GPT Review — 22-P2 Main Functions Prompt rev2

Date: 2026-05-06 Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/22-p2-iu-native-create-main-functions-prompt.md rev2

Verdict

Do not dispatch rev2. Rev3 required.

Rev2 applied the 14 previous fixes and is much better. However, because P2 is the writer phase that creates real IU/UV/birth rows, several remaining details must be corrected before execution.

What improved

• would_create logic now handles JSON not_found.
• Pilot address is dynamically generated.
• REVOKE/GRANT use full signatures.
• directus is re-checked as current role candidate.
• Publication type is validated if supplied.
• Incomplete existing states are marked action_required / health_signal_needed.
• Plan returns 16-char hash preview instead of full hash.
• Tests are more explicit.

Required rev3 patches

P1 — Do not use PL/pgSQL ASSERT for critical tests

Rev2 test DO blocks rely on ASSERT. In PostgreSQL, PL/pgSQL assertions can be controlled by runtime settings and should not be the primary safety gate for a writer-phase migration.

Patch all assertions to explicit checks:

IF NOT condition THEN
  RAISE EXCEPTION 'message';
END IF;

This ensures test failures always abort the transaction.

P2 — Persist generated pilot address explicitly for post-COMMIT verification/report

Rev2 generates pilot address inside a DO block and later tries to rediscover it.

Patch:

• Generate pilot address before BEGIN in a psql variable / temp file / explicit captured output, or create a WITH/DO block that prints and stores it in the report variable handled by Agent.
• The Agent must record the exact pilot address and use that exact value for all later checks.
• Do not rediscover by LIKE 'pilot.p2.%'.

For post-COMMIT, use the recorded address exactly.

P3 — Remove created_at from post-COMMIT discovery

Rev2 post-COMMIT block says:

ORDER BY created_at DESC

This repeats an earlier schema-drift bug. created_at is not guaranteed and may not exist.

Patch: do not query by created_at at all. Use recorded pilot address from P2.

P4 — Count deltas must be asserted, not only printed

Rev2 §3.4 only prints counts and says Agent should compare with §1 baseline.

Patch:

• Store baseline counts in the Agent report.
• After pilot create, explicitly compare:
  • IU baseline + 1;
  • UV baseline + 1;
  • IU birth baseline + 1.
• birth_total can be audit-only if system is live, but IU/UV/birth_iu deltas for this controlled pilot should be asserted if no other IU writer is running. If there is concurrent IU writing, report drift as warning and rely on canonical-address-specific verification.

Safer approach:

• Assert pilot-specific rows rather than only global counts:
  • exactly 1 IU for pilot address;
  • exactly 1 UV linked to that IU;
  • exactly 1 birth row for information_unit::<iu_id>.

P5 — Preflight column type checks must be hard gates, not comments

Rev2 lists types and says “Verify ...”. The prompt must require STOP if critical types do not match expected contract.

At minimum, before BEGIN:

• information_unit.id = uuid;
• information_unit.canonical_address text-compatible;
• information_unit.identity_profile = jsonb;
• information_unit.parent_or_container_ref type must match p_parent_ref uuid; if not uuid, STOP and revise signature;
• information_unit.version_anchor_ref = uuid;
• information_unit.content_anchor_ref text-compatible;
• unit_version.id = uuid;
• unit_version.unit_id = uuid;
• unit_version.body text-compatible;
• unit_version.content_hash text-compatible;
• unit_version.version_seq integer-compatible.

Do not proceed on manual eyeballing.

P6 — Function conflict check should include exact signatures / overload policy

Rev2 stops if any fn_iu_create or fn_iu_create_plan exists by name. That is safe for first install. Add note:

• any same-name function in public is a STOP;
• no overload workaround;
• future overloads require separate design pack.

This prevents Agent improvisation if a conflict appears.

P7 — Plan function should return explicit status

Rev2 plan returns mode, would_create, and issues, but no primary status field.

Patch fn_iu_create_plan to return:

• plan_ok if would create and no issues;
• exists_complete / existing status if existing;
• invalid_input / unresolved_vocab / preflight_failed as appropriate.

This makes adapter behavior stable and avoids every caller re-deriving status from would_create + issues.

P8 — Existing incomplete status branch must include all issue statuses consistently

In the unique_violation handler, rev2 checks:

('exists_missing_birth','exists_missing_version','exists_anchor_invalid')

but earlier branch includes exists_duplicate_version, exists_unknown_state too.

Patch both branches to use the same incomplete-status set.

P9 — Security definer ownership must be reported

P2 report should include function owner, prosecdef, provolatile, and privileges. SECURITY DEFINER behavior depends on owner. Report owner explicitly.

Query:

SELECT n.nspname, p.proname, r.rolname AS owner, p.prosecdef, p.provolatile
FROM pg_proc p
JOIN pg_namespace n ON n.oid=p.pronamespace
JOIN pg_roles r ON r.oid=p.proowner
WHERE n.nspname='public'
  AND p.proname IN ('fn_iu_create','fn_iu_create_plan')
ORDER BY p.proname;

P10 — p_publication_type validation should not rely on magic __unused__ config key without comment

Rev2 passes __unused__ into fn_iu_resolve_default. That is not wrong mechanically, but it is obscure and can confuse future maintainers.

Patch:

• Add comment: explicit-only validation mode; config key deliberately nonexistent; only explicit vocab validation is accepted in P2.
• Better: add/plan later helper fn_iu_validate_vocab(prefix,value) in a future pack if repeated.

P11 — Post-COMMIT verification failure must create a blocker report, not only WARNING

Rev2 says warning in DO block. Since post-COMMIT rollback is impossible, report must mark:

• CRITICAL;
• pilot address;
• exact verify JSON;
• no cleanup;
• P3 blocked.

The Agent should not treat a SQL WARNING as success.

P12 — Pilot body/title/actor should be dynamic enough but not hardcoded as contract truth

The fixed test body/title/actor are acceptable as test literals, not contract defaults. Report should label them as test data only.

Directive to Opus

Patch P2 prompt to rev3 with P1–P12. Do not dispatch after patch; return for GPT/User review.

Hard boundaries remain

• no dispatch yet;
• no raw birth_registry insert;
• no DOT adapter;
• no dot_tools registration;
• no default seeding;
• no cleanup pilot;
• no retry/improvise on SQL failure.

Summary

Rev2 is conceptually close, but writer-phase safety still needs tightening. The biggest blockers are reliance on ASSERT, rediscovering pilot by created_at, insufficient hard gates on type checks, and lack of explicit status in the plan function.