Macro-5 Staging Object: Production-Firewall Candidate — R2-B2 (2026-06-19)
Macro-5 Staging Object: Production-Firewall Candidate — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-5-STAGING-BUILD-AUTHORIZATION-PACKAGE-2026-06-19 (Deliverable 32 of 110) · Editorial revision: rev1
Class: staging object candidate (production firewall) · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO write performed.
Metadata convention. Editorial revision (rev1) only. AgentData storage revision/
content_lengthauthoritative at read time.
NON_EXECUTABLE_TD_CANDIDATE. Conceptual object only. The firewall guard; do not create a real object.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The production-firewall conceptual object: the guard listing forbidden targets. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Describe the object that enumerates exactly what a run must never write.
2. Sources / evidence read
Macro-4 B2 production-firewall contract (D35, B2-AC-1…14); no-production-touch forbidden surfaces (Macro-4 D45); FRESH iu_create gateway. Main process, no reader-agents.
3. Accepted baseline (carried)
B2 = inspect producer only; must not certify, canonicalize, mint identity, write KG, run backlog, flip gates, or promote.
4. Evidence / analysis — production-firewall candidate (forbidden targets)
| Forbidden target | Rule |
|---|---|
production birth_registry.inspect_* |
candidate-only in workbench |
certified/certified_at |
B2-AC-1 (B4's atomic consumer) |
canonical_address/owner/jsonb_profile/status |
B2-AC-2 (S4/B6 at promote) |
entity_code/identity |
B2-AC-3 (B1/S3) |
KG universal_edges |
B2-AC-4 (K-lane) |
blanket inspect_*=now() / fused INSERT |
B2-AC-5/6 (2026-03-21 anti-pattern) |
iu_create gateway / fn_iu_create |
not B2's lane (FRESH: enforced) |
| manual SQL / SSH+docker exec | Điều 32 §2.1 |
5. Candidate / requirement / gate / result
The firewall object is absolute: a candidate reaching a production field (BAD-14 / F-OPEN-8) is the load-bearing isolation failure. It is a role, not a table; nothing is enforced at runtime here.
6. Owner-gated future work
Runtime enforcement of the firewall is future TD (separation mechanism); forbidden now.
7. What remains unresolved
The runtime separation mechanism is FUTURE_TECHNICAL_DESIGN_REQUIRED.
8. Ready for GPT/Codex review
Yes — Codex should attack any path by which a candidate could reach a forbidden target.