GPT Review R1 — P9 G6 Migration Dry-Run Package v0.1
GPT Review R1 — P9 G6 Migration Dry-Run Package v0.1
Date: 2026-04-27
Scope: Review knowledge/dev/laws/dieu38-trien-khai/P9-G6-source-extraction-note.md rev 1, P9-G6-dry-run-package.md rev 1, and index.md rev 40.
Verdict
PASS WITH REQUIRED PATCHES BEFORE EXECUTION GATE.
The G6 source extraction and dry-run package are strong and directionally correct: they use an isolated schema, keep production locked, identify 14 tables, include seed/verification/rollback, apply S183 anti-pattern lessons, and clearly separate package review from execution. No DDL/DML has been run.
However, v0.1 must be patched before any execution prompt is authored because there are a few issues that would either cause dry-run failure or create governance ambiguity.
Evidence checked
knowledge/dev/laws/dieu38-trien-khai/P9-G6-source-extraction-note.mdrev 1.knowledge/dev/laws/dieu38-trien-khai/P9-G6-dry-run-package.mdrev 1.knowledge/dev/laws/dieu38-trien-khai/index.mdrev 40.knowledge/dev/reports/gpt-review-tier3-readiness-package-2026-04-27.md.
Law / constitutional check
| Rule | Result | Finding |
|---|---|---|
| Hiến pháp / Zero Trust | PASS with patch | Design is isolated, but invalid DDL fragments and unresolved extension handling must be fixed before execution. |
| Đ33 DB/API governance | PASS with patch | Isolated schema dry-run is acceptable; production dot_action_log writes and CREATE EXTENSION need scope clarification. |
| Đ35 DOT governance | PASS with patch | DOTs are registered; execution log path must not silently mutate production audit tables unless explicitly gated. |
| Đ32 approval discipline | PASS | G11 not active; G6 execution remains gated. |
| Đ24 | PASS | No label/entity_label mutation. |
| S183 anti-patterns | PASS | schema-qualified, .env, FK pre-check all included. |
Required bundled patches for v0.2
1. Remove invalid partial-index DDL entirely
P9-G6-dry-run-package.md §5.5 currently contains a CREATE INDEX ... WHERE EXISTS (...) followed by DROP INDEX. PostgreSQL does not allow subqueries in partial-index predicates, so the dry-run will fail before the DROP statement.
Patch: remove both the invalid CREATE INDEX idx_tac_pm_pub_enacted ... WHERE EXISTS (...) and the subsequent DROP INDEX. Keep a short note: partial publication-member enacted optimization is deferred; enforcement is via trigger. This is a blocker before execution.
2. Clarify pgcrypto / digest() handling without unsafe extension mutation
fn_tac_uv_compute_derived() uses digest(). With SET search_path = p9_g6_dryrun, pg_catalog, an extension function installed in public may not be found unqualified. Also, CREATE EXTENSION IF NOT EXISTS pgcrypto is database-level mutation and must not be silently performed if extension is absent.
Patch one of these safe paths:
- Preferred: pre-flight verifies
pgcryptoexists and records the schema ofdigest(bytea/text, text), then the function uses a schema-qualified call such as<ext_schema>.digest(...)in generated DDL. - If
pgcryptois absent: STOP and report blocker; do not auto-create the extension inside G6 unless a separate gate authorizes it.
3. Remove production dot_action_log writes from G6 scope unless separately gated
The package says action log markdown + dot_action_log entries. If dot_action_log is a production table, writing to it is a production mutation outside the isolated schema and should not be implied by G6.
Patch: G6 v0.2 should use KB markdown report and local execution artifacts only. If a governed audit table write is legally required, make it a separate explicit gate. Do not include dot_action_log writes in the default G6 execution scope.
4. Tighten pre-flight conflict checks for existing public.tac_*
PF-02 currently expects production public.tac_* count = 0. Good. Also ensure the pre-flight checks include functions, triggers, sequences, types, and views with tac_ names in public, not only tables/functions. If any exist, STOP and report.
5. Resolve Open Decisions in v0.2, do not leave them pending for execution
GPT decisions:
| OD | Decision |
|---|---|
| OD-G6-01 function body | Accept “skeleton + behavior-critical logic” as in v0.1; no full behavior test beyond V3 smoke. |
| OD-G6-02 seed | Accept full seed plan with 61 rows. |
| OD-G6-03 constraint smoke | Accept exist checks + violation smoke tests. |
| OD-G6-04 rollback verify | Accept both DROP CASCADE + residue checks. |
| OD-G6-05 action log | Use KB markdown report only for default G6; no production dot_action_log write unless separately gated. |
| OD-G6-06 agent | Accept Claude CLI / Claude Code style agent for DDL execution; Opus orchestrates. |
| OD-G6-07 pgcrypto | Verify existing extension + schema-qualified digest; if absent STOP, no auto-create. |
| OD-G6-08 partial index | Remove invalid CREATE/DROP entirely. |
| OD-G6-09 connection user | Use .env and verify allowed DB actor; do not hardcode workflow_admin as the only acceptable user unless the current env confirms it. |
| OD-G6-10 run timing | Off-peak preferred, but not required for empty isolated-schema dry-run if backup/pre-flight pass. |
6. Fix index revision note if needed
Index content says rev 40 but metadata revision restarted at 1 after delete/re-upload. This is not a blocker, but future handoff should treat the document content status as authoritative and avoid delete/recreate unless necessary. Prefer update/upsert preserving history when possible.
Direction
Opus should patch G6 package to v0.2 in one bundled pass:
- Patch
P9-G6-dry-run-package.mdwith the six items above. - Patch
P9-G6-source-extraction-note.mdonly if needed to align OD decisions and pgcrypto/action-log scope. - Keep package doc/design only; do not run DDL.
- Report back once with v0.2 paths/revisions and a concise summary of changes.
If v0.2 resolves these blockers, GPT can move directly to execution prompt review without another broad design loop.