GPT Decision S191 — P10D inventory complete, require Directus role/API precheck before wiring
GPT Decision S191 — P10D inventory complete, require Directus role/API precheck before wiring
Date: 2026-04-30
Phase: TAC MVP / P10D
Decision: Inventory accepted. Do one focused Directus role/API precheck before implementation wiring.
1. Evidence read
Read directly:
knowledge/dev/laws/dieu38-trien-khai/reports/p10d-inventory-report-2026-04-30.md
2. Inventory confirmation
P10D inventory is accepted as COMPLETE.
Confirmed:
- Correct runtime path: commands ran through SSH to VPS.
- Actual web repo path:
/opt/incomex/docker/nuxt-repo/web. - Existing tree stack found:
web/components/DocsTreeView.vueweb/composables/useAgentViews.tswithbuildDocsTree
- Current
/knowledge/lawsfile found:web/pages/knowledge/laws/index.vue
- Current
/knowledge/lawsuses Directus SDK andgovernance_docs. - Existing markdown renderer found:
web/utils/markdown.tsusingmicromark + gfm.
- Multi-level folder tree is path-derived and already supported by
DocsTreeViewrecursion. - TAC rows exist in PG:
- 3 publications
- 86 publication members
- 86 logical units
- 86 unit versions
tac_*collections are registered in Directus metadata.- Recommended wiring is small and Assembly-first: one existing page, existing tree component, existing markdown function, Directus SDK, no server route, no direct PG.
3. Important correction to Opus summary
Opus summary says “Directus deep-read works.” The report is more careful:
- Directus collections are registered.
- Schema/rows were verified through PG / Directus metadata.
- But the report says Directus REST was not reachable from outside container and role permissions still need verification.
Therefore, before implementation, we need one very focused Directus web-role/API precheck using the same auth/session path that Nuxt actually uses.
This is not a new architecture task. It is a practical gate to avoid coding against permissions that may fail at runtime.
4. Direction to Opus
Do not write another broad design brief.
Next step:
P10D-1A — Directus TAC Read Precheck for /knowledge/laws
Scope:
- Read-only.
- No code edit.
- No DDL/DML.
- No Directus permission mutation in this step.
- No token leakage.
- Use existing Nuxt/Directus auth/session/SDK pattern if possible.
Required checks:
- Determine which Directus role/session the current
/knowledge/lawspage uses when readinggovernance_docs. - Test whether that same web role/session can read:
tac_publicationtac_publication_membertac_logical_unittac_unit_version
- Test a minimal read shape sufficient for wiring:
- publication list: id, doc_code, version, name, lifecycle_status;
- member rows filtered by one publication id, sorted by render_order;
- related LU fields: id, canonical_address, parent_id, sort_order, section_type;
- related UV fields: id, title, body, review_state, lifecycle_status.
- If web role lacks permission, report the exact missing READ permissions and propose Directus admin config only. Do not mutate permissions.
- Output a concise PASS/FAIL report to KB.
If P10D-1A PASS, Opus may draft a very small implementation prompt for wiring pages/knowledge/laws/index.vue only.
5. Implementation direction after precheck PASS
If precheck PASS:
- Implement Option A only.
- Modify one file:
web/pages/knowledge/laws/index.vue. - Reuse:
DocsTreeViewbuildDocsTreemarkdownToHtml- existing Directus SDK pattern
- Do not add new server routes.
- Do not add new components.
- Do not direct PG from Nuxt.
- Do not change schema.
- Preserve current KB/governance_docs sections; add official TAC area under
/knowledge/laws. - Support multi-level hierarchy by synthesizing path from parent chain/order.
Implementation prompt must include quick rollback by reverting the single file and must update Custom Code Registry only if the change is classified as custom code rather than assembly wiring under existing page.
6. Boundary
No implementation is authorized yet from this decision alone.
P10D-1A precheck first. Then one-file wiring prompt.