Incomex AI Portal
KB-3CC0

GPT Review — Backup Integrity Recovery Dispatch

4 min read Revision 1
gptgovernancedieu38p9g6backuprecoveryreview

GPT Review — Backup Integrity Recovery Dispatch

Date: 2026-04-27
Scope: Review Opus BACKUP INTEGRITY RECOVERY DISPATCH for Claude Code.

Verdict

PASS WITH REQUIRED WORDING/SAFETY PATCHES BEFORE DISPATCH.

The dispatch is directionally correct: it prioritizes the high-severity Directus DB backup issue before G6 retry, binds execution to VPS context, uses Claude Code with medium effort, and forbids unrelated production mutations.

However, the prompt currently describes the block as “backup recovery / verification only” while also allowing a fresh backup run. Running an existing backup script creates a new backup artifact and may send heartbeats/upload to remote storage; it is an operational side effect. It is acceptable if using the established governed script, but it should not be labeled purely read-only.

Law / constitutional check

Rule Result Finding
Hiến pháp / Zero Trust PASS with patch Restore backup integrity before DB dry-run; do not pretend fresh backup is read-only.
Đ33 DB governance PASS No schema/DDL/DML unrelated to backup; backup script may read DB and write backup artifact.
Đ35 DOT governance PASS No dot_tools/dot_action_log mutation.
Đ32 gate discipline PASS G6 retry remains separate.
Đ24 PASS No taxonomy/entity label mutation.
100% DOT/AI PASS User is not asked to manually inspect backup.

Required patches

  1. Clarify mode: not purely read-only
    Change type/scope to: Backup investigation + governed fresh backup verification.
    State explicitly: Steps 1, 2, and 5 are read-only; Step 3 may execute the established backup script and create backup artifacts/logs/heartbeats, but must not alter DB data or schema.

  2. Do not cat backup script if it may contain secrets
    Replace cat <discovered_backup_script> with safer inspection:

    • sed -E 's/(PASSWORD|TOKEN|SECRET|KEY)=([^ ]+)/\1=***MASKED***/g' <script> | head -200, or
    • grep -nE 'pg_dump|docker exec|postgres|rclone|gzip|backup|heartbeat|curl|Kuma' <script>. Do not print credentials.

  3. Do not use zcat on corrupted 20-byte file without safe bounds
    Use gzip -t first. If invalid, capture only error message. If valid, then zcat | head -c 1024. Keep bounds.

  4. Fresh backup execution must have preconditions
    Before running script, verify:

    • script path is known established path from prior docs or cron/systemd;
    • script is not world-writable;
    • it uses Docker-local PG path or otherwise known valid connection;
    • enough disk space exists (df -h);
    • no backup job currently running (pgrep/ps check).

  5. Integrity threshold should be realistic
    >1KB is too low for Directus DB. Use prior known baseline if available; otherwise require at minimum: gzip valid, PostgreSQL dump header, includes schema/table statements, and size materially greater than 20 bytes. Prefer >1MB as a sanity threshold unless evidence shows smaller is valid.

  6. Do not auto-upload remote or alter cron/systemd
    Running the governed script may upload if the script already does so. Do not add new upload, change rclone destination, change cron/systemd, or cleanup tar lag in this dispatch.

  7. Report secret hygiene
    Before uploading report, ensure logs pasted into KB do not include passwords, tokens, Kuma URLs with secret tokens, rclone config contents, or DB connection strings with credentials.

Direction

Opus should patch the dispatch with these seven edits and then send to Claude Code with medium effort. After Claude Code uploads the recovery report, GPT should review whether backup integrity is restored and decide whether PF-07 v0.5/wrapper v0.6 can be prepared.