Macro-4 Bad-Input Expected Reject Behavior — R2-B2 (2026-06-19)
Macro-4 Bad-Input Expected Reject Behavior — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 51 of 90) · Editorial revision: rev1
Class: bad-input expected reject behavior · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO test run · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The fail-closed behavior a future producer must exhibit per bad-input class. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
State the expected rejection per class so each becomes a runtime test once B2 is built.
2. Sources / evidence read
Bad-input/delete-fast plan §5; inspect-producer §8 (BI rejections). Main process, no reader-agents.
3. Accepted baseline (carried)
Each rejection is a design obligation, not an observed outcome (producer MISSING).
4. Evidence / analysis — expected rejections (fail-closed)
| ID | Expected rejection |
|---|---|
| BAD-1/2 | no candidate/production inspect_pen; append failure to audit evidence |
| BAD-3 | skip / no producer write (certified out of scope) |
| BAD-4 | mark ambiguous; Owner-gated review; never certify |
| BAD-5 | SOURCE_RECOVERY_REQUIRED; fail closed; no stamp; escalate S6 |
| BAD-6/7 | reject (B4 owns certified; canonical is S4/B6 at promote) |
| BAD-8 | reject as fused-shortcut |
| BAD-9 | no-op / pending Owner (no Điều 32 + no S2 → no run) |
| BAD-10 | reject until Owner/User promotes v0.2; v0.1/FIX7 V3 stays baseline |
| BAD-11 | reject — out-of-order; row waits at its stage |
| BAD-12 | skip / out of scope (BAD_INPUT_BEHAVIOR_UNCLEAR for observed) |
| BAD-13 | reject — evidence records, never approves |
| BAD-14 | reject / impossible by separation (load-bearing isolation) |
| BAD-15 | reject the staging design (disposal must be total) |
5. Contract / requirement / matrix / result
Every class resolves to no production write + an evidence/audit append. A future TD must turn each into a verified runtime test (PO-6). No test is run here.
6. Owner-gated future work
Verifying these at runtime requires a built producer — Owner-gated; forbidden now.
7. What remains unresolved
BAD-4/5/12 are conceptual (BAD_INPUT_BEHAVIOR_UNCLEAR).
8. Ready for GPT/Codex review
Yes — Codex should confirm each class maps to a fail-closed no-op.