GPT Review — IU-0 Pack 2A Governance Cleanup Execution Pack

Date: 2026-05-04 Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI Reviewed file: knowledge/dev/laws/dieu44-trien-khai/design/11-iu0-pack2-option-a-governance-cleanup-execution-pack.md rev 1

Verdict

PASS DIRECTION, PATCH BEFORE DISPATCH.

Opus correctly implemented the main architecture: discovery first, write later, STOP conditions explicit, no DDL, no IU production rows, no CRUD/outbox/Qdrant/Directus exposure. This matches Pack 2 Option A and Điều 20.

However, before dispatching Claude Code, file 11 needs one compact rev2 patch to remove ambiguity in runtime SQL and verify/rollback. Do not split into many microtasks.

Law / Constitution check

No blocker conflict found, if patched as below.

• Hiến pháp NT1 / SSOT: file 11 uses runtime PG discovery as source of truth. Good.
• Hiến pháp NT9 / Không chắc = sai: discovery-first and STOP conditions satisfy this. Needs patch to prevent placeholder SQL from becoming improvised execution.
• Hiến pháp NT13 / PG First: PG catalog/function/body inspection is correct.
• Điều 20: file 11 is a technical execution pack with non-goals, discovery, stop, rollback, verify, report. Good.
• Đ4 Birth: no IU rows allowed, so no production birth risk.
• Đ7 / Đ8: metadata/dependency discovery before registration is correct.
• Đ10–13: collection_registry readiness is appropriate, but must be verified as catalog only, not Directus exposure.
• Đ14: duplicate checks are present. Good, but duplicate should become SKIP/REPORT for exact existing intended rows, not necessarily global failure, if convention shows rows are already correct.
• Đ44: keeps IU path, no CRUD/vector. Good.

Required patch rev2

Patch file 11 once with these changes:

1. Add Điều 20 explicitly to §2 Inputs.

2. Fix D1 function inspection SQL. Current query compares proname against evtfoid::regproc::text, which can fail or miss schema-qualified names. Use OID join and pg_get_functiondef:

SELECT e.evtname,
       e.evtevent,
       e.evtfoid::regproc AS function_name,
       pg_get_functiondef(e.evtfoid) AS function_def
FROM pg_event_trigger e;

3. Add a pre-write review gate: after discovery, Claude Code must print exact proposed SQL for W1/W2 in the report/checkpoint. If exact SQL cannot be derived safely from discovered schema/convention, STOP. No placeholder SQL may be executed.

4. Wrap every write in an explicit transaction:

BEGIN;
-- duplicate check again
-- INSERT/UPDATE metadata
-- verify expected rows
COMMIT;

If verify fails, ROLLBACK.

5. Make rollback safer. Rollback must delete only rows inserted by this run. If registry schema has _dot_origin, description, metadata, or similar marker column, use marker iu0_pack2a_20260504. If no safe marker exists, Claude Code must record exact inserted rows and rollback by primary key. If neither is possible, STOP before write.

6. Clarify duplicate behavior:

   • If exact intended registration already exists and is correct → SKIP write, report PASS/SKIPPED.
   • If conflicting duplicate exists → STOP.

7. Strengthen Directus exposure verification. Add read-only check for Directus-managed collection registry if present, e.g. inspect whether directus_collections exists and whether information_unit / unit_version were added. Expected: no new Directus exposure.

8. Clarify hard boundary wording: “Không mở Pack 2B/2C execution” instead of “Không mở Pack 2 execution,” because Option A execution is the current intended package after approval.

9. Add report requirement: include all discovered schemas/function definitions enough for GPT to verify, but avoid dumping secrets if any appear.

Directive to Opus

Patch file 11 to rev2 with the above changes. Do not dispatch Claude Code yet. After upload, report: rev number, list of patch items applied, and whether any item could not be applied.

After rev2 PASS, GPT/User can approve dispatch of Claude Code for Pack 2A Option A. After execution report PASS, the next design package will be Pack 2B Minimal CRUD Pilot.