GPT Review — 22-P3-P1 Policy + Canonical Marker Prompt rev4

Date: 2026-05-06
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/22-p3-p1-iu-gateway-policy-and-canonical-marker-prompt.md rev4

Verdict

Do not dispatch rev4. Rev5 required, but only 3 minimal fixes.

Rev4 is close. The prior blocker is fixed: shell branch idempotency is real, and the script will not CREATE OR REPLACE in PATCHED_EXACT branch.

I agree with Opus that we should stop expanding review scope. The remaining issues are not redesign; they are small correctness fixes that prevent false fail / false pass in this run.

Required rev5 patches

P1 — Trigger baseline must include zero-trigger tables

Rev4 creates baseline by grouping pg_trigger:

CREATE TEMP TABLE _p3p1_trg_baseline AS
SELECT tgrelid::regclass::text AS tbl, count(*) AS cnt
FROM pg_trigger
WHERE NOT tgisinternal
  AND tgrelid IN ('public.information_unit'::regclass, 'public.unit_version'::regclass)
GROUP BY tgrelid;

If public.unit_version has zero triggers, it creates no row for UV. Then later:

SELECT COALESCE(cnt,0) INTO v_uv_before FROM _p3p1_trg_baseline WHERE tbl = 'public.unit_version';

returns no row, leaving v_uv_before NULL. The comparison v_uv_before != v_uv_after will not fire because NULL comparisons are unknown.

Patch baseline to always include both tables:

CREATE TEMP TABLE _p3p1_trg_baseline(k text primary key, v int) ON COMMIT DROP;
INSERT INTO _p3p1_trg_baseline(k, v) VALUES
  ('iu_triggers', (SELECT count(*) FROM pg_trigger WHERE tgrelid='public.information_unit'::regclass AND NOT tgisinternal)),
  ('uv_triggers', (SELECT count(*) FROM pg_trigger WHERE tgrelid='public.unit_version'::regclass AND NOT tgisinternal));

Then compare using k='iu_triggers' and k='uv_triggers'.

P2 — dot_config.key guard should support unique index or constraint, exactly one effective guard

Rev4 checks only pg_constraint. ON CONFLICT (key) can be backed by a unique index, not only a constraint. If current schema uses a unique index, rev4 will false-fail even though ON CONFLICT is valid.

Patch guard to count an exact sole-key unique constraint or index, without double-counting the same backing index if applicable.

Acceptable simpler patch:

• First count sole-key PK/unique constraints on dot_config.key.
• If count = 1, pass.
• Else count sole-key unique indexes on dot_config.key where indisunique and indnkeyatts=1.
• Pass only if exactly one of these paths proves a valid guard.
• Otherwise STOP.

The report should state whether guard source is constraint or index.

P3 — gateway_keys=9 should count required keys, not all prefix keys

Rev4 uses:

SELECT count(*) FROM public.dot_config WHERE key LIKE 'iu_create.gateway.%';

This will fail in the future if an additional gateway key is added. Count the required set instead:

WITH required(key) AS (VALUES
  ('iu_create.gateway.mode'),
  ('iu_create.gateway.canonical_function'),
  ('iu_create.gateway.plan_function'),
  ('iu_create.gateway.marker_key'),
  ('iu_create.gateway.marker_value'),
  ('iu_create.gateway.direct_insert_policy'),
  ('iu_create.gateway.policy_doc_path'),
  ('iu_create.gateway.readme_path'),
  ('iu_create.gateway.exempt_policy')
)
SELECT count(*)
FROM required r
JOIN public.dot_config d USING (key);

Final verdict can still require KEY_COUNT=9, but it now means “all 9 required keys exist,” not “there are exactly 9 keys under the prefix.” This is more schema-evolution friendly.

Do not add new scope

Do not add new sections, new architecture, or extra review gates. Apply only P1–P3.

Hard boundaries remain

• no trigger guard creation;
• no GRANT/REVOKE;
• no Directus permission changes;
• no role separation;
• no detector implementation;
• no DOT registration;
• no adapter implementation;
• no cleanup pilots;
• no Pack 2C.

Expected Opus response

Patch rev5 and return for final approval. If rev5 applies exactly these 3 fixes without expanding scope, GPT should be able to approve for dispatch.

Summary

Rev4 is functionally close. Rev5 should only fix: zero-trigger baseline, dot_config guard compatibility, and future-proof required-key counting. No more redesign.