Incomex AI Portal
KB-7D5E

GPT Review — 23-P3C2 Prompt rev3

6 min read Revision 1
gpt-reviewpack-23p3c2rev4-requiredapply-wrappertest-hardening

GPT Review — 23-P3C2 Prompt rev3

Date: 2026-05-07
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c2-iu-apply-edit-functions-prompt.md rev3

Verdict

Rev3 is close, but NOT ready to dispatch. Rev4 small patch required.

Opus correctly fixed the lifecycle GUC blocker and the core apply design is now much safer. The remaining issues are mostly test/report correctness and verification strictness, not overall architecture.

Accepted rev3 fixes

  • Lifecycle convention is self-determined at function runtime.
  • content_anchor_ref = new_uv_id::text remains correct.
  • Unique check uses unnest(i.indkey) WITH ORDINALITY.
  • P3C1 function count uses SQL count.
  • Invariant all_pass is extracted explicitly.
  • Cleanup uses explicit exact signatures.
  • Notification/P3D roadmap remains correctly deferred.

Required rev4 fixes

P1 — BLOCKER: T1_FULL is captured by calling apply a second time

Rev3 does:

WITH r AS (SELECT fn_iu_apply_edit_draft(DRAFT_A...) AS j)
SELECT fields FROM r;

Then later:

SELECT public.fn_iu_apply_edit_draft(DRAFT_A,'agent:p3c2-log');

The second call returns draft_not_open, not the successful applied JSON. This makes UX/report evidence wrong and could confuse review.

Patch T1 to capture full JSON from the same call without pipe collision. Options:

  • use psql field separator ASCII unit separator, e.g. -F $'\x1f';
  • or output full JSON to a temp file/table in the same SQL call;
  • or use two SELECT lines from one CTE result if psql parsing is deterministic.

Recommended simple pattern:

T1_P=$("${PSQL[@]}" -t -A -F $'\x1f' <<EOSQL
WITH r AS (SELECT public.fn_iu_apply_edit_draft('$DRAFT_A_ID','agent:p3c2','P3C2 test') AS j)
SELECT j->>'status', j->>'version_id', j->>'version_seq',
       j->>'stale_drafts_count', j->'invariants'->>'all_pass', j::text
FROM r;
EOSQL
)

Then parse using $'\x1f'. Do not call apply again.

Apply same principle to T11 if full JSON is needed.

P2 — Unique (unit_id, version_seq) check must require exactly one

Rev3 accepts UQ >= 1. Duplicate unique definitions should be a blocker, consistent with prior strict duplicate policy.

Patch:

[ "$UQ" = "1" ] || FAIL

P3 — T15 grantee check still uses raw role interpolation

Rev3 says heredoc but still embeds:

SELECT has_function_privilege('$R','public.$SIG','EXECUTE');

Patch to real psql variable use inside heredoc:

CAN=$("${PSQL_NOSTOP[@]}" -v role="$R" -v sig="public.$SIG" -t -A <<'SQL'
SELECT has_function_privilege(:'role', :'sig', 'EXECUTE');
SQL
)

This is heredoc/stdin, not -c, and follows the P3C1 lesson.

P4 — T16 wrapper source check must include all IU/UV write paths

Rev3 wrapper check still misses some combinations. Forbidden patterns for fn_iu_edit should include:

  • app\.canonical_writer
  • insert\s+into\s+(public\.)?information_unit
  • update\s+(public\.)?information_unit
  • delete\s+from\s+(public\.)?information_unit
  • insert\s+into\s+(public\.)?unit_version
  • update\s+(public\.)?unit_version
  • delete\s+from\s+(public\.)?unit_version

For fn_iu_apply_edit_draft, require marker present and forbid DELETE on IU/UV specifically.

P5 — Report owner/security metadata, not only SECURITY DEFINER/search_path

P3C2 creates core write functions. Add report/test line for:

  • function owner;
  • SECURITY DEFINER;
  • search_path;
  • PUBLIC EXECUTE absent;
  • intended grantees can execute.

The function owner should follow the runtime creator pattern. If owner differs from Pack 22 owner, report and fail unless explicitly justified.

P6 — T1 invariant JSON should be actual invariant JSON from successful apply

After P1, report:

invariant_all_pass=true
invariant_json=<from successful T1 JSON>

Do not report the second-call draft_not_open JSON.

P7 — Add shell comparison safety comment

Add the same guard/comment from P3C1:

# All shell test comparisons MUST use spaces around '=': [ "$A" = "$B" ]

Rev3 mostly uses correct spacing, but this prevents regression.

P8 — P3D roadmap note accepted; add exact next pack field

Rev3 prints next_required=P3D_notification_before_Hermes. Patch to exact machine-readable:

next_required_pack=P3D_NOTIFICATION_OUTBOX_BEFORE_HERMES_PRODUCTION

Directive to Opus

Patch P3C2 prompt to rev4 with P1–P8.

Path:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c2-iu-apply-edit-functions-prompt.md

Do not dispatch after patch. Return for GPT/User final review.

Hard boundaries remain

  • No dispatch.
  • No table DDL.
  • No trigger/gateway changes.
  • No vector mutation.
  • No cleanup.
  • No notification log implementation in P3C2.
  • No Pack 2C.

Summary

Rev3 fixed the main lifecycle issue. Rev4 should prevent misleading test evidence by capturing the successful apply JSON from the same call, enforce exact uniqueness, harden grantee/source checks, and make the P3D dependency machine-readable. After that, P3C2 should be very close to dispatch-ready.