P3D — B3-F1c Revision Directive Report (Updated after Round 2)
P3D — B3-F1c Revision Directive Report (Updated)
Date: 2026-05-13 Author: Opus Round 1 trigger: GPT review
gpt-review-b3f1c-a-full-scan-compiled-artifacts-blocked-2026-05-13.md— 6 issues Round 2 trigger: GPT reviewgpt-review-b3f1c-revised-artifacts-blocked-schema-json-2026-05-13.md— 2 issues + 1 recommendation Handoff:opus-handoff-b3f1c-full-scan-revision-2026-05-13.md
Summary
All 6 round-1 blocking issues + 2 round-2 blocking issues + 1 round-2 recommendation addressed. Function artifact at rev3 (KB revision 4). Rollback and scheduler artifacts unchanged from rev2.
Full issue resolution matrix
| # | Round | Issue | Fix | Status |
|---|---|---|---|---|
| 1 | R1 | COMMENT ON FUNCTION | Removed entirely | ✅ |
| 2 | R1 | Dependency failure not surfaced | PHASE 0 pre-check, returns dependency_fail JSONB |
✅ |
| 3 | R1 | Schema public not declared | Deployment target header | ✅ |
| 4 | R1 | Rollback includes Directus DML | Function-only rollback | ✅ |
| 5 | R1 | Scheduler combined with function | Decision document, no executable SQL | ✅ |
| 6 | R1 | Observability not defined | Documented, GPT decision pending | ✅ |
| 7 | R2 | pg_class not schema-locked | c.relnamespace = 'public'::regnamespace in trg_eval + br_recursive |
✅ |
| 8 | R2 | Malformed JSON raises instead of dependency_fail | BEGIN...EXCEPTION WHEN OTHERS block |
✅ |
| 9 | R2 | Duplicate policy key not handled | COUNT before SELECT INTO (0=MISSING, >1=DUPLICATE, 1=parse) | ✅ |
Round 2 — Opus analysis of GPT findings
Lỗi 7 (pg_class schema-lock): ĐỒNG Ý 100%. Không phải chỉ scale-risk — đây là bug thật. LEFT JOIN pg_class by relname → pg_trigger join on c.oid → triggers từ schema khác được tính. Fix: c.relnamespace = 'public'::regnamespace trực tiếp trong JOIN condition, loại bỏ pg_namespace LEFT JOIN thừa. Áp dụng cho cả trg_eval (trigger evaluation chính) và br_recursive (birth_registry recursive risk check).
Lỗi 8 (Safe JSON parse): ĐỒNG Ý 100%. ::jsonb cast trên giá trị hỏng → PostgreSQL raise → function chết → scheduler nhận unhandled error thay vì structured dependency_fail. Fix: đọc raw text trước (v_policy_value_raw), rồi cast trong BEGIN...EXCEPTION, catch lỗi vào v_dep_failures.
Khuyến nghị 9 (Duplicate key): ĐỒNG Ý, nâng thành REQUIRED. dot_config.key không chắc có unique constraint. SELECT INTO không STRICT → lấy 1 row tùy ý khi duplicate. Fix: COUNT trước, chỉ parse khi đúng 1 row.
Không có điểm nào Opus phản đối.
Artifacts status
| # | Path | Rev | Change |
|---|---|---|---|
| 1 | artifacts/p3d-birth-system-b3f1c-full-scan-function.sql.md |
3→4 (KB) | R2 fixes: schema-lock, safe JSON, dup key |
| 2 | artifacts/p3d-birth-system-b3f1c-full-scan-rollback.sql.md |
2 | Unchanged (function-only scope unaffected) |
| 3 | artifacts/p3d-birth-system-b3f1c-full-scan-scheduler.sql.md |
2 | Unchanged (decision document) |
| 4 | reports/p3d-birth-system-b3f1c-revision-directive-report.md |
1→2 (KB) | This update |
2-vòng rà soát attestation — Round 2
Vòng 1 — Rà theo GPT review round 2:
- 2/2 blocking issues fixed
- 1/1 recommendation implemented (elevated to required)
- No scope expansion
- No new executable SQL introduced beyond function body changes
- No agent dispatch
Vòng 2 — Rà sâu gốc rễ:
- Issue 7 gốc rễ: LEFT JOIN cho phép match vượt boundary (schema boundary trong trường hợp này). Nguyên tắc chung: mọi catalog lookup phải schema-qualified ngay từ JOIN condition, không dùng WHERE/subsequent-join để lọc sau. Điều này tương tự nguyên tắc "no hardcode trá hình" — dùng filter sau thay vì constraint trước = ẩn bug.
- Issue 8 gốc rễ: automation function phải defensive mọi external input.
dot_config.valuelà user-writable text → untrusted. Cast trực tiếp = trust external input. Pattern đúng: read text → validate/parse in try-catch → use parsed value. - Issue 9 gốc rễ:
dot_config.keylà text field, uniqueness là convention không phải constraint. Full-scan tự bảo vệ = defense-in-depth.
Self-check: things I did NOT do
- Did not dispatch Agent
- Did not execute any SQL
- Did not change rollback scope
- Did not change scheduler scope
- Did not expand beyond 3 fixes
- Did not declare B3-F complete
Governance status after round 2 revision
b3f1c_function_revision_status=PASS
schema_locked_pg_class_lookup=true
safe_json_policy_parse=true
duplicate_policy_key_handled=true
comment_on_removed=true
dependency_failure_behavior_defined=true
rollback_function_only=true
scheduler_binding_split_to_future=true
b3f1c_b_execution_allowed=false_until_gpt_review
b3f1c_scheduler_binding_allowed=false
b3f_complete_allowed=false
phase5c2_migration_allowed=false
next_recommended_action=GPT_REVIEW_B3F1C_FUNCTION_REVISION
B3-F1c Revision Directive Report — Updated after R2 | Opus | 2026-05-13