GPT Review — 23-P3D4C1U Prompt rev6

Date: 2026-05-08
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c1u-universal-core-implementation-prompt.md rev6

Verdict

REV7 REQUIRED — narrow production-safety patch. Do not dispatch rev6.

Rev6 is now architecturally correct and much simpler: immediate-only PoC, no worker, no pg_cron, no polling, deferred board, minimal access functions. This is the right direction.

However, one critical idempotency issue remains and would break the duplicate-prevention guarantee.

Accepted in rev6

• Hybrid model retained: immediate lane now, delayed lane later.
• system_issues PoC is immediate-only.
• No pg_cron install/query/schedule.
• Worker function is deferred.
• fn_event_board is deferred.
• Registry validates delivery_lane.
• Test tag field is discovered from inventory, not hardcoded.
• PoC footprint is small: 5 tables + 2 triggers + 2 access functions.
• IU runtime remains protected.
• This is now aligned with the principle: simplest sufficient reliable mechanism first.

Dispatch blocker

P1 — Idempotency index includes occurred_at, so it does not prevent duplicates

Rev6 defines:

CREATE UNIQUE INDEX IF NOT EXISTS idx_event_outbox_idempotent
  ON event_outbox (event_domain, event_type, event_subject_ref, occurred_at)
  WHERE correlation_id IS NULL;

This will not prevent duplicate trigger/retry events because occurred_at is set to now() and will differ across retries. Therefore the same issue/event can be inserted repeatedly without conflict.

Patch rev7 to use a deterministic idempotency key for immediate events.

Preferred for this PoC:

CREATE UNIQUE INDEX IF NOT EXISTS uq_event_outbox_immediate_subject
  ON event_outbox (event_domain, event_type, event_subject_table, event_subject_ref)
  WHERE delivery_lane = 'immediate' AND correlation_id IS NULL;

Then the trigger can safely use:

ON CONFLICT ON CONSTRAINT <constraint_name> ...

or, for a unique index, use a conflict target matching the indexed columns and predicate if valid in the final SQL. If Postgres syntax becomes awkward with a partial unique index, Agent may use one of these safer patterns:

1. use a named UNIQUE constraint without partial predicate if acceptable for PoC; or
2. use INSERT ... ON CONFLICT DO NOTHING RETURNING id, then SELECT existing id by deterministic key if v_eid IS NULL; or
3. use an explicit helper function to fetch-or-create event id atomically.

The implementation prompt must require that duplicate/retry trigger execution produces exactly one durable event row for:

(event_domain, event_type, event_subject_table, event_subject_ref)

for immediate PoC events.

P2 — Implicit self-read must also work on conflict

Rev6 currently inserts implicit-self only if RETURNING id returns a new event id. If an event already exists due to idempotency conflict, the implicit self-read may be missing.

Patch rev7:

• if insert creates a new event, use returned id;
• if conflict/no returned id, SELECT existing event id using deterministic idempotency key;
• insert implicit-self read using that event id;
• still keep the operation O(1), with at most one deterministic indexed SELECT after conflict.

This is acceptable because it is only a PK/unique-index lookup and not COUNT/JOIN/aggregation/rollup.

P3 — Test T6 must specifically prove idempotency with different occurred_at attempts

Update tests:

• fire duplicate/retry scenario where occurred_at would differ;
• assert only one event row exists for (domain,type,subject_table,subject_ref);
• assert implicit-self read exists after duplicate/retry.

P4 — Rollback code still shows unconditional DROP after guard comments

Rev6 is better, but the rollback section still displays DROP statements directly after comments. Patch language to ensure execution agent cannot run them unguarded:

• put destructive DROP statements under an explicit conditional/manual block;
• require report of non_test_event_count before any drop;
• on PASS, do not execute rollback;
• on FAIL, only cleanup objects if all rows are test-tagged/empty or User-approved.

This can be a wording patch; do not redesign.

Directive to Opus

Patch the prompt to rev7 at:

knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3d4c1u-universal-core-implementation-prompt.md

Patch narrowly:

1. Fix immediate-event idempotency key by removing occurred_at from uniqueness.
2. Ensure implicit self-read works whether event was newly inserted or already existed.
3. Strengthen the idempotency test.
4. Make rollback guard wording impossible to misread as unconditional.

Do not reopen worker/cron/board design. Do not dispatch after patch. Return for GPT/User final review.

Hard boundaries unchanged

• No PG mutation during prompt patch.
• No Directus mutation.
• No Nuxt code.
• No Hermes/Codex dispatch.
• No external scheduler/tool/service.
• No pg_cron install/schedule for immediate-only PoC.
• No worker function in PoC.
• No fn_event_board in PoC.
• No change to existing iu_notification_* runtime.
• No body/raw payload/vector/secret/personal data exposure.
• No activity-log creep.

Operating lesson

Rev6 correctly reduced complexity. The remaining fix is not architectural; it is a concrete correctness guard. Simplicity still needs deterministic idempotency.