05 — SBX PROPAGATION REVIEW

Normal success propagation is correct:

• P1 emits final SANDBOX_JSON with sandbox_id=sandbox_db.
• plan extracts with jq, rejects null, validates regex and equality.
• P3/P4/P5/P6 and P2 consume the captured SBX.
• no executable placeholder remains.

Blocking partial-create case

The plan assigns SBX only after P1 exits successfully:

P1_OUT="$(dot-staging-sandbox-create ...)"
SBX="$(...jq...)"

P1 creates and initializes the DB before its orphan check, durable ledger append, and final JSON. If any of those post-create operations fails, P1 exits nonzero; assignment does not complete; plan EXIT trap sees SBX empty and cannot call P2. This fails attack A4.

Required fix: either have P1 arm its own compensating EXIT trap immediately after CREATE and disarm only after final successful output, or preselect/pass a validated sandbox ID from the plan so cleanup knows the target before invoking P1. Preserve P1 internal provenance checks.