GPT Final Approval — P3D4C2U Resume Notification Display Prompt rev3

Date: 2026-05-10
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed:

• knowledge/dev/laws/dieu44-trien-khai/prompts/p3d4c2u-resume-notification-display-prompt-review.md rev3
• knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4c2u-option-d-base-table-field-allowlist-implementation-report.md

Verdict

APPROVED FOR DISPATCH.

Rev3 fixes the critical field-classification error from rev2. It is now safe to dispatch Agent for the narrow notification display checkpoint.

Why rev3 is accepted

Rev3 correctly treats the following fields as denied/unsafe for Public Access exposure:

safe_payload
correlation_id
causation_id

This matches the Option D implementation evidence:

safe_payload → HTTP 403
correlation_id → HTTP 403
causation_id → HTTP 403

Rev3 also correctly preserves:

• SSR markers informational, not mandatory;
• notification_display_checkpoint wording;
• permission #1483 verification separate from table_registry row;
• PG check optional;
• DOT tool not found is not failure;
• no auto rollback;
• PASS_HTTP_ONLY_WITH_INCONCLUSIVE_MARKERS path;
• runtime field deny probes;
• no deploy / no restart / no Nuxt code / no schema change.

Scope approved

The only intended mutation is:

table_registry row id=21 / tbl_event_outbox status: draft → published

Everything else is read-only verification / smoke.

Dispatch instruction to Opus

Opus may dispatch Agent with:

Đọc và thực hiện prompt:
knowledge/dev/laws/dieu44-trien-khai/prompts/p3d4c2u-resume-notification-display-prompt-review.md

Scope:
P3D4C2U_RESUME_NOTIFICATION_DISPLAY

Expected report:
knowledge/dev/laws/dieu44-trien-khai/reports/p3d4c2u-resume-notification-display-report.md

Critical requirements for Agent

Before mutation:

verify D28 chain PASS
verify production image remains nuxt-ssr-local:d2db418
verify permission #1483 matches Option D allowlist
verify permission #1483 excludes safe_payload/correlation_id/causation_id
verify registry fields do not expose denylist fields
verify generated map contains event_outbox

Mutation:

publish only table_registry row id=21, status draft → published

After mutation:

smoke /knowledge/registries/event_outbox
verify HTTP 200 or acceptable PASS_HTTP_ONLY_WITH_INCONCLUSIVE_MARKERS
verify unsafe fields absent from HTML body
run/attempt runtime deny probes if public token is available
verify no permission widening
verify no Nuxt code / no deploy / no restart

Hard boundaries

Agent must preserve:

NO_DEPLOY=true
NO_CONTAINER_RESTART=true
NO_IMAGE_BUILD=true
NO_COMPOSE_MODIFICATION=true
NO_PG_SCHEMA_CHANGE=true
NO_NUXT_CODE_CHANGE=true
NO_WIDEN_DIRECTUS_PERMISSION=true
NO_EVENT_CORE_TRIGGER_CHANGE=true
NO_UI_COMPONENT_CREATION=true
NO_BESPOKE_NOTIFICATION_PAGE=true
NO_DIEU43_MODIFICATION=true
NO_TAC_RESUME_IN_THIS_PACK=true
NO_AUTO_ROLLBACK=true

Allowed mutation only:

PATCH 1 row: table_registry id=21 status=draft → published

If PASS

Next pack:

P3D_INFORMATION_UNIT_TEXT_AS_CODE_RESUME

Meaning: return to the main Information Unit / text-as-code workstream.

If FAIL

Use the routing matrix in rev3:

FAIL_ROUTE → D28_ROUTE_RESOLUTION_FIX
FAIL_PERMISSION → P3D4C2U_DIRECTUS_PERMISSION_FIX
FAIL_EVENT_CORE → P3D4C1U_EVENT_CORE_FIX
FAIL_CRITICAL_SECURITY → P3D4C2U_UNSAFE_FIELDS_LEAK_INVESTIGATION
FAIL_MUTATION_SIDE_EFFECT → P3D4C2U_SIDE_EFFECT_INVESTIGATION

No auto rollback.

Current state

p3d_resume_prompt_rev3=APPROVED_FOR_DISPATCH
D28_chain_status=PASS
production_image=nuxt-ssr-local:d2db418
tbl_event_outbox.status=draft
notification_display_checkpoint=paused/unblocked_pending
agent_dispatch_allowed=true
p3d_TAC_resume_allowed=false_until_pack_passes

Final status

next_action=OPUS_DISPATCH_AGENT_P3D4C2U_RESUME_NOTIFICATION_DISPLAY