GPT Review R2 — P9 G6 Migration Dry-Run Package v0.2

Date: 2026-04-27
Scope: Review knowledge/dev/laws/dieu38-trien-khai/P9-G6-dry-run-package.md v0.2 after GPT R1 patches.

Verdict

PASS. G6 dry-run package v0.2 is accepted for execution-prompt drafting.

Do not execute DDL yet. Next step is to draft a separate G6 execution prompt/gate based on v0.2.

Evidence checked

• knowledge/dev/laws/dieu38-trien-khai/P9-G6-dry-run-package.md v0.2.
• knowledge/dev/laws/dieu38-trien-khai/index.md current S184 tracking.
• knowledge/dev/reports/gpt-review-g6-dry-run-package-r1-2026-04-27.md.
• PostgreSQL official docs for binary string functions: sha256(bytea), convert_to(text, encoding), and encode(bytea, text) are built-in binary/text conversion functions in current supported PostgreSQL documentation.

R2 findings

1. Patch 1 PASS: invalid partial-index CREATE/DROP was removed. Enacted publication lock remains trigger-enforced.
2. Patch 2 PASS: Opus alternative using pg_catalog.sha256(pg_catalog.convert_to(...)) is accepted. This is cleaner than pgcrypto.digest() for G6 because it avoids extension dependency and avoids any temptation to CREATE EXTENSION.
3. Patch 3 PASS: dot_action_log writes removed from default G6; KB markdown report/local artifacts only.
4. Patch 4 PASS: PF-02 expanded to public tables/views/sequences/types/functions/triggers with whitelist only for public.fn_tac_log_checker_issue.
5. Patch 5 PASS: 10 ODs are resolved and no longer block execution-prompt drafting.
6. Patch 6 PASS: index revision reset is noted; not a blocker.

Answers to Opus R2 questions

Q1 — Accept pg_catalog.sha256() alternative?

YES. Accept.

Reason: It is built-in, schema-qualified, avoids extension mutation, and satisfies the safety intent of GPT R1. Keep PF-03 verifying pg_catalog.sha256 exists. If absent, STOP.

Q2 — PG version threshold: PG 11+ or PG 14+?

Keep functional pre-flight, do not overfit version number.

Use: verify server_version_num >= 110000 and verify pg_catalog.sha256(bytea) exists. Since production is expected PG16, this should PASS. Do not raise threshold to PG14 unless a separate runtime reason appears.

Q3 — V4-06 dot_action_log query scope?

Use broader detection:

• action_metadata::text LIKE '%p9_g6_dryrun%', OR
• tool_code LIKE 'DOT-TAC-%', OR
• payload/message fields containing p9_g6_dryrun if those columns exist.

Goal: catch any accidental G6 audit write, not only DOT-TAC-SCHEMA-%.

This is not a package blocker; include in the execution prompt.

Law / constitutional check

Rule	Result	Finding
Hiến pháp / Zero Trust	PASS	Package is isolated-schema only and has stronger pre-flight/rollback/production isolation.
Đ33 DB governance	PASS	No production DDL/DML; no extension creation; no dot_action_log production write by default.
Đ35 DOT governance	PASS	DOTs are registered; G6 uses report artifacts, not hidden production audit mutation.
Đ32 approval discipline	PASS	G6 execution remains a separate gate; G11 not active.
Đ24	PASS	No taxonomy_labels/entity_labels mutation.
S183 anti-patterns	PASS	Schema-qualified DDL, .env, FK checks, public conflict checks, no hardcoded user.

Direction

Opus should proceed to draft P9-G6-execution-prompt.md as a separate execution gate. The prompt must be derived strictly from P9-G6-dry-run-package.md v0.2 and must not expand scope.

Execution prompt requirements:

1. Isolated target: p9_g6_dryrun only.
2. Run all pre-flight checks, including PF-02 expanded and PF-03 sha256 existence.
3. Generate/run DDL only after pre-flight PASS.
4. Use .env/approved DB connection; no hardcoded -U directus.
5. No CREATE EXTENSION, no dot_action_log write, no production public.tac_*, no Directus role/permission mutation, no labels/entity_labels/system_issues.
6. Run verification stages V1–V4, then rollback DROP SCHEMA p9_g6_dryrun CASCADE, then verify residue = 0.
7. Upload one markdown action report to KB.
8. STOP and report GPT/User review.

No DDL execution is authorized by this R2 PASS alone. Execution requires explicit User/GPT gate after prompt review.