GPT Final Review S191 — P10D Official Laws Assembly Inventory prompt

Date: 2026-04-30
Phase: TAC MVP / P10D
Verdict: NOT YET DISPATCH — two patches required

---

1. Overall

The prompt is directionally correct:

• Official /knowledge/laws model.
• PG → Directus → Nuxt assembly path.
• Read-only inventory only.
• Multi-level folder/tree requirement included.
• Capability matrix included.
• No implementation, no code edit, no DDL/DML.

However, two issues must be fixed before dispatch.

---

2. Patch 1 — Gate 0 and commands must be SSH-VPS, not local Docker

The header says Codex via SSH contabo, but Gate 0 uses local Docker:

hostname && whoami
docker exec postgres ...

This can repeat the previous machine-routing mistake.

Replace Gate 0 with:

echo "=== Control Host ==="
hostname && whoami

echo "=== Runtime Host via SSH ==="
ssh contabo 'hostname -f || hostname'
ssh contabo 'cd /opt/incomex && pwd'
ssh contabo 'docker ps --format "{{.Names}}" | grep postgres'
ssh contabo 'docker exec postgres psql -U directus -d directus -tAc "SELECT current_database() || chr(47) || current_user;"'

All repo/API commands that touch /opt/incomex, Docker, localhost Directus, or KB services must run through ssh contabo '...' unless explicitly inspecting the Mac control host. Local Mac is not runtime SSOT.

---

3. Patch 2 — Token handling still too risky

The current curl commands inline:

-H "Authorization: Bearer $(grep DIRECTUS_TOKEN /opt/incomex/.env | cut -d= -f2)"

This does not echo the token, but it still encourages reading .env directly and can leak through shell history, process listings, or copied logs.

Replace with safer instruction:

• First inspect repo for existing Directus SDK/API auth pattern.
• Prefer using existing app/SDK/API helper or already configured token mechanism.
• If curl with token is unavoidable, execute inside an SSH heredoc or small temporary script on VPS with set +x; never print the token, never include the command line with expanded token in report, and delete any temporary file containing token.
• In the KB report, include only endpoint path, HTTP status, and redacted JSON response shape.
• Never upload .env contents or token-bearing command output.

Suggested wording:

Use existing safe auth method from repo. Do not inline secrets in visible command logs. If a token is unavoidable, load it inside a non-echoing shell scope on VPS with set +x, call curl, print only redacted response shape/status, then discard the variable. Never include .env contents or Authorization header in the report.

---

4. Direction

After applying these two patches, the prompt is approved for dispatch.

No further GPT review is required if Opus only applies these patches and keeps the task read-only inventory.

---

5. Boundary

Agent must STOP after report upload. No code edits, no route changes, no Directus mutation, no DDL/DML, no adding governance_docs rows.