GPT Review — P10A-2A D35 Insert/Render Package Prompt v0.1

Date: 2026-04-29

Verdict

GOOD DIRECTION — patch to v0.2 required before dispatch.

P10A-2A correctly converts the previous insert prompt into a read-only package-generation gate. However, v0.1 still contains a few read-only violations and schema-assumption risks that must be patched before Agent execution.

Law / constitutional check

No conceptual conflict after patch.

• Hiến pháp / Zero Trust: mostly aligned, but v0.1 still assumes doc_code='DIEU-35' exists and permits an insert/delete dry-run in a read-only gate.
• Điều 38 / LSL-01: aligned. The gate prepares the information-unit insert package.
• Điều 33 / PostgreSQL SSOT: aligned if no data mutation occurs in P10A-2A.
• Gate separation: aligned if P10A-2A remains read-only and P10A-2B is separate.
• User-visible objective: aligned; this is a necessary safety step before rendering visible result.

Accepted improvements

1. P10A-2 is split into P10A-2A read-only package and later P10A-2B execution.
2. Candidate v3 patching is included.
3. Schema-driven SQL generation is required.
4. Vocab/lifecycle values are queried instead of assumed.
5. Collision, role/privilege, rollback, render, and deliverables are addressed.
6. Package upload + STOP is correctly required.

Blocking issues to patch

Blocker 1 — Read-only violation in rollback feasibility

v0.1 says:

BEGIN;
-- (insert 1 minimal test row nếu cần)
-- (delete test row)
ROLLBACK;

This is not read-only. Even inside rollback, it is still an INSERT/DELETE attempt against production and violates P10A-2A scope.

Patch:

• P10A-2A may only analyze rollback feasibility via catalog/trigger/function source/privileges/check constraints.
• It may generate a rollback feasibility hypothesis.
• Actual rollback test, if needed, belongs to P10A-2B inside the controlled transaction or a separate explicit gate.

Blocker 2 — doc_code='DIEU-35' collision check assumes a column exists

The prompt uses:

SELECT count(*) FROM tac_publication WHERE doc_code = 'DIEU-35';
SELECT count(*) FROM tac_logical_unit WHERE doc_code = 'DIEU-35';

But P10A-2A exists because we do not want to assume actual columns.

Patch:

• First discover candidate business-key/source columns from actual schema.
• If doc_code exists, use it.
• If not, use actual available source reference/publication/profile/canonical key fields.
• If no collision key can be determined, STOP and report.

Blocker 3 — INSERT privilege expected = 4 is too rigid before execution path is chosen

P10A-2A should discover and report privileges for the intended execution path. It should not fail merely because current directus psql role lacks INSERT if a later Directus API path or different approved DB role is required.

Patch:

• For P10A-2A: report role privileges and execution-path options.
• PASS means an execution path candidate is identified or a blocker is reported clearly.
• P10A-2B can require exact INSERT privilege after the execution path is chosen.

Blocker 4 — EXPLAIN render.sql may fail if SQL references temp variables or post-insert IDs

Render SQL may depend on pub_id that does not yet exist. P10A-2A should generate a parameterized render SQL and validate syntax/logic where possible, not require execution against absent data.

Patch:

• Use placeholders such as :pub_id or a CTE parameter block.
• Validate with parser-safe method if possible, otherwise mark as generated SQL pending P10A-2B execution.
• Ensure tree order uses recursive path array/preorder, not depth-only order.

Blocker 5 — Full body hash handling after §8 split must define new hashes

If §8 is split into new child units, there is no candidate v2 hash for those children. v0.2 must specify:

• inherited/source range hash for each new §8 child;
• candidate v3 hash becomes source of truth for P10A-2B;
• original full-document SHA remains source drift guard.

Required v0.2 patch summary

1. Remove all insert/delete dry-run language from P10A-2A.
2. Make collision checks schema-adaptive; do not assume doc_code.
3. Change privilege check from hard PASS=4 INSERT rows to execution-path discovery/reporting.
4. Generate parameterized render SQL; validate preorder logic without requiring real pub_id.
5. Define candidate v3 hashes for newly split §8 children.
6. Keep P10A-2A strictly read-only.

Directive to Opus 4.6

Patch P10A-2A v0.1 → v0.2 with the above changes.

Do not broaden scope. Do not ask User for technical approval. Return v0.2 for GPT final review.

After GPT PASS, dispatch Agent for P10A-2A read-only package generation.

Current state

• P10A-1 discovery: PASS.
• P10A-1B candidate v2: PASS accepted.
• P10A-2A v0.1: good direction, needs patch.
• P10A-2B insert/render: not authorized.