GPT Review — Gate A Production DDL Execution Prompt v0.2

Date: 2026-04-28

Verdict

NOT READY for execution; PASS directionally with required v0.3 patches.

The v0.2 prompt correctly fixes the five major v0.1 risks: no blind sed, DML denylist, rollback catalog verification, psql output as informational, and function signature verification. However, a few production-execution details still need tightening before User GO.

Required patches for v0.3

1. DML denylist must not false-positive on PL/pgSQL function bodies

Current grep checks scan the whole SQL file. That is acceptable only if the six function bodies do not contain internal DML. Before execution, v0.3 must clarify:

• Gate A file may contain DDL statements and PL/pgSQL function bodies.
• Denylist target is top-level DML outside CREATE FUNCTION bodies.
• Agent must report any DML-looking token found with line/context and classify whether it is top-level DML or inside function/comment.
• If top-level DML exists → STOP.

This prevents both false-positive aborts and accidental top-level seed execution.

2. Directus health check should be robust and token-safe

Current P5 uses a direct curl to /api/server/health. v0.3 should state:

• Prefer known safe endpoint used in previous probes/operations.
• If token is needed, retrieve runtime-only and mask.
• Do not fail Gate A solely because public health endpoint is auth-protected if database-level pre-checks pass; report endpoint/auth issue separately unless Directus is actually unhealthy.

3. Trigger guard pre-check must verify repaired function, not only event trigger count

P7 should include:

• event triggers enabled count/identity;
• public.fn_evt_trigger_guard() contains public.trigger_guard_alerts schema-qualified reference;
• function search_path=pg_catalog, public;
• optional smoke/audit check not required because Gate A itself will fire trigger guard.

This avoids repeating Run #3 failure.

4. Rollback verification should allow transaction-auto-rollback path

If DDL execution errors before COMMIT, psql disconnect should roll back. v0.3 should specify:

• always run P1/P2/P3 after execution failure;
• only run manual rollback if partial objects remain;
• if P1/P2/P3 are already clean, log “auto-rollback clean” and do not run DROP statements.

5. Hard exclusion HE-9 wording must allow rollback of Gate A-created objects

Current HE-9 says “Không DROP bất kỳ existing object nào.” Clarify:

• Do not drop pre-existing objects.
• Rollback may drop only objects created by current Gate A run.
• Never drop public.fn_tac_log_checker_issue.

6. Action log must include production candidate SQL hash and candidate path

Already partly present, but v0.3 should require:

• candidate file path;
• dry-run SHA;
• production candidate SHA;
• transform method summary;
• exact top-level DML classification output.

Accepted v0.2 improvements

• Controlled transform instead of blind global sed.
• Explicit removal of dry-run scaffold.
• DML denylist defense-in-depth.
• Exact function inventory.
• Whitelist fn_tac_log_checker_issue.
• Catalog-based rollback verification.
• Post-check counts as source of truth.
• Gate A only; no Gate B/C/G8B/G11/P9.

Governance check

Rule	Result	Finding
Hiến pháp / Zero Trust	PASS with patch	Still needs trigger guard repair check and top-level DML classification.
Đ32	PASS	Gate remains explicit.
Đ33	PASS with patch	Production DDL remains gated; rollback clarified.
Đ35	PASS	Governed path preserved.
Đ24	PASS	No label/entity-label mutation.
Đ39	PASS	AI proposes; User authorizes later.

Direction

Opus should patch Gate A prompt v0.2 → v0.3 with the six items above, then STOP for GPT/User review. Do not dispatch execution.