Incomex AI Portal
KB-3300

GPT Governance Review — P9 Tier 2 Remediation Design

3 min read Revision 1
gptgovernancedieu38p9tier2review

GPT Governance Review — P9 Tier 2 Remediation Design

Date: 2026-04-27 Scope: Review Opus P9 Tier 2 Remediation Design v0.1.

Verdict

PASS WITH CONDITIONS. The remediation direction is generally correct, but the design must be patched before any execution prompts are written.

Required patches

  1. R1 Đ24 facets must not assume Directus API write can bypass APR. Execution must be: DOT detects missing facets → issue/APR request → User/Council approval → DOT/API write. No direct seed without approval.
  2. R2 entity_code contract must be explicit that canonical_address = entity_code is a D38-domain contract only, not a global Đ24 entity_code standard. Regex must cover ROOT and multi-child forms used in P7A/P7B, not only S...(-P...).
  3. R3 system_issues adapter must verify the actual logging function and target column before designing wrapper. Current text mentions issue_signature while Tier 1 observed coalesce_key; this must be resolved read-only before wrapper DDL design.
  4. R4 dot-dot-register v2 is directionally right, but modifying registry machinery is high-risk infrastructure work. Split it into design/dry-run first, then write/change only after separate approval. Do not register 19 DOTs until v2 dry-run proves 11-field payloads and paired DOT mapping.
  5. E phases should be reordered: E2 contract/amendment and E3 adapter verification/design should happen before any production mutation; E1 facet creation requires APR approval; E4 should be design+dry-run before registration.

Constitutional assessment

  • DOT-first principle: PASS if execution remains DOT/API-driven and not manual UI-driven.
  • Đ24: PASS with condition that FAC-07/08/09 are governed taxonomy additions, not ad-hoc labels.
  • Đ33: PASS with condition that all writes go through approved gateways and are separately authorized.
  • Đ35: PASS with condition that dot-dot-register v2 enforces 11-field payload and infer-fail blocks POST.
  • NT4: PASS with condition that alias mapping lives in config/governance, not hardcoded application logic.

Next instruction

Ask Opus to patch P9 Tier 2 v0.2 with these conditions, then stop for review. Do not write execution prompts yet.