02 — Hostile review matrix (35 rows)

Method per row: attack → evidence (file:line / command) → expected safe behavior → actual → verdict. All file:line refer to the artifacts at /opt/incomex/staging/c1/. Post-fix state.

#	Concern	Evidence	Verdict
1	injection / sh -c / -lc / eval / $* / unsafe "$@"	_common.sh invokes psql as explicit argv; injection grep → only comment hits; live A1/A2 exit 4	PASS
2	sandbox_id validation	STG_SANDBOX_RE='^c1_staging_[0-9]{8}_[0-9]{4}$' _common.sh:26; stg_assert_sandbox_name asserted before any DB op in every bin	PASS
3	sandbox_db derived from sandbox_id	create:87 SANDBOX_JSON both fields = $SBX; p1a:4 CREATE DATABASE :"sbx"; plan verifies PARSED_DB==CAND	PASS
4	P1 partial failure cleanup	create:42-58 P1_CREATED_DB arms trap; compensating drop; exit 70 on cleanup fail	PASS
5	created=true/JSON only after postconditions	create:84-88 JSON then P1_DONE=1 after orphan-check+ledger	PASS
6	P1 --force disabled / provenance-safe	create:29 --force→stg_die 4; live A8 exit 4	PASS
7	SBX propagation P1→P3..P6/P2	plan passes --sandbox-id "$SBX" to every stage; cleanup uses $SBX	PASS
8	plan requires CODEX_R3_PASS	plan:45 gate != CODEX_R3_PASS → exit 64	PASS
9	plan exit-code matrix (4 combos)	plan rc/cleanup_rc matrix; DRY_RUN_OK only when both 0	PASS
10	P2 failure cannot be swallowed	cleanup_rc 86 (drop fail) / 87 (residual) force nonzero	PASS
11	P2 cannot drop non-staging DB	drop:14 + _common.sh:108 re-assert name; live A7 exit 4 (directus/postgres/template1)	PASS
12	P3 exact valid C1 set postcondition	p3:72-79 FATAL gate count=3 + exact set	PASS
13	P4 fail-closed verification	p4:35-36 nvalid=3 else RAISE → psql exit	PASS
14	P5 exact bad-input oracle	p5:33 pass = exact reject_code OR SQLSTATE match	PASS
15	P5 invalid accepted ⇒ FAIL	p5:26-29 accepted → pass=false	PASS
16	P5 unexpected exception ⇒ FAIL	p5:30-35 non-matching rc/state → pass=false	PASS
17	P5 aggregate 9/9 pass, 0 fail, 0 accepted	p5:63-67 FATAL gate; residue=3	PASS
18	P6 gate requires P3/P4/P5 done	p6:49-54 ledger-evidence checks	PASS
19	P6 digest includes canonical rows	p6:26-27,33 vocab_md5	PASS
20	P6 digest includes P5 harness rows	p6:29-30,35 harness_md5 over c1_test_results	PASS
21	P6 cannot emit digest/DONE on partial upstream	p6:43-87 single SHARE-locked txn; ON_ERROR_STOP aborts before COMMIT; bin echoes P6_DONE only on exit 0	PASS
22	official-write isolation proof	p5:48 case 8 INSERT dot_tools (in-sandbox) → 42P01; p6:65-66 gate requires it	PASS
23	invalid residue check	p5:62,67 residue=3 (rejected rows rolled back per-case)	PASS
24	DOT stamp / staging ledger / evidence consistency	registry 6/6 sha256 match; ledger seq 1-10 valid; per-phase sbx_meta stamps	PASS
25	no official runtime write path	every db target = $SBX or postgres (maint), never directus; before==after	PASS
26	no official registry write path	registry is staging JSONL; no INSERT to dot_tools; official_runtime=false all rows	PASS
27	no APR-0415/quorum/dot-apr-approve path	grep → NO_APR_QUORUM_PROMOTION_PATH	PASS
28	no hardcoded secrets/tokens	secrets grep → NO_SECRETS_FOUND	PASS
29	no dangerous host/path assumption	container fixed postgres; user via printenv POSTGRES_USER; in-container mktemp	PASS
30	TTL honesty (advisory unless real timer)	README §TTL + ROLLBACK §B: advisory/manual, no cron/systemd/timer	PASS
31	cleanup/rollback docs exact	ROLLBACK.md A–E match code	PASS
32	official runtime before==after	file 07: data-identical snapshots	PASS
33	staging_DBs remains 0	snapshots + post-guard-test = 0	PASS
34	dry-run not executed	no P1→P2 chain run; gate intact; staging_DBs=0	PASS
35	KB evidence readback	this package uploaded + batch_read from AgentData	PASS

Result: 35/35 PASS (after fixing R3-SELF-1, see file 08). Pre-fix, rows 7/9/10/11 carried the R3-SELF-1 concern at the plan cleanup-target level (HOLD on row 7/11 boundary); the fix resolved it.