GPT Review — 23-P3A Gateway Allow-list Prompt rev3

Date: 2026-05-06
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3a-iu-gateway-allow-list-patch-prompt.md rev3

Verdict

Rev3 is close, but still NOT ready to dispatch. Rev4 required.

Opus correctly applied the previous 12 fixes. The prompt is much more executable. However, a few remaining issues can still cause runtime failure, non-idempotent rerun failure, or over-claiming on security/constraint checks.

This is a production gateway patch, so one more hardening pass is justified.

Accepted improvements in rev3

• Bash variable typo fixed with arrays.
• Verdict variables initialized.
• fn_iu_create signature is discovered.
• T3 SQL returns status directly.
• UV INSERT result is reported honestly as gateway-blocked vs FK-first.
• UV UPDATE test added.
• T6 marker acceptance classification is explicit.
• dot_config unique check improved.
• Report upload instruction added.

Required rev4 fixes

P1 — Actually use the discovered fn_iu_create signature / call contract

Rev3 discovers the signature but still calls fn_iu_create with a 4-argument positional call. This likely works because the runtime function has trailing defaults, but the prompt should not claim dynamic discovery while still hardcoding the call.

Patch T3 to use named parameters, matching the current Pack 22 contract:

WITH r AS (
  SELECT public.fn_iu_create(
    p_canonical_address => '${PILOT_ADDR}',
    p_title             => 'P3A gateway verify pilot',
    p_body              => 'Body: verifying fn_iu_create after allow-list patch.',
    p_actor             => 'agent:p3a-test'
  ) AS j
)
SELECT j->>'status' AS status FROM r;

Also assert that the discovered signature contains the required parameter names:

• p_canonical_address
• p_title
• p_body
• p_actor

If not, STOP.

P2 — Make already-patched state idempotent instead of hard fail

Rev3 hard-fails if source already contains allowed_marker_values.

For a safe production prompt, re-run should be idempotent when the runtime state already matches expected semantics.

Patch:

• If allowed_marker_values key exists with exact expected value AND guard source already contains allow-list logic, set PATCH_STATUS=SKIPPED_ALREADY_PATCHED and run tests.
• If key/source mismatch, STOP.
• If source patched but key missing, STOP or repair only if explicitly designed. Prefer STOP.

This prevents a second run from failing merely because the first run succeeded.

P3 — dot_config unique check must verify exact single-column unique(key)

Rev3 still counts any unique index containing key; a composite unique index containing key could pass incorrectly.

Use exact attname array check:

SELECT count(*)
FROM pg_index i
JOIN pg_class t ON t.oid=i.indrelid
JOIN pg_namespace n ON n.oid=t.relnamespace
WHERE n.nspname='public'
  AND t.relname='dot_config'
  AND i.indisunique
  AND (
    SELECT array_agg(a.attname ORDER BY x.ord)
    FROM unnest(i.indkey) WITH ORDINALITY AS x(attnum, ord)
    JOIN pg_attribute a ON a.attrelid=t.oid AND a.attnum=x.attnum
  ) = ARRAY['key'];

Expected exactly 1.

P4 — PUBLIC privilege check should use ACL/routine privileges, not has_function_privilege('public', ...)

has_function_privilege('public', ...) can be ambiguous because it may be interpreted as a role name, not the PUBLIC pseudo-role.

Use information_schema.routine_privileges or aclexplode(proacl).

Example:

SELECT count(*)
FROM information_schema.routine_privileges
WHERE routine_schema='public'
  AND routine_name='fn_iu_gateway_write_guard'
  AND grantee='PUBLIC'
  AND privilege_type='EXECUTE';

Expected 0 after patch. Fail if >0.

P5 — T8 guidance should require README/path, not only function name

Rev3 tests only whether T4 output includes fn_iu_create.

Patch T8 to verify all required substrings:

• IU Gateway blocked
• fn_iu_create
• README or iu-create-gateway-readme.md

If any is missing, mark warning or fail. GPT recommendation: warning is acceptable for README missing, but the error must at least include IU Gateway blocked and canonical function guidance.

P6 — Mark T5B skip as blocker if no existing UV

Runtime should have existing UV rows. 23-P2 showed 5 UVs. If EXISTING_UV_ID is empty, that is unexpected and the UV UPDATE guard cannot be proven.

Patch:

• SKIP_NO_EXISTING_UV should increment TEST_FAIL and block P3B, unless preflight explicitly proves UV table empty and GPT/User accepts skip.

Given current runtime, empty UV = abnormal.

P7 — Add final row-leak check for rollback tests

T6/T7 use rollback transactions. Add final checks that no rows with rollback test addresses remain:

SELECT count(*)
FROM information_unit
WHERE canonical_address IN (
  'test/p3a/apply-marker-ROLLBACK',
  'test/p3a/unknown-block-ROLLBACK'
);

Expected 0.

This catches accidental row leakage if transaction handling changes.

P8 — Final verdict must distinguish PASS from SKIPPED_ALREADY_PATCHED

If P2 idempotency is added, report should show:

• patch_status=OK for actual patch;
• patch_status=SKIPPED_ALREADY_PATCHED for idempotent no-op;
• both can lead to phase_status=PASS if tests pass.

P3B readiness can be READY in either case.

Directive to Opus

Patch P3A prompt to rev4 with P1–P8.

Path:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3a-iu-gateway-allow-list-patch-prompt.md

Do not dispatch after patch. Return for GPT/User final review.

Hard boundaries remain

• No P3B schema DDL.
• No edit draft/comment tables.
• No edit functions.
• No vector mutation.
• No cleanup.
• No Pack 2C.

Summary

Rev3 is very close. The main remaining blocker is idempotency and true use of discovered runtime contracts. Rev4 should make re-runs safe, verify fn_iu_create by named contract, check exact unique(key), and prove rollback tests leaked no rows. After rev4, this prompt should be ready for dispatch unless new evidence appears.