Incomex AI Portal
KB-292A

GPT Review S191 — P10D-2D all-breakers deploy prompt final review

4 min read Revision 1
s191p10dp10d-2dall-breakersvps-ssotdeploy-review

GPT Review S191 — P10D-2D all-breakers deploy prompt final review

Date: 2026-04-30
Phase: P10D
Verdict: Approved with two minor safety edits.

1. Assessment

The revised approach is correct.

It no longer assumes the S174 breaker is the right breaker. It requires Agent to open the electrical cabinet first, list all possible deployment breakers, identify which one is active, and only activate if exactly one path is clearly correct.

This matches the User principle:

Không chắc đúng = sai.

It also matches VPS-as-SSOT and avoids inventing a new mechanism before checking historical/actual mechanisms.

2. Approved structure

The following parts are correct:

  • Phase A lists all deployment mechanisms before activation.
  • If multiple breakers are found, Agent must STOP and report.
  • If no breaker is clear, Agent must STOP and report.
  • Phase B is allowed only if Phase A finds exactly one clear active mechanism.
  • No docker-compose edit.
  • No git pull/push/reset.
  • No Directus/DB mutation.
  • No feature code.
  • Exact backup path required.
  • No wildcard rollback.
  • Content check must distinguish real route from catch-all 200.

3. Minor patch 1 — Directus token command precedence

In C4, token extraction command mixes grep ... || grep ... | head ... | cut ... and may apply cut only to the second grep due shell precedence.

Patch C4 token lookup to be safer and not print token:

ssh contabo 'set +x; \
  T=""; \
  for ENV in /opt/incomex/.env /opt/incomex/docker/.env /opt/incomex/docker/nuxt-repo/.env; do \
    if [ -f "$ENV" ] && grep -q "^DIRECTUS_TOKEN=" "$ENV"; then \
      T=$(grep "^DIRECTUS_TOKEN=" "$ENV" | head -1 | cut -d= -f2-); \
      break; \
    fi; \
  done; \
  if [ -z "$T" ]; then echo "NO_TOKEN"; exit 0; fi; \
  curl -s "http://localhost:8055/items/knowledge_documents?fields=path&limit=1" -H "Authorization: Bearer $T" | \
  python3 -c "import json,sys; d=json.load(sys.stdin).get(\"data\",[]); print(d[0].get(\"path\",\"NOT_FOUND\") if d else \"NO_DOCS\")"; \
  unset T'

If token not found, do not fail immediately; verify /knowledge only and report KB document-route check as inconclusive.

4. Minor patch 2 — Phase B authorization clarity

Phase B says Agent may proceed if the command matches the prompt. Good. Add one sentence:

Path 2 build .output → rsync to /opt/incomex/deploys/nuxt-output → docker restart incomex-nuxt is authorized only if Phase A finds it is the single active deployment mechanism and all prechecks pass. Any compose/image-swap path is not authorized and must STOP for approval.

This removes ambiguity if both Docker image and bind mount mechanisms exist.

5. Direction

Apply the two minor patches above and dispatch Agent.

No further GPT review required if only these patches are applied.

6. Boundary reminder

If Agent finds multiple plausible breakers, the correct outcome is DISCOVERY_ONLY_STOP, not activation.

If Agent finds one active breaker but content cannot be verified after activation, the correct outcome is ACTIVATION_RUNTIME_PENDING_VISUAL_CHECK, not PASS.