Incomex AI Portal
KB-F8B6

GPT Review — 23-P3D4C1U Prompt rev2

10 min read Revision 1
gpt-reviewp3d4c1urev3-requireduniversal-eventimplementationsystem-issues

GPT Review — 23-P3D4C1U Prompt rev2

Date: 2026-05-08
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c1u-universal-core-implementation-prompt.md rev2

Verdict

REV3 REQUIRED — do not dispatch rev2.

Rev2 fixes many real rev1 blockers: subscription column consistency, actual-column inventory for system_issues, stream validation, corrected stream seeds for resolved/archived, robust pg_cron preflight intent, safer search_path, idempotent trigger creation, test tagging, opt-in subscription semantics, and data-safe rollback language.

However rev2 still has several production blockers. Because this prompt will mutate PG production, these must be patched before approval.

Accepted fixes from rev2

  • Subscription naming is now consistently actor_ref.
  • event_pending naming is now consistent with capture trigger: entity_table, entity_ref.
  • Capture trigger must use actual system_issues columns from preflight.
  • Registry trigger validates event type and stream.
  • Seed streams for issue_resolved and issue_archived are corrected to update.
  • pg_cron preflight is stronger.
  • SECURITY DEFINER functions use pg_catalog, public search path.
  • Trigger creation uses drop/recreate idempotent pattern.
  • Test rows require [P3D4C1U-TEST] tagging.
  • Subscription semantics are now opt-in, no broadcast fallback.
  • Rollback explicitly protects system_issues and IU runtime.

Dispatch blockers to patch in rev3

P1 — event_outbox primary key name remains ambiguous

Rev2 says event_read should reference:

event_id REFERENCES event_outbox(id)

But upstream P3D4C0Y design used event_outbox.event_id as primary key. Rev2 Step 2B does not explicitly say whether the outbox PK is id or event_id.

Patch rev3 to choose one canonical PK and use it everywhere.

Preferred for consistency with event vocabulary:

event_outbox.event_id uuid PRIMARY KEY
event_read.event_id REFERENCES event_outbox(event_id)
event_worker/log/tests/access functions all use event_id

If Opus chooses id, then all event fields, tests and report fields must use id consistently. Do not mix.

P2 — Access functions lack fn_event_mark_read, but tests require explicit mark-read

Rev2 Step 7 defines:

  • fn_event_unread
  • fn_event_board

But T9 says “after explicit mark_read”. There is no fn_event_mark_read in the prompt.

Patch to include a minimal universal read function:

fn_event_mark_read(p_event_id uuid, p_actor text)

or a batch version if justified. It must insert/update event_read with read_status_source='explicit_read' and must be idempotent.

P3 — event_read implicit-self policy changed; require explicit justification and schema CHECK

Rev2 changes the earlier preferred computed implicit-self rule to “worker inserts explicit implicit_self row”. This can be acceptable because it is not on the AI hot path, but the prompt must make it safe and consistent:

  • event_read.read_status_source must have CHECK IN ('explicit_read','implicit_self').
  • Unique key (event_id, actor_ref) must prevent duplicates.
  • fn_event_mark_read must upgrade or leave implicit_self safely, not create duplicate rows.
  • Worker must only insert implicit-self after durable event insert/conflict is accounted for.
  • Tests must verify implicit-self row exists for creator and does not count as unread.

P4 — pg_cron DO block quoting is likely invalid

Rev2 uses nested $$:

DO $$ BEGIN
  ...
  PERFORM cron.schedule('event-worker','*/2 * * * *',$$SELECT fn_event_worker_tick()$$);
END $$;

This will likely break due to dollar-quote collision. Patch to use distinct tags, e.g.:

DO $do$
BEGIN
  ...
  PERFORM cron.schedule('event-worker','*/2 * * * *',$cmd$SELECT fn_event_worker_tick();$cmd$);
END
$do$;

Also keep duplicate job checks.

P5 — pg_cron preflight should not query cron schema before installed

Rev2 preflight includes:

SELECT has_schema_privilege(current_user, 'cron', 'USAGE');

If pg_cron is not installed and schema cron does not exist, this may error. Patch to only check cron schema privilege after confirming extension/schema exists, or wrap it safely.

P6 — red_zone_violation is active seed but deferred producer; decide active=false or remove from PoC

Rev2 seeds red_zone_violation but explicitly says it is not emitted in this trigger and is future mechanism.

This is acceptable only if it is marked inactive or clearly excluded from PoC tests; otherwise the registry contains an active event type with no producer, which may confuse routing/testing.

Patch to one of:

  • seed it with active=false and report red_zone_capture=DEFERRED_SEPARATE_MECHANISM; or
  • remove it from P3D4C1U seed and leave for future red-zone pack; or
  • implement safe O(1) emission now with de-noise semantics.

Preferred: seed red_zone_violation as active=false or remove it, unless there is a strong reason to keep it active.

P7 — event_type_seed_count and tests must match red-zone decision

If red_zone_violation remains inactive or removed, adjust report fields/tests accordingly:

  • event_type_seed_count=3_active+1_inactive or 3;
  • no test should expect red-zone event emission;
  • report must not imply four active PoC event types are all exercised.

P8 — Test cleanup via deleting system_issues may be unsafe without schema/FK review

Rev2 says cleanup may delete tagged rows from system_issues. That might be valid, but only after checking dependencies/FKs/triggers.

Patch tests to require:

  • preflight inspect FKs referencing system_issues;
  • cleanup only tagged pilot rows created in this test run;
  • if deletion is unsafe, archive/resolve tagged pilot rows and clean only universal event rows, then report retained pilot issue IDs;
  • never delete or update non-test system_issues rows.

P9 — Worker should not require grouping for null correlation_id

Rev2 says grouping by correlation_id if non-null + threshold. For system_issues, likely correlation_id is NULL. Patch worker requirements to state:

  • rows with NULL correlation_id emit one event per pending row;
  • grouping only applies to non-null correlation_id;
  • no timing-only grouping;
  • threshold does not suppress single non-correlated events.

P10 — event_subscription uniqueness with nullable fields is underspecified

Rev2 narrows to UNIQUE(actor_ref,event_domain), which works for simple PoC but may conflict with future per-event/per-stream subscriptions.

Patch to either:

  • keep Phase 2 minimal table with unique (actor_ref,event_domain) and explicitly defer finer routing; or
  • implement richer columns with a NULL-safe generated subscription key.

For PoC, minimal unique (actor_ref,event_domain) is acceptable, but the prompt must say it is Phase 2 PoC-limited.

P11 — Worker status/report fields should include inserted vs conflict counts

Rev2 says idempotent ON CONFLICT, but worker/report should still distinguish:

  • pending eligible;
  • events inserted;
  • conflicts/already-existing;
  • implicit_self rows inserted/conflicted;
  • pending marked processed;
  • errors.

Patch worker log/report fields accordingly.

P12 — Registry trigger should report expected stream in error

Rev2 trigger says unknown/inactive event. It should distinguish stream mismatch:

  • unknown domain/type;
  • inactive domain/type;
  • stream mismatch expected X got Y.

This was a rev1 requirement and helps debug future event-type errors.

P13 — Access function fn_event_board with read_count/latest_readers should be optional or clearly read-path only

This is not a dispatch blocker if implemented carefully, but to reduce risk:

  • make fn_event_unread + fn_event_mark_read mandatory;
  • make fn_event_board optional/minimal for Phase 2, or require it to be read-path only with bounded aggregation.

Do not let board aggregation enter trigger/worker path.

P14 — Report field next pack name still lacks U

Rev2 verification still says:

next_required_pack=P3D4C2_DIRECTUS_UNIVERSAL_BOARD_EXPOSURE

Patch to:

next_required_pack=P3D4C2U_DIRECTUS_DOT_READONLY_EXPOSURE_PROMPT_REVIEW|REVISION_REQUIRED|BLOCKED

P15 — Add explicit “implementation report even on FAIL/CRITICAL/BLOCKED” instruction

Patch prompt to require upload report in all outcomes, including preflight STOP, pg_cron unavailable, schema mismatch, test failure, or rollback.

Directive to Opus

Patch the prompt to rev3 at:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c1u-universal-core-implementation-prompt.md

Do not dispatch after patch. Return for GPT/User final review.

Hard boundaries unchanged

  • No PG mutation during prompt patch.
  • No Directus mutation.
  • No Nuxt code.
  • No Hermes/Codex dispatch.
  • No external scheduler/tool/service.
  • No change to existing iu_notification_* runtime.
  • No old IU-specific P3D4C1 resume.
  • No body/raw payload/vector/secret/personal data exposure.
  • No activity-log creep.

Summary

P3D4C1U rev2 is much improved but still not production-dispatch safe. Rev3 must eliminate the remaining PK/FK ambiguity, add fn_event_mark_read, fix pg_cron quoting/preflight, resolve the inactive red-zone seed issue, make test cleanup safe against FK dependencies, and align report fields with the universal branch.

Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/reviews/gpt-review-23-p3d4c1u-prompt-rev2-2026-05-08.md