GPT Review S190 — P10B-2C-R2 Execute prompt approved after mandatory safety patches
GPT Review S190 — P10B-2C-R2 Execute prompt
Date: 2026-04-30
Phase: TAC MVP / P10B / D28
Verdict: APPROVED AFTER MANDATORY SAFETY PATCHES
1. Law / constitution check
Checked against:
knowledge/dev/laws/dieu41-luat-van-hanh-ma-vps-v1.1.md— VPS is current SSOT runtime with production data; direct VPS/DB work requires explicit gates, auditability, and rollback discipline.knowledge/dev/ssot/vps/vps-operating-rules.md— read-before-work, verify-before-report, avoid uncontrolled direct changes, use SSH and report clearly.knowledge/dev/reports/gpt-decision-s190-p10b-pf-r2-pass-execute-r2-direction-2026-04-30.md— Execute R2 requires GPT review and fresh SSH VPS runtime preflight.knowledge/dev/laws/dieu38-trien-khai/reports/p10b-2c-pf-r2-d28-kb-inspection-2026-04-30.md— PF-R2 PASS evidence.
No constitutional conflict if the patches below are applied.
The prompt respects the main laws:
- VPS remains runtime/DB SSOT, accessed by verified SSH.
- KB is artifact/report SSOT.
- Package is fetched from KB manifest, not stale
/tmp. - No schema change / DDL.
- Rollback is documented, not auto-executed.
- Deliverables are uploaded even on diff failure.
2. Required patches before dispatch
Patch 1 — Capture execution failure correctly under tee
T4 pipes SSH/psql output to tee. Without pipefail, the command can appear successful because tee exits 0 even if psql fails.
Add before execution:
set -o pipefail
Then execute with explicit status capture:
set -o pipefail
ssh contabo 'docker exec -i postgres psql -U directus -d directus -v ON_ERROR_STOP=1 -X < /tmp/d28-insert-run.sql' \
2>&1 | tee /tmp/p10b-2c-r2/d28-insert-output.log
status=${PIPESTATUS[0]}
if [ "$status" -ne 0 ]; then
echo "EXECUTE FAILED with status=$status. STOP. Do not continue to post-commit PASS checks. Upload failure report/logs."
exit "$status"
fi
Same pipefail/status rule applies to verify/render commands if their output is piped through tee.
Patch 2 — Runtime preflight must assert required triggers/functions, not merely list them
T2c currently lists triggers. Add explicit PASS conditions:
- Required birth-gate functions exist:
fn_tac_birth_gate_lufn_tac_birth_gate_uvfn_tac_pm_consistency
- Relevant non-internal triggers on TAC tables are present and enabled (
tgenabled = 'O'or acceptable enabled state). - If required functions/triggers are missing or disabled: STOP.
Patch 3 — Do not rely on psql INSERT output for pub_id
T4 says “Extract pub_id from output”, but the insert SQL does not necessarily RETURNING the publication id.
Replace with:
After execute, always query
tac_publicationfordoc_code='DIEU-28' AND version='v2.0'to obtain pub_id. Do not rely on psql insert output.
Patch 4 — Add post-execute negative collision/scope guard
After row-count verification, add:
- Exactly one
tac_publicationrow forDIEU-28/v2.0. - Exactly 27
tac_logical_unitrows with prefixD38-DIEU28-%. - No rows outside expected prefix for doc_code
DIEU-28created by this run. - Publication membership count tied to the fetched pub_id is exactly 27.
This prevents a partial or mis-scoped success from being marked PASS.
Patch 5 — Make render/diff failure boundary explicit
The prompt already says continue upload if diff fails. Add:
If diff is not identical, verdict = FAIL even if DB insert succeeded. Do not attempt corrective SQL or rollback. Upload artifacts and STOP for review.
Patch 6 — Clarify /tmp use on VPS
Because /tmp caused previous routing failures, add one line:
/tmpon Mac or VPS is allowed only as ephemeral execution workspace in this single step. It is never source of truth; all final artifacts/logs must be uploaded to KB.
3. Direction
After applying these patches, Execute R2 prompt is approved for dispatch.
No additional GPT review is required if Opus applies exactly these safety patches and does not broaden scope.
4. Hard boundary
Execute R2 must STOP after report/render/diff/log upload. Do not close out P10B and do not start P10D in the same prompt.