DOT_R2_B2 validator bad-input run v2 — superseding evidence (Macro-9B2)

Captured stdout of python3 run_validator_tests_v2.py (local, pure Python, no runtime touch, no DB I/O), 2026-06-20. EXIT=0.

This file SUPERSEDES dot-r2-b2-validator-test-run.txt (the rev1 37/37 evidence). It is the evidence for validator rev2, which closes all 7 Codex HOLD findings. It is local pure-validator evidence, NOT runtime proof — the DOT is not registered, not wired, not run; the runtime real-run gate is CLOSED. The owner_real_run_gate_open=True rows below are a LOCAL SIMULATION whose only purpose is to prove Guard 3 (production-untouched) is enforced before any write-intent; they emit write-INTENT strings only and execute nothing.

====================================================================================================
DOT_R2_B2_STAGING_SCHEMA_SHELL  rev2  --  BAD-INPUT VALIDATION RUN (local, no runtime touch)
Mission R2-B2-MACRO-9B2-DOT-VALIDATOR-CONTRACT-REMEDIATION-2026-06-20
====================================================================================================
ID    VERDICT DECISION WR  REJECT_CODES                       DESC
----------------------------------------------------------------------------------------------------
B01   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  target=public
B02   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  target=iu_core
B03   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  target=cutter_governance
B04   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  target=sandbox_tac
B05   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  target=information_schema
B06   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  target=pg_catalog
B07   PASS    REJECT  0   NON_ALLOWLIST_SCHEMA               non-allowlist 'scratch'
B08   PASS    REJECT  0   NON_ALLOWLIST_SCHEMA               prefix-only 'r2_b2_wb'
B09   PASS    REJECT  0   NON_ALLOWLIST_SCHEMA               malformed prefix 'r2b2wb_*'
B10   PASS    REJECT  0   NON_ALLOWLIST_SCHEMA               uppercase target
B11   PASS    REJECT  0   MALFORMED_SCHEMA_CHARS,NON_ALLOWL  SQL-injection in name
B12   PASS    REJECT  0   SCHEMA_RUNID_MISMATCH              prefix ok but not run-scoped
B13   PASS    REJECT  0   MISSING_TARGET_SCHEMA              empty target
B14   PASS    REJECT  0   MALFORMED_SCHEMA_CHARS,NON_ALLOWL  target trailing newline
B15   PASS    REJECT  0   MALFORMED_SCHEMA_CHARS,NON_ALLOWL  target carriage return
B16   PASS    REJECT  0   MALFORMED_SCHEMA_CHARS,NON_ALLOWL  target tab
B17   PASS    REJECT  0   MALFORMED_SCHEMA_CHARS,NON_ALLOWL  target leading space
B18   PASS    REJECT  0   MALFORMED_SCHEMA_CHARS,NON_ALLOWL  target trailing space
B19   PASS    REJECT  0   MALFORMED_SCHEMA_CHARS,NON_ALLOWL  target embedded NUL
B20   PASS    REJECT  0   MISSING_RUN_ID                     empty run_id
B21   PASS    REJECT  0   MISSING_RUN_ID                     missing run_id key
B22   PASS    REJECT  0   BAD_RUN_ID,SCHEMA_RUNID_MISMATCH   bad-format run_id
B23   PASS    REJECT  0   BAD_RUN_ID                         run_id trailing newline
B24   PASS    REJECT  0   BAD_RUN_ID                         run_id carriage return
B25   PASS    REJECT  0   BAD_RUN_ID                         run_id tab
B26   PASS    REJECT  0   MISSING_OWNER_AUTH                 empty owner_auth
B27   PASS    REJECT  0   MISSING_OWNER_AUTH                 missing owner_auth
B28   PASS    REJECT  0   UNKNOWN_MODE                       unknown mode
B29   PASS    REJECT  0   UNKNOWN_MODE                       missing mode
B30   PASS    REJECT  0   WRONG_DOT_CODE                     wrong dot_code
B31   PASS    REJECT  0   DIRECTUS_GENERIC_FORBIDDEN         use_directus_generic_create
B32   PASS    REJECT  0   FORBIDDEN_MANUAL_CHANNEL           channel=directus_generic
B33   PASS    REJECT  0   FORBIDDEN_MANUAL_CHANNEL           channel=psql
B34   PASS    REJECT  0   FORBIDDEN_MANUAL_CHANNEL           channel=manual_sql
B35   PASS    REJECT  0   FORBIDDEN_MANUAL_CHANNEL           channel=docker_exec_psql
B36   PASS    REJECT  0   FORBIDDEN_MANUAL_CHANNEL           channel=host_exec
B37   PASS    REJECT  0   UNKNOWN_CHANNEL                    unknown channel
B38   PASS    REJECT  0   MISSING_CHANNEL                    missing channel key
B39   PASS    REJECT  0   MISSING_CHANNEL                    blank channel
B40   PASS    REJECT  0   MISSING_ACTOR                      missing actor key
B41   PASS    REJECT  0   MISSING_ACTOR                      blank actor
B42   PASS    REJECT  0   MISSING_ACTOR                      whitespace actor
B43   PASS    REJECT  0   PROD_DATA_COPY_FORBIDDEN           copy_production_data=true
B44   PASS    REJECT  0   REAL_RUN_GATE_CLOSED               real_run default gate closed
B45   PASS    REJECT  0   REAL_RUN_GATE_CLOSED               teardown_real_run gate closed
B46   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  real_run target=public
B47   PASS    REJECT  0   PROTECTED_SCHEMA_TARGET,NON_ALLOW  teardown_real_run target=public
A01   PASS    ACCEPT  0   -                                  VALID validate_only
A02   PASS    ACCEPT  0   -                                  VALID dry_run_plan
A03   PASS    ACCEPT  0   -                                  VALID verify (no evidence)
A04   PASS    ACCEPT  0   -                                  VALID verify (PASS evidence)
A05   PASS    ACCEPT  0   -                                  VALID teardown_plan
----------------------------------------------------------------------------------------------------

====================================================================================================
REAL_RUN SIMULATION (local; gate passed only to PROVE Guard-3 enforcement; NO runtime write)
====================================================================================================
ID    GATE      VERDICT DEC     WR  G3_VERDICT/CODE            DESC
----------------------------------------------------------------------------------------------------
S01   True(bool) PASS    ACCEPT  8   PASS                       real_run gate=True(bool) + G3 PASS
S02   True(bool) PASS    REJECT  0   UNKNOWN                    real_run gate=True + G3 missing
S03   True(bool) PASS    REJECT  0   UNKNOWN                    real_run gate=True + G3 UNKNOWN
S04   True(bool) PASS    REJECT  0   FAIL                       real_run gate=True + G3 FAIL(drift)
S05   False(bool) PASS    REJECT  0   REAL_RUN_GATE_CLOSED       real_run gate=False(bool) + G3 PASS
S06   false(str) PASS    REJECT  0   INVALID_GATE_TYPE          real_run gate='false'(str)
S07   true(str) PASS    REJECT  0   INVALID_GATE_TYPE          real_run gate='true'(str)
S08   1(int)    PASS    REJECT  0   INVALID_GATE_TYPE          real_run gate=1(int)
S09   None(NoneType) PASS    REJECT  0   INVALID_GATE_TYPE          real_run gate=None
S10   True(bool) PASS    ACCEPT  1   PASS                       teardown_real_run gate=True + G3 PASS
S11   True(bool) PASS    REJECT  0   FAIL                       teardown_real_run gate=True + G3 FAIL
S12   False(bool) PASS    REJECT  0   REAL_RUN_GATE_CLOSED       teardown_real_run gate=False
----------------------------------------------------------------------------------------------------

====================================================================================================
META-ASSERTIONS
====================================================================================================
[OK] 1. ZERO fail-open (no invalid input accepted): 0 fail-open
[OK] 2. all expected-code / accept assertions matched: 0 mismatch
[OK] 3. no no-write mode emitted writes: 0 violation
[OK] 4. dry_run_plan = 1 CREATE SCHEMA + 7 CREATE TABLE (8 DDL strings), 0 writes
[OK] 5. write-intent emitted IFF gate is exactly bool True AND Guard-3 PASS (rows: S01,S10)
[OK] 6. validator no-DB/network/exec import (pure function): hits=none
[OK] 7. non-bool gate ('true'/'false'/1/0/None/'True') always rejects INVALID_GATE_TYPE, 0 writes
[OK] 8. Guard 4 (delete_fast_guard) does NOT call Guard 1; uses shared _validate_target
----------------------------------------------------------------------------------------------------
ROWS: 64  (MATRIX 52 + SIM 12)
FAIL-OPEN (invalid accepted): NONE
ASSERTION MISMATCHES: NONE
NO-WRITE VIOLATIONS: NONE

OVERALL: PASS -- fail-closed verified
====================================================================================================

Interpretation

0 fail-open: every one of the 52 bad-input cases rejects; the only ACCEPTed bad-input-matrix rows are the four no-write modes (validate_only / dry_run_plan / verify / teardown_plan) and each emits 0 writes.
Codex HOLD closure (each finding now has explicit rejecting cases): missing channel (B38) and blank channel (B39); missing/blank/whitespace actor (B40–B42); control/whitespace chars in target_schema (B14–B19) and run_id (B23–B25) via re.fullmatch + _has_forbidden_chars; strict-boolean gate (S06–S09 reject INVALID_GATE_TYPE; truthy "true" does NOT open the gate); Guard 3 enforced before any real-run write (S02–S04, S11 reject on UNKNOWN/FAIL); Guard 4 routed through the shared _validate_target helper, not Guard 1 (meta-assertion 8).
Guard 3 is real, not a plan: it consumes explicit before/after evidence and returns PASS/FAIL/UNKNOWN (verify mode A03/A04; simulation S01–S04, S10–S11).
write-intent appears IFF the gate is exactly boolean True AND Guard 3 == PASS AND every input is valid (meta-assertion 5: only S01 and S10). All other real-run rows emit 0 writes.
The validator imports no DB/network/exec library (meta-assertion 6) — it cannot mutate runtime. These rows are decision data; no DB, no DDL/DML, no schema, no registration, nothing executed.
Not universal-proof caveat: this is bounded adversarial evidence over the enumerated classes plus structural meta-assertions; it is engineering fail-closed evidence, NOT a proof of runtime safety and NOT Owner/authority approval. Runtime registration and real-run remain at REGISTRATION_HOLD / HOLD_FOR_OWNER_REAL_RUN.

Local scratch (not SSOT; execution only, no runtime touch): /tmp/m9b/validator_v2.py, /tmp/m9b/run_validator_tests_v2.py, /tmp/m9b/dot_r2_b2_validator_test_run_v2.txt.