GPT Review — B3-F1c-d Patched Docs Second Pass — PATCH REQUIRED BEFORE AGENT PROBE — 2026-05-13

Scope reviewed

Reviewed patched B3-F1c-d documents:

• knowledge/dev/laws/dieu44-trien-khai/design/p3d-birth-system-b3f1c-d-dispatch-bridge-decision-design.md revision 2
• knowledge/dev/laws/dieu44-trien-khai/prompts/p3d-birth-system-b3f1c-d-dispatch-bridge-shape-probe-prompt-DRAFT.md revision 2
• knowledge/dev/laws/dieu44-trien-khai/reports/p3d-birth-system-b3f1c-d-dispatch-bridge-decision-design-report.md revision 2

Previous GPT review:

• knowledge/dev/laws/dieu44-trien-khai/reviews/gpt-review-b3f1c-d-dispatch-bridge-design-patch-required-2026-05-13.md

Verdict

Status: PATCH_REQUIRED_BEFORE_AGENT_PROBE

Opus fixed the 11 prior issues materially, and Option C remains the leading candidate. However, the current prompt still has secret-exposure and environment-hardcoding risks. Do not dispatch Agent yet.

Accepted fixes from prior round

The following are accepted as fixed:

• Route path/auth/body are now candidates and probe-required.
• Prompt no longer assumes PG role directus.
• Full app tree route probing is included.
• system_issues INSERT privilege probe is included.
• Function call is marked DML-affecting.
• Revised Directus Flow default is inactive.
• Cadence remains policy/candidate-driven.
• dot_config uniqueness checks include constraints and indexes.
• Final fields are strengthened.
• Report confidence is lowered to AGENT_DATA_API_BRIDGE_PENDING_PROBE.

Remaining issue 1 — .env / docker-compose probes can expose secrets

Prompt allows:

Read docker-compose.yml and .env files

and commands like:

grep -i 'POSTGRES_USER|PG_USER|DB_USER|DATABASE_URL' <DISCOVERED_REPO_PATH>/.env /opt/incomex/docker/docker-compose.yml

This may print real secrets, tokens, database URLs, or passwords into Agent output and KB reports. That violates the no-secret-exposure boundary.

Required patch:

• The prompt may inspect config files for variable names and presence, but must redact values.
• Agent final report must never include secret values, database passwords, API keys, full connection strings, or tokens.
• For DATABASE_URL, report only parsed non-secret metadata:
  • variable name exists;
  • scheme/driver if visible;
  • host/service name if non-secret and needed;
  • username/role if needed for privilege checks;
  • password/token must be <REDACTED>.
• Add final field:

secrets_redacted=true|false

If any secret is exposed, status cannot be PASS.

Remaining issue 2 — hardcoded /opt/incomex/docker/docker-compose.yml remains in discovery commands

The prompt says not to hardcode repo path, but still anchors discovery to:

/opt/incomex/docker/docker-compose.yml
/opt/incomex/docker/.env
/opt/incomex/.env

This is less severe than hardcoding the repo path, but still conflicts with the discovery-first posture.

Required patch:

• Treat these as candidate/default paths, not truth.
• First discover project root / compose file path using available environment context or known mount conventions.
• If default paths are used, report project_root_source=DEFAULT_KNOWN_PATH_CONFIRMED only after existence check.
• If not found, search read-only for compose file candidates or return BLOCKED_PROJECT_ROOT_UNDISCOVERABLE.

Add final fields:

project_root_discovered=true|false
project_root_source=DISCOVERED|DEFAULT_KNOWN_PATH_CONFIRMED|BLOCKED

Remaining issue 3 — hardcoded container name incomex-agent-data

Prompt uses:

docker inspect incomex-agent-data ...

This may be correct, but it is an assumption before discovery.

Required patch:

• First discover candidate Agent Data container/service names from docker ps, compose services, or labels.
• Then inspect the discovered container.
• If not discoverable, return BLOCKED_AGENT_DATA_CONTAINER_UNDISCOVERABLE.

Add final field:

agent_data_container_discovered=true|false

Remaining issue 4 — PG privilege probe with discovered role may still require safe quoting

Prompt says to substitute <DISCOVERED_ROLE> into SQL. If role contains special chars, unsafe interpolation can fail or become misleading.

Required patch:

• Instruct Agent to use safe SQL quoting for role names.
• Prefer quote_literal() / psql variable binding / parameterized query if available.
• Report role name redacted/normalized if it embeds credentials or connection string context.

Remaining issue 5 — endpoint code compile must be blocked if route/auth or PG pattern is only partially discovered

Prompt says compile endpoint code based on all probe results, but should make the PASS/BLOCK conditions explicit.

Required patch:

• Endpoint code must not be compiled if any of these are false:
  • agent_data_route_pattern_discovered
  • agent_data_auth_pattern_discovered
  • agent_data_pg_role_discovered
  • function_execute_privilege
  • system_issues_insert_privilege
  • dot_config_select_privilege
  • compiled_from_assumptions=false
• If any is false, return PARTIAL/BLOCKED and produce a gap-analysis artifact instead of endpoint code.

Remaining issue 6 — revised Flow seed should not be compiled if endpoint code is not compiled

The prompt currently separates endpoint compile and revised flow seed compile. But a revised flow seed pointing to a non-compiled/unknown endpoint would recreate the B3-F1c-c issue.

Required patch:

• Compile revised Directus Flow seed only if endpoint code is compiled and route/auth/path are known.
• If endpoint code is not compiled, write a flow-seed gap analysis instead.
• Final field revised_flow_seed_compiled=true should require endpoint_code_compiled=true.

Required Opus response

Opus should patch the design, prompt, and report.

Required final response:

b3f1c_d_second_pass_patch_status=PASS|PARTIAL|BLOCKED
secret_redaction_required=true|false
secrets_redacted_final_field_added=true|false
project_root_discovery_added=true|false
agent_data_container_discovery_added=true|false
safe_role_quoting_required=true|false
endpoint_compile_block_conditions_added=true|false
flow_seed_requires_endpoint_compiled=true|false
agent_probe_allowed=false_until_gpt_review
scheduler_execution_allowed=false
b3f_complete_allowed=false
phase5c2_migration_allowed=false
next_recommended_action=GPT_REVIEW_B3F1C_D_SECOND_PASS_PATCHED_DOCS

Governance status

b3f1c_d_second_pass_review_status=PATCH_REQUIRED_BEFORE_AGENT_PROBE
agent_probe_allowed=false
scheduler_execution_allowed=false
directus_flow_execution_allowed=false
agent_data_endpoint_creation_allowed=false
dot_config_mutation_allowed=false
dot_tools_mutation_allowed=false
b3f_complete_allowed=false
phase5c2_migration_allowed=false
next_recommended_action=OPUS_PATCH_B3F1C_D_DOCS_SECOND_PASS