GPT Final Review — Trigger Guard DROP Repair Gate Option A+ v0.2
GPT Final Review — Trigger Guard DROP Repair Gate Option A+ v0.2
Date: 2026-04-28
Verdict
CONDITIONALLY READY — patch 4 small clarifications, then dispatchable.
The prompt now has the correct Option A+ path, scoped mutation, per-DB handling, smoke-test residue policy, and action-log hygiene. No law/constitution conflict detected if executed under explicit User GO.
Required final clarifications
1. Replace misleading privilege check wording
has_function_privilege(..., 'EXECUTE') does not prove ALTER/CREATE OR REPLACE permission. It only proves the role can execute the function.
Patch §1b:
- Capture
current_user/current_database. - Capture function owner.
- State: executor must be function owner, superuser, or a role with sufficient ownership/admin privileges; if not proven, STOP.
- Do not treat EXECUTE privilege as ALTER permission.
2. Do not cleanup old smoke leftovers during pre-check without explicit scope
§1e says "cleanup trước hoặc dùng timestamp khác". Cleanup is mutation and could delete artifacts from older runs without authorization.
Patch:
- If old
tg_drop_smoke_%leftovers exist before the run, STOP and report, unless they can be proven to be from the current run. Since current run has not started, prefer STOP/report. - Use a new timestamp only if no conflicting object name for this run exists.
3. Make SQL placeholder handling explicit
The smoke SQL contains <db> and <ts> placeholders. Agent must substitute them before execution, not paste raw placeholders.
Patch:
- Define concrete generated names per DB before smoke test.
- Log generated names.
- Verify no literal
<db>or<ts>remains in SQL sent to psql.
4. Add expected smoke audit row matching concrete trigger name
Current query uses LIKE '%drop_smoke%', which may match prior smoke rows.
Patch:
- Filter by exact generated trigger name or by
trigger_name LIKE '%<exact_generated_trigger_name>%'plus timestamp/order. - Record the new audit row ID.
- Do not delete the audit row.
Law / governance
- ALTER FUNCTION is DDL and requires User GO.
- Scope is limited to trigger guard infrastructure repair under Đ26/Đ31.
- No Gate B/C, seed, roles, permissions, TAC data mutation.
- No conflict with Hiến pháp if these constraints are preserved.
Direction
Opus should apply the 4 small clarifications. After that, the prompt is ready to dispatch to Claude Code via SSH contabo with medium effort. No further review is required if no scope changes are introduced.