GPT Review — 23-P3D4B Execution PASS and P3D4C Directive

Date: 2026-05-08
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed:

• knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4b-directus-dot-notification-readonly-exposure-report.md
• knowledge/dev/laws/dieu44-trien-khai/reviews/opus-review-23-p3d4b-execution-pass-2026-05-08.md

Verdict

P3D4B PASS confirmed. Agent executed correctly. Opus review is accurate.

No supplemental Agent action is needed for P3D4B.

Accepted evidence

• phase_status=PASS.
• dieu43_dot_inventory=PASS.
• dieu43_inventory_depth=KB_ONLY.
• existing_dot_conventions_checked=PASS.
• reusable_dot_template=FOUND.
• reusable_counting_pattern=FOUND.
• overlap_risk=LOW.
• recommendation=READY_FOR_IMPLEMENTATION_PROMPT.
• candidate_view_defined=PASS.
• view_scope=HISTORY.
• candidate_dot_outline_defined=PASS.
• role_strategy=NEW_ROLE_RECOMMENDED with notif_board_reader justified.
• payload_strategy=OMIT_RAW_PAYLOAD.
• metadata_only=true.
• no_body_content=true.
• no_pg_mutation=true.
• no_directus_mutation=true.
• no_directus_permission_change=true.
• no_executable_sql=true.
• no_executable_dot=true.
• no_nuxt_code=true.
• no_codex_dispatch=true.
• no_secret_creation=true.
• no_dieu43_overlap=true.
• no_dieu43_schema_repair=true.
• assembly_first_compliant=true.
• go_nogo_gate=GO.
• next_required_pack=P3D4C_PG_VIEW_AND_DIRECTUS_DOT_IMPLEMENTATION_PROMPT_REVIEW.

Key decisions accepted

• view_scope=HISTORY: Phase 1 is human monitoring/oversight, not only an actionable inbox.
• payload_strategy=OMIT_RAW_PAYLOAD: no raw JSON payload and no IU body exposure.
• read_count: compute with PG-native COUNT(DISTINCT actor_ref), no separate counter table.
• latest_readers: top 5 ordered by read_at DESC, actor_ref ASC tie-breaker.
• DOT convention reuse: 3-part description contract + NT12 paired-DOT pattern.
• Candidate DOT pair: DOT-NOTIF-BOARD-EXPOSE ↔ DOT-NOTIF-BOARD-EXPOSE-VERIFY.
• Mark-read, Directus user→actor_ref mapping, Nuxt display assembly, and Hermes remain deferred.

Important correction for the next step

P3D4C must still be a prompt review first. It may contain executable SQL/DOT candidates, but it must not be dispatched until GPT/User approve the P3D4C prompt.

Directive to Opus — create P3D4C prompt, do not dispatch

Create prompt:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c-pg-view-directus-dot-notification-readonly-implementation-prompt.md

Report path for later execution:

knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4c-pg-view-directus-dot-notification-readonly-implementation-report.md

P3D4C scope

P3D4C should draft an implementation prompt for later execution. Do not execute it yet.

The implementation prompt should cover:

1. Creating PG view public.v_iu_notification_board.
2. Exposing the view read-only through a DOT/change package pattern.
3. Creating or reusing a read-only Directus role/permission strategy.
4. Verifying Directus can see the view after PG creation.
5. Rollback plan.
6. Post-run quiet period recommendation.

Mandatory pre-read for P3D4C prompt drafting

Read first:

• knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4b-directus-dot-notification-readonly-exposure-report.md
• knowledge/dev/laws/dieu44-trien-khai/design/23-p3d4b-directus-dot-notification-readonly-exposure-package-review.md
• knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4-directus-exposure-design-review-report.md
• knowledge/dev/laws/dieu44-trien-khai/design/23-p3d4-directus-notification-exposure-review.md
• Constitution / Assembly First / Data Connection law / Directus-DOT law if available / Display law if available.

P3D4C implementation prompt must include these preflight gates

Before any mutation in the future execution:

• verify no existing public.v_iu_notification_board;
• verify notification tables exist;
• verify indexes/constraints relevant to notification tables exist;
• verify P3D2 runtime active: 4 functions + 3 triggers;
• verify no raw payload/body exposure in candidate view definition;
• verify target role strategy at runtime:
  • if a suitable existing read-only role is found, reuse;
  • else create notif_board_reader only if explicitly approved by the P3D4C prompt;
• verify Directus inventory/read-only posture;
• verify no Nuxt work;
• verify no Hermes work.

Candidate view requirements

View name: public.v_iu_notification_board.

Scope: HISTORY.

Metadata-only columns should include at least:

• event_id;
• event_type;
• event_stream;
• canonical_address;
• unit_id;
• ref_id;
• actor_ref;
• source;
• created_at;
• read_count;
• latest_readers JSON array, top 5;
• optional safe derived fields only.

Must not include:

• IU body;
• unit_version body;
• raw payload jsonb;
• raw sensitive content;
• mutable write columns not needed for display.

read_count rule:

COUNT(DISTINCT r.actor_ref) WHERE r.event_id=e.id

latest_readers rule:

Top 5 readers ordered by read_at DESC, actor_ref ASC.

DOT/change package requirements

Use existing DOT conventions from P3D4B:

• 3-part description contract;
• NT12 paired DOT pattern;
• candidate pair:
  • DOT-NOTIF-BOARD-EXPOSE;
  • DOT-NOTIF-BOARD-EXPOSE-VERIFY.

The P3D4C prompt may include executable DOT/SQL for review, but it must be clearly marked as pending approval and not self-dispatched.

DOT package must cover:

• Directus view/collection exposure for v_iu_notification_board;
• read-only permission grant only;
• no create/update/delete;
• no Directus UI clicking;
• role strategy: prefer reuse, else notif_board_reader if approved;
• labels/descriptions only if DOT-supported;
• rollback path.

Required tests for future execution prompt

P3D4C execution prompt should test:

1. PG view created.
2. View returns rows if notification events exist, or returns 0 rows cleanly if none.
3. View columns exactly match approved metadata-only column list.
4. View does not expose body or raw payload.
5. read_count matches base-table count distinct.
6. latest_readers deterministic ordering works.
7. Directus auto-registers/sees the view after creation, or reports manual DOT step if not.
8. Directus role/permission grant is read-only.
9. No create/update/delete permission exists on notification view for target role.
10. No PG table/function/trigger changes except the new view.
11. No Nuxt mutation.
12. No Hermes mutation.
13. Rollback test plan exists.
14. Quiet period is documented: 24–48h before mark-read/human-write package.

Required report fields for future P3D4C execution

• phase_status;
• view_created=PASS|FAIL;
• view_name=public.v_iu_notification_board;
• view_scope=HISTORY;
• metadata_only=PASS|FAIL;
• raw_payload_exposed=false;
• body_content_exposed=false;
• read_count_verified=PASS|FAIL;
• latest_readers_verified=PASS|FAIL;
• directus_view_visible=PASS|FAIL|LIMITED;
• role_strategy=REUSE_EXISTING|CREATED_NOTIF_BOARD_READER;
• directus_permission_read_only=PASS|FAIL;
• no_create_update_delete_permissions=PASS|FAIL;
• no_pg_runtime_mutation=true;
• no_nuxt_code=true;
• no_hermes_start=true;
• rollback_plan=PASS;
• quiet_period=24_48H_BEFORE_MARK_READ_PACKAGE.

Hard boundaries for P3D4C prompt drafting

• Do not dispatch implementation.
• Do not mutate PG during prompt drafting.
• Do not mutate Directus during prompt drafting.
• Do not write Nuxt code.
• Do not start Hermes.
• Do not expose body or raw payload.
• Do not create/update/delete Directus permissions outside reviewed DOT package.
• Do not involve Codex unless User explicitly approves.

Next after P3D4C prompt review

If P3D4C prompt is approved, then it may be dispatched in a separate step to create the view and Directus read-only exposure.

After P3D4C execution PASS, stop for a 24–48h quiet period before considering mark-read / actor mapping / display assembly.