Incomex AI Portal
KB-7930

GPT Review — 23-P3C1 Safe Functions Prompt rev1

10 min read Revision 1
gpt-reviewpack-23p3c1functionsrev2-requirednatural-uxsafe-comment

GPT Review — 23-P3C1 Safe Functions Prompt rev1

Date: 2026-05-07
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c-iu-edit-draft-functions-prompt.md rev2 content / P3C1 framing

Verdict

P3C1 direction accepted, but prompt is NOT ready to dispatch. Rev2 required.

Opus accepted the “simple but safe” correction and split P3C into two phases. This is the right direction.

Accepted:

  • P3C1 = safe functions only, no IU/UV writes.
  • P3C2 = apply + wrapper, the official-version write path.
  • fn_iu_comment is the correct natural high-level name.
  • Multiple open drafts must not silently attach latest by default.
  • Context-based routing with draft_id or select=latest is accepted.
  • Responses must be self-guiding with status, guidance, and next_action.

However, the prompt still leaves too much implementation detail to the Agent and has several test/design gaps. Since P3C1 creates canonical public functions, it needs to be more deterministic before dispatch.

Analysis of Opus’s response

1. Split P3C1 / P3C2

Accepted.

This reduces risk. P3C1 creates only draft/comment functions. P3C2 will later create fn_iu_apply_edit_draft and fn_iu_edit wrapper, which touch IU/UV and gateway.

2. fn_iu_comment behavior

Accepted after correction.

Final behavior is correct:

  • one open draft → auto attach;
  • multiple open drafts → return candidates, unless context explicitly chooses;
  • context.draft_id → attach selected draft after validating address;
  • context.select='latest' → attach latest and report selected_by='latest'.

This matches the User’s Apple/iPhone principle: simple, guided, and hard to misuse.

Required rev2 fixes

P1 — Use a dedicated P3C1 prompt path or explicit supersession note

Current file path is still:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c-iu-edit-draft-functions-prompt.md

but the content is now P3C1 only.

Patch one of two ways:

Preferred:

  • create/update knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c1-iu-edit-draft-safe-functions-prompt.md;
  • leave the old P3C path as superseded or redirect note if needed.

Acceptable:

  • keep current path but state clearly in header and report that this is P3C1, not full P3C.

GPT preference: use a P3C1-specific path to avoid Agent confusion.

P2 — Do not let Agent freely write function bodies from prose

The prompt still says “Agent viết 4 functions theo signatures và logic.” That is too loose for canonical functions.

Rev2 must provide either:

  • full executable SQL bodies; or
  • near-complete SQL skeletons where only runtime-discovered role/lifecycle constants are substituted.

For P3C1, exact bodies are feasible and should be included.

At minimum, specify:

  • exact CREATE FUNCTION statements;
  • exact JSON status fields;
  • exact validation branches;
  • exact SECURITY DEFINER SET search_path=pg_catalog,public;
  • exact REVOKE/GRANT statements with full signatures.

P3 — Transaction model must be explicit

P3C1 should be all-or-clean.

Recommended execution model:

  • BEGIN;
  • CREATE the 4 functions;
  • REVOKE/GRANT;
  • run tests that create draft/comment rows;
  • if all tests pass → COMMIT, retaining test drafts/comments;
  • if any test fails → ROLLBACK, leaving no functions and no test drafts/comments.

If shell-based tests are used outside the transaction, then failure cleanup must be explicit. Prefer a single transaction because P3C1 has no external side effects beyond draft/comment rows.

P4 — Preflight must verify exact columns used by functions

Rev1 only checks table existence. P3C1 functions will read/write many columns.

Add hard gates for required columns/types:

information_unit:

  • id uuid
  • canonical_address text
  • version_anchor_ref uuid
  • identity_profile jsonb

unit_version:

  • id uuid
  • unit_id uuid
  • version_seq integer
  • body text
  • content_hash text or whatever exact content-hash column exists in runtime
  • lifecycle_status text

unit_edit_draft and unit_edit_comment:

  • all P3B columns the functions insert/read.

If any column is missing or type differs, STOP.

P5 — Verify exact helper function signatures

Do not only check function names.

Preflight exact checks should use to_regprocedure, e.g.:

  • public.fn_content_hash(text)
  • public.fn_iu_verify_invariants(text) or actual signature if different
  • public.fn_iu_create(...) for source/owner discovery

For P3C1, fn_iu_verify_invariants is not directly used, so it can be informational. fn_content_hash(text) is required and must be exact.

P6 — Fix UV lifecycle convention gate for P3C1

P3C1 does not write unit_version, so lifecycle convention is not needed to create P3C1 functions.

Keep it as report-only context for P3C2, not a P3C1 blocker unless it indicates a broader schema issue.

This avoids blocking safe draft/comment functions on a convention only needed later by apply.

P7 — Test address selection must avoid existing open drafts and support no_open_draft

P3C1 tests need at least two existing IU addresses:

  • TEST_ADDR_A: used to create drafts and test multi-draft behavior.
  • TEST_ADDR_B: must have no open drafts; used to test fn_iu_commentno_open_draft.

Rev1 uses nonexistent address for T14 and allows iu_not_found OR no_open_draft. That does not prove no_open_draft behavior.

Patch:

  • select TEST_ADDR_B from existing IU not equal to A and with zero open drafts;
  • if not available, create a safe draft/comment test plan or STOP with clear reason;
  • T14 expected status must be exactly no_open_draft, not iu_not_found OR no_open_draft.

P8 — No-silent-wrong-comment tests must verify no insert on multiple_open_drafts

T11 should assert that comment count does not increase when fn_iu_comment returns multiple_open_drafts.

This proves the function did not silently attach to the wrong draft.

P9 — Add address-mismatch test for context draft_id

Add test:

  • create/open draft on TEST_ADDR_A;
  • call fn_iu_comment(TEST_ADDR_B, ..., p_context={draft_id: A_draft});
  • expected: draft_address_mismatch or draft_not_for_address;
  • comment count unchanged.

This prevents a dangerous context misuse.

Add this status to the vocabulary.

P10 — fn_iu_comment candidate list must not leak full body

When returning multiple_open_drafts, include safe metadata only:

  • draft id;
  • created_by;
  • created_at;
  • base_version_seq;
  • reason preview;
  • title preview;
  • draft hash preview.

Do not return full draft_body.

P11 — Volatility and security must be explicit per function

Recommended:

  • fn_iu_edit_plan: STABLE SECURITY DEFINER
  • fn_iu_create_edit_draft: VOLATILE SECURITY DEFINER
  • fn_iu_comment_edit_draft: VOLATILE SECURITY DEFINER
  • fn_iu_comment: VOLATILE SECURITY DEFINER

All use SET search_path=pg_catalog,public.

If Opus wants fn_iu_edit_plan as VOLATILE for simplicity, justify. Prefer STABLE.

P12 — Exact grants must use full signatures

After CREATE:

  • REVOKE ALL ON FUNCTION public.fn_iu_edit_plan(text,text,text) FROM PUBLIC;
  • GRANT EXECUTE ON FUNCTION ... TO <discovered role>;

Repeat for all exact signatures.

Tests must verify PUBLIC EXECUTE absent and intended role can execute.

P13 — Status vocabulary must include required fields and next_action

Rev1 lists statuses but does not fully enforce required fields.

For rev2, add a compact table with required JSON keys per status. At minimum, all non-success statuses must include:

  • status
  • guidance
  • next_action

Success statuses should include enough audit info:

  • draft/comment ids;
  • selected_by for natural comments;
  • hash preview for draft/plan;
  • no full body leak.

P14 — Tests should parse JSON inside SQL, not fragile shell greps

Prompt should instruct Agent to return status and key fields directly from SQL:

WITH r AS (SELECT public.fn_iu_comment(...) AS j)
SELECT j->>'status', j->>'selected_by', j AS full_json FROM r;

Avoid echoing JSON back into psql or grepping raw text unless only for logs.

P15 — Report should include actual JSON samples for UX evidence

Keep the UX evidence section, but require actual captured outputs for:

  • plan_ok;
  • draft_created;
  • comment_added auto single draft;
  • multiple_open_drafts;
  • draft_address_mismatch;
  • invalid_input.

P16 — P3C1 readiness naming

Final report should use:

  • phase_status=PASS/FAIL/CRITICAL
  • p3c2_readiness=READY/BLOCKED

Do not use p3d_readiness in P3C1.

P17 — No IU/UV mutation should be verified by counts and source of writes

P3C1 must verify:

  • IU count unchanged;
  • UV count unchanged;
  • P3A gateway unchanged;
  • no app.canonical_writer usage in P3C1 functions;
  • no INSERT INTO unit_version or UPDATE information_unit appears in new function source.

This proves P3C1 is safe-only.

Directive to Opus

Patch P3C1 prompt to rev2 with P1–P17.

Preferred path:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c1-iu-edit-draft-safe-functions-prompt.md

If keeping old path, add a very clear supersession/header note.

Do not dispatch after patch. Return for GPT/User review.

Hard boundaries remain

  • No dispatch.
  • No table DDL.
  • No schema changes.
  • No trigger changes.
  • No gateway changes.
  • No IU/UV writes.
  • No vector mutation.
  • No cleanup.
  • No Pack 2C.

Summary

P3C1 has the right UX and safety philosophy. Rev2 should make it execution-grade: exact function bodies/signatures, transaction all-or-clean, no silent wrong comments, no body leakage in candidate lists, and proof that no IU/UV mutation path exists.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/reviews/gpt-review-23-p3c1-safe-functions-prompt-rev1-2026-05-07.md