KB-26E5 rev 2

DOT_R2_B2 bad-input rejection matrix v2 (Macro-9B2)

9 min read Revision 2

dot-managemacro9bmacro9b2bad-input-matrixtestremediation2026-06-20

DOT_R2_B2_STAGING_SCHEMA_SHELL — bad-input rejection matrix (v2)

Macro-9B2 remediation of Macro-9B deliverable C5. 64 cases (52 bad-input/no-write + 12 real_run simulation) + 8 meta-assertions. Executed locally against the corrected reference validator (rev2) — see dot-r2-b2-validator-test-run-v2.txt (64/64 PASS, 0 fail-open, EXIT=0). This v2 matrix supersedes the rev1 37-case matrix, which Codex review found incomplete (missing channel/actor, control-char schema/run_id, gate-type, Guard-3 enforcement cases). Base request is a well-formed valid request; each invalid row mutates exactly one field (unless noted), so the expected reject code is deterministic (asserted as a subset of returned codes). Every accept produces 0 writes except the two simulated real-run rows that satisfy ALL of: gate exactly boolean True + Guard 3 PASS + valid inputs.

Pure local test only — no DB I/O, no runtime touch, no registration, nothing executed. The gate=True simulation rows prove Guard 3 is enforced; they emit write-INTENT strings, never DB calls. Engineering fail-closed evidence ≠ runtime safety proof ≠ Owner authority.

A. Protected-schema targets → `PROTECTED_SCHEMA_TARGET`

ID	Input under test	Expected (primary)	Accept?
B01	target=`public`	`PROTECTED_SCHEMA_TARGET`	reject
B02	target=`iu_core`	`PROTECTED_SCHEMA_TARGET`	reject
B03	target=`cutter_governance`	`PROTECTED_SCHEMA_TARGET`	reject
B04	target=`sandbox_tac`	`PROTECTED_SCHEMA_TARGET`	reject
B05	target=`information_schema`	`PROTECTED_SCHEMA_TARGET`	reject
B06	target=`pg_catalog`	`PROTECTED_SCHEMA_TARGET`	reject

B. Non-allowlist / malformed name → `NON_ALLOWLIST_SCHEMA` / `SCHEMA_RUNID_MISMATCH` / `MISSING_TARGET_SCHEMA`

ID	Input under test	Expected (primary)	Accept?
B07	target=`scratch` (non-allowlist)	`NON_ALLOWLIST_SCHEMA`	reject
B08	target=`r2_b2_wb` (prefix only)	`NON_ALLOWLIST_SCHEMA`	reject
B09	target=`r2b2wb_…` (malformed prefix)	`NON_ALLOWLIST_SCHEMA`	reject
B10	target uppercase	`NON_ALLOWLIST_SCHEMA`	reject
B11	target with `; DROP SCHEMA public CASCADE`	`NON_ALLOWLIST_SCHEMA` (+`MALFORMED_SCHEMA_CHARS`)	reject
B12	target=`r2_b2_wb_public` (prefix ok, not run-scoped)	`SCHEMA_RUNID_MISMATCH`	reject
B13	target empty	`MISSING_TARGET_SCHEMA`	reject

C. Control / whitespace chars in target_schema → `MALFORMED_SCHEMA_CHARS` (NEW — Codex finding 3)

ID	Input under test	Expected (primary)	Accept?
B14	target trailing newline `\n`	`MALFORMED_SCHEMA_CHARS`	reject
B15	target carriage return `\r`	`MALFORMED_SCHEMA_CHARS`	reject
B16	target tab `\t`	`MALFORMED_SCHEMA_CHARS`	reject
B17	target leading space	`MALFORMED_SCHEMA_CHARS`	reject
B18	target trailing space	`MALFORMED_SCHEMA_CHARS`	reject
B19	target embedded NUL `\x00`	`MALFORMED_SCHEMA_CHARS`	reject

D. run_id → `MISSING_RUN_ID` / `BAD_RUN_ID` (B23–B25 NEW — Codex finding 3)

ID	Input under test	Expected (primary)	Accept?
B20	run_id empty	`MISSING_RUN_ID`	reject
B21	run_id key missing	`MISSING_RUN_ID`	reject
B22	run_id bad format	`BAD_RUN_ID`	reject
B23	run_id trailing newline `\n`	`BAD_RUN_ID`	reject
B24	run_id carriage return `\r`	`BAD_RUN_ID`	reject
B25	run_id tab `\t`	`BAD_RUN_ID`	reject

E. owner-auth / mode / dot_code

ID	Input under test	Expected (primary)	Accept?
B26	owner_authorization_ref empty	`MISSING_OWNER_AUTH`	reject
B27	owner_authorization_ref missing	`MISSING_OWNER_AUTH`	reject
B28	mode unknown	`UNKNOWN_MODE`	reject
B29	mode missing	`UNKNOWN_MODE`	reject
B30	dot_code wrong	`WRONG_DOT_CODE`	reject

F. Channel → forbidden / unknown / missing (B38–B39 NEW — Codex finding 1)

ID	Input under test	Expected (primary)	Accept?
B31	use_directus_generic_create=true	`DIRECTUS_GENERIC_FORBIDDEN`	reject
B32	channel=`directus_generic`	`FORBIDDEN_MANUAL_CHANNEL`	reject
B33	channel=`psql`	`FORBIDDEN_MANUAL_CHANNEL`	reject
B34	channel=`manual_sql`	`FORBIDDEN_MANUAL_CHANNEL`	reject
B35	channel=`docker_exec_psql`	`FORBIDDEN_MANUAL_CHANNEL`	reject
B36	channel=`host_exec`	`FORBIDDEN_MANUAL_CHANNEL`	reject
B37	channel unknown	`UNKNOWN_CHANNEL`	reject
B38	channel key missing	`MISSING_CHANNEL`	reject
B39	channel blank/whitespace	`MISSING_CHANNEL`	reject

G. Actor → missing / blank (NEW — Codex finding 2)

ID	Input under test	Expected (primary)	Accept?
B40	actor key missing	`MISSING_ACTOR`	reject
B41	actor blank `""`	`MISSING_ACTOR`	reject
B42	actor whitespace `" "`	`MISSING_ACTOR`	reject

H. prod-data copy / real-run gate (default closed)

ID	Input under test	Expected (primary)	Accept?
B43	copy_production_data=true	`PROD_DATA_COPY_FORBIDDEN`	reject
B44	mode=real_run (default gate)	`REAL_RUN_GATE_CLOSED`	reject
B45	mode=teardown_real_run (default gate)	`REAL_RUN_GATE_CLOSED`	reject
B46	mode=real_run target=public	`PROTECTED_SCHEMA_TARGET`	reject
B47	mode=teardown_real_run target=public	`PROTECTED_SCHEMA_TARGET`	reject

I. Valid no-write modes → accept, 0 writes

ID	Input under test	Expected	Accept?
A01	VALID validate_only	inputs_valid	accept
A02	VALID dry_run_plan	plan: 1 CREATE SCHEMA + 7 CREATE TABLE	accept
A03	VALID verify (no evidence)	Guard 3 verdict = UNKNOWN	accept
A04	VALID verify (PASS evidence)	Guard 3 verdict = PASS	accept
A05	VALID teardown_plan	plan: DROP SCHEMA CASCADE	accept

J. real_run / teardown_real_run simulation — gate type × Guard-3 verdict (NEW — Codex findings 4/5)

Local simulation only. owner_real_run_gate_open is a separate authority argument (NOT in the request dict). Write-intent appears only when the gate is exactly boolean True AND Guard 3 == PASS.

ID	mode	gate value/type	Guard 3 evidence	Expected	Accept?	Writes
S01	real_run	`True` (bool)	PASS (before==after)	accept; write-INTENT (8 DDL)	accept	8
S02	real_run	`True` (bool)	missing (None)	`PROD_UNTOUCHED_UNKNOWN`	reject	0
S03	real_run	`True` (bool)	UNKNOWN (incomplete)	`PROD_UNTOUCHED_UNKNOWN`	reject	0
S04	real_run	`True` (bool)	FAIL (drift)	`PROD_UNTOUCHED_FAIL`	reject	0
S05	real_run	`False` (bool)	PASS	`REAL_RUN_GATE_CLOSED`	reject	0
S06	real_run	`"false"` (str)	PASS	`INVALID_GATE_TYPE`	reject	0
S07	real_run	`"true"` (str)	PASS	`INVALID_GATE_TYPE`	reject	0
S08	real_run	`1` (int)	PASS	`INVALID_GATE_TYPE`	reject	0
S09	real_run	`None`	PASS	`INVALID_GATE_TYPE`	reject	0
S10	teardown_real_run	`True` (bool)	PASS	accept; write-INTENT (1 DROP)	accept	1
S11	teardown_real_run	`True` (bool)	FAIL (drift)	`PROD_UNTOUCHED_FAIL`	reject	0
S12	teardown_real_run	`False` (bool)	PASS	`REAL_RUN_GATE_CLOSED`	reject	0

Runner meta-assertions (all hold — see v2 evidence)

No invalid row accepted (fail-open list empty).
Every expected-code / accept assertion matched.
No no-write mode emits writes.
dry_run_plan = exactly 8 DDL strings, 0 writes.
write-intent emitted iff gate is exactly boolean True AND Guard 3 == PASS (only S01, S10).
Validator imports no DB/network/exec library (pure function).
Non-bool gate ("true"/"false"/1/0/None/"True") always rejects INVALID_GATE_TYPE, 0 writes.
Guard 4 (delete_fast_guard) does NOT call Guard 1; both route through the shared _validate_target helper (separability preserved).

Reject-code dictionary (v2)

WRONG_DOT_CODE · UNKNOWN_MODE · MISSING_CHANNEL · FORBIDDEN_MANUAL_CHANNEL · UNKNOWN_CHANNEL · DIRECTUS_GENERIC_FORBIDDEN · MISSING_ACTOR · MISSING_RUN_ID · BAD_RUN_ID · PROD_DATA_COPY_FORBIDDEN · MISSING_OWNER_AUTH · MISSING_TARGET_SCHEMA · MALFORMED_SCHEMA_CHARS · PROTECTED_SCHEMA_TARGET · NON_ALLOWLIST_SCHEMA · SCHEMA_RUNID_MISMATCH · INVALID_GATE_TYPE · REAL_RUN_GATE_CLOSED · PROD_UNTOUCHED_FAIL · PROD_UNTOUCHED_UNKNOWN.