Macro-4 Bad-Input Oracle Master Plan — R2-B2 (2026-06-19)
Macro-4 Bad-Input Oracle Master Plan — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 49 of 90) · Editorial revision: rev1
Class: bad-input oracle master plan · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · BAD_INPUT_TEST_RUN_DRIFT guard · NO test run · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
No-test lock. This designs the bad-input oracle conceptually. It runs no bad-input test (that requires a producer + staging = forbidden). Any execution is
BAD_INPUT_TEST_RUN_DRIFT→ HOLD.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The master bad-input oracle: what must be tested later and the pass/fail rule. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Answer macro question 6 — what bad-input oracle is required? — as a master plan.
2. Sources / evidence read
Bad-input/delete-fast plan §3–§11 (method, BAD-1…15, F-OPEN-1…10, AC-1…10); inspect-producer §8 (BI-1…12); Macro-3 bad-input fail-open risk map. Main process, no reader-agents.
3. Accepted baseline (carried)
A pilot is acceptable only if invalid input never produces a stamp, certify, canonical write, or PASS; fail-open ⇒ reject. The producer is MISSING, so every behavior is a conceptual obligation.
4. Evidence / analysis — oracle structure
| Part | Deliverable | Content |
|---|---|---|
| Bad-input classes | 50 | BAD-1…15 / BI-1…12 |
| Expected reject behavior | 51 | fail-closed per class |
| Fail-open signals | 52 | F-OPEN-1…10 |
| No-digest-pass rule | 53 | invalid ⇒ no digest/PASS/stamp/certify |
| Test-run-not-authorized lock | 54 | no test run here |
5. Contract / requirement / matrix / result
The oracle is the acceptance gate a future B2 pilot must pass (AC-1…10, all-of). It is fully specified and runs no test. A fail-open oracle result is a reject signal, not a pass.
6. Owner-gated future work
Running the oracle requires a built producer + staging — Owner-gated; forbidden now.
7. What remains unresolved
BAD-4/BAD-5/BAD-12 remain BAD_INPUT_BEHAVIOR_UNCLEAR (conceptual).
8. Ready for GPT/Codex review
Yes — Codex should confirm the oracle is complete and that no test is claimed as run.