10 — FINAL DECISION

Verdict

C1_STAGING_CODEX_R1_FIXES_READY_FOR_CODEX_R2 (self-review gate passed first: CLAUDE_CODEX_STYLE_SELF_REVIEW_PASS — see files 11–13)

All five Codex R1 blockers addressed

1. Injection ($*/sh -lc) → argv-safe psql, no shell reparse, TTL constrained, mktemp+trap. ✓
2. SBX propagation → P1 SANDBOX_JSON + reviewed jq-capture plan, no placeholder. ✓
3. P5 fail-open → exact-oracle, accepted=FAIL, FATAL gate 9/9·0fail·0accepted·residue=3. ✓
4. P6 false-PASS → FATAL gate before digest/PASS (upstream ledger + 3 validated + 9/9 + isolation + 0 orphan). ✓
5. TTL/cleanup → honest advisory model, typed expires_at, P2 attempt-then-success ledger. ✓ Plus Codex-required #3 (P4 fail-closed), P3 exact-set postcondition, P1 --force semantics.

Static / no-write validation

bash -n 8/8 OK; shellcheck CLEAN; injection grep clean (only quoted "$@"); guard self-tests 9/9; SQL dollar-quote/txn balanced; interval expr validated read-only; sha256 local==remote; registry self-consistent; registry+ledger valid JSONL.

Official runtime unchanged

BEFORE == AFTER == AFTER-AFTER on all metrics; staging_dbs=0; no sandbox; no dry-run.

Updated dry-run plan (exact)

C1_STAGING_DRY_RUN_CONFIRM=CODEX_R2_PASS \
  /opt/incomex/staging/c1/plan/c1-staging-fast-dry-run.plan.sh nmhuyen@gmail.com 24h
# P1(create→SANDBOX_JSON) → jq-capture SBX → P3 → P4 → P5 → P6 (tee evidence) → P2 via EXIT trap

Refuses to run without CODEX_R2_PASS. Each primitive is fail-closed; any nonzero aborts and the trap drops the sandbox; staging_dbs must return to 0.

Remaining blockers

• Codex R2 review has not been performed (this macro cannot self-authorize the dry-run).
• Exact runtime reject_code/SQLSTATE of the 9 P5 cases is statically derived + read-only-verified; final confirmation happens during the R2-gated dry-run (fails closed on any mismatch).

Gates

• ready for Codex R2 review: YES
• ready to run dry-run without Codex: NO
• ready for promotion: NO
• ready for production: NO