Macro-5 B2 Candidate Firewall Contract Refinement — R2-B2 (2026-06-19)

KB-82E0

Macro-5 B2 Candidate Firewall Contract Refinement — R2-B2 (2026-06-19)

3 min read Revision 1

laws-newR2-B2macro-5b2firewall-contract-refinementforbidden-surfacesnon-authorizing2026-06-19

Date: 2026-06-19 · Workstream: R2-B2-MACRO-5-STAGING-BUILD-AUTHORIZATION-PACKAGE-2026-06-19 (Deliverable 39 of 110) · Editorial revision: rev1 Class: B2 firewall contract refinement · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · B2-ONLY · NO write performed.

Metadata convention. Editorial revision (rev1) only. AgentData storage revision/content_length authoritative at read time.

0. Status and non-authorization

STATUS: PASS — engineering / design-only. Refines the Macro-4 B2 production-firewall contract; the firewall stays absolute. Engineering PASS ≠ authority PASS. Default: HOLD.

1. Purpose

Carry the firewall forward and tie its enforcement to the staging build's isolation scheme.

2. Sources / evidence read

Macro-4 B2 production-firewall contract (D35); production-firewall candidate (32); FRESH iu_create gateway + forbidden surfaces. Main process, no reader-agents.

3. Accepted baseline (carried)

B2 writes only candidate inspect_* (workbench) / real inspect_* (future, governed); any forbidden-surface write = fail-open ⇒ reject.

4. Evidence / analysis — refinement (build-context only)

Clarification	For the workbench build
enforcement	the isolation scheme (SB-4) must make a production write structurally impossible from the workbench
load-bearing failure	a candidate reaching a production field (BAD-14 / F-OPEN-8)
FRESH	`iu_create` gateway enforced (block_after_guard); workbench must never alias it
neighbors	B1/B4/B6/K-lane are separate Owner-gated blocks

5. Candidate / requirement / gate / result

The refinement binds the firewall to the future isolation mechanism: the build is acceptable only if isolation makes the firewall structurally true. No enforcement runs here.

6. Owner-gated future work

Runtime enforcement (separation mechanism) is future TD; forbidden now.

7. What remains unresolved

The runtime separation mechanism is FUTURE_TECHNICAL_DESIGN_REQUIRED (SB-4 undecided).

8. Ready for GPT/Codex review

Yes — Codex should attack any path by which the workbench could touch a forbidden surface.