KB-13FC
Opus Line-by-Line Constitutional Review — B3-F1c-c Scheduler — 2026-05-13
13 min read Revision 1
p3dbirth-systemb3f1c-cschedulerreviewno-hardcodeconstitutionalline-by-line
Opus Line-by-Line Constitutional Review — B3-F1c-c Scheduler Design + Probe Prompt — 2026-05-13
Reviewer: Opus Mode: READ-ONLY review. No mutation. No execution. No Agent dispatch. Documents reviewed:
design/p3d-birth-system-b3f1c-c-directus-nuxt-dot-scheduler-design.mdprompts/p3d-birth-system-b3f1c-c-scheduler-shape-probe-and-artifact-prompt-DRAFT.mdreviews/gpt-review-b3f1c-c-scheduler-design-approved-for-probe-compile-2026-05-13.md
1. Executive verdict
APPROVED_WITH_MINOR_PATCH_RECOMMENDATIONS
No blocking violations found. Architecture and two-pass approach are constitutionally sound. GPT's 5 patches addressed the major hardcode/governance risks. However, 8 WARN items remain — mostly inconsistencies where GPT patches were applied to the prompt but design document still uses unqualified candidate values. These are fixable before Agent probe and don't require architectural changes.
2. Line-by-line findings table
| # | Document | Section / Snippet | Type | Severity | Issue | Recommended fix |
|---|---|---|---|---|---|---|
| 1 | Design | §E observability: issue_type: BIRTH_FULL_SCAN_RUN_SUMMARY |
HARD_CODE_RISK | WARN | This issue_type is stated as concrete value without candidate qualification. system_issues may use different column names or controlled vocabulary for issue types. | Mark as CANDIDATE issue_type — must be derived from live system_issues shape and existing issue conventions. Do not compile if column/vocabulary absent. |
| 2 | Design | §E observability: severity: informational and severity: critical |
NEEDS_PROBE | WARN | Severity values assumed without verifying system_issues vocabulary. The helper fn_b3f1_log_collection_onboarding_gap uses severity text parameter, but the SSOT vocabulary (informational vs info vs low) is unknown. |
Mark as candidate. Probe must discover actual severity vocabulary from existing system_issues rows. |
| 3 | Design | §E observability: entity_ref: birth_onboarding_full_scan |
NEEDS_PROBE | WARN | Column name entity_ref assumed. The helper takes 4 text params, but column mapping is not confirmed for summary-style issues. |
Mark as candidate column. Probe Phase 4 already covers this — ensure Agent checks if entity_ref column exists. |
| 4 | Design | §E observability: details: (full JSONB from function return) |
NEEDS_PROBE | WARN | Assumes system_issues has a details column of type JSONB. If it doesn't, JSONB summary cannot be stored structured. |
Add fallback: "If system_issues lacks JSONB column, store condensed summary in text description only. Mark observability as PARTIAL." |
| 5 | Prompt | §6c dot_config seed: cadence_cron = 0 */6 * * * |
INCONSISTENCY | WARN | §6b (Directus Flow seed) was patched by GPT to say "do not treat as truth, compile only as proposed reviewed candidate." But §6c (dot_config seed) states the value directly without the same qualification language. | Add: "Compile 0 */6 * * * only as a proposed candidate value. Mark as candidate_cadence_requires_review=true in both dot_config seed and report." |
| 6 | Design | §1 architecture diagram: POST → http://localhost:3000/api/birth/onboarding/full-scan |
NEEDS_PROBE | INFO | URL includes localhost:3000. Marked with "(or equivalent internal Docker URL)". The probe will resolve this, but the diagram presents localhost as primary. |
Reword to: POST → <DISCOVERED_INTERNAL_URL>/api/birth/onboarding/full-scan (candidate path — probe Phase 1 resolves actual URL) |
| 7 | Prompt | §6b Directus Flow seed: no explicit "BLOCKED if pattern undiscoverable" | AMBIGUOUS | WARN | If probe fails to discover a usable Directus Flow pattern (e.g., all scheduled flows have unusual/non-generalizable structure), the prompt doesn't explicitly say to mark the artifact as BLOCKED. Agent might compile from assumptions. | Add: "If probe cannot safely determine the Directus Flow + Operation pattern from existing scheduled flows, mark Directus Flow seed artifact as BLOCKED_PATTERN_UNDISCOVERABLE. Do not compile from assumptions." |
| 8 | Design | §5 risks: Cadence drift (dot_config vs Directus Flow) mitigation: accept simpler approach |
AMBIGUOUS | INFO | After GPT Patch 2 rejected "sync later", this risk row still says "accept simpler approach." The language is inconsistent with the patch. | Reword mitigation to: "Initial seed must derive Directus Flow cron from reviewed policy/candidate. Drift enforcement is a future health check. No unsynchronized creation allowed." |
3. Hardcode audit summary
hardcode_violations_count = 0
hardcode_risks_count = 4 (findings #1, #2, #3, #4)
ambiguous_candidate_count = 2 (findings #5, #7)
safe_candidate_count = 12+ (endpoint path, tool_name, tool_type, trigger_type, classification, flow name, method, auth — all properly marked as candidate/needs-probe)
All hardcode risks are WARN, not BLOCKER. They're unqualified candidate values that the probe will resolve. The fix is adding qualification language, not architectural change.
4. DOT governance audit
dot_governance_sufficient = true
dot_tools_required = true (GPT Patch 3 enforces this)
dot_tools_skip_allowed = false (BLOCKED_FOR_DOT_GOVERNANCE_DECISION if shape insufficient)
recurring_agent_shell_allowed = false (design uses Directus Flow → Nuxt → PG, not ad-hoc psql)
DOT governance is properly designed. The path is:
Directus Flow (scheduler mechanism, Directus-native)
→ Nuxt endpoint (application layer, code-reviewed)
→ PG function (data layer, already installed)
dot_tools = governance registry (discoverable, auditable)
dot_config = policy layer (cadence, kill switch)
No Agent shell execution in recurring path. ✅
5. Cadence audit
cadence_hardcoded_as_truth = false (after GPT Patch 1, but §6c inconsistency remains — finding #5)
candidate_cadence_handled_correctly = MOSTLY (§6b correct, §6c needs same qualification)
cadence_policy_required = true
The 0 */6 * * * value appears in these locations:
- Design §B: qualified as "candidate only" ✅
- Design §3 dot_config: uses placeholder
<approved cadence expression>✅ - Prompt §6b: qualified "do not treat as truth" ✅
- Prompt §6c: NOT qualified — states value directly ⚠️
Fix: add qualification to §6c.
6. Observability audit
durable_observability_defined = true (system_issues summary + Directus Flow log)
system_issues_shape_probe_required = true (Phase 4 in prompt covers this)
system_health_checks_not_run_table_confirmed = true
fallback_if_system_issues_lacks_jsonb = NOT_DEFINED (finding #4)
Design proposes system_issues summary with specific column names (issue_type, severity, entity_ref, description, details). After GPT Patch 4, the prompt correctly says "compile summary-write logic only if system_issues shape supports it." But the design doesn't define what happens if the shape is insufficient — fallback or BLOCKED?
Fix: add fallback in design.
7. Two-pass audit
probe_compile_only = true
execution_blocked_until_gpt_review = true
All 10 boundary checks verified:
| Check | Status |
|---|---|
| No INSERT/UPDATE/DELETE | ✅ Stated in hard boundaries |
| No DDL | ✅ Stated |
| No file creation/modification | ✅ Stated |
| No function invocation | ✅ Stated |
| No scheduler binding | ✅ Stated |
| No Directus Flow creation | ✅ Stated |
| No Nuxt endpoint creation | ✅ Stated |
| No dot_config/dot_tools mutation | ✅ Stated (implicit from "no INSERT/UPDATE/DELETE") |
| Execution waits for GPT review | ✅ Stated |
| Agent dispatch waits for user approval | ✅ Stated by GPT review |
8. Self-expanding assessment
self_expanding_ready_for_probe = true
scale_break_risks = [
"If system_issues lacks JSONB column, observability falls back to text-only (PARTIAL, not BROKEN)",
"If dot_tools has no scheduled_job precedent, governance registration may need new vocabulary (BLOCKED for decision, not skipped)",
"Dual cadence storage (dot_config + Directus Flow) has drift risk after initial seed (documented, not blocking)"
]
The design is generalizable: any future scheduled job can follow the same pattern (Directus Flow → Nuxt → PG, dot_tools registration, dot_config policy). No hidden lists, no chat memory dependency, no one-off behavior.
9. Required patches
Must patch BEFORE Agent probe (4 items)
| # | Finding | Patch |
|---|---|---|
| 5 | Prompt §6c cadence not qualified | Add: "Compile 0 */6 * * * only as proposed candidate. Mark candidate_cadence_requires_review=true." |
| 7 | Prompt §6b no BLOCKED path for undiscoverable pattern | Add: "If pattern undiscoverable, mark artifact BLOCKED_PATTERN_UNDISCOVERABLE." |
| 1 | Design §E issue_type unqualified | Add: "CANDIDATE — must derive from live system_issues conventions." |
| 4 | Design §E no fallback for missing JSONB column | Add: "If system_issues lacks JSONB column, use description text. Mark observability PARTIAL." |
Can patch AFTER probe (2 items)
| # | Finding | Patch |
|---|---|---|
| 6 | Design §1 diagram URL | Reword after probe confirms actual URL |
| 8 | Design §5 "accept simpler approach" | Reword after cadence policy is established |
Future execution prompt requirements (2 items)
| # | Requirement |
|---|---|
| 2 | Execution prompt must verify severity vocabulary matches compiled artifacts |
| 3 | Execution prompt must verify entity_ref column exists before INSERT |
10. Specific text audit (Category I)
| Literal | Occurrences | Classification |
|---|---|---|
0 */6 * * * |
Design §B, Prompt §6b, §6c | SAFE_CANDIDATE (§6b), INCONSISTENT (§6c) |
localhost |
Design §1 | NEEDS_PROBE (marked with alternative) |
http://localhost:3000 |
Design §1 | NEEDS_PROBE (marked with alternative) |
/api/birth/onboarding/full-scan |
Design §1, §C, Prompt §6a | SAFE_CANDIDATE (probe will confirm) |
birth-onboarding-full-scan |
Design §3 | SAFE_CANDIDATE (conflict check noted) |
Cấp B |
Design §3 | SAFE_CANDIDATE (qualified after GPT patch) |
scheduled_job |
Design §3 | SAFE_CANDIDATE (qualified) |
directus_flow_schedule |
Design §3 | SAFE_CANDIDATE (qualified) |
BIRTH_FULL_SCAN_RUN_SUMMARY |
Design §E | HARD_CODE_RISK → should be CANDIDATE |
informational |
Design §E | NEEDS_PROBE (severity vocabulary) |
critical |
Design §E | NEEDS_PROBE (severity vocabulary) |
system_issues |
Throughout | SAFE_REVIEWED_CONSTANT (confirmed by helper) |
dot_tools |
Throughout | SAFE_REVIEWED_CONSTANT (confirmed by probe) |
dot_config |
Throughout | SAFE_REVIEWED_CONSTANT (confirmed by policy) |
Directus-only |
Not present | SAFE (removed by GPT Patch 2) |
sync later |
Not present | SAFE (removed by GPT Patch 2) |
manual |
Design §6, Prompt rollback note | SAFE (correctly not counted as automatic) |
default |
Design §3 cadence | SAFE_CANDIDATE (qualified as candidate) |
candidate |
Throughout | SAFE (used appropriately) |
11. Final governance flags
b3f1c_c_line_review_status=APPROVED_WITH_MINOR_PATCH_RECOMMENDATIONS
hardcode_violations=0
hardcode_risks=4_WARN
ambiguous_items=2_WARN
patches_required_before_probe=4
patches_deferrable_after_probe=2
agent_probe_allowed=false_until_gpt_review
scheduler_execution_allowed=false
directus_flow_creation_allowed=false
nuxt_endpoint_creation_allowed=false
dot_config_mutation_allowed=false
dot_tools_mutation_allowed=false
b3f_complete_allowed=false
phase5c2_migration_allowed=false
next_recommended_action=GPT_REVIEW_OPUS_LINE_BY_LINE_REPORT
12. Note on scope
This review audits the DESIGN and PROBE PROMPT documents only. It does not approve Agent dispatch — that decision belongs to GPT + user after reviewing this report and deciding whether the 4 pre-probe patches should be applied first.
Opus Line-by-Line Constitutional Review | B3-F1c-c Scheduler | 2026-05-13