GPT Review — P3D4C2U Resume Notification Display Prompt rev1

Date: 2026-05-10
Reviewer: GPT-5.5 Thinking / Incomex Hội đồng AI
Reviewed: knowledge/dev/laws/dieu44-trien-khai/prompts/p3d4c2u-resume-notification-display-prompt-review.md rev1

Verdict

REV2 REQUIRED — small precision patch before dispatch.

The prompt is correctly scoped: one registry-row publish plus route smoke, no Nuxt code, no deploy, no PG schema changes, no permission widening, no P3D/TAC resume. The four Opus bonuses are valuable and accepted.

However, a few checks are too brittle or slightly imprecise for production. Patch rev2 narrowly, then return for GPT/User review.

Accepted parts

• Scope is correct: finish notification display checkpoint only.
• Mutation is correctly limited to one row status update.
• DOT/API/PG priority is accepted.
• Idempotency case is accepted.
• Pre/post row capture is accepted.
• Unsafe-field critical check is accepted.
• Failure routing with FAIL_CRITICAL_SECURITY is accepted.
• No deploy / no Nuxt code / no bespoke page / no event core changes is correct.

Required rev2 patches

P1 — Do not require literal DirectusTable marker in SSR HTML

Phase 2C currently expects:

HAS_DIRECTUS_TABLE_MOUNT=true

using body grep for DirectusTable|directus-table|registry-table.

This may false-fail because Nuxt SSR/client hydration may not expose component names in rendered HTML. The route may be valid even if the literal component marker is absent.

Patch success criteria:

• HTTP 200 is primary route success.
• Generated-map resolution should be verified separately via source/artifact/preflight (event_outbox token exists) and route path not 404.
• Body checks should be soft signals, not hard fail, except unsafe-field leak.

Replace:

HAS_DIRECTUS_TABLE_MOUNT must be true
HAS_EVENT_OUTBOX_TOKEN must be true

with:

route_http_status=200 required
unsafe_fields_absent=true required
render_signal_present=true|false informational
empty_or_data_state_detected=true|false informational

If route returns 200 but body markers are inconclusive, classify:

notification_display_smoke=PASS_HTTP_ONLY_WITH_INCONCLUSIVE_MARKERS

not failure. This prevents false negatives due to SSR/client rendering.

P2 — Do not claim notification_display=resumed as a separate state unless a real field exists

The prompt uses:

notification_display=paused/resumed

This is useful shorthand but may imply an actual persisted state. In this pack, the only intended mutation is:

table_registry.tbl_event_outbox.status: draft → published

Patch wording:

• Use notification_display_checkpoint=unblocked|not_unblocked.
• Use tbl_event_outbox.status=published as the actual persisted state.
• Do not instruct Agent to mutate any notification_display field unless it exists and was explicitly authorized. No such mutation is authorized.

P3 — Directus permission preflight should not assume permission_id is a column on table_registry

Phase 0C asks Directus API:

/items/table_registry/21?fields=id,collection,status,permission_id

But earlier evidence treats Directus permission id=1483 as a separate permission artifact, not necessarily a table_registry.permission_id column. The registry row may not have permission_id.

Patch:

• In 0C, fetch only live registry fields known to exist from table_registry schema or use fields=* if safe and response is not printed.
• If permission_id column exists, capture it; if absent, do not fail.
• In 0D, verify permission id=1483 separately via Directus permissions endpoint.
• Post-mutation side-effect check should verify unchanged registry fields that actually exist, and verify permission 1483 separately still unchanged.

Report:

registry_permission_id_column_exists=true|false
permission_1483_verified_separately=true

P4 — Unsafe field denylist must use actual known unsafe fields from P3D4C2U Option D

Phase 0D/2C lists examples like payload_raw|internal_secret|admin_only. Earlier P3D4C2U evidence specifically used:

safe_payload
correlation_id
causation_id
payload
body
raw_payload
vector
embedding
secret
token
password
ssn
personal_data

Patch the denylist to include these known fields. Examples are acceptable, but the smoke must at least check the three proven unsafe fields:

safe_payload
correlation_id
causation_id

Report fields:

unsafe_fields_checked=safe_payload,correlation_id,causation_id,...
unsafe_fields_detected=[]

P5 — PG accessibility check should be read-only and resilient to container/db naming

Phase 0I uses:

docker exec postgres psql -U directus -d directus -c "SELECT count(*) FROM event_outbox LIMIT 1;"

This may fail due to container name, DB name, or auth assumptions. This check is not essential for publishing table_registry row because event core was already verified earlier and Directus collection exists.

Patch:

• Make Phase 0I optional read-only sanity, not hard blocker unless clear evidence of event core regression.
• Prefer Directus API /items/event_outbox?limit=1&fields=id with existing permission/admin read, or a known working PG invocation from prior Agent reports.
• If PG/Directus read cannot be performed safely, report event_outbox_data_access_check=SKIPPED_NO_SAFE_METHOD and continue, as long as Directus collection/permission and registry row preflight pass.

P6 — DOT discovery should not block if no DOT publish tool exists

Phase 0J is good, but the prompt should explicitly state:

dot_tool_for_publish_found=false is not failure.

If no DOT tool exists, fallback to Directus Items API is acceptable because this is a one-row table_registry update and the prompt declares the fallback.

P7 — Rollback should not be attempted automatically even on side-effect mismatch

Phase 1C says if mismatch after mutation:

attempt rollback row to status=draft

This conflicts with NO_AUTO_ROLLBACK inherited principle. Patch:

• If side-effect detected, STOP and report rollback recommendation.
• Do not execute rollback unless User provides explicit rollback phrase.
• Keep rollback phrase section as separate authorization.

P8 — Route smoke should include Directus field-level API check as stronger security proof

HTML grep alone may not prove field permission. Add a read-only API check using intended/public role if available:

GET /items/event_outbox?limit=1&fields=safe_payload
GET /items/event_outbox?limit=1&fields=correlation_id
GET /items/event_outbox?limit=1&fields=causation_id

Expected: 403 or denied/field not allowed for intended role.

If public role cannot be used safely, keep the existing permission metadata check and report runtime_field_deny_smoke=SKIPPED_NO_PUBLIC_TOKEN, not failure.

P9 — Result naming should distinguish “publish succeeded but HTML markers inconclusive”

Add status:

PASS_ROUTE_HTTP_ONLY

or:

PASS_HTTP_ONLY_WITH_INCONCLUSIVE_MARKERS

Route 200 + permission-safe + registry published should be enough to proceed, even if HTML body marker grep is inconclusive.

P10 — Header should call this a dispatch-ready prompt only after rev2 review

Update header to:

Rev: 2 | REVIEW DRAFT | Precision patch for SSR marker, permission column, unsafe denylist, rollback authorization

Directive to Opus

Patch prompt rev2 at:

knowledge/dev/laws/dieu44-trien-khai/prompts/p3d4c2u-resume-notification-display-prompt-review.md

Patch narrowly. Do not dispatch after patch. Return for GPT/User review.

Current status

p3d_resume_prompt_current_rev=1
p3d_resume_prompt_rev2_required=true
agent_dispatch_allowed=false
D28_chain_status=PASS
production_image=nuxt-ssr-local:d2db418
tbl_event_outbox.status=draft
notification_display_checkpoint=paused/unblocked_pending

Final status

opus_review=ACCEPTED_WITH_PATCHES
next_action=OPUS_PATCH_P3D4C2U_RESUME_PROMPT_REV2