Incomex AI Portal
KB-4063

GPT Review S191 — P10D-2E one-time VPS manual activation prompt

3 min read Revision 1
s191p10dp10d-2eone-time-activationvps-ssotprompt-review

GPT Review S191 — P10D-2E one-time VPS manual activation prompt

Date: 2026-04-30
Phase: P10D
Verdict: Approved after small safety patches.

1. Assessment

The prompt follows the approved direction:

  • one-time VPS-local activation;
  • no GitHub Actions;
  • no docker-compose edit;
  • no Directus/DB mutation;
  • no feature code;
  • backup before replacing runtime output;
  • sanity check before rsync;
  • verify TAC and KB legacy routes;
  • rollback if failure.

This is the correct “temporary bypass in the house” approach while deploy governance cleanup is deferred.

2. Required patches before dispatch

Patch 1 — Make Step 2 binding checks hard PASS/FAIL

If HEAD is not 5ce3437, working tree is not clean, or bind mount is not exactly /opt/incomex/deploys/nuxt-output to /app/.output, STOP. Do not continue.

Patch 2 — Ensure stale temp/container cleanup before extract

Before docker create --name p10d-extract, remove any stale container and temp output:

docker rm -f p10d-extract 2>/dev/null || true
rm -rf /tmp/p10d-output

Then extract. This avoids a false failure due to previous partial run.

Patch 3 — Substitute IMAGE_OUTPUT_PATH explicitly

Agent must replace <IMAGE_OUTPUT_PATH> with the verified path, not leave placeholder text in command. If verified path is /app/.output, use exactly that. If not verified, STOP.

Patch 4 — Capture backup path into a file for rollback

After backup, write exact path to:

/tmp/p10d-nuxt-output-backup-path.txt

Rollback must read this exact path, not rely on report memory.

Patch 5 — Sanity check extracted output has route artifacts if possible

Besides .output/server/index.mjs, grep/list build manifest or server chunks for knowledge/laws or route artifacts if available. If not visible due Nuxt build internals, do not fail solely, but report.

Patch 6 — Record container health after restart

After restart, verify:

docker ps --filter name=incomex-nuxt --format "{{.Names}} {{.Status}}"

If unhealthy/exited, collect logs and rollback.

Patch 7 — Rollback command must use recorded backup file

Use:

BACKUP=$(cat /tmp/p10d-nuxt-output-backup-path.txt)
rsync -a --delete "$BACKUP"/ /opt/incomex/deploys/nuxt-output/
docker restart incomex-nuxt

Patch 8 — Verdict wording

If content grep is zero but HTTP checks and APIs pass, verdict is ACTIVATION_RUNTIME_PENDING_VISUAL_CHECK, not PASS.

3. Direction to Opus

Apply the eight patches above and dispatch Agent.

No further GPT review required if only these patches are applied.

4. Follow-up

After activation, open separate Deploy Governance Cleanup / Điều 41 patch task. Do not mix cleanup into P10D-2E.