KB-177F rev 2
22-P0 — IU Native Create Contract Inspection Prompt (rev2)
10 min read Revision 2
pack-22p0inspectionread-onlyfn-iu-createpromptrev2
22-P0 — IU Native Create Contract Read-Only Inspection (rev2)
Date: 2026-05-06 | Status: PROMPT — sẵn sàng dispatch Controlling: Pack 22 rev6 + GPT P0 prompt review (6 fixes) Scope: READ-ONLY. Không CREATE FUNCTION. Không DDL/DML.
§0. Mission
Kiểm kê runtime state cho IU creation contract. Report evidence cho GPT/User quyết trước khi tạo function.
§1. Pre-read
knowledge/dev/laws/dieu44-trien-khai/design/22-dot-iu-create-wrapper-design.md(rev6)knowledge/dev/laws/dieu44-trien-khai/reports/19-p2b-p0-iu-schema-inspection-report.md
§2. Inspection Tasks
2.1 Existing functions
SELECT proname, pronargs, proargnames, prosecdef, provolatile
FROM pg_proc
WHERE proname LIKE 'fn_iu%'
OR proname LIKE '%iu_create%'
OR proname LIKE '%information_unit_create%'
OR proname LIKE '%content_hash%'
OR proname LIKE 'fn_iu_resolve%'
OR proname LIKE 'fn_iu_classify%'
OR proname LIKE 'fn_iu_verify%'
ORDER BY proname;
grep -rn 'iu.create\|iu_create\|information_unit.*create\|fn_iu' /opt/incomex/dot/bin/ 2>/dev/null | head -20
find /opt/incomex/ -type f \( -name '*.js' -o -name '*.ts' -o -name '*.py' \) 2>/dev/null \
| xargs -r grep -lE 'information_unit.*create|iu_create|fn_iu' 2>/dev/null \
| head -20
ls -la /opt/incomex/directus/extensions/ 2>/dev/null || echo "No extensions dir"
find /opt/incomex/directus/ -type f \( -name '*.js' -o -name '*.ts' \) 2>/dev/null \
| xargs -r grep -lE 'information_unit|iu_create' 2>/dev/null \
| head -10
Inaccessible path → report "inaccessible", không assume absent.
2.2 Schema + contract columns
SELECT column_name, data_type, is_nullable, column_default
FROM information_schema.columns
WHERE table_schema='public' AND table_name='information_unit'
ORDER BY ordinal_position;
SELECT column_name, data_type, is_nullable, column_default
FROM information_schema.columns
WHERE table_schema='public' AND table_name='unit_version'
ORDER BY ordinal_position;
Contract columns verification:
WITH required AS (
SELECT unnest(ARRAY[
'information_unit.id','information_unit.canonical_address','information_unit.unit_kind',
'information_unit.owner_ref','information_unit.created_by','information_unit.updated_by',
'information_unit.identity_profile','information_unit.parent_or_container_ref',
'information_unit.version_anchor_ref','information_unit.content_anchor_ref',
'unit_version.id','unit_version.unit_id','unit_version.body',
'unit_version.content_hash','unit_version.version_seq','unit_version.created_by'
]) AS full_col
),
parsed AS (
SELECT split_part(full_col, '.', 1) AS tbl, split_part(full_col, '.', 2) AS col, full_col
FROM required
)
SELECT p.full_col, EXISTS (
SELECT 1 FROM information_schema.columns c
WHERE c.table_schema='public' AND c.table_name=p.tbl AND c.column_name=p.col
) AS present
FROM parsed p ORDER BY p.full_col;
birth_registry + collection_registry:
SELECT column_name, data_type FROM information_schema.columns
WHERE table_schema='public' AND table_name='birth_registry'
AND column_name IN ('entity_code','collection_name','born_at')
ORDER BY ordinal_position;
SELECT column_name, data_type FROM information_schema.columns
WHERE table_schema='public' AND table_name='collection_registry'
AND column_name IN ('collection_name','birth_code_strategy')
ORDER BY ordinal_position;
Optional columns (function may need to write if present):
SELECT table_name, column_name
FROM information_schema.columns
WHERE table_schema='public'
AND ((table_name='unit_version' AND column_name IN ('updated_by','date_created','date_updated'))
OR (table_name='information_unit' AND column_name IN ('date_created','date_updated')))
ORDER BY table_name, column_name;
2.3 Deferrable FK IU→UV (exactly one needed)
SELECT conname, pg_get_constraintdef(oid), condeferrable, condeferred
FROM pg_constraint
WHERE conrelid = 'public.information_unit'::regclass
AND confrelid = 'public.unit_version'::regclass
AND contype = 'f'
AND condeferrable;
Report count. If ≠1 → flag blocker.
2.4 Trigger inventory (pg_get_triggerdef, no bitmask decode)
SELECT
t.tgname AS trigger_name,
p.proname AS function_name,
t.tgenabled,
t.tgisinternal,
t.tgconstraint != 0 AS is_constraint_trigger,
t.tgdeferrable,
t.tginitdeferred,
pg_get_triggerdef(t.oid) AS trigger_def
FROM pg_trigger t
JOIN pg_proc p ON p.oid = t.tgfoid
WHERE t.tgrelid = 'public.information_unit'::regclass
AND NOT t.tgisinternal
ORDER BY trigger_name;
Agent infer BEFORE/AFTER/INSERT/UPDATE từ trigger_def text.
Key questions:
- Birth function name? Law-governed or runtime convention?
- L1 gate function name? Law-governed or runtime convention?
- L2 gate function name? Law-governed or runtime convention?
- All enabled?
2.5 Unique constraint on canonical_address
SELECT conname, pg_get_constraintdef(oid)
FROM pg_constraint
WHERE conrelid = 'public.information_unit'::regclass
AND contype = 'u'
AND EXISTS (
SELECT 1 FROM unnest(conkey) k
JOIN pg_attribute a ON a.attrelid = conrelid AND a.attnum = k
WHERE a.attname = 'canonical_address'
);
2.6 collection_registry metadata
SELECT collection_name, birth_code_strategy, governance_role
FROM collection_registry
WHERE collection_name IN ('information_unit', 'unit_version');
2.7 Vocab/default inventory
SELECT key, value FROM dot_config
WHERE key LIKE 'vocab.unit_kind.%' OR key LIKE 'vocab.section_type.%' OR key LIKE 'vocab.publication_type.%'
ORDER BY key;
SELECT key, value FROM dot_config
WHERE key LIKE 'iu_create.%'
ORDER BY key;
2.8 Hash + UUID (signature check first)
SELECT
to_regprocedure('digest(text,text)') IS NOT NULL AS digest_text_available,
to_regprocedure('gen_random_uuid()') IS NOT NULL AS uuid_available;
Then test:
SELECT encode(digest('test','sha256'),'hex') AS hash_test;
SELECT gen_random_uuid() AS uuid_test;
Report errors if any.
2.9 Roles/permissions
SELECT current_user, session_user;
SELECT rolname, rolsuper, rolcreatedb, rolcanlogin
FROM pg_roles WHERE rolname NOT LIKE 'pg_%' ORDER BY rolname;
SELECT tableowner FROM pg_tables WHERE tablename='information_unit' AND schemaname='public';
SELECT grantee, privilege_type
FROM information_schema.role_table_grants
WHERE table_name='information_unit' AND table_schema='public'
ORDER BY grantee;
2.10 Existing pilot IU + counts
SELECT id, canonical_address, lifecycle_status
FROM information_unit WHERE canonical_address LIKE 'pilot%' LIMIT 5;
SELECT 'information_unit' AS tbl, count(*) FROM information_unit
UNION ALL SELECT 'unit_version', count(*) FROM unit_version;
§3. Report
Upload: knowledge/dev/laws/dieu44-trien-khai/reports/22-p0-iu-native-create-contract-inspection-report.md
# 22-P0 — IU Native Create Contract Inspection Report
## Existing mechanisms
- PG functions: [list or none]
- DOT tools: [list or none]
- App/API hooks: [list or inaccessible]
- Directus extensions: [list or inaccessible]
- Recommendation: create new / extend existing [name]
## Schema
- IU: [count] cols, contract cols present: [all/missing list]
- UV: [count] cols, contract cols present: [all/missing list]
- birth_registry: required cols: [present/missing]
- collection_registry: required cols: [present/missing]
- Optional cols (updated_by/date_*): [present/absent per table]
## Deferrable FK IU→UV
- Count: [N] (exactly 1 needed)
- Name: [conname] | Definition: [def]
- Status: PASS / BLOCKER
## Trigger inventory
| trigger | function | timing+event (from def) | enabled | constraint? | deferrable? |
|---|---|---|---|---|---|
- Birth function: [name] — canonical / observed
- L1 function: [name] — canonical / observed
- L2 function: [name] — canonical / observed
## Unique constraint
- Exists: yes/no | Name: [conname]
## collection_registry
- IU: birth_code_strategy=[value]
- UV: birth_code_strategy=[value]
## Vocab/defaults
- unit_kind: [list values]
- section_type: [list values]
- publication_type: [list values]
- iu_create.* defaults: [list or none]
## Hash + UUID
- digest(text,text): available/unavailable
- gen_random_uuid(): available/unavailable
## Roles
- current_user: [role]
- Table owner: [role]
- INSERT holders: [list]
- Adapter role candidate: [role]
## Pilot IU
- Present: yes/no | IU total: [N] | UV total: [N]
## P1 readiness
- Blockers: [list or none]
- Warnings: [list]
- TDs: [list]
## Anti-hardcode self-check
- Exact runtime names proposed without catalog evidence: yes/no
- Role grant target chosen without role inventory: yes/no
- Count used as timeless truth: yes/no
- Inaccessible path treated as absent: yes/no
## Verdict
P0 PASS / PARTIAL / FAIL
§4. Hard Boundaries
- ❌ Không CREATE FUNCTION / DDL / DML
- ❌ Không DOT patch
- ❌ Không adapter implementation
- ❌ Không assume absent if inaccessible
22-P0 Prompt rev2 | 2026-05-06 | 6 GPT fixes. Read-only. Sẵn sàng dispatch.