GPT Review — B3-F1a Recompiled SQL rev3 — Approved with Automation Caveat — 2026-05-13

Scope reviewed

Reviewed Opus assessment relayed by user and Agent B3-F1a rev3 report/artifacts:

• knowledge/dev/laws/dieu44-trien-khai/reports/p3d-birth-system-b3f1a-soft-gate-shape-probe-and-sql-artifact-report.md
• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-system-b3f1a-soft-gate-compiled-function.sql.md rev3
• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-system-b3f1a-soft-gate-compiled-trigger.sql.md rev3
• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-system-b3f1a-soft-gate-rollback.sql.md rev3
• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-system-b3f1a-soft-gate-full-scan-query.sql.md rev3

Related blocking review:

• knowledge/dev/laws/dieu44-trien-khai/reviews/gpt-review-b3f1a-recompiled-sql-rev2-blocked-2026-05-13.md

Verdict

Status: APPROVED_FOR_B3F1B_EXECUTION_PROMPT_DRAFT_WITH_AUTOMATION_CAVEAT

The rev3 compiled SQL artifacts are acceptable for a B3-F1b execution prompt draft. B3-F1b execution is not yet directly approved in this review; Opus must draft a B3-F1b execution prompt using the reviewed artifacts, and GPT must review that prompt before Agent execution.

Accepted rev3 fixes

1. SIBLING_OUT_OF_SCOPE is now global over non-birth_registry registry rows with physical table, not limited to BIRTH_REQUIRED ∩ IN_SCOPE.
2. COMMENT ON statements are removed from executable SQL artifacts.
3. Function resolution is strict: schema + pronargs=0 + prorettype='pg_catalog.trigger'::regtype; no silent LIMIT 1.
4. Helper-level EXCEPTION block is removed; the outer gate is the only non-blocking exception boundary.
5. CREATE FUNCTION only; no CREATE OR REPLACE.
6. Helper name is task-specific: fn_b3f1_log_collection_onboarding_gap.
7. Severity is gap-specific.
8. Trigger validation uses tgfoid and tgtype bits for ROW / AFTER / INSERT.
9. Sibling scope is read from dot_config, supports multiple entries, and does not embed the sibling collection list.
10. Rollback matches only the created gate trigger/function/helper and does not touch B3-A or policy artifacts.

Automation caveat

B3-F1b trigger installation is a soft gate for collection_registry mutations, not a complete automatic drift detector for every possible PG DDL change.

Important examples:

• If someone adds a rogue sibling trigger directly on another table through DDL, the collection_registry row-level trigger will not fire unless the corresponding registry row is inserted/updated.
• If a physical table is created/dropped without updating collection_registry, the row-level registry trigger may not fire.

Therefore, to satisfy the "hạ tầng tự mở rộng / tự động 100%" principle, B3-F1 must be treated as a hybrid path:

1. B3-F1b installs the collection_registry soft trigger.
2. B3-F1c must materialize an automatic PG-native full-scan health check / scheduled checker using the reviewed full-scan query, or another approved PG-native mechanism.

Until B3-F1c or equivalent is implemented, B3-F1b alone is not a complete automatic drift coverage system.

Required B3-F1b execution prompt constraints

Opus must draft B3-F1b execution prompt with these hard requirements:

1. Execute only the reviewed rev3 SQL for:
   • CREATE FUNCTION public.fn_b3f1_log_collection_onboarding_gap(text,text,text,text)
   • CREATE FUNCTION public.fn_collection_onboarding_soft_gate()
   • CREATE TRIGGER trg_collection_onboarding_soft_gate ...
2. No COMMENT ON execution.
3. No CREATE OR REPLACE.
4. No edits to reviewed SQL without GPT review.
5. Single transaction and advisory lock.
6. Preflight conflict check for all three objects immediately before creation:
   • gate function absent;
   • helper function absent;
   • gate trigger absent.
7. Strict dependency preflight:
   • system_issues shape still sufficient;
   • dot_config sibling policy exists and parses;
   • contract function strict resolution OK;
   • sibling functions strict resolution OK or safely skipped only per reviewed rule;
   • no out-of-scope sibling live usage.
8. In-transaction verification after CREATE:
   • helper exists with exact signature;
   • gate function exists, returns trigger, pronargs=0;
   • trigger exists on collection_registry;
   • trigger is AFTER INSERT OR UPDATE OF governance_role, coverage_status, coverage_scope_status, coverage_exemption_reason, coverage_review_owner;
   • trigger is row-level and enabled;
   • trigger binds to the reviewed gate function OID.
9. No DML smoke test unless separately approved.
10. Post-commit verification repeats object checks.
11. Rollback SQL logged and limited to the reviewed rollback artifact.
12. Execution report written to KB before final chat response.

Required next design after B3-F1b

Opus should plan B3-F1c or B3-HC automation to materialize the full-scan query into an automatic PG-native checker. This is required for full automatic drift coverage at scale.

Governance status

b3f1a_rev3_sql_review_status=APPROVED_FOR_B3F1B_EXECUTION_PROMPT_DRAFT_WITH_AUTOMATION_CAVEAT
b3f1b_execution_prompt_design_allowed=true
b3f1b_execution_allowed=false_until_prompt_review
b3f1c_full_scan_automation_required=true
hard_gate_allowed=false
phase5c2_migration_allowed=false
next_recommended_action=OPUS_DRAFT_B3F1B_EXECUTION_PROMPT_AND_B3F1C_AUTOMATION_NOTE