P10B-2C-PF — Đ28 v2.0 SQL Inspection Preflight Report (2026-04-29)
title: P10B-2C-PF — D28 SQL Inspection Preflight Report date: 2026-04-29 phase: P10B-2C-PF spec_version: v0.2 mode: READ-ONLY (no SQL executed) verdict: PASS
P10B-2C-PF Preflight Inspection — Đ28 v2.0 Candidate Insert Package
Date: 2026-04-29 Spec: P10B-2C-PF v0.2 (P1 JSON SHA in T1, P2 body-strip before destructive scan, P3 sanitized INSERT, P4 3-point delimiter safety) Mode: Read-only file inspection. NO SQL executed against any database. NO EXPLAIN. NO BEGIN/ROLLBACK test. NO connection.
§1 — File existence + SHA verification (T1)
5/5 files present at /tmp/p10b-2b/. SHAs match P10B-2B report:
| File | SHA256 | Match |
|---|---|---|
insert-candidate.sql |
767450fd…0627489b |
✅ |
render.sql |
839ac900…6b9e0f2f |
✅ |
rollback.sql |
9a2def1e…4f38b8af |
✅ |
verify-counts.sql |
3bdfd8f2…be217121 |
✅ |
candidate-units-r2.json |
e47775e3…b165de8ad |
✅ |
§1 verdict: PASS
§2 — Transaction structure (T2)
Line 5: BEGIN;
Line 251: -- ROLLBACK; -- default safe stop for dry-run
Line 252: -- COMMIT; -- only when authorized by P10B-2C
Raw counts: BEGIN=2, COMMIT=1, ROLLBACK=1, DO $=0. The second BEGIN (line 115) is the keyword inside a PL/pgSQL function example that lives inside a $body$…$body$ literal (S3-P3 body, the fn_template_lifecycle_guard example) — not an outer SQL statement.
Outer-SQL state:
- Starts with
BEGIN;✅ - Ends with both
-- ROLLBACK;and-- COMMIT;commented ✅ - No DO block ✅
- No bare (uncommented) COMMIT or ROLLBACK ✅
- Uncommenting
-- COMMIT;→ safe and unambiguous ✅
§2 verdict: PASS — COMMIT uncomment is SAFE.
§3 — INSERT count (sanitized) (T3)
Sanitization method: stripped block comments + line comments + dollar-quoted body literals before counting. Initial naive re.sub(r'\$body\$.*?\$body\$', …) yielded incorrect pairing (1 unmatched token leaked, mis-paired by 1). Replaced with a position-based check: an INSERT INTO occurrence is "outer SQL" iff the count of $body$ tokens before its position is even. This is robust against any body content.
| Target | Expected | Actual | Status |
|---|---|---|---|
tac_publication |
1 | 1 | ✅ |
tac_logical_unit |
27 | 27 | ✅ |
tac_unit_version |
27 | 27 | ✅ |
tac_publication_member |
27 | 27 | ✅ |
| Total | 82 | 82 | ✅ |
No unexpected targets. No real-table writes outside the four expected tables.
§3 verdict: PASS — 1 + 27 + 27 + 27 = 82.
§4 — Destructive command scan (sanitized) (T4)
Same position-based body detection used for T3. Scanned for ALTER, DROP, TRUNCATE, UPDATE, DELETE, and non-temp CREATE on the outer SQL only.
- Real destructive (outside
$body$): 0 - Non-temp CREATE (outside
$body$): 0 - Temp /
ON COMMIT DROPconstructs: 0 (none used)
Note: an earlier non-greedy strip falsely flagged two UPDATE status='…' matches; both live inside the S6 body markdown describing template lifecycle steps. The position-based sanitizer correctly excludes them.
§4 verdict: PASS — no destructive commands on real tables (body literals excluded).
§5 — Dollar-quoting 3-point safety (T5)
| Point | Check | Result |
|---|---|---|
| P1 | No JSON body contains literal $body$ |
✅ 27/27 units clean |
| P2 | Generated SQL has even count of $body$ (paired) |
✅ 930 occurrences = 465 pairs |
| P3 | S3-P3 PL/pgSQL $$ does not conflict with $body$ wrapper |
✅ S3-P3 body uses $$ … $$, inert inside $body$ outer wrapper (PostgreSQL nests dollar-quotes by tag) |
Only two distinct dollar-quote tags appear in the file: $$ (PL/pgSQL example body, inside $body$) and $body$ (outer SQL string delimiter). No third tag, no collision.
§5 verdict: PASS — delimiter scheme is safe at all three points.
§6 — Sample mapping
§6.1 ROOT (D38-DIEU28-ROOT) — container, empty body
- LU INSERT: line 16 —
INSERT INTO tac_logical_unit (canonical_address, doc_code, parent_id, sort_order, section_type, owner, lifecycle_status) VALUES ($body$D38-DIEU28-ROOT$body$, $body$DIEU-28$body$, NULL, 0, $body$heading$body$, $body$editor$body$, $body$draft_only$body$); - UV INSERT: line 45 — body field is
NULL(correct: ROOT has empty body), title =ĐIỀU 28: LUẬT KỸ THUẬT HIỂN THỊ — v2.0 BAN HÀNH. - PM INSERT: line 216 —
render_order = 1. - parent_id resolution: explicit
NULL(root anchor). - Body delimiter:
$body$for string literals; body column =NULL.
§6.2 S3-P3 (D38-DIEU28-S3-P3) — highest escaping risk
- LU INSERT: line 30 —
parent_idresolved by subquery againstD38-DIEU28-S3+doc_code=DIEU-28(correct hierarchical resolution). - UV INSERT: lines 113–139 (multi-line body). Title =
★ PG TRIGGER enforce lifecycle (Tuyên ngôn ②). Body contains a fenced ```sql code block with a completeCREATE FUNCTION fn_template_lifecycle_guard() RETURNS TRIGGER AS $$ … $$ LANGUAGE plpgsql;definition followed byCREATE TRIGGER trg_template_lifecycle …. - PM INSERT: line 230 —
render_order = 15. - Body escaping delimiter: outer
$body$ … $body$wraps the entire markdown body; the inner PL/pgSQL$$ … $$is a different tag and is therefore inert w.r.t. the outer quote (PostgreSQL dollar-quote tags are tag-scoped). - Body integrity: code fences preserved (
```sql/```),$$markers preserved,BEGIN/END;/RAISE EXCEPTIONtext preserved, narrative italic line→ Agent KHÔNG THỂ active …preserved at line 139.
§6.3 S11 (D38-DIEU28-S11) — footer italic line
- LU INSERT: line 42 — parent = ROOT,
sort_order = 12,section_type = paragraph. - UV INSERT: line 213. Title =
Footer. Body = single italic line wrapped in*…*:*Điều 28 v2.0 BAN HÀNH | 13/13 NT ✅ | 6/6 Q ✅ | Ref table status | PG trigger lifecycle+checklist guard | DOT paired rõ | instance_collection FK | Dùng chung dot_config*. Italic markers preserved. - PM INSERT: line 242 —
render_order = 27(last). - Body escaping delimiter:
$body$.
§6 verdict: PASS — sample mapping verified across container, technical-spec, and footer.
§7 — render.sql + verify-counts.sql (T7)
render.sql
- Self-scoped:
WHERE lu.doc_code=$body$DIEU-28$body$(recursive CTE) andWHERE p.doc_code=$body$DIEU-28$body$ AND p.version=$body$v2.0$body$(final SELECT). ✅ - No
:pub_idparameter; uses doc_code+version literals. ✅ - Output columns:
depth, canonical_address, section_type, title, body. ✅ - Algorithm:
WITH RECURSIVE treedoing preorder DFS via materializedpatharray (sort_order chain), joined to UV (version_number=1) and PM/publication.
verify-counts.sql
- Self-scoped via
doc_code=DIEU-28andversion=v2.0. ✅ - No
:pub_idparameter. ✅ - Output: 5 rows —
pub, lu, uv, pm, total(expected 1 + 27 + 27 + 27 = 82).
§7 verdict: PASS.
§8 — Final verdict
ALL 7 TASKS PASS.
| Criterion | Status |
|---|---|
| 1. 4 SQL + 1 JSON exist + SHA match P10B-2B | ✅ |
| 2. Transaction structure clear; COMMIT uncomment safe | ✅ |
| 3. INSERT count (sanitized) = 1+27+27+27 = 82 | ✅ |
| 4. No destructive SQL on real tables (sanitized) | ✅ |
| 5. Dollar-quoting 3-point safety verified | ✅ |
| 6. Sample mapping verified (ROOT + S3-P3 + S11) | ✅ |
| 7. render.sql + verify-counts.sql self-scoped | ✅ |
Verdict: PASS — Đ28 v2.0 candidate insert package is structurally sound and safe to advance to P10B-2C upon GPT authorization.
STOPPED. No SQL executed. Awaiting Opus review + GPT authorize for P10B-2C.
§9 — Notes / followups
- Spec note: T3's
re.sub(r'\$body\$.*?\$body\$', …, flags=re.DOTALL)non-greedy strip in v0.2 produced mis-aligned pairing on this file (1 trailing$body$left after sub; PM lines collapsed). A position-based sanitizer (count$body$tokens before each match → outer iff even) was used and gave correct counts. Recommend updating future preflight specs to use the position-based form. - No git changes this session (read-only inspection in
/tmp/p10b-2b/). Đ41 hygiene N/A.