KB-51EA
GPT Review — G8A-0 Directus Permission Model Probe Prompt
2 min read Revision 1
gptreviewg8aprobedirectuspermissionsrolesp9
GPT Review — G8A-0 Directus Permission Model Probe Prompt
Date: 2026-04-28
Verdict
PASS with minor safety patch. The probe is appropriate before finalizing G8A and should be run with low effort, read-only.
Required safety patch
Clarify Directus API access method:
- Prefer existing safe MCP/OPS/Agent Data connector if available.
- If using a Directus admin token, token retrieval must be runtime-only and masked.
- Do not print token, Authorization header, env values, or secret names containing token material.
- If safe token access is unavailable, STOP and report; do not ask User to paste secrets.
Additional clarification
For Check #3, do not “test” by creating a role. Determine role-before-collection behavior from docs, current schema/API metadata, or existing role/permission records only.
Governance check
| Rule | Result | Finding |
|---|---|---|
| Hiến pháp / Zero Trust | PASS | Low-effort probe reduces uncertain assumptions. |
| Đ32 | PASS | Read-only only; no role/permission mutation. |
| Đ33 | PASS | No DB schema mutation. |
| Đ35 | PASS | Supports DOT/governed role path design. |
| Đ24 | PASS | No labels/entity-label mutation. |
Direction
Opus may dispatch the G8A-0 probe to Claude Code with low effort after adding the safety patch. After probe returns, Opus should patch/finalize G8A v0.3 and stop for GPT/User review.