03 — CODE PATH INSPECTION

Fresh VPS inspection at 2026-06-23 08:54Z found all six executable runners, helper, six SQL files, plan, registry, ledger, README and ROLLBACK. bash -n=0; shellcheck=0. Registry has 6 valid JSONL rows; ledger has 7. Every recorded runner and SQL SHA-256 matches deployed content.

Key hashes:

• _common 1b2d13d0…
• P1 5af96529…
• P2 8118848c…
• P5 SQL 0658ba62…
• P6 SQL 189b9bcb…
• plan eec41b1c…

No hardcoded credential pattern and no executable APR-0415/quorum/dot-apr-approve/official-dot-bin path were found.

Static attack output

• plan without confirmation: rc=64; evidence directory absent before and after
• directus/postgres/semicolon/command-substitution/whitespace sandbox names: rc=4
• valid sandbox name: rc=0
• TTL 24h/7d/0h: rc=0; invalid 99x and 24h;id: rc=4
• P2 directus: rc=4
• P1 hostile sandbox name: rc=4
• staging DB count after tests: 0

No primitive write path or dry-run was executed.