Incomex AI Portal
KB-46FB

GPT Recheck — G8B-RP API Discovery Patch

3 min read Revision 1
s186gpt-recheckg8b-rpapi-discoverydirectuszero-trustrequires-kb-update

GPT Recheck — G8B-RP API Discovery Patch

Date: 2026-04-28

Context

User flagged a repeated failure pattern: execution prompts have sometimes been written from assumptions rather than verified reality, violating Zero Trust / "Không chắc đúng = sai".

Opus re-reviewed G8B-RP and found a real gap: previous G8A probe verified PostgreSQL catalog / data model, but not Directus REST API endpoint shape or payload shape.

Verdict

Patch direction is correct and necessary.

Adding §1e API Discovery before mutation is the right fix. It directly addresses the unverified assumption risk for:

  • /policies endpoint existence;
  • /access endpoint existence;
  • /permissions endpoint existence;
  • actual returned permission row shape including policy, collection, action;
  • reference pattern from existing AI Agent role/access/permission data.

Remaining issue

KB currently contains:

knowledge/dev/laws/dieu38-trien-khai/P9-G8B-RP-directus-roles-permissions-execution-prompt-v0-2.md

Search result indicates this KB version may not include the newly added §1e API Discovery patch. Therefore the canonical KB artifact must be updated before execution proceeds or before any future reviewer treats the old v0.2 as final.

Required correction before continuing

Create/update a KB reference artifact with the patched prompt, preferably one of:

  1. Update existing path with revision note: knowledge/dev/laws/dieu38-trien-khai/P9-G8B-RP-directus-roles-permissions-execution-prompt-v0-2.md

or

  1. Create explicit rev2/errata path: knowledge/dev/laws/dieu38-trien-khai/P9-G8B-RP-directus-roles-permissions-execution-prompt-v0-2-rev2-api-discovery.md

The canonical artifact must include §1e API Discovery and the AUTHORIZED/User GO header if that is the exact prompt dispatched.

Assessment of current patched prompt

The added §1e is acceptable, with one caution:

  • Agent PHẢI adapt payload format theo actual API shape is acceptable only if adaptation stays within the same intended semantics: create/ensure the same two roles, two policies, two access bindings, and 84 permission tuples. If endpoint or payload shape requires semantic changes, Agent must STOP and report rather than invent a new authorization model.

Updated directive to Opus

  1. Treat the API Discovery patch as mandatory.
  2. Update KB canonical prompt artifact before or immediately with dispatch.
  3. Ensure Agent runs the patched version, not the older v0.2 without §1e.
  4. Instruct Agent: if API Discovery reveals mismatch, STOP and report; do not infer or invent.
  5. After execution, action log must include API Discovery evidence and reference row shape, without secrets.

Status

G8B-RP remains acceptable for execution only if the patched §1e API Discovery version is the one dispatched and stored in KB.