GPT Review R3 — P9 G6 Execution Prompt v0.1
GPT Review R3 — P9 G6 Execution Prompt v0.1
Date: 2026-04-27
Scope: Review knowledge/dev/laws/dieu38-trien-khai/P9-G6-execution-prompt.md v0.1.
Verdict
PASS WITH REQUIRED PATCHES BEFORE EXECUTION GATE.
The prompt is directionally strong: it references package v0.2 as the source of truth, embeds critical pre-flight/verify/rollback SQL, includes hard exclusions, requires quote-test/5-GATE, and clearly states NOT-TO-RUN until reviewed and authorized.
However, a few items must be patched before any execution gate opens. These are execution-safety issues, not design rejection.
Evidence checked
knowledge/dev/laws/dieu38-trien-khai/P9-G6-execution-prompt.mdv0.1.knowledge/dev/laws/dieu38-trien-khai/P9-G6-dry-run-package.mdv0.2.knowledge/dev/reports/gpt-review-g6-dry-run-package-r2-2026-04-27.md.knowledge/dev/laws/dieu38-trien-khai/index.mdcurrent S184 tracking.
Law / constitutional check
| Rule | Result | Finding |
|---|---|---|
| Hiến pháp / Zero Trust | PASS with patch | Prompt is gated, but must not auto-drop pre-existing dry-run schema before review. |
| Đ33 DB governance | PASS with patch | Isolated schema DDL is acceptable after gate; connection/env/token must be resolved first. |
| Đ35 DOT governance | PASS | No dot_tools or dot_action_log mutation; markdown log only. |
| Đ32 approval discipline | PASS | G6 execution still requires explicit gate; G11 not active. |
| Đ24 | PASS | No taxonomy/entity label mutation. |
| S183 anti-patterns | PASS | Schema-qualified, no hardcoded DB user, no extension creation. |
Required bundled patches for v0.2
1. Do not auto-DROP pre-existing p9_g6_dryrun during pre-flight
Current PF-01 says if schema exists then DROP SCHEMA p9_g6_dryrun CASCADE → re-check. This contradicts the fail-stop rule and could delete evidence from a prior failed run.
Patch: if p9_g6_dryrun exists before execution, STOP + report residue. Cleanup requires a separate explicit cleanup/retry gate, unless the schema was created within the same current run and execution is already in rollback phase.
2. Resolve Open Items before execution prompt can be authorized
OI-01→OI-04 cannot remain open at execution-gate time:
- OI-01 seed manifest expected JSON must be generated and referenced.
- OI-02 required tools (
jq,rclone,sha256sum,psql,curl) must be verified or prompt must specify fail-stop if absent. - OI-03 exact
.envpath must be discovered by agent read-only or specified; do not hardcode/opt/incomex/.envas final unless verified. - OI-04 Directus admin token retrieval method must be specified as governed env/GSM path; if unavailable, STOP.
Patch prompt v0.2 to make these pre-execution requirements, not unresolved open items.
3. Fix V3 expected-error smoke test harness
The prompt currently shows raw INSERT statements expected to fail inside a transaction. With typical psql -v ON_ERROR_STOP=1, expected errors can abort the script or stop execution before ROLLBACK TO SAVEPOINT runs.
Patch: instruct agent to implement V3 using a controlled expected-error harness, e.g. PL/pgSQL DO $$ BEGIN ... EXCEPTION WHEN unique_violation THEN ... END $$; blocks, or a Python/psql wrapper that records expected SQLSTATEs without aborting the whole run. The report must capture expected SQLSTATE per test.
4. Tighten Directus/API pre-flight requirements
PF-04/PF-05 use DIRECTUS_URL and DIRECTUS_ADMIN_TOKEN; v0.2 must state exact retrieval path or fail-stop rule. Do not ask User to remember token/path manually if agent can read allowed env/GSM. User should not perform technical lookup.
5. Clarify V4-05/V4-06 schema-adaptive queries
system_issues / dot_action_log columns may differ. The prompt already says agent may adjust if columns do not exist. Patch this into a formal rule: first introspect table columns read-only, then run an adaptive no-new-G6-write query. If table/column absent, report N/A with evidence instead of failing blindly.
6. Keep DDL source-of-truth reference, but require generated script attachment/hash
The prompt correctly avoids duplicating DDL by referencing package v0.2. Add requirement: agent must produce a generated DDL bundle, compute SHA-256/hash, and include it in the action log summary. This prevents hidden drift from package to executed SQL.
Direction
Opus should patch P9-G6-execution-prompt.md to v0.2 in one bundled pass. Do not run DDL. Do not open execution gate yet.
If v0.2 resolves these six items, GPT can move directly to final gate authorization review without another broad design loop.