GPT Final Approval — 22-P3-P2 Trigger Guard Prompt rev6

Date: 2026-05-06
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/22-p3-p2-iu-gateway-trigger-guard-prompt.md rev6

Verdict

APPROVED FOR DISPATCH.

Rev6 resolves the half-enforced-state risk and applies the remaining execution hardening.

Accepted state

• Separate sessions are used for canonical create and direct block tests.
• Pilot address is passed into DO blocks through session GUC, not direct :'pilot_addr' interpolation inside dollar-quoted bodies.
• Guard function is SECURITY DEFINER with fixed search_path=pg_catalog,public.
• PUBLIC EXECUTE is revoked on the new guard function.
• Direct INSERT and UPDATE are tested for both information_unit and unit_version.
• Direct block error tests require gateway message + canonical path + README/readme guidance.
• UV INSERT leak check is present.
• gateway.mode is set to enforced only after all tests pass.
• cleanup_guard() restores state to prepared and drops guard function/triggers if any post-deploy failure occurs.
• Final status is three-tier: PASS / FAIL / CRITICAL.
• p3p3_readiness is emitted in all relevant final paths.
• Hard boundaries are preserved, except the explicit allowed REVOKE PUBLIC on the newly created guard function.

Dispatch instruction

Đọc prompt từ KB rồi thực hiện:

knowledge/dev/laws/dieu44-trien-khai/prompts/22-p3-p2-iu-gateway-trigger-guard-prompt.md

Mục tiêu: P3-P2 — deploy IU Gateway trigger guard cho information_unit và unit_version. Guard chặn direct INSERT/UPDATE nếu không có canonical_writer marker. Nếu tests/final verify fail, cleanup guard và quay mode về prepared. Không role separation, không Directus changes, không detector/DOT/adapter, không cleanup pilots.

Report tại:
knowledge/dev/laws/dieu44-trien-khai/reports/22-p3-p2-iu-gateway-trigger-guard-report.md

Hard boundaries for Agent

• No table GRANT/REVOKE.
• No GRANT/REVOKE except REVOKE PUBLIC on newly created fn_iu_gateway_write_guard().
• No role separation.
• No Directus permission changes.
• No detector implementation.
• No DOT registration.
• No adapter implementation.
• No cleanup pilots.
• No Pack 2C.

Failure behavior

• If phase_status=PASS, gateway is enforced and P3-P3 readiness is READY.
• If phase_status=FAIL, report the cleanup state; expected safe state is guard removed and mode prepared.
• If phase_status=CRITICAL, cleanup failed and manual review is required.
• Agent must not retry or improvise beyond the prompt.

Summary

Rev6 is ready for execution. It enforces the wrong-door blocker while preserving the canonical fn_iu_create path and avoids leaving the system in a half-enforced state on failure.