09 — P6 Bad-Input Fail-Closed Results — 2026-06-22
09 — P6 Bad-Input Fail-Closed Results — 2026-06-22
Adversarial inputs were run live against the governed dispatcher (fn_process_agent_api_dispatch, write_observation=false, non-mutating). Each refused with no PASS/digest/seal.
A. Cases reachable at the live route — EXECUTED
| # | Bad input | Expected reject | Actual result | PASS possible? |
|---|---|---|---|---|
| 1 | mode = REAL_RUN |
refuse real-run | ERROR: dispatch refused: REAL_RUN not permitted by this dispatcher |
NO |
| 2 | mode = FOO_MODE (invalid) |
refuse invalid mode | ERROR: dispatch refused: invalid mode FOO_MODE |
NO |
| 3 | correlation_id = '' (empty) |
refuse missing id | ERROR: dispatch refused: missing correlation_id |
NO |
| 4 | dot_code = DOT_NONEXISTENT_XYZ |
refuse unknown | ERROR: dispatch refused: no agent_api contract for DOT_NONEXISTENT_XYZ |
NO |
| 5 | dot_code = DOT_C1_VOCAB_BUILD (unregistered) |
refuse unregistered C1 | ERROR: dispatch refused: no agent_api contract for DOT_C1_VOCAB_BUILD |
NO |
| ctrl | DOT_KG_EXPLAIN PLAN_ONLY (valid) |
validate | validated:true |
(valid control) |
Additional dispatcher guards present in source (would refuse if reached): runtime not dry-run-only ⇒ refuse; contract missing fixture_ref ⇒ refuse; output_namespace not DRYRUN-NS:% ⇒ refuse; DRY_RUN with NULL endpoint_ref ⇒ refuse.
B. Cases NOT reachable because the C1 surface is absent — documented (no-PASS-possible)
These adversarial inputs (from the macro's bad-input list) require a registered C1 surface to even submit; with dot_c1=0/c1_contracts=0 they cannot reach an evaluator, so they cannot produce a PASS either: missing/extra/duplicate vocab value, wrong protocol_version, semantic rewrite of write-once row, wrong carrier/lane/plan, generic/expired/revoked/reused authorization, loose action superset, attempted production target, attempted C2 mutation, rollback-delete-instead-of-retire. Each is "no surface ⇒ no PASS", which is fail-closed-by-absence — distinct from a demonstrated fail-closed evaluator (which requires the registered C1 harness from P3).
Result
No invalid input produced a PASS, digest, or seal. The live governed route is fail-closed on every reachable dimension; the unreachable dimensions cannot pass either. GOVERNED_C1_DRYRUN_REJECT_BAD_INPUT_FAIL_OPEN did NOT fire. The macro's note stands: a fully-demonstrated C1 bad-input harness (vs. dispatcher-level + absence) is only possible once the C1 surface is registered (operator action).