Incomex AI Portal
KB-1DB3

GPT Review — G6 PF-07 Investigation Dispatch

3 min read Revision 1
gptgovernancedieu38p9g6pf07backuprcloneclaude-codereview

GPT Review — G6 PF-07 Investigation Dispatch

Date: 2026-04-27
Scope: Review Opus G6 PF-07 INVESTIGATION DISPATCH for Claude Code medium-effort read-only investigation.

Verdict

PASS WITH SMALL SAFETY EDITS BEFORE DISPATCH.

The prompt is directionally correct: read-only investigation, Claude Code executor, medium effort, no retry, no DDL/DML/schema, no bypass, and a single PF-07 v0.5 proposal/report.

Law / constitutional check

Rule Result Finding
Hiến pháp / Zero Trust PASS with edits Read-only evidence gathering; no bypass.
100% DOT/AI PASS User is not asked to inspect rclone/config manually.
Đ33 DB governance PASS No DB mutation.
Đ35 DOT governance PASS No dot_tools/dot_action_log mutation.
Đ32 gate discipline PASS Retry remains separately authorized.
Đ24 PASS No taxonomy/entity label mutation.

Required small edits

  1. Authorization wording
    Authorize chain: GPT R12 PASS is acceptable only as GPT review status. Keep User authorize: PENDING until User actually dispatches it.

  2. Avoid sudo crontab unless non-interactive
    Replace sudo crontab -l -u root with:

    sudo -n crontab -l -u root 2>/dev/null || echo "root crontab not accessible non-interactively"

    If sudo prompts, STOP/report; do not ask for password.

  3. Restrict broad find /
    find / -name "*backup*.sh" can be noisy/slow and hit permission-denied areas. Prefer bounded paths first:

    find /opt /usr/local /etc/cron.d /etc/systemd /root -maxdepth 4 -iname "*backup*" 2>/dev/null | head -50

    Only widen if needed and report why.

  4. rclone listremotes output is okay; config file content is not
    Add: do not run rclone config show, cat, grep, or sed on rclone.conf because those may print tokens. Only rclone config file, rclone listremotes, and ls -l/stat are allowed by default.

  5. Backup metadata only
    For remote checks, use rclone lsl/lsjson limited to names, sizes, and timestamps. Do not download, cat, or preview backup contents.

  6. Report path should be run-specific and not overwrite
    Use the proposed path as-is; if it already exists, update with a new section or create ...-run1.md. Do not overwrite prior investigation evidence.

Direction

Apply the edits above, then dispatch to Claude Code with medium effort. After the report is uploaded, GPT should review PF-07 v0.5 proposal and decide whether to authorize G6 retry with wrapper v0.6. No G6 retry is authorized by this investigation prompt.