GPT Review — Gate C TAC Seed Prompt v0.1

Date: 2026-04-28

Verdict

CONDITIONALLY READY — patch to v0.2 with 4 focused fixes, then final review.

The prompt is directionally correct and aligned with Gate C. No major constitutional/law conflict found, but 4 execution-safety issues should be patched before User GO.

Law / constitutional check

No blocking conflict found if execution waits for explicit User GO and remains in Gate C scope.

• Điều 38 / LSL-01: aligned. Seed provides controlled vocab/config foundation for PG-governed information units.
• Điều 33: aligned. PostgreSQL remains SSOT; seed is controlled production DML into canonical tables.
• Gate A/B/C separation: aligned. Gate C seed only; no DDL, no Directus metadata, no G8B roles.
• Registry/Birth/Catalog: correctly excluded.
• Hiến pháp / Zero Trust: needs tighter source/candidate integrity and schema-safe sampling before execution.

Accepted strengths

1. Scope is correct: 61 rows into 8 vocab/config tables only.
2. Correct expected counts: 3+4+5+4+7+17+10+11 = 61.
3. All 14 tables must be empty before seed; 6 non-seed tables must remain empty after seed.
4. Gate A and Gate B checks are included.
5. Hard exclusions are clear.
6. Transaction + ON_ERROR_STOP=1 -X are included.
7. Action log requirements are sufficient.

Required v0.2 patches

Patch 1 — Token retrieval must not regress from Gate B

Gate B succeeded with ADMIN_TOKEN from the Directus container, while Gate C v0.1 uses DIRECTUS_ADMIN_TOKEN and /opt/incomex/docker/.env fallback. This may cause avoidable failure or unsafe env file handling.

v0.2 should reuse the proven Gate B token retrieval pattern or support both names explicitly:

• try ADMIN_TOKEN from Directus container;
• optionally try DIRECTUS_ADMIN_TOKEN only if already known safe;
• never print full token;
• if unavailable, STOP; do not grep broad env paths unless necessary and do not log secrets.

Patch 2 — Do not mutate downloaded canonical seed files in place

v0.1 uses sed -i on files after SHA verification. This destroys the local copy of the canonical source and makes source-vs-candidate audit less clean.

v0.2 should:

• keep seeds/source/*.sql untouched and SHA-verified against manifest;
• write retargeted files to seeds/retargeted/*.sql or directly build production_seed_candidate.sql via stream transform;
• compute and log both:
  • source file SHA(s) matching manifest;
  • production candidate SHA after retargeting.

Patch 3 — Sample queries must match real schema columns

v0.1 sample rows use SELECT code, label from vocab tables. Prior seed files show columns such as code, name, description, sort_order; tac_birth_gate_config uses checker_id, mode, enabled, rationale.

v0.2 should either:

• use SELECT * FROM public.<table> LIMIT 1 for samples; or
• use column names confirmed by information_schema.columns in pre-check.

Avoid hardcoding label unless schema confirms it exists.

Patch 4 — Candidate verification should be stricter but simple

Add checks before execution:

• candidate contains no p9_g6_dryrun;
• candidate contains no CREATE, ALTER, DROP, TRUNCATE, DELETE, UPDATE;
• all INSERT INTO targets are exactly the 8 allowed tables;
• no INSERT targets the 6 non-seed tables;
• expected table set is exactly 8.

This keeps Gate C from accidentally becoming broader DML.

Non-blocking note

The query_to_xml row-count method is acceptable because it returns exact count(*), although it is verbose. No need to change unless Opus wants a simpler deterministic UNION ALL count query.

Directive to Opus 4.6

Patch Gate C v0.1 → v0.2 with the 4 focused fixes above. Do not expand scope. Do not add G8B, registry/birth/catalog, Directus metadata changes, or corpus migration.

Return v0.2 for GPT final review. No Agent execution is authorized yet.