e.g., postgres container): YES if needed
Report username/role (e.g., directus): YES (needed for privilege check)
Report password, token, API key, full connection string: NEVER. Write <REDACTED>.
If any secret value appears in report/artifact text → secrets_redacted=false → status CANNOT be PASS.

Phase 0 — Discover execution context, project root, container

# 0a. Am I on VPS or local?
hostname

# 0b. Discover project root / docker-compose path
# Try known default, confirm existence
test -f /opt/incomex/docker/docker-compose.yml && echo "COMPOSE_FOUND_AT_DEFAULT" || echo "COMPOSE_NOT_AT_DEFAULT"
# If not found at default, discover:
find / -maxdepth 4 -name 'docker-compose.yml' -path '*/incomex/*' 2>/dev/null | head -5

# 0c. Discover Agent Data container name
docker ps --filter "name=agent-data" --format "{{.Names}}" 2>/dev/null
# Fallback: list all containers
docker ps --format "{{.Names}}" 2>/dev/null

# 0d. Discover PostgreSQL container name
docker ps --filter "ancestor=postgres" --format "{{.Names}}" 2>/dev/null
# Fallback: search by name pattern
docker ps --filter "name=postgres" --format "{{.Names}}" 2>/dev/null
# Confirm psql is available in discovered container
docker exec <DISCOVERED_PG_CONTAINER> which psql 2>/dev/null || echo "PSQL_NOT_FOUND"

If on local Mac: use the user-approved VPS connection method provided by the execution environment. Do not assume a local SSH alias (e.g., do not hardcode ssh contabo or any personal alias). If no approved remote execution context is available, stop as BLOCKED_VPS_CONTEXT_UNDISCOVERABLE. If on VPS: direct commands.

Gate 0: ALL must succeed:

Execution context identified
docker-compose.yml path confirmed
Agent Data container name confirmed
PostgreSQL container name confirmed + psql available

If any fails → report and STOP. If PG container undiscoverable → BLOCKED_PG_CONTAINER_UNDISCOVERABLE.

Report: context, confirmed compose path, confirmed Agent Data container, confirmed PG container.

Final fields:
project_root_discovered=true|false
project_root_source=DISCOVERED|DEFAULT_KNOWN_PATH_CONFIRMED|BLOCKED
agent_data_container_discovered=true|false
pg_container_discovered=true|false

Phase 1 — Agent Data PG connection pattern

# Search ENTIRE app tree for PG library imports (safe: only prints filenames)
find <DISCOVERED_REPO_PATH> -name '*.py' -exec grep -l 'psycopg\|asyncpg\|sqlalchemy\|databases\|aiopg\|pg8000' {} \;

# Search for DB config variable NAMES (safe: only prints filenames, not values)
grep -Rl 'DATABASE_URL\|POSTGRES\|PG_\|db_url\|engine\|pool\|connect\|DSN' <DISCOVERED_REPO_PATH> --include='*.py'

# Read connection setup code to understand PATTERN (NOT to extract credentials)
# When reading code, report: library import, connection function name, env var name
# Do NOT copy lines containing actual connection strings or passwords

Report: PG library, sync/async, env var NAME for connection (value REDACTED), pool config pattern.

Phase 2 — Discover Agent Data PG role + privileges

# Discover PG role — SAFE: print only variable names, not values
grep -RohE '^[A-Z_]*(POSTGRES_USER|PG_USER|DB_USER)[A-Z_]*=' <DISCOVERED_COMPOSE_PATH> 2>/dev/null | sed 's/=.*$/=<REDACTED>/'

# If role is in DATABASE_URL: extract username only using safe parsing
# Report: "DATABASE_URL exists, scheme=postgresql+asyncpg, user=<discovered>, password=<REDACTED>, host=<service_name>"
# Do NOT print the full URL
grep -c 'DATABASE_URL' <DISCOVERED_COMPOSE_PATH> 2>/dev/null && echo "DATABASE_URL_EXISTS"

Then check privileges with discovered role using safe quoting:

# Use psql variable binding — do NOT interpolate role name raw into SQL
docker exec <DISCOVERED_PG_CONTAINER> psql -U directus -d directus \
  -v role_name='<DISCOVERED_ROLE>' \
  -c "SELECT has_function_privilege(:'role_name', 'public.fn_birth_onboarding_full_scan()', 'EXECUTE') AS fn_exec,
             has_table_privilege(:'role_name', 'public.system_issues', 'INSERT') AS si_insert,
             has_table_privilege(:'role_name', 'public.dot_config', 'SELECT') AS dc_select"

If psql -v variable binding not available, use quote_literal or verify role name contains only safe characters [a-zA-Z0-9_] before interpolation.

Report: PG role name, fn_exec, si_insert, dc_select.

If fn_exec=false → BLOCKED_FUNCTION_EXECUTE_PRIVILEGE If si_insert=false → BLOCKED_SYSTEM_ISSUES_WRITE_PRIVILEGE

Phase 3 — Agent Data route/endpoint pattern (FULL app tree)

# Discover framework
grep -r 'FastAPI\|Flask\|Starlette\|Sanic' <DISCOVERED_REPO_PATH> --include='*.py' | head -10

# Discover ALL route registrations
grep -rn '@app\.\|@router\.\|include_router\|add_route\|add_api_route' <DISCOVERED_REPO_PATH> --include='*.py' | head -30

# Discover auth middleware/dependencies
grep -rn 'Depends\|middleware\|authenticate\|api_key\|verify_key\|security\|HTTPBearer\|APIKeyHeader' <DISCOVERED_REPO_PATH> --include='*.py' | head -20

# Discover modular routers
find <DISCOVERED_REPO_PATH> -name '*.py' -path '*/router*' -o -name '*.py' -path '*/route*' -o -name '*.py' -path '*/endpoint*' | head -20

# Read representative endpoint for pattern

Report: Framework, route pattern, auth mechanism, response format.

If undiscoverable → BLOCKED_AGENT_DATA_ROUTE_PATTERN_UNDISCOVERABLE or BLOCKED_AGENT_DATA_AUTH_PATTERN_UNDISCOVERABLE.

Phase 4 — Docker internal URL + port

grep -A10 'agent-data' <DISCOVERED_COMPOSE_PATH> | grep -i 'port\|container_name\|expose'
grep 'AGENT_DATA_URL' <DISCOVERED_COMPOSE_PATH>

Report: Confirmed internal URL.

Phase 5 — dot_config uniqueness (constraints AND indexes)

SELECT conname, contype FROM pg_constraint WHERE conrelid = 'public.dot_config'::regclass;

SELECT i.relname, a.attname, ix.indisunique
FROM pg_index ix
JOIN pg_class i ON i.oid = ix.indexrelid
JOIN pg_attribute a ON a.attrelid = ix.indrelid AND a.attnum = ANY(ix.indkey)
WHERE ix.indrelid = 'public.dot_config'::regclass AND ix.indisunique = true;

Report: unique constraint or unique index on key? If neither → flag for alternative seed strategy.

Phase 6 — Compile Agent Data endpoint code

COMPILE GATE — ALL must be true:

agent_data_route_pattern_discovered = true
agent_data_auth_pattern_discovered = true
agent_data_pg_role_discovered = true
function_execute_privilege = true
system_issues_insert_privilege = true
dot_config_select_privilege = true
compiled_from_assumptions = false
secrets_redacted = true

If ANY condition is false → DO NOT compile endpoint code. Write gap analysis instead explaining which conditions failed and why. Set endpoint_code_compiled=false.

If all true: compile Python endpoint code following EXACT discovered patterns.

⚠️ Compiled endpoint code must NOT be deployed or tested in this phase. Function invocation is DML-affecting.

Write to KB:

knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-system-b3f1c-d-agent-data-endpoint-code.py.md

Phase 7 — Compile revised Directus Flow seed

COMPILE GATE — requires `endpoint_code_compiled=true`

If endpoint code was NOT compiled (Phase 6 gate failed) → DO NOT compile Flow seed. Write gap analysis instead. Set revised_flow_seed_compiled=false. This prevents creating a scheduled flow pointing to a nonexistent endpoint (B3-F1c-c lesson).

If endpoint code WAS compiled:

URL: discovered Agent Data internal URL + discovered route path
Headers: discovered auth convention (values from env vars, NOT hardcoded secrets)
status: inactive — activation is SEPARATE approved step
Cron: CANDIDATE cadence, requires GPT/user approval