Macro-9B2 — DOT Validator / Contract Remediation After Codex HOLD — Report (2026-06-20)
Macro-9B2 — DOT Validator / Contract Remediation After Codex HOLD — Execution Report
Mission: R2-B2-MACRO-9B2-DOT-VALIDATOR-CONTRACT-REMEDIATION-2026-06-20 Type: KB/code-artifact-only remediation of the Macro-9B DOT validator/contract/test package after Codex returned HOLD. Fixes the engineering validator/contract/test evidence only. Date: 2026-06-20. Authorizes nothing. Engineering PASS ≠ Owner authority PASS. Default = HOLD.
No runtime mutation · no DOT registration · no DOT execution · no schema/table/collection creation · no runtime gate flip · no Owner decision · no Macro-9A build · no Macro-9C real-run. All work was: read KB docs, patch KB code/spec docs, run a pure local Python validator (no DB I/O), create superseding evidence, repoint admission/index/report, write this report.
STATUS
PASS_WITH_CAVEATS (engineering) · REGISTRATION_HOLD · HOLD_FOR_OWNER_REAL_RUN · authority NOT_OWNER_AUTHORIZED.
All 7 Codex HOLD findings are closed in the validator (rev2) and reflected in the contracts (rev2) and matrix (rev2). The corrected validator was run locally as a pure function (no DB I/O): 64/64 PASS, 0 fail-open (52 bad-input/no-write + 12 real_run simulation rows + 8 structural meta-assertions). The KB validator artifact was read back in full and is character-identical to the tested source.
Caveats: (C-1) this is local pure-validator evidence, NOT runtime proof — the DOT remains unregistered/unwired/ungated. (C-2) Guard 3 verifies supplied before/after evidence; it is not a live runtime drift proof — the runtime must gather true snapshots. (C-3) the 64-case suite is bounded adversarial coverage of the enumerated classes plus structural meta-assertions, not a universal proof. (C-4) runtime hardening GAPS 2/3/4 (generic directus schema-create; no isolated DOT-executor role; generic Directus create not policy-blocked) remain OPEN and out of scope.
CODEX HOLD CLOSURE
| Codex issue | Fix | Evidence | Verdict |
|---|---|---|---|
1. Missing channel accepted |
router requires non-empty governed channel → MISSING_CHANNEL |
matrix B38 (missing key), B39 (blank) | CLOSED |
2. Missing/blank actor accepted |
router requires non-empty actor → MISSING_ACTOR |
matrix B40 (missing), B41 (blank), B42 (whitespace) | CLOSED |
3. match(...$) accepts trailing-newline schema/run_id |
re.fullmatch (no $) + _has_forbidden_chars reject whitespace/control |
matrix B14–B19 (schema \n,\r,\t,spaces,NUL), B23–B25 (run_id \n,\r,\t) | CLOSED |
4. Gate uses truthiness; "false" could open |
gate must be exactly boolean True; any non-bool → INVALID_GATE_TYPE (no truthiness) |
sim S06 "false", S07 "true", S08 1, S09 None; meta-assertion 7 ("True"/0 too) |
CLOSED |
| 5. Guard 3 plan-only, not enforced in real_run | Guard 3 is an executable verdict (PASS/FAIL/UNKNOWN); real_run requires PASS before any write-intent | sim S01 (PASS→write), S02/S03 (UNKNOWN→reject), S04 (FAIL→reject), S10/S11 (teardown) | CLOSED |
| 6. Guard 4 directly calls Guard 1 | both Guard 1 and Guard 4 call a shared pure _validate_target helper; neither calls the other |
meta-assertion 8 (allowlist_guard absent from delete_fast_guard source) |
CLOSED |
| 7. 37/37 not universal fail-open proof | expanded to 64 cases + 8 structural meta-assertions; framed as bounded engineering evidence, not runtime proof; supersedes rev1 | dot-r2-b2-validator-test-run-v2.txt; evidence/caveats above |
CLOSED (bounded) |
PATCHED ARTIFACTS
| Artifact | Rev before | Rev after | content_length |
|---|---|---|---|
specs/dot-r2-b2-staging-schema-shell.validator.py |
1 | 2 | 14415 |
specs/dot-r2-b2-staging-schema-shell.contract.md |
1 | 2 | 12095 |
specs/dot-schema-write-guards.contract.md |
1 | 2 | 11333 |
specs/dot-r2-b2-bad-input-matrix.md |
1 | 2 | 8971 |
specs/dot-r2-b2-validator-test-run.txt (rev1 evidence; SUPERSEDED banner) |
1 | 2 | 4881 |
specs/dot-r2-b2-validator-test-run-v2.txt (NEW, superseding) |
— | 1 | 10292 |
admission/dot-r2-b2-staging-schema-shell-birth-admission-2026-06-19.md |
1 | 9 | 19500 |
reports/macro9b-dot-staging-schema-path-artifact-index-2026-06-19.md |
2 | 4 | 4739 |
reports/macro9b-dot-staging-schema-path-author-harden-report-2026-06-19.md |
2 | 6 | 21001 |
reports/macro9b2-…-remediation-report-2026-06-20.md (this report) |
— | 1 | (self) |
0 substrate mutations. All mutations are KB documents.
VALIDATOR SEMANTICS
| Rule | Enforced? | Evidence |
|---|---|---|
dot_code must equal DOT_CODE |
yes → WRONG_DOT_CODE |
B30 |
| mode ∈ 6 modes | yes → UNKNOWN_MODE |
B28–B29 |
channel required + governed |
yes → MISSING_CHANNEL/FORBIDDEN_MANUAL_CHANNEL/UNKNOWN_CHANNEL |
B31–B39 |
actor required (non-empty) |
yes → MISSING_ACTOR |
B40–B42 |
run_id strict full-string, no control chars |
yes → MISSING_RUN_ID/BAD_RUN_ID (re.fullmatch+_has_forbidden_chars) |
B20–B25 |
owner_authorization_ref required |
yes → MISSING_OWNER_AUTH |
B26–B27 |
target_schema strict allowlist (re.fullmatch), no control chars, embeds run_id, not protected |
yes → MISSING_TARGET_SCHEMA/MALFORMED_SCHEMA_CHARS/NON_ALLOWLIST_SCHEMA/SCHEMA_RUNID_MISMATCH/PROTECTED_SCHEMA_TARGET |
B01–B19 |
| no prod-data copy / no Directus generic create | yes → PROD_DATA_COPY_FORBIDDEN/DIRECTUS_GENERIC_FORBIDDEN |
B43, B31 |
| gate exactly boolean True (no truthiness) | yes → INVALID_GATE_TYPE (non-bool) / REAL_RUN_GATE_CLOSED (bool False) |
S05–S09, meta 7 |
| Guard 3 PASS required before any real-run write-intent | yes → PROD_UNTOUCHED_FAIL/PROD_UNTOUCHED_UNKNOWN |
S01–S04, S10–S11 |
| Guard 4 separable (no call to Guard 1) | yes (shared _validate_target helper) |
meta-assertion 8 |
| fail-closed: accept iff zero reject codes | yes (default deny) | 0 fail-open across 64 rows |
| pure function, no DB/network/exec | yes | meta-assertion 6 (no forbidden imports) |
| no no-write mode emits writes | yes | meta-assertion 3 |
| write-intent appears IFF gate True AND Guard 3 PASS | yes | meta-assertion 5 (only S01, S10) |
BAD-INPUT MATRIX V2
| Test class | Count | Verdict |
|---|---|---|
| Protected-schema targets (B01–B06) | 6 | all reject |
| Non-allowlist / mismatch / missing target (B07–B13) | 7 | all reject |
| Control/whitespace chars in target_schema (B14–B19) | 6 | all reject |
| run_id missing/bad/control-char (B20–B25) | 6 | all reject |
| owner-auth missing/empty (B26–B27) | 2 | all reject |
| mode / dot_code (B28–B30) | 3 | all reject |
| Channel forbidden/unknown/missing (B31–B39) | 9 | all reject |
| Actor missing/blank/whitespace (B40–B42) | 3 | all reject |
| Prod-data copy (B43) | 1 | reject |
| Real-run default gate closed (B44–B47) | 4 | all reject |
| Valid no-write accepts (A01–A05) | 5 | all accept, 0 writes |
| Bad-input/no-write subtotal | 52 | 0 fail-open |
| Real-run simulation (S01–S12) | 12 | see below |
| TOTAL | 64 | 64/64 PASS, 0 fail-open |
REAL_RUN SIMULATION
The gate (
owner_real_run_gate_open) is a separate authority argument passed only in this LOCAL simulation to prove Guard 3 enforcement. Write-intent strings are emitted only when gate is exactly boolean True AND Guard 3 == PASS; nothing is executed.
| Case | Gate type/value | Guard 3 verdict | Expected | Actual | Verdict |
|---|---|---|---|---|---|
| S01 real_run | True (bool) |
PASS (before==after) | accept; 8 write-intent | accept; 8 write-intent | PASS |
| S02 real_run | True (bool) |
UNKNOWN (no evidence) | reject PROD_UNTOUCHED_UNKNOWN |
reject; 0 writes | PASS |
| S03 real_run | True (bool) |
UNKNOWN (incomplete) | reject PROD_UNTOUCHED_UNKNOWN |
reject; 0 writes | PASS |
| S04 real_run | True (bool) |
FAIL (drift) | reject PROD_UNTOUCHED_FAIL |
reject; 0 writes | PASS |
| S05 real_run | False (bool) |
PASS | reject REAL_RUN_GATE_CLOSED |
reject; 0 writes | PASS |
| S06 real_run | "false" (str) |
PASS | reject INVALID_GATE_TYPE |
reject; 0 writes | PASS |
| S07 real_run | "true" (str) |
PASS | reject INVALID_GATE_TYPE |
reject; 0 writes | PASS |
| S08 real_run | 1 (int) |
PASS | reject INVALID_GATE_TYPE |
reject; 0 writes | PASS |
| S09 real_run | None |
PASS | reject INVALID_GATE_TYPE |
reject; 0 writes | PASS |
| S10 teardown_real_run | True (bool) |
PASS | accept; 1 write-intent (DROP) | accept; 1 write-intent | PASS |
| S11 teardown_real_run | True (bool) |
FAIL (drift) | reject PROD_UNTOUCHED_FAIL |
reject; 0 writes | PASS |
| S12 teardown_real_run | False (bool) |
PASS | reject REAL_RUN_GATE_CLOSED |
reject; 0 writes | PASS |
Answer to mission D3's open question ("real_run with Guard 3 PASS and gate true must still be HOLD unless explicitly allowed by test mode?"): at the validator/engineering layer, gate=bool True + Guard 3 PASS + valid inputs correctly yields write-INTENT (S01/S10) — that is the proof the gate logic works. At the runtime/authority layer this remains HOLD: the real runtime gate is CLOSED (REAL_RUN_GATE_CLOSED by default), no Owner authorization exists, and nothing is executed. The simulation forces the gate boolean True only in-memory to exercise the branch; it is not a runtime open.
NON-AUTHORIZATION
| Forbidden action | Result |
|---|---|
| DB write | none |
| DDL / DML | none |
dot_tools write / registration |
none |
dot_config write / gate flip |
none |
law_dot_enforcement write |
none |
dot_agent_api_contract write/binding |
none |
governance_object_ownership write |
none |
| DOT execution | none (pure local validator only) |
| Directus mutation | none |
| Schema / table / collection creation | none |
| Runtime gate flip | none |
| Owner authority claim | none |
| Macro-9A build | none (still NO-GO) |
| Macro-9C real-run | none (not launched) |
dot_operator_catalog / collection_operator_catalog / future governance collections |
none (candidate-on-paper only) |
| KB mutations made | 6 patched + 2 created (validator-test-run-v2 + this report); 0 substrate mutations |
This macro made zero runtime calls of any kind — it did not even read the live substrate; it operated only on KB documents and a local pure-Python validator.
SELF-CHECK
| # | Check | Result |
|---|---|---|
| SC1 | All Codex HOLD issues addressed | ✅ 7/7 closed |
| SC2 | Missing channel rejects | ✅ B38–B39 |
| SC3 | Missing/blank actor rejects | ✅ B40–B42 |
| SC4 | Trailing newline/control chars reject for schema & run_id | ✅ B14–B19, B23–B25 |
| SC5 | gate_open only accepts exact boolean True | ✅ S06–S09, meta 7 |
| SC6 | real_run requires Guard 3 PASS | ✅ S01 vs S02–S04 |
| SC7 | Guard 3 FAIL/UNKNOWN/missing rejects | ✅ S02–S04, S11 |
| SC8 | Guard 4 no longer directly depends on Guard 1 | ✅ meta 8 (shared _validate_target) |
| SC9 | Expanded matrix run | ✅ 64 cases + 8 meta-assertions |
| SC10 | 0 fail-open | ✅ |
| SC11 | No runtime mutation | ✅ 0 runtime calls |
| SC12 | New evidence supersedes old 37/37 | ✅ v2 evidence + rev1 banner |
| SC13 | Admission/index/report repointed to superseding evidence | ✅ all 3 patched |
| SC14 | Report read back | ✅ (read-back recorded below) |
NEXT ACTION
- Codex re-review of the corrected package only (validator rev2 + contracts rev2 + matrix rev2 + v2 evidence + admission record). Do not bundle Macro-9A or any new build.
- If accepted, Owner decides the separate DOT-registration path (resolve
REGISTRATION_HOLD) — through an authorized DOT-registration path, never by hand. - Before any real_run (resolve
HOLD_FOR_OWNER_REAL_RUN): close hardening GAPS 2/3/4, open the runtime execute gate explicitly, fresh read-only preflight, prove SB-4 no-prod-touch + delete-fast. - Do NOT build the schema, register the DOT, run Macro-9A, or launch Macro-9C automatically.
READY FOR CODEX RE-REVIEW
yes — the 7 Codex HOLD findings are closed at the engineering layer; the corrected validator is fail-closed (64/64, 0 fail-open) as a pure local function; all overclaims (Guard 3 proof, universal fail-closed) were corrected in the contracts and evidence; runtime registration and real-run remain explicitly held. This is engineering remediation only; authority and runtime states are unchanged.
End of Macro-9B2 remediation report. Engineering PASS ≠ Owner authority PASS. Default HOLD.