C1 STAGING CODEX R2 REVIEW BEFORE DRY-RUN — INDEX

Session: C1-STAGING-CODEX-R2-REVIEW-2026-06-23 Date: 2026-06-23 Mode: read-only/static adversarial review; dry-run NOT executed; no sandbox created; no staging/code/official-runtime files modified.

Verdict

CODEX_HOLD_C1_STAGING_R2_NEEDS_FIXES_BEFORE_DRY_RUN

R1 fixes materially improve the lane: shell reparsing is removed, SBX JSON capture exists, P5 is exact/fatal, P6 has a fatal upstream gate, and TTL docs are honest. R2 cannot authorize execution because:

1. plan cleanup suppresses P2 failure and exits with the pre-cleanup status, including zero;
2. P1 can leave a live DB if it fails after successful metadata creation but before emitting SANDBOX_JSON, while the plan still has SBX empty;
3. P6 digest covers canonical_operation only, not harness rows as required;
4. P1 --force blind-drops any regex-matching existing DB without P2's active-registry guard;
5. remote-temp tracking is lost through command substitution, so claimed EXIT cleanup is ineffective on early failure.

Reports

01 context; 02 R1 fix verification; 03 code; 04 injection; 05 SBX; 06 P5; 07 P6; 08 plan/drop/TTL/runtime; 09 final verdict.