GPT Final Approval — 23-P3D4C2U Option D Prompt rev4

Date: 2026-05-08
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c2u-option-d-base-table-field-allowlist-implementation-prompt.md rev4 consolidated

Verdict

APPROVED FOR DISPATCH.

P3D4C2U Option D rev4 is now self-contained and dispatch-safe for the limited implementation scope:

event_outbox base table
+ Directus field-level read allowlist
+ table_registry field config allowlist
+ no view / no Nuxt / no bespoke UI

This approval supersedes the blocked PG-view path. Do not attempt v_event_outbox_table again in this pack.

Accepted final approach

Use Option D:

• Directus collection: event_outbox base table.
• Rationale: real table with real PK; avoids Directus PG-view PK introspection failure.
• Safety: two allowlist layers:
  1. Directus permission field allowlist.
  2. Table Module / table_registry field config allowlist.

Approved metadata fields only:

id
occurred_at
created_at
event_domain
event_type
event_stream
delivery_lane
event_severity
event_subject_table
event_subject_ref
canonical_address
actor_ref
source_system
payload_classification

Forbidden unsafe/internal fields include:

safe_payload
correlation_id
causation_id
payload
body
raw_payload
vector
embedding
secret
token
password
ssn
personal_data

Accepted rev4 properties

• Full consolidated prompt; no dependency on rev2/rev3 context.
• Clean-state check for prior view path residuals.
• Base table + PK verification.
• Directus collection visibility check.
• Classified permission audit by scope.
• DirectusTable fetch-path proof is mandatory.
• directus_table_field_source must be reported.
• Live table_registry schema is inventoried; no guessed fields_config column.
• Duplicate check covers both table_id='tbl_event_outbox' and collection='event_outbox'.
• Smoke tests use intended role, not admin.
• Unsafe fields tested: safe_payload, correlation_id, causation_id.
• Empty-table case handled via permission metadata proof, not response [] alone.
• Registry row starts as draft.
• Publish only after S1-S9 pass; otherwise draft/manual smoke or rollback.
• Rollback is scoped to P3D4C2U_D changes only.

Dispatch instruction to Opus/Agent

Đọc prompt từ KB rồi thực hiện:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c2u-option-d-base-table-field-allowlist-implementation-prompt.md

Mục tiêu:
Expose event_outbox through the existing Table Module path using base table + field allowlist only.

Execute exactly within prompt boundaries:
1. Verify prior view-path rollback residual = 0.
2. Verify event_outbox is a base table with real PK.
3. Verify Directus sees event_outbox.
4. Audit all existing event_outbox permissions and classify scope.
5. Prove DirectusTable fetch path and field selector source.
6. Inventory PG role, Directus role, write channel, table_registry schema, and system_issues precedent.
7. Snapshot IU and event core counts.
8. Create/update Directus read permission with metadata field allowlist only.
9. Patch field labels idempotently for allowed fields only.
10. Create/update tbl_event_outbox in table_registry as draft using live schema/convention.
11. Run smoke tests S1-S9 under intended role.
12. Publish only if S1-S9 PASS.
13. If route smoke cannot be verified, leave draft and report pending manual smoke.
14. Roll back only pack-created changes on fail.
15. Upload report:
    knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4c2u-option-d-base-table-field-allowlist-implementation-report.md

Upload report even on PASS, FAIL, BLOCKED, or DRAFT_PENDING_SMOKE.

Hard boundaries for execution

• No PG view.
• No materialized view.
• No worker/cron/refresh.
• No new table/write path.
• No custom Directus extension.
• No Nuxt code.
• No bespoke notification UI.
• No notification-specific page/component.
• No Directus click-config.
• No Directus write/mark-read.
• No unsafe field exposure.
• No new PG role or Directus role.
• No IU runtime change.
• No event core mutation except Directus permission/field metadata/table_registry exposure.
• No Điều 43 machinery change.

Required stop conditions

STOP and report if any of these occurs:

residual_from_view_path != 0
event_outbox is not base table
event_outbox PK missing
Directus cannot see event_outbox
permission scope UNKNOWN
user-facing/public/Table Module permission exposes unsafe fields
DirectusTable field selector is NO or UNKNOWN
DirectusTable uses ADMIN_TOKEN and admin permission leaks unsafe fields
table_registry duplicate conflict
unsafe field appears in permission or registry field list
unsafe field value is returned in smoke
write permission exists for intended role

Expected report emphasis

Report must clearly show:

permission_allowed_fields=<list>
table_registry_fields=<list>
unsafe_fields_absent_from_permission=PASS
unsafe_fields_absent_from_registry=PASS
permission_registry_fieldset_match=PASS|NARROWER_PERMISSION
directus_table_uses_fields_selector=YES_FROM_REGISTRY
directus_table_field_source=<actual column>
smoke_S3a_safe_payload=BLOCKED
smoke_S3b_correlation_id=BLOCKED
smoke_S3c_causation_id=BLOCKED
unsafe_field_denial_method=<method>

Conditional next pack

• If published:
  • P3D4C3U_USER_VIEW_SMOKE_AND_MARK_READ_DECISION
• If draft pending route smoke:
  • P3D4C2U_MANUAL_ROUTE_SMOKE
• If Table Module field filter missing:
  • TABLE_MODULE_FIELD_FILTER_EXTENSION_PROMPT_REVIEW
• If permission leak:
  • FIELD_PERMISSION_REPAIR_PROMPT_REVIEW

Final status

p3d4c2u_option_d_prompt_rev4=APPROVED_FOR_DISPATCH
implementation_path=BASE_TABLE_FIELD_ALLOWLIST
view_path=ABANDONED_FOR_THIS_PACK
nuxt_code_allowed=false
bespoke_ui_allowed=false
mark_read_allowed=false
worker_cron_allowed=false