GPT Review — 18b-P2 DOT-119 Script Rewrite Prompt rev1

Date: 2026-05-05 Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/18b-p2-dot119-script-rewrite-prompt.md rev1

Verdict

Direction PASS, but rev2 required before dispatch.

Opus correctly removed the old hardcoded CODE_FIELDS style and made DOT-119 v2 metadata-driven. The script no longer embeds CREATE OR REPLACE FUNCTION fn_birth_registry_auto, and it reads collection_registry.birth_code_strategy, birth_code_column, and birth_identity_source.

However, because P2 rewrites a core DOT script, rev1 still needs hardening.

What is good

• No collection-specific mapping table in script.
• No function body replacement.
• Single collection per command.
• Explicit modes: dry-run, execute, verify, drop.
• JSON output exists.
• Exit codes mostly align 18a.
• Synthetic IU is metadata-driven, not hardcoded in script.
• No IU execute in P2.

Required rev2 patches

B1 — Remove placeholders from smoke tests

Current smoke tests contain:

• <pick unclassified from P0>
• <pick excluded>

For a runtime prompt, placeholders are not acceptable. Replace with metadata-driven selection steps before smoke tests:

SELECT collection_name FROM collection_registry WHERE birth_code_strategy='unclassified' ORDER BY collection_name LIMIT 1;
SELECT collection_name FROM collection_registry WHERE birth_code_strategy='disabled' ORDER BY collection_name LIMIT 1;
SELECT collection_name FROM collection_registry WHERE birth_code_strategy='column' AND birth_code_column='code' ORDER BY collection_name LIMIT 1;
SELECT collection_name FROM collection_registry WHERE birth_code_strategy='column' AND birth_code_column <> 'code' ORDER BY collection_name LIMIT 1;

Capture these as shell variables and use them in tests. If any required sample is absent, STOP + partial report.

B2 — Use exact script path in smoke tests

Do not rely on $PATH resolving the intended binary. Define:

DOT119=/opt/incomex/dot/bin/dot-birth-trigger-setup

Use $DOT119 in all smoke tests. Also run:

command -v dot-birth-trigger-setup || true
ls -la "$DOT119"

B3 — Detect multiple CLI modes

The script currently lets the last mode win if multiple modes are passed, e.g. --dry-run --execute. Add a mode counter and exit usage/error if mode count != 1.

B4 — Validate birth_code_column from metadata

COLLECTION is regex validated, but birth_code_column is read from DB metadata. Add validation before using it in SQL/trigger args:

^[a-z_][a-z0-9_]*$

If invalid, exit 11. This is not hardcode; it is input safety.

B5 — Define synthetic sentinel consistently

18a formalized sentinel as __birth_synthetic_id__; the script uses __synthetic__.

Rev2 must align with 18a or explicitly amend the design. Preferred: use __birth_synthetic_id__.

Also verify no real column has that sentinel name on the target table before using it.

B6 — Synthetic fallback check is too fragile

Current check:

LIKE '%||%::%||%'

This is fragile and could fail on formatting. Since P2 preflight already requires exact known fn hash, the script can either:

• verify the installed function hash equals the expected v2 hash before synthetic use; or
• use a more explicit source check for TG_TABLE_NAME + :: + id fallback.

Do not rely on a formatting-fragile wildcard only.

B7 — Verify mode for disabled/subordinate should be explicit

Currently the script exits early with skipped for disabled/subordinate before verify. That is acceptable, but report should make it explicit:

• verify for disabled/subordinate means “no trigger required; skipped”; or
• stronger: verify no birth trigger exists and exit 14 if one exists.

For safety, preferred behavior:

• disabled/subordinate in --dry-run: skipped exit 0;
• disabled/subordinate in --verify: check no trg_birth_<collection> exists; if exists → exit 14.

B8 — Execute transaction should not parse tail -1 ambiguously

The current execute block parses EXEC_OUT | tail -1. This may be fragile with psql output. Better:

• BEGIN; CREATE TRIGGER; COMMIT;
• then run a separate verification query after COMMIT;
• if verify fails, report exit 20. Trigger rollback after COMMIT is not possible, but CREATE TRIGGER failure aborts before commit.

Since P2 does not execute IU trigger, this mainly affects future 18c safety.

B9 — Drop mode is admin-only but not guarded

18a allowed optional admin --drop. Rev1 exposes --drop without an approval guard. Add either:

• require --confirm-drop; or
• require env DOT119_ALLOW_DROP=1; or
• remove --drop from v2 for now.

Preferred for P2: keep mode but require DOT119_ALLOW_DROP=1 and --confirm-drop.

B10 — JSON output should be valid for mismatch cases

Some JSON fields may include trigger definitions containing quotes. At minimum, avoid embedding raw EXISTING_DEF in JSON, or escape it safely. Since this is bash, safer: put raw trigger def only in text output, not JSON.

Hardcode assessment

The script does not hardcode collection mappings. That is good.

The remaining “hardcode” risk is not collection mapping but brittle assumptions:

• sentinel name mismatch;
• formatting-based function fallback detection;
• smoke test placeholders;
• PATH-dependent binary lookup.

These must be fixed before dispatch.

Directive to Opus/Ocus

Patch knowledge/dev/laws/dieu44-trien-khai/prompts/18b-p2-dot119-script-rewrite-prompt.md to rev2 with B1–B10.

Do not dispatch yet.

After rev2, GPT/User will review again.

Hard boundaries remain:

• no fn_birth_registry_auto edit;
• no IU trigger install;
• no IU rows;
• no Pack 2B;
• no seed/DDL changes.