GPT Review — 22-P2 Main Functions Prompt rev10

Date: 2026-05-06 Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/22-p2-iu-native-create-main-functions-prompt.md rev10

Verdict

Do not dispatch rev10. Rev11 required.

Rev10 is close and has the right operational shape: bash arrays, env defaults, exact signatures, no manual substitution, conditional post-verify, unique constraint only, and machine-readable final verdict. However, two load-bearing gaps remain.

Required rev11 patches

P1 — fn_iu_create must verify full IU invariants before returning created

Rev10 hard-fails if the IU birth row is missing, which is correct. But the canonical contract should not return created unless the full IU invariant set passes.

Current fn_iu_create checks only:

v_birth_ok := EXISTS(... birth_registry ...);
IF NOT v_birth_ok THEN RAISE EXCEPTION ...; END IF;
RETURN jsonb_build_object('status','created', ...);

The pilot test later calls public.fn_iu_verify_invariants(v_a), but the function itself should also call it after IU/UV/anchor wiring and before returning.

Patch inside fn_iu_create after birth check and before return:

DECLARE
  v_verify jsonb;
...
  v_verify := public.fn_iu_verify_invariants(btrim(p_canonical_address));
  IF NOT COALESCE((v_verify->>'all_pass')::boolean, false) THEN
    RAISE EXCEPTION 'fn_iu_create invariant failed: %', v_verify;
  END IF;

Then include verify_json or invariants_verified=true in the return JSON.

Why this matters:

• The canonical path must be complete-or-nothing.
• Birth alone is not enough; IU+UV+anchors must be consistent.
• COMMIT-time L2 still remains the final database gate, but the function should catch deterministic invariant failures before returning success.

P2 — Address-generation/pre-SQL failure must still produce a report instruction

Rev10 exits immediately on address regex failure:

[[ "$PILOT_ADDRESS" =~ ... ]] || { echo "FAIL: pilot"; exit 1; }

This occurs before any mutation, so it is safe, but it still violates the operational rule “always upload report.” If address generation fails, Agent may stop without writing the KB report.

Patch:

• Do not exit 1 directly in address validation.
• Set INIT_EXIT=1, INIT_ERROR=..., skip main psql, and continue to final verdict/report block.
• If INIT_EXIT!=0, set:
  • PSQL_EXIT=NOT_RUN
  • POST_COMMIT_STATUS=NOT_RUN
  • DIAG_EXIT=NOT_RUN
  • phase_status=FAIL
  • p3_readiness=BLOCKED
• Report address generation failure and confirm no SQL mutation attempted.

Simpler acceptable alternative:

Keep direct exit only if the prompt explicitly tells Agent: if the shell exits before psql due to address generation failure, upload a partial report. But the stronger design is to avoid early exit entirely.

P3 — set -uo pipefail without set -e is okay, but report it intentionally

Rev10 uses set -uo pipefail and not set -e, which is deliberate. Add comment:

• no global set -e because report must always be generated;
• hard failures are captured by explicit exit/status variables and SQL exceptions.

This prevents future “cleanup” from reintroducing set -e.

P4 — Report should distinguish canonical function invariant verification vs pilot test invariant verification

Add report fields:

• fn_iu_create_internal_verify: PASS/FAIL
• pilot_post_create_verify: PASS/FAIL
• post_commit_verify: PASS/CRITICAL/NOT_RUN

This makes it clear that invariants are checked at three layers:

1. inside the create function before returning;
2. inside the P2 transaction pilot test;
3. after COMMIT.

Directive to Opus

Patch P2 prompt to rev11 with P1–P4.

Do not dispatch after patch; return for GPT/User review.

Hard boundaries remain

• no dispatch yet;
• no raw birth_registry insert;
• no DOT adapter;
• no dot_tools registration;
• no default seeding;
• no cleanup pilot;
• no retry/improvise on SQL failure.

Summary

Rev10 is nearly ready. The key remaining design issue is that the main canonical function must not return created based on birth alone. It must verify the full IU invariant contract itself before success. The second issue is operational: even pre-SQL failures should produce a report path, not a silent shell exit.