KB-CD5A

Read-Only Bad-Input Oracle Readiness Recheck (2026-06-18)

5 min read Revision 1

laws-newR2-B2bad-inputoraclefail-closedread-only-evidencedesign-onlynon-authorizing2026-06-18

Read-Only Bad-Input Oracle Readiness Recheck

Date: 2026-06-18 · Workstream: LEGO-PILOT-SLICE-0-R2-B2-READONLY-EVIDENCE-OWNER-PATH-MACRO-2026-06-18 (Deliverable 21 of 30) · Editorial revision: rev1 Class: read-only oracle-readiness recheck · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO harness built · NO test run · NO bad input executed · NO write performed.

Metadata convention. Editorial revision (rev1) only. AgentData storage revision/content_length authoritative at read time; not pinned here.

Oracle-readiness lock. This packet re-confirms the bad-input oracle requirements (BAD-1…BAD-15 / F-OPEN-1…F-OPEN-10) remain a requirements set, and that the producer is still MISSING (so behavior stays BAD_INPUT_BEHAVIOR_UNCLEAR). It builds no harness, runs no test. Tool/packet lock carried: v0.1-stable / FIX7 V3 not overwritten; v0.2-hardening not authority.

0. Status and non-authorization

STATUS: PASS — engineering / read-only. Fresh confirmation the producer is MISSING (0 inspect-named producers; only the consumer names the stud) → every BAD-n behavior remains conceptual. Engineering PASS ≠ authority PASS. Default disposition: HOLD. No harness; no test; no bad input executed; no DB write/DDL/DML; no TD; no blocker resolved; v0.1 not overwritten; v0.2 not authority.

Evidence basis — FRESH_READONLY_EVIDENCE (FQ-7, FQ-9 — producer absent) + INHERITED_KB_EVIDENCE (BAD/F-OPEN matrices). Reading discipline: main process, no reader-agents.

1. Purpose

Re-confirm read-only that the bad-input oracle is a requirements set against a MISSING producer (G-9 stays write-gated). §4 records the producer-absent confirmation; §5 carries BAD-1…BAD-15 / F-OPEN-1…F-OPEN-10 and the fail-open⇒reject rule.

The one rule: the oracle asks of a built producer "would invalid input still stamp/certify/canonicalize/PASS?" — there is no built producer, so no test is run; the requirements stand. Fail-open ⇒ reject; default REJECT on uncertainty.

2. Sources / evidence read

Deliverable 1 (FQ-7/9 — producer absent); Mega Gate Bad-Input Oracle Requirements (BAD-1…15, F-OPEN-1…10, §5.4 harness properties, tool lock); the planning bundle verification plan (Deliverable D). Read directly, main process.

3. Accepted baseline (carried)

The fail-closed test: if invalid input would still stamp / certify / canonicalize / leak to production / survive delete-fast / act as approval / produce a PASS, the contract is fail-open and is rejected. BAD-1…BAD-15 + F-OPEN-1…F-OPEN-10 carried; harness must be black-box / fail-open-regression / manifest-laundering-proof / evidence-backed; producer MISSING (BAD_INPUT_BEHAVIOR_UNCLEAR, esp. BAD-4/5/12).

4. Read-only evidence observed (FRESH, 2026-06-18)

Producer MISSING (FRESH-confirmed): 0 inspect-named triggers (FQ-7); the only function naming inspect_* is the consumer fn_birth_auto_certify (FQ-9). There is no producer to subject to BAD-1…BAD-15, so every expected behavior is conceptual (BAD_INPUT_BEHAVIOR_UNCLEAR).
BAD-5 dependency confirmed: Đ0-G unresolved (Deliverable 16) → BAD-5 (SOURCE_RECOVERY_REQUIRED) remains an open dependency.
Tool/packet lock carried: BAD-10 (v0.2-hardening offered as FIX7 authority ⇒ reject) holds; the oracle lessons are reused as requirements, not a v0.2 promotion.

5. Classification / result (G-9)

BAD-1…BAD-15 + F-OPEN-1…F-OPEN-10 carried as requirements; the harness must have the §5.4 properties (black-box / regression / manifest-laundering-proof / evidence-backed); fail-open ⇒ reject; default REJECT on uncertainty.
G-9 = NO_GO_WRITE_GATED — needs a built producer to test; not read-only-closeable.
No harness built; no test run; no bad input executed.

6. Owner-gated future work

Future work	Gate required	Forbidden now?
Build the producer (so bad inputs can be tested)	Điều 32 + S2 + channel + staging	Yes
Build the bad-input harness/oracle	Điều 32 (within a governed pilot)	Yes
Execute BAD-1…BAD-15	Điều 32 + built producer + built staging	Yes
Promote v0.2-hardening to FIX7 authority	regression + Owner/User promotion	Yes

7. What remains unresolved

Producer MISSING → BAD-n behaviors conceptual (BAD_INPUT_BEHAVIOR_UNCLEAR).
BAD-5 depends on Đ0-G recovery (Deliverable 16).
Blockers — all OPEN.

8. Ready for GPT/Codex review

Yes — as a read-only oracle-readiness recheck.

Core rule: the oracle requirements (BAD-1…15 / F-OPEN-1…10, fail-open⇒reject) stand against a FRESH-confirmed MISSING producer; no harness built, no test run, v0.2 not promoted; G-9 write-gated.

Default disposition: HOLD. Engineering PASS ≠ authority PASS. All blockers remain OPEN.