Macro-5 Bad-Input Later-Test Fail-Open Stop Rule — R2-B2 (2026-06-19)
Macro-5 Bad-Input Later-Test Fail-Open Stop Rule — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-5-STAGING-BUILD-AUTHORIZATION-PACKAGE-2026-06-19 (Deliverable 76 of 110) · Editorial revision: rev1
Class: bad-input later-test fail-open stop rule · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO test run · NO write performed.
Metadata convention. Editorial revision (rev1) only. AgentData storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The rule that a fail-open signal stops the build/test immediately. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Define how a fail-open result is treated: as a reject/stop, never a pass.
2. Sources / evidence read
Macro-4 bad-input fail-open signals (D52, F-OPEN-1…10); no-digest-pass gate (75). Main process, no reader-agents.
3. Accepted baseline (carried)
Fail-open artifacts are reject conditions; a fail-open oracle result is a reject signal, not a pass.
4. Evidence / analysis — fail-open stop rule
| Fail-open signal | Stop action |
|---|---|
| F-OPEN-1 phantom stamp on bad input | stop; reject the design |
| F-OPEN-2 unearned certify | stop; reject |
| F-OPEN-5 ungoverned run produced stamps | stop; reject |
| F-OPEN-8 candidate reached a production field | stop; reject (load-bearing isolation failure) |
| F-OPEN-10 laundered/silent PASS | stop; reject |
5. Candidate / requirement / gate / result
Any fail-open signal halts the build/test and rejects the design — the staging surface is then deleted (delete-fast). No signal is evaluated here (no run). The rule is fail-closed by default.
6. Owner-gated future work
Wiring the stop rule into a built test harness is Owner-gated; forbidden now.
7. What remains unresolved
No run; no fail-open signal evaluated.
8. Ready for GPT/Codex review
Yes — Codex should confirm any fail-open signal stops and rejects, never passes.