Incomex AI Portal
KB-7AC2

S186 Codex In-Flight — Trigger Guard DROP Repair v0.3 FINAL

3 min read Revision 1
s186codexin-flighttrigger-guarddrop-repairv0.3risk-note

S186 Codex In-Flight — Trigger Guard DROP Repair v0.3 FINAL

Date: 2026-04-28

Status

User reports Codex is currently running the prompt titled:

Trigger Guard DROP Repair Gate — Option A+ v0.3 FINAL

The user instructed GPT not to wait for result, but to update context and prepare for next coordination step.

Important governance note

This in-flight prompt is v0.3 FINAL and is marked inside the prompt as:

AUTHORIZED — User GO 2026-04-28. Agent chạy ngay, không cần hỏi lại.

However, prior GPT review in Agent Data states v0.3 needed 3 patches before dispatch:

  1. Header should be READY FOR USER GO, not AUTHORIZED.
  2. Smoke audit row verification should match the exact generated trigger name, not LIKE '%drop_smoke%'.
  3. All mutation/smoke psql invocations should use -v ON_ERROR_STOP=1 -X and capture exit/output.

The in-flight prompt partially includes item 3 for mutation/smoke command examples, but the audit verification still uses:

WHERE trigger_name LIKE '%drop_smoke%'
ORDER BY id DESC LIMIT 5;

and the header remains AUTHORIZED.

Practical implication for next review

When Codex/Agent reports back, GPT should not assume v0.4 compliance. Review the execution as a v0.3-derived run and specifically check:

  • whether all actual mutation and smoke invocations used -v ON_ERROR_STOP=1 -X;
  • whether exit code and output were captured for mutation/smoke;
  • whether smoke audit evidence can be tied to the exact generated trigger name for each DB, even if the prompt asked a LIKE query;
  • whether smoke object names were logged and no literal <db> or <ts> reached SQL;
  • whether there are no smoke residues;
  • whether both DBs have expected post-state:
    • directus: SECURITY INVOKER, owner workflow_admin, search_path=pg_catalog, public;
    • incomex_metadata: SECURITY DEFINER, owner workflow_admin, search_path=pg_catalog, public;
    • source uses object_identity, public.trigger_guard_alerts, and COALESCE;
    • event triggers remain enabled O.

Current coordination stance

Do not dispatch additional repair or Gate B/C/G8B/G11/P9 continuation until the in-flight Codex result is reviewed.

If result is PASS but audit query used LIKE only, request or perform a read-only follow-up verification to bind audit rows to exact trigger names before declaring final PASS.

If result is split-state or FAIL, do not rollback automatically; evaluate forward fix unless event triggers were disabled or state is worse than pre-run.