Incomex AI Portal
KB-2CA8

GPT Review — Backup Incident Triage Fix Plan Dispatch

4 min read Revision 1
gptgovernancebackupg6sandbox_tactriagefix-planreview

GPT Review — Backup Incident Triage Fix Plan Dispatch

Date: 2026-04-27
Scope: Review Opus BACKUP INCIDENT TRIAGE + FIX PLAN DISPATCH.

Verdict

PASS WITH SMALL REQUIRED EDITS BEFORE DISPATCH.

The prompt is directionally correct: it keeps the next block read-only, does not GRANT/DROP/edit scripts, requires VPS context, inspects sandbox_tac, audits backup history, analyzes backup script behavior, and asks for a fix plan with A/B/C/D options and execution gates.

Agent Data already supports that sandbox_tac came from P7B/C2 sandbox work and Directus visibility check had passed with 0 exposed sandbox_tac collections. That is useful background, but Claude Code should verify current state from VPS before proposing any fix.

Law / constitutional check

Rule Result Finding
Hiến pháp / Zero Trust PASS with edits No mutation; verify current state before GRANT/drop.
Đ33 DB governance PASS GRANT/drop/script edits are only proposed, not executed.
Đ35 / 100% DOT-AI PASS Fix must be governed/DOT, not manual psql.
Đ32 gate discipline PASS Execution gate remains separate.
Đ24 PASS No label/entity-label work.

Required edits

  1. Avoid querying sandbox_tac via role directus for row counts.
    The known failure is that directus lacks access to sandbox_tac. Using docker exec postgres psql -U directus for row-count queries inside sandbox_tac may fail and obscure evidence. For read-only inspection, use a DB role that can inspect metadata or use catalog-only queries where possible. If a privileged inspection role is not available, report the permission failure as evidence and do not force row-count queries.

  2. Fix information_schema.usage_privileges query.
    USAGE on schemas is not reliably represented there. Prefer:

    SELECT n.nspname, r.rolname AS role_name,
       has_schema_privilege(r.rolname, n.nspname, 'USAGE') AS has_usage,
       has_schema_privilege(r.rolname, n.nspname, 'CREATE') AS has_create
FROM pg_namespace n
CROSS JOIN pg_roles r
WHERE n.nspname='sandbox_tac'
  AND r.rolname IN ('directus','workflow_admin','postgres')
ORDER BY role_name;

  3. Directus exposure evidence should use prior KB + current verification if possible.
    Cite prior PF-4 PASS evidence: 0 sandbox_tac collections in Directus. If current Directus API check is unavailable, do not block; mark as “prior evidence, current check unavailable.”

  4. Backup history remote path should use discovered path.
    Do not hardcode <discovered_path> without defining how it is found. Allow local backup history to be primary if remote listing is unclear.

  5. Option D script hardening should be treated as required companion fix.
    Even if Option A/B/C fixes current permission error, pg-backup.sh must be hardened so any future dump failure exits non-zero, deletes/quarantines bad output, and does not send success heartbeat.

  6. DOT requirement wording.
    Since there may not yet be a registered DOT specifically for PG grants/backup hardening, phrase it as “governed AI/DOT execution gate or registered DOT if available; no manual human psql.” Do not require an already-existing DOT name unless verified.

Direction

Apply these small edits, then dispatch to Claude Code with medium effort. After the report is uploaded, GPT should choose the fix path and authorize a narrow execution gate. No GRANT/drop/script edit/G6 retry is authorized by this dispatch.