GPT Review — P3D TAC→UI Baseline Prompt rev2 Not Approved: Residual Hardcode

Date: 2026-05-12 Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI Reviewed:

• knowledge/dev/laws/dieu44-trien-khai/prompts/p3d-pack1-tac-ui-baseline-readonly-check-prompt-DRAFT.md rev2
• knowledge/dev/laws/dieu44-trien-khai/reports/p3d-tac-ui-baseline-prompt-rev2-no-hardcode-patch-report.md
• User warning: hardcode is a systemic Opus weakness; no hardcode or disguised hardcode may remain.

Verdict

TAC→UI baseline prompt rev2 is NOT approved for Agent dispatch.

Rev2 is much better than rev1, but it still contains residual hardcode and hardcode-by-expectation. Because this prompt is specifically meant to protect existing TAC→UI runtime, it must be discovery-first at every runtime-sensitive point.

What is accepted

1. The prompt now separates scope constants from discovered values.
2. It removed the hardcoded production URL.
3. It added schema concept resolution.
4. It added join-path resolution.
5. It added dynamic publication-code audit.
6. It keeps read-only boundaries.

Blocking residual hardcode

1. Hardcoded DB connection constants

Rev2 declares:

db_container = postgres
db_user      = directus
db_name      = directus

These are runtime-sensitive values and must not be hardcoded. The prompt must discover DB access from existing environment/compose/container metadata, or report DB_CONNECTION_UNKNOWN.

Allowed:

TAC source family = target scope

Not allowed:

fixed postgres container/user/db name as execution truth

2. Hardcoded /opt/incomex discovery root

Rev2 still uses:

find /opt/incomex ...

This is an absolute path hardcode. Replace with multi-source discovery:

• running containers and mounts;
• compose project paths;
• systemd/docker metadata;
• known environment variables;
• if none found, report UNKNOWN.

Do not use a single fixed filesystem root.

3. Hardcoded repo subdir /web/

Rev2 uses:

grep ... <discovered_repo_root>/web/

The route/source directory must also be discovered. The repo may not always use /web as root. Scan discovered repo root with bounded depth and candidate route/source patterns.

4. Table names are used as schema truth

Rev2 says source_family = TAC (tac_publication, tac_logical_unit, tac_unit_version, tac_publication_member) and uses those table names directly in information_schema and SQL.

For this task, TAC family names may be the known target scope, but the prompt must still verify that each table exists before use and report TAC_TABLE_ABSENT if missing. It should not assume existence.

5. “Expected” column names create disguised hardcode

The concept table has an Expected column with values such as:

id, doc_code, publication_id, unit_version_id, render_order, parent_id, canonical_address, section_type, logical_unit_id, title, body

This is exactly the pattern that causes agents to choose from memory. Replace Expected with:

candidate labels / semantic hints

and require deterministic resolution:

0 candidate → FIELD_ABSENT
1 candidate → RESOLVED
>1 candidate → AMBIGUOUS_FIELD

6. SQL snippets still show table names and placeholders as if executable

Sections Phase 5/6 contain SQL using TAC table names directly. If retained, they must be explicitly marked:

PATTERN ONLY — agent must compile executable SQL only after table existence + concept + join resolution.

Better: require Agent to generate SQL from resolved concept map and include the compiled SQL in the report.

7. Dynamic no-hardcode audit still greps doc_code

Rev2 says:

grep -rn "doc_code.*===|doc_code.*==|..."

But doc_code is a resolved concept, not a fixed source-code variable. The audit should scan:

• live publication codes;
• resolved code concept names and aliases discovered in source;
• hardcoded literal publication codes;
• branch patterns around publication-code variables.

Do not hardcode doc_code in the audit.

Required next action

Patch rev2 → rev3.

Open:

P3D_TAC_UI_BASELINE_PROMPT_REV3_ZERO_RESIDUAL_HARDCODE

Required rev3 principles

1. DB connection discovered, not hardcoded.
2. Filesystem roots discovered, not fixed to /opt/incomex.
3. Source/route directory discovered, not fixed to /web.
4. TAC table existence verified before use.
5. Concept table uses candidate labels, not expected exact field names.
6. Executable SQL is generated only after resolution.
7. Dynamic code audit does not hardcode doc_code.
8. If any runtime-critical discovery is UNKNOWN, report UNKNOWN/PARTIAL; do not guess.

Status

baseline_prompt_rev2=NOT_APPROVED_FOR_DISPATCH
reason=residual_runtime_hardcode_and_expected_column_bias
phase5c2_migration_allowed=false
ui_cutover_allowed=false
agent_dispatch_allowed=false
next_action=OPUS_PATCH_TAC_UI_BASELINE_PROMPT_REV3_ZERO_RESIDUAL_HARDCODE