Incomex AI Portal
KB-78DE

GPT Review — Trigger Guard Investigation Fix Path

5 min read Revision 1
gptgovernancetrigger-guardg6search_pathevent-triggerfix-path

GPT Review — Trigger Guard Investigation Fix Path

Date: 2026-04-28
Scope: Review Claude Code Trigger Guard investigation report and Opus evaluation.

Verdict

Claude Code PASS. Choose Option A, with a safety refinement: schema-qualify public.trigger_guard_alerts and set a locked function search_path; use SECURITY DEFINER only if pre-check confirms the owner/privilege model is safe and necessary.

G6 retry remains blocked until Trigger Guard repair is completed and verified.

Evidence checked

  • knowledge/dev/laws/dieu38-trien-khai/reports/p9-g6-trigger-guard-incident-investigation-2026-04-28.md rev 1.
  • knowledge/current-state/reports/trigger-guard-v2-d26-complete.
  • knowledge/current-state/reports/trigger-guard-d26-p3-report.
  • knowledge/dev/reports/gpt-review-g6-run3-ddl-event-trigger-guard-fail-2026-04-28.md.

Findings

  1. trigger_guard_alerts exists in public on both directus and incomex_metadata.
  2. fn_evt_trigger_guard() uses an unqualified trigger_guard_alerts reference.
  3. Function is SECURITY INVOKER and has no function-level search_path.
  4. G6 sets search_path=p9_g6_dryrun,pg_catalog, so unqualified lookup fails.
  5. incomex_metadata has the same search_path weakness, so it is not a healthy control for this defect.
  6. Docs say trigger_guard_config should exist, but investigation did not find it; this is a separate drift to document.
  7. trigger_guard_exceptions exists but is not read by the current function; whitelist mechanism is not active.
  8. DOT-316 active but last_executed=NULL; separate operational follow-up.

Law / constitutional check

Rule Result Finding
Đ26 / Trigger Guard BLOCK until repaired Guard must function reliably before more DDL dry-run.
Đ31 System Integrity PASS with root-fix Fix root search_path defect, do not bypass guard.
Đ32 PASS if gated ALTER FUNCTION is production DDL and needs gate.
Đ33 PASS if scoped Repair must include pre-check, rollback, post-verify, action log.
Đ35 / DOT PASS if governed Use governed AI execution gate, not manual human psql.
Hiến pháp PASS Fix guard infrastructure, do not disable protection.

Decision

Reject Option B as default: disabling the event trigger is a bypass and only acceptable as emergency repair, not needed here.

Reject Option C as default: hardcoding p9_g6_dryrun exception fixes the incident, not the root cause, and weakens guard semantics.

Accept Option A with refinement:

  1. Patch fn_evt_trigger_guard() in both directus and incomex_metadata so it references public.trigger_guard_alerts explicitly.
  2. Add/lock function-level search_path to pg_catalog, public or equivalent safe deterministic path.
  3. Evaluate SECURITY DEFINER during pre-check:
    • If current invoker lacks INSERT on public.trigger_guard_alerts in normal DDL contexts, SECURITY DEFINER may be required.
    • If INSERT privilege is already sufficient and schema qualification fixes failure, keep SECURITY INVOKER to minimize privilege elevation.
    • If using SECURITY DEFINER, owner must be a controlled role with only necessary privileges; action log must capture owner and security posture.
  4. Do not implement whitelist/exception changes in this gate unless strictly needed for the root fix.
  5. Track trigger_guard_config missing, trigger_guard_exceptions unused, and DOT-316 last_executed=NULL as follow-up issues, not blockers for the search_path repair unless the pre-check shows they are required.

Required next step

Opus should draft Trigger Guard Repair Gate — Option A.

Gate requirements:

  • Executor: Claude Code.
  • Effort: high (production ALTER FUNCTION on both DBs).
  • Scope: repair event trigger function only; no G6 retry in same gate.
  • Pre-checks: both DBs, table exists, function definition hash/snapshot, owner/security/search_path, event triggers enabled, test current failure mode in a harmless controlled way if possible.
  • Mutation: patch function definition / ALTER FUNCTION SET search_path; SECURITY DEFINER only if pre-check justifies.
  • Rollback: restore original function definitions/settings from snapshots; preserve event trigger enabled state.
  • Post-verify: controlled DDL smoke in isolated temporary schema or harmless DDL event that triggers guard, verify alert insert succeeds and no error; rollback test artifacts.
  • Action log path: knowledge/dev/laws/dieu38-trien-khai/reports/p9-g6-trigger-guard-repair-option-a-log-2026-04-28.md.
  • STOP after report; no G6 retry until GPT/User review.