03 — P3/P4/P5 DONE ATOMICITY REVIEW

Raw VPS mechanical proof

sql/p3-vocab-build.sql BEGIN=10 GATE=70 DONE=85 COMMIT=86 pre_gate_commit=0
sql/p4-verify.sql BEGIN=9 GATE=27 DONE=45 COMMIT=46 pre_gate_commit=0
sql/p5-bad-input-harness.sql BEGIN=15 GATE=54 DONE=68 COMMIT=69 pre_gate_commit=0

For all three: BEGIN < GATE < DONE < COMMIT; no COMMIT exists between BEGIN and gate. ON_ERROR_STOP=1 means a gate RAISE stops before DONE/COMMIT, and PostgreSQL rolls back the open transaction.

Verdict

P3/P4/P5 DONE atomicity is safe: YES. Attacks A1–A3 are refuted by code ordering and transaction semantics.