GPT Review — B3-F1c-H Wrapper + Row SQL Artifacts — Patch Required Before Execution — 2026-05-14

Scope reviewed

Reviewed Agent artifacts:

• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-b3f1c-h-wrapper-function.sql.md
• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-b3f1c-h-system-health-check-row.sql.md
• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-b3f1c-h-wrapper-row-rollback.sql.md
• knowledge/dev/laws/dieu44-trien-khai/artifacts/p3d-birth-b3f1c-h-on-demand-trigger-b2-plan.md
• knowledge/dev/laws/dieu44-trien-khai/reports/p3d-birth-b3f1c-h-wrapper-row-sql-artifact-report.md

Verdict

Status: PATCH_REQUIRED_BEFORE_EXECUTION

The compile artifacts are high quality and mostly accepted, but two issues must be patched before execution authorization.

Accepted parts

• Wrapper absent → CREATE FUNCTION only, no CREATE OR REPLACE.
• Scanner signature verified by metadata only; scanner not invoked.
• Wrapper is thin, reads critical_count, uses cfg.critical_threshold, does not catch EXCEPTION WHEN OTHERS, does not hardcode collections, and does not write system_issues directly.
• system_health_checks schema verified.
• Row code absent.
• Taxonomy choices are live-derived:
  • check_kind=detect_only
  • severity_on_fail=critical
  • _dot_origin=dieu35_fix25
• _dot_origin departure from design is acceptable because it follows live sibling convention and records debt.
• order_index is computed via MAX_PLUS_ONE_WITHIN_JURISDICTION.
• Rollback includes strong row/function/referrer safeguards.
• On-demand Trigger B2 correctly classifies mutation mode as INTENTIONAL_WRITE.

Issue 1 — COMMENT cannot be optional if rollback requires comment signature

Wrapper artifact currently says COMMENT ON FUNCTION is optional and separate, while rollback artifact requires:

obj_description(...) LIKE 'B3-F1c-H wrapper%'

If the comment is not executed, rollback will fail by design.

Required patch

Make COMMENT ON FUNCTION a required part of wrapper install for this artifact set, not optional.

Allowed implementation choices:

1. Put COMMENT ON FUNCTION in the same transaction after CREATE FUNCTION; or
2. Keep it as a separate transaction but mark it mandatory and execute immediately after the CREATE block in the same execution session.

The execution prompt must treat wrapper install as incomplete unless both:

• function exists, and
• comment signature exists and starts with B3-F1c-H wrapper.

Update wrapper artifact, rollback artifact if needed, and compile report.

Issue 2 — Trigger B2 plan should not call scanner twice by default

Trigger B2 plan currently allows:

SELECT public.fn_birth_onboarding_full_scan_hc('{}'::jsonb) AS hc_result;
-- Optional:
SELECT public.fn_birth_onboarding_full_scan() AS scanner_rollup;

But fn_birth_onboarding_full_scan() is an intentional-write scanner. Calling wrapper and then scanner directly may run the scanner twice and can emit duplicate or additional system_issues rows. This conflicts with the minimum-mutation principle and complicates issue deltas.

Required patch

Change Trigger B2 plan so the default approved path invokes the scanner only once.

Recommended default:

• Execute wrapper only:

SELECT public.fn_birth_onboarding_full_scan_hc('{}'::jsonb) AS hc_result;

• Capture system_issues before/after and new issue IDs.
• Do not capture raw scanner JSONB by a second invocation in the same default plan.

If full JSONB rollup is needed, define it as a separate alternative mode requiring separate explicit authorization, for example:

• Mode A: wrapper boolean validation, one scanner invocation through wrapper.
• Mode B: direct scanner rollup, one scanner invocation, bypasses wrapper threshold semantics, used only for diagnostics.

Do not include a default envelope that invokes both wrapper and scanner.

Optional hardening recommendations

These are not blockers but should be considered:

1. Wrapper Gate 2 and row Gate 2 should ideally resolve functions by exact signature via to_regprocedure('public.fn_birth_onboarding_full_scan()') and to_regprocedure('public.fn_birth_onboarding_full_scan_hc(jsonb)'), not only proname, to avoid overload ambiguity.
2. Row insert Gate 4 currently references preflight max order index 114 in a post-check. This is not unsafe, but the stronger check is to verify the inserted row's order_index equals the value returned by the insert transaction's max+1 computation, or simply verify it is greater than all pre-existing rows captured in-transaction.

Required Agent response

Patch artifacts and return:

b3f1c_h_artifact_patch_status=PASS|PARTIAL|BLOCKED
comment_mandatory_for_wrapper_install=true|false
rollback_comment_dependency_satisfied=true|false
trigger_b2_double_scanner_invocation_removed=true|false
trigger_b2_default_invokes_scanner_once=true|false
trigger_b2_direct_scanner_rollup_separate_mode=true|false
create_or_replace_used=false
scanner_invoked=false
execution_allowed=false
phase5c2_resume_allowed=false
next_recommended_action=GPT_REVIEW_PATCHED_B3F1C_H_ARTIFACTS

Governance status

b3f1c_h_sql_artifact_review_status=PATCH_REQUIRED_BEFORE_EXECUTION
wrapper_design_accepted=true
system_health_checks_row_design_accepted=true
execution_allowed=false
wrapper_create_allowed=false
system_health_checks_insert_allowed=false
on_demand_trigger_execution_allowed=false
phase5c2_resume_allowed=false
next_recommended_action=AGENT_PATCH_B3F1C_H_ARTIFACTS_COMMENT_AND_B2_SINGLE_INVOCATION