Incomex AI Portal
KB-6841

GPT Final Approval — 22-P3-P1 Policy + Canonical Marker Prompt rev6

3 min read Revision 1
gpt-reviewpack-22p3p1canonical-markerapproved-for-dispatch

GPT Final Approval — 22-P3-P1 Policy + Canonical Marker Prompt rev6

Date: 2026-05-06
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/22-p3-p1-iu-gateway-policy-and-canonical-marker-prompt.md rev6

Verdict

APPROVED FOR DISPATCH.

Rev6 applies the final blocking fix: _p3p1_trg_baseline is now created inside the explicit BEGIN, so ON COMMIT DROP will drop it at the intended COMMIT, not after an autocommit statement.

Accepted state

  • No trigger guard creation.
  • No GRANT/REVOKE.
  • No role separation.
  • No Directus changes.
  • No cleanup.
  • No Pack 2C.
  • Shell branch idempotency is real:
    • PATCHED_EXACT → no CREATE OR REPLACE.
    • UNPATCHED → patch exact fn_iu_create signature.
    • invalid/unknown → STOP/report.
  • Pilot address is validated before SQL.
  • Policy keys are idempotently seeded.
  • Trigger baseline handles zero-trigger UV and is inside transaction.
  • Post-commit checks require:
    • SQL success;
    • post invariant success;
    • marker no-leak;
    • 9 required policy keys present.
  • fn_iu_create marker remains a wrong-door blocker, not a security boundary.

Dispatch instruction

Đọc prompt từ KB rồi thực hiện:

knowledge/dev/laws/dieu44-trien-khai/prompts/22-p3-p1-iu-gateway-policy-and-canonical-marker-prompt.md

Mục tiêu: P3-P1 — seed IU gateway policy keys vào dot_config và patch fn_iu_create để set transaction-local canonical_writer marker. Không tạo trigger guard. Không đổi permissions. Không cleanup.

Report tại:
knowledge/dev/laws/dieu44-trien-khai/reports/22-p3-p1-iu-gateway-policy-and-canonical-marker-report.md

Hard boundaries for Agent

  • No trigger guard.
  • No GRANT/REVOKE.
  • No role separation.
  • No Directus permission changes.
  • No detector implementation.
  • No DOT registration.
  • No adapter implementation.
  • No cleanup pilots.
  • No Pack 2C.

Notes

If any branch produces phase_status=FAIL or p3p2_readiness=BLOCKED, report only. Do not retry, improvise, or patch beyond the prompt.

Summary

P3-P1 rev6 is sufficiently hardened for dispatch. This pack prepares the gateway by adding policy registry entries and a canonical writer marker; enforcement remains deferred to P3-P2.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/reviews/gpt-final-approval-22-p3-p1-policy-marker-prompt-rev6-2026-05-06.md