Macro-4 Bad-Input No-Digest-Pass Rule — R2-B2 (2026-06-19)
Macro-4 Bad-Input No-Digest-Pass Rule — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 53 of 90) · Editorial revision: rev1
Class: no-digest-pass rule · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO test run · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The single load-bearing oracle rule. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
State the rule that governs every bad-input case: invalid input must produce nothing that looks like success.
2. Sources / evidence read
Bad-input/delete-fast plan §6 (F-OPEN-10 silent PASS); tool/packet lock (v0.1 FIX7 V3 black-box oracle, fail-open regression, manifest-laundering prevention); operating-rules ("PASS/FAIL không có số liệu"). Main process, no reader-agents.
3. Accepted baseline (carried)
A PASS-without-evidence is itself fail-open; a "digest"/manifest that launders a bad result into a pass is the manifest-laundering anti-pattern the tool lock guards against.
4. Evidence / analysis — the rule
Invalid input must NOT create a digest, a PASS, a stamp, or a certify. If invalid input creates a digest / PASS / stamp / certify → fail-open → REJECT.
| Forbidden success-artifact from bad input | Why |
|---|---|
| a digest/manifest that reads as PASS | manifest-laundering (tool lock); F-OPEN-10 |
a candidate/production inspect_* stamp |
phantom stamp (F-OPEN-1) |
certified=true |
unearned certify (F-OPEN-2) |
| a silent PASS (no evidence) | F-OPEN-10 |
5. Contract / requirement / matrix / result
The rule binds both the producer (no stamp/certify on bad input) and the test tool (no laundered digest). It is enforced by the v0.1-stable / FIX7 V3 black-box oracle as a regression fixture (not overwritten, not replaced by v0.2). No test/digest is produced here.
6. Owner-gated future work
Running the oracle / producing a digest requires a built producer — Owner-gated; forbidden now.
7. What remains unresolved
The producer is MISSING; the rule is a design obligation.
8. Ready for GPT/Codex review
Yes — Codex should confirm no path lets bad input produce a digest/PASS/stamp/certify.