GPT Review — 24-P3B-FU Invariant Prompt rev2

Date: 2026-05-07
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/24-p3bfu-generalize-iu-invariant-prompt.md rev2
Related failure: knowledge/dev/laws/dieu44-trien-khai/reports/23-p3c2-iu-apply-edit-functions-report.md

Verdict

Root cause accepted. P3B-FU direction accepted. Rev3 required before dispatch.

Agent diagnosed the P3C2 failure correctly, and Opus correctly identified and fixed the rev1 heredoc/psql-variable problems. Rev2 is close, but because this replaces a core invariant function, it should be made more atomic before execution.

Accepted findings

P3C2 did not fail because of the P3C2 prompt logic. It failed because the installed fn_iu_verify_invariants(text) was still birth-oriented:

• it checked i3_anchors_exact against version_seq=1;
• after a real edit/apply, IU anchors move to the new UV, e.g. seq=2;
• therefore i3_anchors_exact=false after any successful apply;
• fn_iu_apply_edit_draft correctly raised exception on invariant failure;
• the transaction rolled back and P3C2 tests failed.

The intended correction is semantically right:

• v_uv_current = UV pointed to by information_unit.version_anchor_ref, used by i3_anchors_exact;
• v_uv_birth = version_seq=1, still used for birth checks i4/i5.

Accepted Opus rev2 fixes

Opus correctly fixed rev1’s two serious execution bugs:

1. Removed the conflicting two-variant function patch block.
2. Used quoted heredoc <<'FNSQL' so $fn$ and $$ are not destroyed by shell expansion.
3. Used psql -v pilot_addr + set_config(...) so the inline DO assertion can read the pilot address.
4. Tightened the T9 source marker regex.

Required rev3 fixes

P1 — Make the transaction assertion stronger before COMMIT

Rev2 only asserts one pilot inside the transaction. Then it commits and runs broader tests. If a post-commit test fails, the bad invariant function may remain installed because there is no automatic revert.

Patch §2 so the transaction performs the most important checks before COMMIT, inside the same transaction after CREATE OR REPLACE FUNCTION:

1. pilot all_pass=true;
2. all existing IUs all_pass=true;
3. invalid input returns invalid_input;
4. bogus address returns not_found;
5. source markers exist: version_anchor_ref, version_seq=1, birth_registry.

If any of those fail, RAISE EXCEPTION and the transaction rolls back to the old function body.

Keep the post-commit tests as independent evidence, but do not rely on them as the first line of safety.

P2 — T6 must verify search_path/config unchanged, not only contains pg_catalog

Rev2 claims owner/SECDEF/search_path unchanged, but T6 only checks pg_catalog appears.

Patch T6:

• compare OWN_A = INV_BEFORE_OWNER;
• compare SD_A = INV_BEFORE_SECDEF and require t;
• compare PC_A = INV_BEFORE_CONFIG exactly, or if Opus believes PG normalizes spacing differently, then compare normalized proconfig values using SQL before/after.

Do not report “unchanged” unless it is actually checked.

P3 — Capture full pre-function DDL for emergency restore evidence

Even with stronger transaction assertion, capture the full pre-image:

SELECT pg_get_functiondef(to_regprocedure('public.fn_iu_verify_invariants(text)'));

Store it in the log/report or a temp file path. This is not for automatic rollback, but it gives a deterministic restore path if a later non-transactional issue is discovered.

Report:

• pre_function_ddl_backup=<path or included in log>

P4 — Make post-commit T2 all-IU failure print the failing addresses

Current T2 only prints a count. If it fails, debugging will require a new query.

Patch T2 to also print up to 10 failing canonical addresses and their invariant JSON.

P5 — Correct final wording: after PASS, re-run P3C2 rev7

Use a precise next pack field:

next_required_pack=23-P3C2_RE_RUN_AFTER_INVARIANT_GENERALIZED
p3c2_prompt=knowledge/dev/laws/dieu44-trien-khai/prompts/23-p3c2-iu-apply-edit-functions-prompt.md

This avoids ambiguity because P3C2 already has several historical revisions.

Directive to Opus

Patch P3B-FU prompt to rev3 with P1–P5.

Path:

knowledge/dev/laws/dieu44-trien-khai/prompts/24-p3bfu-generalize-iu-invariant-prompt.md

Do not dispatch after patch. Return for GPT/User final review.

Hard boundaries remain

• No dispatch.
• No table DDL.
• No trigger/gateway changes.
• No IU/UV/draft/comment writes.
• No vector mutation.
• No notification implementation.
• No cleanup.
• Only fn_iu_verify_invariants(text) may be replaced.

Summary

The fix is conceptually right and necessary. But replacing a core invariant checker must be as atomic as possible. Rev3 should move the broad safety assertions into the same transaction before COMMIT, verify search_path/config truly unchanged, and capture the old function DDL for emergency restore evidence. After P3B-FU PASS, re-run P3C2 rev7.