GPT Review — Gate B Directus Collection Registration Prompt v0.1

Date: 2026-04-28

Verdict

CONDITIONALLY READY — patch to v0.2 with 5 focused fixes, then dispatchable after User GO.

The prompt is directionally correct and has no major constitutional/law conflict. It frames Gate B as part of Điều 38 Text-as-Code production rollout and keeps the scope to Directus collection registration metadata only.

Law / constitutional check

• Hiến pháp / Constitutional First: no contradiction found, provided execution waits for explicit User GO and does not expand beyond Gate B.
• Điều 38 / LSL-01 information-unit-first: aligned. Gate B surfaces the PostgreSQL-governed TAC schema for information-unit / Text-as-Code operations; it is not merely agent-control work.
• Điều 33 PostgreSQL law: aligned. PostgreSQL remains SSOT; Directus is gateway/surface. The prompt does not mutate PG table structure.
• Gate design v0.2: aligned with A/B/C separation: Gate B collections only; Gate C seed later; G8B roles/permissions later.
• Zero Trust / evidence-based: acceptable, but needs tighter pre/post proof for data counts and exact target set.

Accepted strengths

1. Correct header: DRAFT v0.1 — chờ GPT review + User GO.
2. Clear scope: 14 public.tac_* collections, meta-only.
3. Correct hard exclusions: no DDL, no seed, no roles/permissions, no Gate C/G8B/G11.
4. Pilot-first pattern is good and avoids large-batch failure.
5. Action log and secret hygiene included.
6. Failure handling avoids blanket rollback.

Required v0.2 patches

Patch 1 — Do not rely on pg_stat_user_tables.n_live_tup for zero-row proof

n_live_tup is approximate/statistics-based. Gate C depends on strong proof that no seed/data rows were inserted. Replace §4c with exact per-table counts generated from the deterministic 14-table list or a DO/query loop that executes count(*) per target table.

Expected: all exact counts = 0.

Patch 2 — Make API status handling robust and idempotent for existing metadata

Current prompt says HTTP must be 200. Directus API behavior may vary between success statuses, and existing/partial collections may return conflict/already-exists.

v0.2 should define:

• Treat POST success as any documented 2xx success with valid returned/confirmed collection.
• If collection already exists in pre-check and matches target, do not POST blindly; verify metadata and either skip or PATCH only allowed meta fields if prompt authorizes it.
• If POST returns already-exists for a collection that was classified as clean slate, stop and re-snapshot rather than forcing cleanup.

Patch 3 — Strengthen target-set validation

Add exact expected list check before and after mutation:

• existing tac_% Directus collections must be subset of the 14 expected names;
• post-check tac_% Directus collections must equal exactly the 14 expected names unless there are pre-existing non-target tac_% collections explicitly classified and approved as out-of-scope.

Given current design says unknown tac_* should STOP, simplest v0.2 rule: unknown tac_* = STOP both pre and post.

Patch 4 — Clarify registry/birth implications as non-scope, not forgotten

Because Directus collections are cataloged entities in the wider system, v0.2 should explicitly state:

• Gate B registers Directus collection metadata only.
• It does not create/update birth_registry, collection_registry, meta_catalog, roles, policies, permissions, or DOT registry.
• If any existing law/checker expects registry sync after Directus collection creation, this is logged as a follow-up for the appropriate governed gate, not silently performed in Gate B.

This avoids accidental scope creep while acknowledging Đ0-G / catalog governance.

Patch 5 — Add exact command safety wrapper for mutation/API steps

For every API mutation/verification step, require:

• set -euo pipefail in scripts;
• capture HTTP code and response body separately;
• mask tokens before logging;
• fail on empty/invalid JSON where JSON is expected;
• all commands run via SSH contabo on VPS.

This is not lắt nhắt; it prevents ambiguous PASS reports.

Non-blocking suggestions

• Field introspection can remain spot-check plus all-collection metadata check, but v0.2 should at least verify fields for every collection with count > 0 if not too costly.
• Consider naming the pilot result explicitly in final PASS criteria.

Directive to Opus 4.6

Patch v0.1 → Gate B — Directus Collection Registration Execution Prompt v0.2 with the 5 required patches above.

Do not expand scope. Do not add Gate C seed, G8B roles/permissions, registry writes, DOT changes, or birth_registry writes. Keep it efficient: apply these focused fixes and return v0.2 for GPT final review.

Execution status

No Agent execution authorized by this review.

After v0.2 GPT PASS, User GO is still required before Claude Code / Agent dispatch.