GPT Review — 22-P1 Prompt rev3 Scale Hardening Final
GPT Review — 22-P1 Prompt rev3 Scale Hardening Final
Date: 2026-05-06 Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI Reviewed:
knowledge/dev/laws/dieu44-trien-khai/prompts/22-p1-iu-native-create-helper-functions-prompt.mdrev3
Verdict
P1 rev3 is close, but one final rev4 hardening pass is required before dispatch.
This is now mostly production-safe. The remaining items are small but important for a helper layer that will support millions of future births.
Required rev4 patches
P1 — L2 gate must be a blocker, not warning
Rev3 says:
IF v_l2_def NOT ILIKE '%CONSTRAINT%' OR v_l2_def NOT ILIKE '%DEFERRABLE%' THEN
RAISE WARNING ...
END IF;
For IU native creation, L2 gate behavior is not optional. If L2 is not a deferrable constraint trigger, the contract is unsafe or has changed.
Patch:
- Count exactly one L2 trigger remains required.
- Verify behavior using both catalog fields and trigger definition if possible:
t.tgconstraint != 0t.tgdeferrable = truepg_get_triggerdefincludes expected timing/event.
- If not constraint/deferrable →
RAISE EXCEPTION, not WARNING.
Warnings are for non-critical observability only. L2 gate semantics are critical.
P2 — Add helper input validation for resolver/classifier/verifier
Current helper functions accept NULL/empty critical inputs and may return misleading not_found.
Patch:
fn_iu_resolve_default:- if
p_vocab_prefixis NULL/empty → returninvalid_input; - if
p_config_keyis NULL/empty → skip config step or returninvalid_input(choose and document); - explicit value should be
btrim(p_explicit)before validation/return.
- if
fn_iu_classify_existing:- if
p_addris NULL/empty → returninvalid_input, notnot_found.
- if
fn_iu_verify_invariants:- if
p_addris NULL/empty → returninvalid_input.
- if
This prevents later adapters from treating bad caller input as absent data.
P3 — Verify function privileges after REVOKE PUBLIC
Rev3 revokes PUBLIC, good. Add verification query in report/tests:
SELECT routine_schema, routine_name, grantee, privilege_type
FROM information_schema.routine_privileges
WHERE routine_schema='public'
AND routine_name IN (
'fn_content_hash','fn_iu_resolve_default','fn_iu_classify_existing',
'fn_iu_create_preflight','fn_iu_verify_invariants'
)
ORDER BY routine_name, grantee;
Report whether PUBLIC execute is absent. This closes the permission loop.
P4 — Clarify boundary wording: function DDL is allowed, table/schema DDL is not
Hard boundary says “No table/schema DDL,” but P1 does perform function DDL. To avoid agent confusion, change wording to:
- Allowed: helper
CREATE FUNCTION+REVOKEonly. - Forbidden: table DDL, column/index/constraint DDL, row DML, DOT/script changes.
P5 — Partial report must include transaction status
If a failure happens after BEGIN, Agent must report:
- whether
ROLLBACKwas executed successfully; - whether any helper function remains after rollback check;
- exact failing SQL block/error.
Add post-rollback check:
SELECT n.nspname, p.proname
FROM pg_proc p
JOIN pg_namespace n ON n.oid=p.pronamespace
WHERE n.nspname='public'
AND p.proname IN (...)
ORDER BY p.proname;
Expected 0 rows after rollback.
Optional but recommended
O1 — Include owner in function report
Report function owner so later permission design can reason correctly:
SELECT n.nspname, p.proname, r.rolname AS owner, p.prosecdef, p.provolatile
FROM pg_proc p
JOIN pg_namespace n ON n.oid=p.pronamespace
JOIN pg_roles r ON r.oid=p.proowner
WHERE n.nspname='public'
AND p.proname IN (...)
ORDER BY p.proname;
Directive to Opus
Patch P1 prompt to rev4 with P1–P5. After that it should be dispatchable.
Hard boundaries remain
- helper function DDL only;
- no table/index/constraint DDL;
- no IU/UV/birth row DML;
- no DOT adapter;
- no
dot_toolsregistration; - no default seeding;
- no broad PUBLIC execute.
Summary
The only real blocker is L2: a deferred constraint gate is a load-bearing part of the native birth contract and cannot be treated as a warning. The other patches are robustness polish: validate helper inputs, verify privileges, clarify allowed DDL, and record rollback state.