Macro-4 B2 Production-Firewall Contract — R2-B2 (2026-06-19)
Macro-4 B2 Production-Firewall Contract — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 35 of 90) · Editorial revision: rev1
Class: B2 production-firewall contract · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · B2-ONLY · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. B2's forbidden_surfaces: the firewall between the workbench and production. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
List exactly what B2 must never write, so the candidate-only workbench can never touch production.
2. Sources / evidence read
Inspect-producer §7 (forbidden outputs)/§13 (B2-AC-1…14); pilot-slice staging IO contract §6; FRESH iu_create canonical gateway. Main process, no reader-agents.
3. Accepted baseline (carried)
B2 = inspect producer only; must not certify, canonicalize, mint identity, write KG provenance, run backlog, flip gates, promote staging→production, or become a mega-birth pipeline.
4. Evidence / analysis — forbidden surfaces (B2-AC)
| Forbidden | Rule |
|---|---|
production birth_registry.inspect_* |
candidate-only in workbench |
certified/certified_at |
B2-AC-1 (B4's atomic consumer) |
canonical_address/owner/jsonb_profile/status |
B2-AC-2 (S4/B6 at promote) |
entity_code/identity |
B2-AC-3 (B1/S3) |
KG provenance/edges (universal_edges) |
B2-AC-4 (K-lane) |
blanket inspect_*=now() / fused INSERT |
B2-AC-5/AC-6 (2026-03-21 anti-pattern) |
| net-new stamp columns / parallel SSOT | B2-AC-12 (Assembly First) |
iu_create canonical gateway / fn_iu_create |
not B2's lane (FRESH: enforced, block_after_guard) |
| manual SQL / SSH+docker exec to production | Điều 32 §2.1 |
5. Contract / requirement / matrix / result
The firewall is absolute: B2 writes only candidate inspect_* (workbench) / real inspect_* (future, governed). Any write to a forbidden surface = fail-open ⇒ reject. A candidate reaching a production field (BAD-14 / F-OPEN-8) is the load-bearing isolation failure.
6. Owner-gated future work
None of these surfaces is ever B2's; the neighbors (B1/B4/B6/K-lane) are separate Owner-gated blocks.
7. What remains unresolved
The firewall is a contract; its runtime enforcement is future TD (separation mechanism).
8. Ready for GPT/Codex review
Yes — Codex should attack any path by which B2 could touch a forbidden surface.