GPT Review — 22-P1 Prompt rev6 Scale Last Check

Date: 2026-05-06 Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/22-p1-iu-native-create-helper-functions-prompt.md rev6

Verdict

Do not dispatch rev6 yet. Rev7 required.

Rev6 is very strong, but a scale/future-environment pass found several hidden risks. These are the exact kind of issues that become expensive after deployment.

Required rev7 patches

P1 — Unique guard must prove uniqueness of canonical_address alone

Rev6 accepts any unique constraint/index containing canonical_address:

EXISTS (... a.attname='canonical_address')

This can falsely pass a composite unique index such as (canonical_address, owner_ref), which does not guarantee global uniqueness of canonical_address.

Patch:

• Accept unique constraint only if conkey contains exactly one column and that column is canonical_address.
• Accept unique index only if index key contains exactly one attribute and that attribute is canonical_address.
• Do not accept partial indexes unless the predicate is proven compatible; simplest v1: reject partial unique indexes for this contract.

This is a correctness boundary for idempotency at scale.

P2 — Trigger enabled state must require origin/always, not merely “not disabled”

Rev6 uses:

t.tgenabled != 'D'

Postgres trigger enabled states include:

• O = enabled for origin/local normal use;
• D = disabled;
• R = replica only;
• A = always.

A trigger with tgenabled='R' would pass != 'D' but may not fire in normal origin sessions. That is dangerous.

Patch all critical trigger checks to require:

t.tgenabled IN ('O','A')

for birth, L1, and L2 triggers.

P3 — Define acceptable test statuses explicitly

Rev6 says “non-skipped test failure → rollback,” but some helper outputs are valid non-success states:

• fn_iu_resolve_default(NULL,...) may return auto_single, default, unresolved, or invalid_config depending runtime config.
• classify_absent should return not_found.
• invalid input should return invalid_input.

Patch §6 to define expected/acceptable statuses for each test. Do not let Agent treat expected unresolved as failure when multiple vocab values exist.

Suggested:

• hash_test: non-null 64-char hex if body non-null.
• resolve_null: acceptable = default, auto_single, unresolved, invalid_config, invalid_config_duplicate (report status; not DDL failure).
• resolve_valid: explicit or SKIPPED.
• resolve_invalid: invalid.
• resolve_null_config: invalid_input.
• resolve_null_prefix: invalid_input.
• classify_existing: any exists_* or SKIPPED.
• classify_absent: not_found.
• classify_null/empty: invalid_input.
• preflight: pass only.
• verify_existing: all_pass=true or a diagnostic status/issue if existing sample is already inconsistent. If inconsistent, this is a warning/blocker for P2, not necessarily P1 helper DDL failure.
• verify_absent: not_found.
• verify_null: invalid_input.

P4 — Post-test audit count section must be self-contained

Rev6 §7 says:

Same as rev5 — audit only

Do not rely on previous revisions in an execution prompt. Include the actual count query again.

P5 — Preflight FK query in §3 should explicitly require exactly one

§3 currently lists FK rows and comments “exactly one,” but does not show a count query. Add a count query and STOP condition before BEGIN:

SELECT count(*) AS deferrable_iu_uv_fk_count
FROM pg_constraint
WHERE conrelid='public.information_unit'::regclass
  AND confrelid='public.unit_version'::regclass
  AND contype='f'
  AND condeferrable;

If not 1 → STOP, no BEGIN.

P6 — Function volatility for fn_content_hash depends on digest availability/stability

fn_content_hash is IMMUTABLE, which is probably correct for digest(text,'sha256'), but rev7 should include a preflight note:

• digest(text,text) must exist;
• fn_content_hash immutability is valid because output depends only on input body and constant algorithm;
• if future hash policy becomes config-driven, helper can no longer be IMMUTABLE and must be redesigned.

This prevents future developers from adding config lookup to an IMMUTABLE function.

P7 — Report should include P2 readiness blockers

Add report section:

## P2 readiness
- Helper install status:
- Preflight pass:
- Existing sample invariant status:
- Any runtime blockers before fn_iu_create main function:

This prevents silently proceeding to P2 if helpers installed but runtime sample invariant is already broken.

Directive to Opus

Patch P1 prompt to rev7 with P1–P7. After rev7, return for final approval.

Hard boundaries remain

• helper function DDL only;
• no row DML;
• no table/index/constraint DDL;
• no DOT adapter;
• no default seeding;
• no retry/improvise on failure.

Summary

The biggest remaining issue is the unique guard: idempotency for millions of objects requires uniqueness of canonical_address itself, not merely a composite index containing it. The second is trigger enabled state: replica-only triggers must not pass as active main-channel triggers. These are small prompt patches with large reliability impact.