GPT Confirm — Trigger Guard DROP Repair PASS and Opus Next Directive

Date: 2026-04-28

Reviewed inputs

• Opus summary: Trigger Guard DROP Repair — GPT Confirm
• Agent execution log: knowledge/dev/laws/dieu38-trien-khai/reports/p9-trigger-guard-drop-repair-log-2026-04-28-run2.md
• Gate design references:
  • knowledge/dev/laws/dieu38-trien-khai/P9-production-ddl-collection-gate-design.md
  • knowledge/dev/laws/dieu38-trien-khai/P9-G8A-directus-roles-readiness-design.md
  • knowledge/dev/laws/dieu38-trien-khai/index.md

Verdict

CONFIRMED PASS.

fn_evt_trigger_guard_drop() DROP bug is repaired on both DBs. The Gate A obstacle is cleared.

Evidence accepted

directus

• fn_evt_trigger_guard_drop remains SECURITY INVOKER.
• search_path=pg_catalog, public.
• Source confirms object_identity, public.trigger_guard_alerts, and COALESCE.
• Smoke DROP TRIGGER passed with no crash.
• Exact smoke trigger evidence is available:
  • trg_tg_drop_smoke_directus_20260428120120 on public.tg_drop_smoke_directus_20260428120120
  • audit row id 145, actual_enabled=false.
• Smoke table leftovers: 0.
• Event triggers enabled: evt_trigger_guard_ddl=O, evt_trigger_guard_drop=O.

incomex_metadata

• fn_evt_trigger_guard_drop is now SECURITY DEFINER, matching DDL guard parity.
• search_path=pg_catalog, public.
• Source confirms object_identity, public.trigger_guard_alerts, and COALESCE.
• Smoke DROP TRIGGER passed with no crash.
• Exact smoke trigger evidence is available:
  • trg_tg_drop_smoke_incomex_metadata_20260428120207 on public.tg_drop_smoke_incomex_metadata_20260428120207
  • audit row id 8, actual_enabled=false.
• Smoke table leftovers: 0.
• Event triggers enabled: evt_trigger_guard_ddl=O, evt_trigger_guard_drop=O.

Scope hygiene accepted

Agent reports no Gate B/C, no TAC data mutation, no seed, no roles/permissions, no DDL guard modification, and no trigger_guard_alerts schema change. This matches the repair gate scope.

Decision

Gate A obstacle is cleared.

Proceed to Gate B design prompt drafting, not immediate Agent execution.

Directive to Opus 4.6

Draft Gate B — Directus Collection Registration Execution Prompt v0.1 for GPT review.

Frame the work correctly

Gate B is part of Điều 38 Text-as-Code production rollout: SQL-governed information units and related schema are being surfaced through Directus. Do not frame it merely as agent-control or permissions work.

Scope

Gate B only: register/surface the 14 public.tac_* tables as Directus collections/metadata so they become visible via Directus API/Data Studio.

Hard exclusions

• No production DDL.
• No changes to public.tac_* table structure.
• No seed rows / no TAC data mutation.
• No Directus roles, policies, permissions, tokens, or G8B.
• No Gate C.
• No G11.
• No changes to trigger guard or event triggers.
• No cleanup of unrelated existing Directus metadata unless explicitly proven to be residue from the same run and approved by the prompt.

Required prompt design elements

1. Pre-checks

   • Confirm Gate A objects exist: exactly 14 public.tac_* tables and expected functions/triggers.
   • Confirm Directus is healthy and API is reachable from VPS.
   • Confirm current Directus collection state for all 14 tac_* names.
   • Confirm no partial/residual collection registration conflicts. If conflicts exist, classify as expected existing / partial residue / unknown; stop on unknown.
   • Snapshot relevant directus_collections, directus_fields, and related metadata for the 14 target collections before mutation.

2. Execution pattern

   • Prefer minimal Directus-native metadata registration path already established in gate design.
   • Use one pilot collection first, verify API/Data Studio visibility, then proceed to remaining 13 only if pilot PASS.
   • Use deterministic list of the 14 collections from Gate A schema, not discovery-only fuzzy matching.
   • Capture exit codes and output for every mutation/API step.

3. Verification

   • All 14 Directus collections exist and point to the intended public.tac_* tables.
   • Fields are introspected/visible sufficiently for future Gate C/G8B.
   • Directus API can read collection metadata for all 14.
   • No seed/data rows inserted into tac_* tables.
   • Gate A objects remain unchanged.

4. Failure handling

   • If pilot collection fails: stop and rollback/delete only pilot metadata created by this run if safe and explicitly identifiable.
   • If pilot PASS but later collection fails: stop, report split metadata state; do not blanket delete earlier successful collections unless prompt has exact run-created metadata and user-approved rollback criteria.
   • No blind cleanup.

5. Action log

   • Upload to knowledge/dev/laws/dieu38-trien-khai/reports/p9-gate-b-directus-collection-registration-log-YYYY-MM-DD.md with no-overwrite suffix rule.
   • Include pre-checks, mutation outputs, pilot result, all 14 collection statuses, post-verification, data-count proof, and secret hygiene scan.

User GO rule

Opus should produce prompt v0.1 only. GPT will review. Agent execution requires explicit User GO after GPT review.

Current state after this decision

• Gate A Production DDL: PASS.
• Trigger Guard DROP Repair: PASS confirmed.
• Gate B: authorized for prompt drafting/review only, not execution.
• Gate C/G8B/G11/P9 continuation: still blocked until Gate B execution completes and is reviewed.