23-P3D4 — Directus Notification Exposure — Design Review Report
23-P3D4 — Directus Notification Exposure — Design Review Report
Date: 2026-05-08 Status: PASS Prompt:
knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4-directus-exposure-design-review-prompt.md(rev4) Note:knowledge/dev/laws/dieu44-trien-khai/design/23-p3d4-directus-notification-exposure-review.md(rev1) Reviewer: Claude Opus 4.7 (1M)
Verification
law_preread=PASS
constitution_checked=PASS
assembly_first_checked=PASS
law_jurisdiction_map_included=PASS
law_overlap_check=PASS
constitution_no_violation=PASS
law07_pg_directus_nuxt_order_respected=PASS
data_connection_no_bypass=PASS
display_law_treeview_respected=PASS
inventory_directus=DONE
inventory_directus_access=FULL_READ_ONLY
inventory_pg=DONE
inventory_pg_access=FULL_READ_ONLY
inventory_assumptions_documented=PASS
design_questions_answered=8/8
recommendation=C
body_content_exposure=NOT_INCLUDED
metadata_only_exposure_default=PASS
review_note_upload=PASS
directus_dot_only=true
directus_ui_view_only=true
user_no_directus_content_edit=true
nuxt_treeview_standard_documented=true
no_pg_mutation=true
no_directus_mutation=true
no_nuxt_code=true
no_nuxt_business_logic=true
no_direct_pg_from_nuxt=true
no_codex_dispatch=true
no_secret_creation_or_disclosure=true
no_law_jurisdiction_overlap=true
assembly_first_compliant=true
next_required_pack=P3D4B_DIRECTUS_DOT_EXPOSURE_PACKAGE_REVIEW
Inventory summary
Directus (read-only, MCP API):
- Health
okathttps://directus.incomexsaigoncorp.vn. iu_notification_eventandiu_notification_readare auto-registered as Directus collections (whitelisted, no description).- Item-level access for the MCP token is
403 FORBIDDENon both — confirms no role permission grant exists yet (correct pre-DOT posture). - No notification-specific flow/endpoint observed.
PG (read-only, SSH contabo → psql -U directus):
- 2 tables:
iu_notification_event,iu_notification_read(ownerdirectus, full constraint set per P3D2 evidence — verified: stream checkcomment|review|update, type check, compound type↔stream check, FK CASCADE). - 6 functions, all
SECURITY DEFINER:fn_iu_notif_comment(trig),fn_iu_notif_draft(trig),fn_iu_notif_version(trig),fn_iu_unread(text,text,boolean,integer),fn_iu_mark_read(uuid[],text),fn_iu_notification_board(text,text,integer). - 3 triggers AFTER INSERT FOR EACH ROW on
unit_edit_comment,unit_edit_draft,unit_version. - 0 PG views matching
%notif%— confirmsv_iu_notification_boardnot yet created.
Recommendation
Option C — staged. Read-only metadata board first via a reviewed DOT package (PG VIEW + Directus read permissions-grant only). Mark-read (fn_iu_mark_read) deferred to a separate controlled package because (a) it is a write action, (b) per-actor parameter requires a Directus user → actor_ref mapping, and (c) parameterised function invocation needs custom endpoint/extension scaffolding.
Body content stance
body_content_exposure=NOT_INCLUDED (default, metadata + ref-only).
Hard-boundary attestation
No PG mutation, no Directus mutation, no Nuxt code, no Nuxt business logic, no direct PG from Nuxt, no Codex dispatch, no Hermes start, no secret/token creation or disclosure, no law/tooling jurisdiction overlap.
Next step
P3D4B_DIRECTUS_DOT_EXPOSURE_PACKAGE_REVIEW — review and ratify the DOT package outlined in §E of the design review note (PG view + read-only Directus role grant). Hermes remains BLOCKED_PENDING_REVIEW.
P3D4 report | PASS | Recommendation C | 2026-05-08