Incomex AI Portal
KB-2E47

P3D Step 1 Runtime Checkpoint Agent Prompt

7 min read Revision 1
promptruntime-checkpointp3dinformation-unittext-as-coderead-only2026-05-10

P3D Step 1 — Runtime Checkpoint Agent Prompt

Date: 2026-05-10 Author: GPT-5.5 Thinking / Incomex Hội đồng AI Purpose: Read-only runtime checkpoint before P3D IU/Text-as-Code spec recovery/re-author. Status: READY_FOR_AGENT_DISPATCH

Mission

Run a short read-only checkpoint to verify P3D IU/Text-as-Code baseline. Do not fix anything. Do not mutate anything. Upload a report to KB.

Hard boundaries

  • No mutation.
  • No DDL.
  • No INSERT/UPDATE/DELETE.
  • No function/trigger/index/permission change.
  • No Nuxt code change.
  • No deploy/restart.
  • No DOT-119 execution or rewrite.
  • Do not run old DOT-119 v1.
  • Do not clobber fn_birth_registry_auto v2.
  • Do not direct-write information_unit or unit_version.

Report path

Upload final report to:

knowledge/dev/laws/dieu44-trien-khai/reports/p3d-step1-runtime-checkpoint-report.md

Checks

Run six checks:

  1. tbl_event_outbox table_registry status, collection, page_url.
  2. /knowledge/registries/event_outbox route live; fallback text absent if body check is possible.
  3. DOT-119 script integrity/no-clobber: md5/sha if available; grep count for CREATE OR REPLACE FUNCTION fn_birth_registry_auto must be 0.
  4. fn_birth_registry_auto source hash if PostgreSQL access is available; do not alter function.
  5. IU functions exist: fn_iu_create, fn_iu_apply_edit_draft, fn_iu_save.
  6. Current IU edit policy: dot_config.key='iu_edit.policy.default_mode' should be require_review; treat mismatch as warning unless other checks fail.

Safer shell template

Use this as the basis. Adjust container/base URL only if live environment differs. Prefer public URL fallback for route check if localhost fails.

#!/usr/bin/env bash
set -uo pipefail

CONTAINER="${PG_CONTAINER:-postgres}"
DB="${PG_DB:-directus}"
DBUSER="${PG_USER:-directus}"
BASE_URL="${BASE_URL:-https://vps.incomexsaigoncorp.vn}"
PSQL=(docker exec -i "$CONTAINER" psql -U "$DBUSER" -d "$DB" -v ON_ERROR_STOP=1)
TS=$(date +%Y%m%d-%H%M%S)
LOG="/tmp/p3d-step1-checkpoint-${TS}.log"
FAIL=0
WARN=0

exec > >(tee -a "$LOG") 2>&1

echo "# P3D Step 1 Runtime Checkpoint"
echo "timestamp=$TS"
echo "no_mutation=true"
echo

# C1: table_registry status by table_id, not brittle id only
echo "--- C1 table_registry tbl_event_outbox ---"
C1_ROW=$("${PSQL[@]}" -t -A -F '|' -c "SELECT COALESCE(status,''), COALESCE(collection,''), COALESCE(page_url,'') FROM table_registry WHERE table_id='tbl_event_outbox' ORDER BY id DESC LIMIT 1;" 2>/dev/null || true)
echo "C1_ROW=$C1_ROW"
C1_STATUS=$(echo "$C1_ROW" | cut -d'|' -f1)
C1_COLLECTION=$(echo "$C1_ROW" | cut -d'|' -f2)
C1_PAGE=$(echo "$C1_ROW" | cut -d'|' -f3)
if [ "$C1_STATUS" = "published" ] && [ "$C1_COLLECTION" = "event_outbox" ]; then echo "C1=PASS"; else echo "C1=FAIL expected published/event_outbox"; FAIL=$((FAIL+1)); fi
echo

# C2: route live. Try localhost then public URL.
echo "--- C2 route live ---"
C2_HTTP_LOCAL=$(curl -s -o /tmp/p3d-c2-local.html -w '%{http_code}' 'http://localhost:3000/knowledge/registries/event_outbox' --max-time 10 2>/dev/null || echo "000")
C2_HTTP_PUBLIC=$(curl -s -o /tmp/p3d-c2-public.html -w '%{http_code}' "${BASE_URL}/knowledge/registries/event_outbox" --max-time 15 2>/dev/null || echo "000")
echo "C2_HTTP_LOCAL=$C2_HTTP_LOCAL"
echo "C2_HTTP_PUBLIC=$C2_HTTP_PUBLIC"
C2_BODY="/tmp/p3d-c2-public.html"
[ "$C2_HTTP_LOCAL" = "200" ] && C2_BODY="/tmp/p3d-c2-local.html"
if [ "$C2_HTTP_LOCAL" = "200" ] || [ "$C2_HTTP_PUBLIC" = "200" ]; then
  if grep -q "Chưa có bảng registry" "$C2_BODY" 2>/dev/null; then
    echo "C2=FAIL fallback text found"; FAIL=$((FAIL+1))
  else
    echo "C2=PASS"
  fi
else
  echo "C2=FAIL expected HTTP 200 on localhost or public URL"; FAIL=$((FAIL+1))
fi
echo

# C3: DOT-119 no-clobber script integrity
echo "--- C3 DOT-119 script integrity ---"
DOT_PATH="/opt/incomex/dot/bin/dot-birth-trigger-setup"
C3_MD5=""
if [ -f "$DOT_PATH" ]; then
  C3_MD5=$(md5sum "$DOT_PATH" | awk '{print $1}')
  C3_CLOBBER_COUNT=$(grep -c "CREATE OR REPLACE FUNCTION fn_birth_registry_auto" "$DOT_PATH" || true)
else
  C3_MD5="FILE_NOT_FOUND"
  C3_CLOBBER_COUNT="NA"
fi
echo "C3_MD5=$C3_MD5"
echo "C3_CLOBBER_COUNT=$C3_CLOBBER_COUNT"
if [ "$C3_CLOBBER_COUNT" = "0" ]; then echo "C3=PASS"; else echo "C3=FAIL clobber pattern found or file missing"; FAIL=$((FAIL+1)); fi
echo

# C4: fn_birth_registry_auto hash. Exact hash is expected baseline, but record mismatch as fail only if source unavailable or clobber suspected.
echo "--- C4 fn_birth_registry_auto hash ---"
C4_HASH=$("${PSQL[@]}" -t -A -c "SELECT md5(pg_get_functiondef(oid)) FROM pg_proc WHERE proname='fn_birth_registry_auto' AND pronamespace='public'::regnamespace ORDER BY oid LIMIT 1;" 2>/dev/null || true)
C4_EXPECTED="1f729b3571a74963089bb3ef388217f3"
echo "C4_HASH=$C4_HASH"
echo "C4_EXPECTED=$C4_EXPECTED"
if [ -z "$C4_HASH" ]; then echo "C4=FAIL function hash unavailable"; FAIL=$((FAIL+1)); elif [ "$C4_HASH" = "$C4_EXPECTED" ]; then echo "C4=PASS"; else echo "C4=WARN hash differs from historical baseline; verify if expected change"; WARN=$((WARN+1)); fi
echo

# C5: IU core functions exist, use SQL count not wc on empty string.
echo "--- C5 IU core functions exist ---"
C5_ROW=$("${PSQL[@]}" -t -A -F '|' <<'SQL'
WITH expected(proname) AS (
  VALUES ('fn_iu_create'), ('fn_iu_apply_edit_draft'), ('fn_iu_save')
), found AS (
  SELECT DISTINCT p.proname
  FROM pg_proc p
  JOIN pg_namespace n ON n.oid=p.pronamespace
  WHERE n.nspname='public'
    AND p.proname IN ('fn_iu_create','fn_iu_apply_edit_draft','fn_iu_save')
)
SELECT count(found.proname)::text,
       string_agg(expected.proname || ':' || CASE WHEN found.proname IS NULL THEN 'missing' ELSE 'present' END, ',' ORDER BY expected.proname)
FROM expected
LEFT JOIN found USING (proname);
SQL
)
echo "C5_ROW=$C5_ROW"
C5_COUNT=$(echo "$C5_ROW" | cut -d'|' -f1)
if [ "$C5_COUNT" = "3" ]; then echo "C5=PASS"; else echo "C5=FAIL expected 3 functions present"; FAIL=$((FAIL+1)); fi
echo

# C6: edit policy current value
echo "--- C6 edit policy ---"
C6_POLICY=$("${PSQL[@]}" -t -A -c "SELECT value FROM dot_config WHERE key='iu_edit.policy.default_mode' LIMIT 1;" 2>/dev/null || true)
echo "C6_POLICY=$C6_POLICY"
if [ "$C6_POLICY" = "require_review" ]; then echo "C6=PASS"; else echo "C6=WARN expected require_review"; WARN=$((WARN+1)); fi
echo

echo "=== VERDICT ==="
echo "TOTAL_CHECKS=6"
echo "FAIL_COUNT=$FAIL"
echo "WARN_COUNT=$WARN"
if [ "$FAIL" -eq 0 ]; then echo "CHECKPOINT_STATUS=PASS"; else echo "CHECKPOINT_STATUS=FAIL"; fi
echo "NO_MUTATION_PERFORMED=true"
echo "LOG=$LOG"

Report contents required

The KB report must include:

phase_status=PASS|FAIL|BLOCKED
no_mutation_performed=true
checks=C1..C6
fail_count=<n>
warn_count=<n>
log_path=<path>
evidence_summary=<short>

If any check fails, do not fix it. Report only.