07 — P6 FALSE-PASS REVIEW

The R1 false-PASS path is substantially fixed: a fatal gate checks P3/P4/P5 ledger presence, 3 validated rows, 9/9 harness results, zero accepted, case-8 isolation=42P01, and zero registered-object drift before PASS/digest output.

Blocking R2 evidence defect

R2 explicitly requires the digest to cover verified C1 rows and harness rows. Current c1_digest() hashes only canonical_operation. The harness output is merely aggregated after the gate. Therefore the digest cannot authenticate the exact nine case expectations/outcomes/reject signals.

The gate and digest also run as separate statements/transactions, leaving a time-of-check/time-of-read interval.

Required fix: compute a deterministic digest over both canonical_operation and ordered c1_test_results fields (case_no, expectation, outcome, reject_code, sqlstate, pass), and perform gate + evidence ledger + digest/readback in one transaction or under appropriate locks. Emit no digest/P6_DONE on failure.