Macro-4 B2 Error Contract — R2-B2 (2026-06-19)
Macro-4 B2 Error Contract — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 31 of 90) · Editorial revision: rev1
Class: B2 error contract · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · B2-ONLY · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. B2's error_surface, fail-closed. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Define how B2 fails: a no-op on the row + a recorded reason, never a fabricated stamp/certify.
2. Sources / evidence read
Inspect-producer §8 (BI-1…12 rejection matrix); Điều 0-G ("Fail → INSERT audit queue"); bad-input/delete-fast plan §5/§6. Main process, no reader-agents.
3. Accepted baseline (carried)
On failure, B2 writes no stamp for that row/stage and appends a failure record; failure is a no-op + evidence append, never a fabricated pass.
4. Evidence / analysis — B2 error contract
| Error class | Behavior (fail-closed) |
|---|---|
| Missing identity (BI-1/2) | no candidate PEN; append failure |
| Already certified (BI-3) | skip; out of scope |
| Ambiguous partial stamp (BI-4) | mark ambiguous; Owner-gated review; never certify (BAD_INPUT_BEHAVIOR_UNCLEAR) |
| Điều 0-G unresolved (BI-5) | SOURCE_RECOVERY_REQUIRED; no stamp |
| Asked to certify/canonicalize (BI-6/7) | reject |
Blanket now() (BI-8) |
reject as fused-shortcut |
| Out-of-order (BI-11) | reject; row waits at its stage |
| Out-of-scope role (BI-12) | skip (BAD_INPUT_BEHAVIOR_UNCLEAR for observed) |
5. Contract / requirement / matrix / result
Every error resolves to no production write + a structured candidate_error_code/candidate_reject_reason + an evidence append. Fail-open (stamp/certify on bad input) is disqualifying (F-OPEN-1…4). No error path is executed here.
6. Owner-gated future work
Wiring B2's error path to a built audit sink is Owner-gated; forbidden now.
7. What remains unresolved
BI-4/BI-12 remain BAD_INPUT_BEHAVIOR_UNCLEAR; concrete error codes are future TD.
8. Ready for GPT/Codex review
Yes — Codex should confirm every BI-n maps to a fail-closed no-op.