Macro-4 Bad-Input Classes — R2-B2 (2026-06-19)
Macro-4 Bad-Input Classes — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 50 of 90) · Editorial revision: rev1
Class: bad-input classes · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO test run · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The inventory of bad inputs a future B2 pilot must adversarially test. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Enumerate the bad-input classes (≥15) so none is skipped by a happy-path harness.
2. Sources / evidence read
Bad-input/delete-fast plan §4 (BAD-1…15); inspect-producer §8 (BI-1…12). Main process, no reader-agents.
3. Accepted baseline (carried)
The classes are constructed against the real governed identifiers (birth_registry.inspect_*, certified, canonical_address, the Điều 0-G rule-set), read first-hand.
4. Evidence / analysis — bad-input classes
| ID | Bad input / invalid state |
|---|---|
| BAD-1/2 | row missing entity_code / collection_name |
| BAD-3 | row already certified=true |
| BAD-4 | partial inspect_* of unknown origin (BAD_INPUT_BEHAVIOR_UNCLEAR) |
| BAD-5 | Điều 0-G rule-set unresolved (SOURCE_RECOVERY_REQUIRED) |
| BAD-6/7 | asked to set certified=true / canonical_address |
| BAD-8 | blanket inspect_*=now() without checks |
| BAD-9 | channel not approved / S2 owner missing |
| BAD-10 | v0.2-hardening offered as FIX7 authority |
| BAD-11 | out-of-order inspect_gate/inspect_stamp (earlier NULL) |
| BAD-12 | out-of-scope governance_role (excluded/observed) |
| BAD-13 | audit event used as approval |
| BAD-14 | candidate result written to a production field |
| BAD-15 | delete-fast fails to remove a candidate output |
5. Contract / requirement / matrix / result
A future pilot must test at least these 15; each maps to a fail-closed expectation (Deliverable 51) and a fail-open signal (Deliverable 52). No test is run here.
6. Owner-gated future work
Executing these tests requires a built producer + staging — Owner-gated; forbidden now.
7. What remains unresolved
BAD-4/5/12 are BAD_INPUT_BEHAVIOR_UNCLEAR; the rest are testable once built.
8. Ready for GPT/Codex review
Yes — Codex should add any bad-input class omitted.