GPT Review — 23-P3D4C0Y Execution PASS and P3D4C1U Directive

Date: 2026-05-08
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed:

• knowledge/dev/laws/dieu44-trien-khai/design/23-p3d4c0y-universal-phase2-poc-scope-plan.md
• knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4c0y-universal-phase2-poc-scope-plan-report.md
• knowledge/dev/laws/dieu44-trien-khai/reviews/opus-review-23-p3d4c0y-execution-pass-2026-05-08.md

Verdict

P3D4C0Y PASS confirmed.

Opus review is accepted. Agent output is accepted. No supplemental P3D4C0Y work is required.

P3D4C0Y successfully converts the universal PG-to-outside signal architecture into a practical Phase 2 PoC scope plan while preserving all hard boundaries: no PG mutation, no Directus mutation, no Nuxt code, no IU runtime change, and no old IU-specific P3D4C1 resume.

Accepted technical decisions

• poc_domain=system_issues with PG inventory evidence: 8548 rows, 3-state lifecycle, severity check, existing trigger ecosystem, zero IU surface.
• registry_enforcement_mechanism=B: BEFORE INSERT trigger validates against event_type_registry.
• pending_strategy=HYBRID: one universal event_pending table with per-domain partial indexes.
• config_strategy=REUSE_DOT_CONFIG: use event.* namespace in existing dot_config; no event_config table.
• iu_compat=C-i: no dual-write, no row migration, no fn_iu_* signature/body change.
• p3d4c1_status=PAUSED_ABSORBED_INTO_UNIVERSAL.
• task_review_resolved=SEPARATED.
• dieu43_gate=ADDITIVE_ONLY.
• listen_notify_status=DEFERRED_PHASE3.
• next_required_pack=P3D4C1U_UNIVERSAL_CORE_IMPLEMENTATION_PROMPT_REVIEW.

Answers to 8 open questions

1. Approve system_issues as PoC domain?
   YES. This is the safest first PoC because it is non-IU, has real volume, has lifecycle/severity structure, and has zero IU regression surface.

2. Approve registry enforcement B vs FK A?
   YES — choose B for PoC. BEFORE INSERT validation trigger is accepted because it provides custom diagnostics and avoids DDL regeneration. P3D4C1U must ensure this trigger is lightweight and not on an AI hot path.

3. Approve HYBRID pending strategy?
   YES. One universal event_pending with per-domain partial indexes is accepted for Phase 2 PoC. It balances simplicity and query planning.

4. Approve REUSE_DOT_CONFIG?
   YES. Do not create event_config. Use namespaced dot_config keys such as event.global.* and event.system.*, after preflight confirms schema compatibility.

5. Are 4 PoC event types sufficient?
   YES for PoC. Do not seed future-domain event types yet. Register only issue_opened, issue_resolved, issue_archived, and red_zone_violation. Future domains must register their own event types in later packs.

6. Accept task/review separated rule?
   YES. review = content/decision evaluation; task = procedural/action assignment. Keep the 7-stream taxonomy unchanged for now.

7. Confirm Đ43 ADDITIVE_ONLY?
   YES with gate. Additive-only is accepted if P3D4C1U uses existing Đ43 mechanisms and does not add/change context-pack sections or build/verify machinery. If implementation prompt discovers a need to change Đ43 contract, STOP and mark NEEDS_D43_REVIEW.

8. Approve drafting P3D4C1U prompt next?
   YES. Opus should draft P3D4C1U implementation prompt for review. Do not dispatch implementation yet.

Directive to Opus — create P3D4C1U prompt, do not dispatch

Create prompt:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c1u-universal-core-implementation-prompt.md

Future report path:

knowledge/dev/laws/dieu44-trien-khai/reports/23-p3d4c1u-universal-core-implementation-report.md

P3D4C1U is an implementation prompt review. It may contain executable SQL candidates, but execution must wait for GPT/User approval.

Required P3D4C1U prompt scope

The prompt should cover:

1. Preflight / inventory

   • Verify all target objects do not already exist or are compatible/idempotent.
   • Verify system_issues schema, lifecycle CHECK, severity CHECK, PK, status/severity fields, and existing triggers.
   • Verify dot_config exists and compatible.
   • Verify pg_cron availability/installation status.
   • Snapshot existing iu_notification_* tables/functions/triggers and hashes; assert they remain unchanged after execution.
   • Verify no Directus/Nuxt mutation is needed.

2. DDL for universal core, idempotent and rollback-safe

   • event_type_registry.
   • event_outbox.
   • event_read.
   • event_subscription.
   • event_pending with HYBRID per-domain partial indexes.
   • event_worker_log.
   • Use dot_config namespaced keys; do not create event_config.

3. Registry enforcement B

   • Create lightweight fn_event_type_validate().
   • BEFORE INSERT trigger on event_outbox.
   • Validate (event_domain,event_type) exists, active, and stream matches.
   • Ensure custom errors are clear.

4. PoC seed data

   • Seed only four event types:
     • system.issue_opened;
     • system.issue_resolved;
     • system.issue_archived;
     • system.red_zone_violation.
   • Seed minimal subscriptions for sysop/health owner if safe.
   • Seed dot_config keys under event.* namespace only.

5. Capture trigger for system_issues

   • Use AFTER INSERT/UPDATE only where needed.
   • Hot path must be O(1): append to event_pending only, with at most simple row-field extraction.
   • No COUNT, JOIN, rollup, batch detection, latest_readers, vector, or derived computation.
   • Explicitly guard UPDATE trigger to fire only on status transition, not every update.
   • Clarify duplicate semantics for issue_opened vs red_zone_violation; avoid duplicate recipient noise unless justified as distinct semantics.

6. Universal worker

   • fn_event_worker_tick(p_domain text DEFAULT NULL) or equivalent.
   • PG-native, pg_cron-only.
   • Advisory lock, exception-safe unlock, worker log.
   • Process eligible event_pending rows.
   • Insert durable event_outbox rows idempotently.
   • Mark pending processed only after durable insert/conflict is accounted for.
   • Track rows eligible, emitted, conflicts, marked, errors.

7. Read/routing/projection functions/views

   • Minimal fn_event_unread / fn_event_board or equivalent for Agent SQL access.
   • Optional v_event_unified for cross-domain board, but must not alter IU functions or IU tables.
   • Directus exposure remains future DOT/read-only projection; no Directus mutation in P3D4C1U unless separately approved.

8. Payload safety

   • Enforce denylist for top-level unsafe keys.
   • payload_classification limited to approved values.
   • No body/content/raw/vector/embedding/secret/token/password/ssn/personal data.
   • Safe payload for system_issues should contain only metadata such as severity, issue code, class, count, status refs.

9. Tests

   • Deterministic tests; no wall-clock waits.
   • Registry enforcement: unknown event type rejected.
   • Payload denylist: forbidden keys rejected.
   • Capture: issue insert creates pending/event.
   • Status transition resolved/archived creates correct event.
   • Non-status update does not create event.
   • Red-zone semantics tested.
   • Worker idempotence/conflict handling tested.
   • Read state and implicit self-read tested.
   • Subscription routing tested minimally.
   • IU snapshot unchanged tested.
   • Hot path inspection proves no COUNT/JOIN/aggregation/rollup/latest_readers/vector.
   • Rollback verified or fail-path rollback tested without destructive success rollback.

10. Rollback

    • Data-safe inverse order.
    • Unschedule cron if scheduled.
    • Drop triggers/functions/tables only after checking pending/unprocessed/event data.
    • Do not delete production events silently.
    • Do not touch IU runtime.
    • No destructive rollback on success; report rollback_executed=NO_ON_SUCCESS.

Hard boundaries for Opus/Agent

• Do not dispatch implementation after drafting prompt.
• No PG mutation while drafting prompt.
• No Directus mutation.
• No Nuxt code.
• No Hermes.
• No Codex dispatch unless User explicitly asks.
• No external scheduler/tool/service.
• No event_config table unless later GPT/User explicitly overrides.
• No change to existing iu_notification_* runtime.
• No old IU-specific P3D4C1 resume.
• No body/raw payload/vector/secret/personal data exposure.
• No activity-log creep.

Required report fields for future P3D4C1U execution

The prompt should require at least:

phase_status=PASS|FAIL|CRITICAL|BLOCKED
preflight_system_issues=PASS|FAIL
preflight_dot_config=PASS|FAIL
preflight_pg_cron=AVAILABLE|INSTALLED|NOT_AVAILABLE|FAIL
preflight_iu_snapshot=PASS|FAIL
event_type_registry_created=PASS|FAIL|ALREADY_PRESENT
event_outbox_created=PASS|FAIL|ALREADY_PRESENT
event_read_created=PASS|FAIL|ALREADY_PRESENT
event_subscription_created=PASS|FAIL|ALREADY_PRESENT
event_pending_created=PASS|FAIL|ALREADY_PRESENT
event_worker_log_created=PASS|FAIL|ALREADY_PRESENT
dot_config_keys_seeded=PASS|FAIL|ALREADY_PRESENT
event_type_seed_count=4
registry_enforcement=B
registry_validate_trigger_created=PASS|FAIL
system_issues_capture_trigger_created=PASS|FAIL
hot_path_contract=O1_APPEND_ONLY
hot_path_joins=0
hot_path_aggregations=0
hot_path_rollups=0
hot_path_latest_readers=0
hot_path_vector_ops=0
worker_function_created=PASS|FAIL
pg_cron_scheduled=PASS|FAIL|SKIPPED_WITH_REASON
payload_safety_verified=PASS|FAIL
activity_log_boundary_verified=PASS|FAIL
test_registry_unknown_rejected=PASS|FAIL
test_payload_denylist_rejected=PASS|FAIL
test_issue_opened=PASS|FAIL
test_issue_resolved=PASS|FAIL
test_issue_archived=PASS|FAIL
test_non_status_update_no_event=PASS|FAIL
test_red_zone_semantics=PASS|FAIL
test_worker_idempotence=PASS|FAIL
test_read_state=PASS|FAIL
test_subscription_routing=PASS|FAIL
test_iu_runtime_unchanged=PASS|FAIL
rollback_plan=PASS|FAIL
rollback_executed=NO_ON_SUCCESS|YES_ON_FAIL|USER_APPROVED_DRILL
no_pg_unapproved_mutation=true
no_directus_mutation=true
no_nuxt_code=true
no_iu_runtime_change=true
next_required_pack=P3D4C2U_DIRECTUS_DOT_READONLY_EXPOSURE_PROMPT_REVIEW|REVISION_REQUIRED|BLOCKED

Next after Opus returns prompt

GPT/User review P3D4C1U prompt. Only after final approval may implementation be dispatched.