05 — P1 / PLAN / P2 CLEANUP REVIEW

Valid fixes

• P1 owns partial-create compensation; cleanup failure forces 70.
• plan gate requires CODEX_R3_PASS.
• strict mode/pipefail preserve stage failures.
• exit matrix produces nonzero for cleanup failure.
• DRY_RUN_OK is emitted only after P2 return zero and global staging DB count zero.
• R3-SELF-1 delayed arming closes the same-minute foreign-drop race.
• P2 records attempt before DROP and success after gone-readback.

Evidence hardening still required

P2 returns zero for an already-absent DB without a drop_success stamp. In the plan's owned-sandbox path, an unexpected disappearance can therefore be treated as cleanup success if global count is zero. Require the owned cleanup path to prove RETIRED_OK/drop_success, or use a distinct strict P2 mode. This is secondary to the upstream-stamp blocker but belongs in the same evidence repair.