Macro-4 Standard IO Contract Error Section — R2-B2 (2026-06-19)
Macro-4 Standard IO Contract Error Section — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 23 of 90) · Editorial revision: rev1
Class: IO contract error section · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The error_surface section: how a block fails — fail-closed, never fail-open. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Define the error contract so failure is a safe no-op + recorded reason, never a fabricated pass.
2. Sources / evidence read
Inspect-producer §7/§8 (on-failure no-op + audit append); operating-rules ("không chắc đúng = sai"); Điều 0-G ("Fail → INSERT audit queue"). Main process, no reader-agents.
3. Accepted baseline (carried)
On inspection failure B2 writes no stamp for that row/stage and appends a failure record — a no-op on the row plus an evidence append, never a fabricated pass.
4. Evidence / analysis — error section shape
| Element | Requirement |
|---|---|
| Fail-closed default | uncertain ⇒ reject; never stamp/certify/canonicalize on doubt |
| Error code/reason | a structured reason (which stage, which check failed) |
| No partial write | a partial/ambiguous result is rejected whole, not committed |
| Audit-on-fail | the failure is appended to the evidence surface (records, never decides) |
| No silent PASS | a result without evidence is itself an error (F-OPEN-10) |
5. Contract / requirement / matrix / result
The error section guarantees that every failure path is observable and safe: production state is unchanged, and the only artifact is an evidence append. Fail-open (stamping/certifying on bad input) is disqualifying.
6. Owner-gated future work
Wiring the error path to a built audit sink is Owner-gated; forbidden now.
7. What remains unresolved
The concrete error codes/sink are FUTURE_TECHNICAL_DESIGN_REQUIRED.
8. Ready for GPT/Codex review
Yes — Codex should confirm every error mode is fail-closed and no-op-on-production.