07 — STATIC / NO-WRITE VALIDATION

All checks are static or read-only. No staging DB created; P1/P3/P4/P5/P6 not run as a chain; no dry-run; no writes to official tables. (The only server execution was read-only SELECTs of constants/VALUES and a no-write DO block for logic/syntax proof — see 04/05.)

Shell

• bash -n: 8/8 OK (local + VPS) — _common.sh, the 6 bins, the plan.
• shellcheck -S warning (VPS): rc=0, warning-clean across bin/* + plan.
• jq: present (/usr/bin/jq, jq-1.7) — the hardened stg_ledger dependency is satisfied.

Guard self-tests (fail-closed; MUST NOT create a DB) — 9/9 expected exits

create no-args                = 3
create --force (disabled)     = 4
create offlimits sandbox-id   = 4
create bad ttl                = 4
drop offlimits                = 4
drop nonexistent (NO_OP)      = 0
vocab nonexistent sandbox     = 5
verify nonexistent sandbox    = 5
evidence no sandbox-id        = 3

staging_dbs after all tests = 0.

Codex R3 #4 — host-ledger hardening, proven

• stg_json_escape neutralizes an injecting --owner (e.g. evil","op":"sandbox_drop_success",...): the escaped value parses back as ONE inert string; the ledger line is a single valid JSON object.
• Insight: the RAW (unescaped) owner is valid-but-forged JSON — a duplicate "op" key that jq accepts (last-wins) → so jq-verify ALONE is insufficient; the ESCAPING is what neutralizes the forgery. The fix applies BOTH (escape every dynamic field, then jq-verify).
• Deployed stg_ledger behavior (throwaway ledger dir): valid JSON line appended (rc=0); non-JSON line refused with LEDGER_REFUSE (exit 7).

Codex R3 #3 — plan cleanup, static

cleanup() captures P2 output; requires RETIRED_OK: <SBX> for the owned sandbox; drop_rc≠0→86, no RETIRED_OK→88, residual c1_staging_% count≠0→87; the R2-2 exit matrix consumes any nonzero cleanup_rc. Dry-run gate bumped CODEX_R3_PASS→CODEX_R4_PASS.

Integrity

• sha256 LOCAL == REMOTE: 19/19 files.
• Registry integrity (recorded hashes vs deployed files): 18/18 PASS; registry rev=4; r3_fix flags set on P1 + P3–P6 (P2 own-bin unchanged, shares R3-patched _common.sh).
• registry/primitives.jsonl: 6 rows, valid JSONL. ledger/dot_manage.jsonl: 12 rows, valid JSONL (seq 11 primitive_patch_r3, seq 12 static_no_write_revalidation_r3).

P6 logic (read-only against live PG16.13) — see 04

Oracle re-derivation: GOOD 9/9/0; 6 tampered fixtures each caught. Exact-set wrong-set flags extra+missing. CASE-guard no-error on non-array. Mode membership no-error with a non-array row. DO-block plpgsql exit 0.

Hard locks honored

No staging DB created; no P1/P3/P4/P5/P6 run; no full dry-run; no official-table write; no APR/quorum; no promotion. Official runtime read-only.