{ "doc": "fix7-p0-production-bad-input-design", "date": "2026-06-12", "design_note": "Required bad-input classes designed AND exercised by a PURELY LOCAL/STATIC harness (production_bad_input_probes.py). No production bad input was sent to any live system.", "table_D_classes": [ { "class": "production run without production authorization", "probe": "P1_PROD_RUN_NO_AUTH", "expected": "BLOCK, no PRODUCTION_PASS" }, { "class": "REAL_RUN without grant", "probe": "P2_REAL_RUN_NO_GRANT", "expected": "BLOCK" }, { "class": "QT001/apply without grant", "probe": "P3_QT001_APPLY_NO_GRANT", "expected": "BLOCK" }, { "class": "cutover without grant", "probe": "P4_CUTOVER_NO_GRANT", "expected": "BLOCK" }, { "class": "missing rollback proof", "probe": "P5_MISSING_ROLLBACK_PROOF", "expected": "BLOCK" }, { "class": "ambiguous production target", "probe": "P6_AMBIGUOUS_TARGET", "expected": "BLOCK" }, { "class": "CI deploy trigger without production gate", "probe": "P7_CI_DEPLOY_NO_GATE", "expected": "BLOCK" }, { "class": "secrets change request", "probe": "P8_SECRETS_CHANGE", "expected": "BLOCK" }, { "class": "production PASS emitted despite blocked gate", "probe": "P9_PROD_PASS_DESPITE_BLOCK", "expected": "BLOCK, token never leaked" } ], "harness": "production_bad_input_probes.py", "harness_scope": "PURELY_LOCAL_STATIC_NO_PRODUCTION_CONTACT", "result": { "doc": "fix7-p0-production-bad-input-probes", "date": "2026-06-12", "harness_scope": "PURELY_LOCAL_STATIC_NO_PRODUCTION_CONTACT", "probe_count": 9, "blocked_count": 9, "any_fail_open": false, "production_token_leaked": false, "results": [ { "id": "P1_PROD_RUN_NO_AUTH", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "production rollback/snapshot-restore NOT proven", "missing required grant(s): PRODUCTION_EXECUTION_OPT4,PROD_ROLLBACK_PROVEN" ] }, { "id": "P2_REAL_RUN_NO_GRANT", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "missing required grant(s): REAL_RUN" ] }, { "id": "P3_QT001_APPLY_NO_GRANT", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "production rollback/snapshot-restore NOT proven", "missing required grant(s): QT001_APPLY" ] }, { "id": "P4_CUTOVER_NO_GRANT", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "production rollback/snapshot-restore NOT proven", "missing required grant(s): CUTOVER" ] }, { "id": "P5_MISSING_ROLLBACK_PROOF", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "production rollback/snapshot-restore NOT proven", "missing required grant(s): PRODUCTION_EXECUTION_OPT4,PROD_ROLLBACK_PROVEN" ] }, { "id": "P6_AMBIGUOUS_TARGET", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "ambiguous/missing production target", "production rollback/snapshot-restore NOT proven", "missing required grant(s): PRODUCTION_EXECUTION_OPT4,PROD_ROLLBACK_PROVEN" ] }, { "id": "P7_CI_DEPLOY_NO_GATE", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "CI deploy lacks production gate", "missing required grant(s): CI_DEPLOY_PRODUCTION" ] }, { "id": "P8_SECRETS_CHANGE", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "missing required grant(s): SECRETS_CHANGE" ] }, { "id": "P9_PROD_PASS_DESPITE_BLOCK", "verdict": "BLOCK_FORBIDDEN_PRODUCTION_ACTION", "allow": false, "token": null, "fail_open": false, "reasons": [ "production rollback/snapshot-restore NOT proven", "missing required grant(s): QT001_APPLY" ] } ], "verdict": "ALL_FAIL_CLOSED" }, "production_mutation": false }