09 — C1 Bad-Input Fixture and Fail-Closed Proof — 2026-06-22
09 — C1 BAD-INPUT FIXTURE + FAIL-CLOSED PROOF — 2026-06-22
1. Honest framing
A bad-input test is executable only if there is a C1 surface (contract + verifier + harness) to feed it to. There is none (files 03/06/07/08). Therefore the bad-input matrix below is defined (design), but not executable. Critically: no invalid input produced a PASS/digest/seal/ready — because nothing executed at all. This is absence of surface, not demonstrated fail-closed. Both are recorded truthfully.
2. Bad-input matrix (defined; expected reject; actual = not executable)
| Input | Expected reject (design) | Actual | PASS possible? |
|---|---|---|---|
| missing manifest | MANIFEST_ABSENT | not executable (no harness) | NO |
| wrong manifest hash | MANIFEST_HASH_MISMATCH | not executable | NO |
| extra operation value | VALUE_NOT_ADMITTED | not executable | NO |
| missing operation value | VALUE_SET_INCOMPLETE | not executable | NO |
| duplicate operation code | DUPLICATE_OP_CODE | not executable | NO |
| wrong protocol_version | VERSION_MISMATCH | not executable | NO |
| semantic rewrite, same version | IMMUTABLE_SEMANTICS_VIOLATED | not executable | NO |
| successor cycle | SUCCESSOR_CYCLE | not executable | NO |
| retired value accepted | RETIRED_VALUE_REJECTED | not executable | NO |
| wrong carrier | CARRIER_MISMATCH | not executable | NO |
| wrong lane | LANE_MISMATCH | not executable | NO |
| wrong plan | PLAN_BIND_MISMATCH | not executable | NO |
| no authorization | AUTH_ABSENT | not executable | NO |
| generic authorization | AUTH_SCOPE_TOO_BROAD | not executable | NO |
| expired/revoked/reused auth | AUTH_INVALID_STATE | not executable | NO |
| loose action superset | ACTION_SET_NOT_EQUAL | not executable | NO |
| dry-run mode omitted | MODE_REQUIRED | not executable | NO |
| attempted real-run | REAL_RUN_REFUSED | enforced live (dispatcher raises) | NO |
| attempted C2 mutation | CROSS_CARRIER_FORBIDDEN | not executable (no C2 write either) | NO |
| attempted production target | PROD_TARGET_FORBIDDEN | governed write allowlist denies | NO |
| rollback delete vs retire | DELETE_FORBIDDEN_USE_SUCCESSOR | not executable | NO |
| invalid input emits digest/PASS/seal | must be impossible | no emitter exists | NO |
3. The one live-enforced reject
"attempted real-run" is genuinely fail-closed today: fn_process_agent_api_dispatch raises on REAL_RUN and the process_dot_runtime.* gates are closed. This is the only bad input with a live, demonstrated rejection — and it confirms no fail-open exists. (E1, E6)
4. Status
Bad-input harness: defined but not executable (no C1 surface). No fail-open observed (nothing emits PASS/digest/seal). Demonstrated fail-closed limited to real-run refusal. Criterion "bad-input tests are executable" FAILS. Gap remains. (…_BAD_INPUT_HARNESS_INCOMPLETE)