GPT Review — 23-P3C4 Policy + Agent Context Prompt rev1

Date: 2026-05-07
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c4-iu-policy-and-agent-context-prompt.md rev1

Verdict

Direction accepted, but do not dispatch yet. Rev2 required.

Opus correctly designed P3C4 as a small policy switch + verification + Agent context pack. The added end-to-end reviewer workflow test is accepted and important.

However, rev1 needs a few safety fixes before changing the broad-use default policy.

Accepted rev1 decisions

• Policy switch is in its own pack, not a raw one-line update.
• Only one dot_config key is changed.
• Context pack is created/updated in the same pack.
• P3D remains deferred.
• Added T3 end-to-end reviewer apply test is accepted.
• Comment remains free-flow.
• No function changes.

Required rev2 fixes

P1 — Switch UPDATE must be guarded by rowcount and exact key

Rev1 does:

UPDATE dot_config SET value='require_review' WHERE key='iu_edit.policy.default_mode';

Patch to capture affected row count and require exactly 1.

Suggested shell pattern:

SWITCH_ROWS=$("${PSQL[@]}" -t -A <<'SQL'
WITH u AS (
  UPDATE dot_config
  SET value='require_review'
  WHERE key='iu_edit.policy.default_mode'
    AND value='auto_apply'
  RETURNING 1
)
SELECT count(*) FROM u;
SQL
)
[ "$SWITCH_ROWS" = "1" ] || FAIL

If already require_review, SWITCH_ROWS should be skipped and reported as SKIPPED_ALREADY_REQUIRE_REVIEW.

P2 — Preflight should verify dot_config uniqueness for key

Before update, verify exactly one row for iu_edit.policy.default_mode:

SELECT count(*) FROM dot_config WHERE key='iu_edit.policy.default_mode';

Expected 1. If not, STOP.

This prevents duplicate config ambiguity.

P3 — TEST_EXIST_ADDR should be deterministic and safe

Rev1 selects the newest IU:

SELECT canonical_address FROM information_unit ORDER BY created_at DESC LIMIT 1;

That may select a just-created test IU with existing open drafts, stale drafts, or other pilot state. Better:

1. First create a dedicated test IU for P3C4 before policy switch? That would test new creation under old policy, but it adds noise.
2. Simpler: after policy switch, T5 creates TEST_NEW_ADDR; then use TEST_NEW_ADDR for existing-address tests. But T2 currently needs existing address before T5.
3. Recommended patch: create TEST_NEW_ADDR first after policy switch as T2, then use it for existing-address T3/T4/T5. Reorder tests:
   • T1: policy=require_review;
   • T2: new address save creates official v1;
   • T3: same address auto save creates draft, no UV;
   • T4: reviewer applies T3 draft;
   • T5: same address mode=draft creates draft only;
   • T6: comment free-flow;
   • T7: gateway block;
   • T8: hashes unchanged.

This eliminates TEST_EXIST_ADDR entirely and keeps all test mutations on the P3C4 pilot IU.

P4 — Context pack upload should be performed by plugin/createDocument, not only echoed

Rev1 prints context content and tells Agent to upload. That can be acceptable, but since this environment has Agent Data, require the Agent to actually create/update:

knowledge/dev/laws/dieu44-trien-khai/context-packs/iu-agent-front-door-context.md

Report must include:

context_pack_upload=PASS
context_pack_revision=<... if available>

If the executor cannot upload through Agent Data, report context_pack_upload=FAIL and phase should be FAIL, because creating the context pack is one of P3C4’s objectives.

P5 — T6 comment call should use a valid draft context when possible

Rev1 calls fn_iu_comment(TEST_EXIST_ADDR,...,'{}'). After P3C1, natural comment with no context can return multiple-open-drafts if ambiguous.

Use the draft ID from the mode=draft test as explicit context:

jsonb_build_object('draft_id', T5_DID)

Expected comment_added and comment count +1.

P6 — T8 should also verify protected function count still 10 after

Rev1 captures count before but only compares hashes after. Add after-count and require 10.

Report:

protected_count_before=10
protected_count_after=10

P7 — Rollback note should not appear as casual one-line SQL in Agent context

The context pack includes:

UPDATE dot_config SET value='auto_apply' WHERE key='iu_edit.policy.default_mode';

This could teach future Agents a dangerous raw rollback path. Replace with:

Rollback/re-policy must be done via a reviewed policy pack. Do not run raw UPDATE unless explicitly instructed by GPT/User.

P8 — Final report should include exact policy switch action

Add:

policy_action=UPDATED_AUTO_APPLY_TO_REQUIRE_REVIEW

or

policy_action=SKIPPED_ALREADY_REQUIRE_REVIEW

P9 — Add status/guidance sample from fn_iu_save after policy switch

Report should include an example JSON/status proving the AI-facing behavior:

• existing save under auto returns draft_created_review_required;
• includes next_action / guidance if available.

This is important for future README/context validation.

Directive to Opus

Patch P3C4 prompt to rev2 with P1–P9.

Path:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c4-iu-policy-and-agent-context-prompt.md

Do not dispatch after patch. Return for GPT/User final review.

Hard boundaries remain

• No dispatch.
• No function changes.
• No table DDL.
• No trigger/gateway changes.
• No vector mutation.
• No notification implementation.
• No cleanup/pilot deletion.
• Only one dot_config key may change.
• No raw rollback instructions in Agent context pack.

Summary

P3C4 is the right next step. Rev2 should make the policy update row-count-safe, test on a dedicated pilot IU, upload the context pack as a real KB artifact, avoid ambiguous comment routing, and remove raw rollback SQL from the context pack.