GPT Review — Gate A Production DDL Execution Prompt v0.3
GPT Review — Gate A Production DDL Execution Prompt v0.3
Date: 2026-04-28
Verdict
NOT READY for execution; patch to v0.4 required.
v0.3 correctly addresses the main v0.2 findings, especially the DML false-positive handling. However, several execution-safety details remain material for production DDL.
Accepted v0.3 improvements
- DML denylist is no longer a blind fail and requires classification.
- Directus health check is token-safe and fallback-aware.
- Trigger guard check is deeper than event-trigger count only.
- Auto-rollback path is recognized.
- Hard exclusions now distinguish pre-existing vs current-run objects.
- Action log fields are more complete.
Required v0.4 patches
1. Preserve psql exit code when piping to tee
Current execution command pipes psql output into tee. Without set -o pipefail or explicit ${PIPESTATUS[0]}, an upstream psql failure may be hidden by tee returning 0.
Patch:
- run under
set -o pipefail, or - capture psql exit code explicitly via
${PIPESTATUS[0]}.
Gate A must fail if psql exit code is non-zero.
2. Clarify post-check failure rollback path
v0.3 handles execution ERROR auto-rollback, but post-check failures after COMMIT need separate handling.
Patch:
- If execution ERROR: run auto-rollback check; manual rollback only if partial objects remain.
- If execution COMMIT but any Q1-Q8 fails: run manual rollback after pre-rollback catalog verification.
Do not route post-check failure through the execution-error auto-rollback logic.
3. Tighten trigger guard repaired-function check
P7b currently checks only %trigger_guard_alerts%, which could pass for unqualified references. Patch expected condition to explicitly verify public.trigger_guard_alerts in function source.
P7c should verify function-level search_path=pg_catalog, public or equivalent, not only absence of p9_g6_dryrun.
4. Tighten DML classification for this specific candidate
For this Gate A production candidate, evidence says the six TAC functions contain no DML. Therefore expected matches for INSERT INTO, top-level COPY, top-level UPDATE, top-level DELETE, and top-level TRUNCATE should be 0.
If any match appears:
- print line/context;
- classify;
- if top-level DML -> STOP;
- if inside comment/function body -> STOP for GPT/User review unless already explicitly expected in this prompt.
Do not let the agent independently bless unexpected DML in a production DDL candidate.
5. Directus health fallback should not overclaim Directus app health
DB-level SELECT count(*) FROM directus_collections proves DB metadata accessibility, not necessarily Directus HTTP health.
Patch wording:
- Public/API health 200 = Directus HTTP healthy.
- Auth-protected endpoint + DB metadata accessible = DB-backed readiness acceptable for Gate A, but log as
HTTP health unverified/auth-protected. - HTTP 5xx or DB metadata inaccessible = STOP.
6. Transform commands should be executed on VPS and action log should include command context
Patch to state all /opt/incomex/data/tac/gate-a/ commands run on VPS via SSH contabo, not local Mac.
Governance check
| Rule | Result | Finding |
|---|---|---|
| Hiến pháp / Zero Trust | PASS with patch | Needs pipefail and tighter unexpected-DML handling. |
| Đ32 | PASS | Gate remains explicit. |
| Đ33 | PASS with patch | Production DDL safety requires exit-code capture. |
| Đ35 | PASS | Governed path preserved. |
| Đ24 | PASS | No labels/entity-label mutation. |
| Đ39 | PASS | AI proposes, User authorizes later. |
Direction
Opus should patch v0.3 to v0.4 with the six items above, then STOP for GPT/User review. Do not dispatch execution.