06 — JSON / PSQL SAFETY REVIEW

JSON

stg_json_escape escapes backslash, quote, newline, CR and tab. P1 applies it to every dynamic host-ledger field. stg_ledger jq-validates before append and exits 7 on malformed JSON. Sandbox IDs are regex constrained; drop-ledger fields are therefore inert.

Duplicate-key injection through owner is blocked by escaping rather than relying only on jq. Bad JSON fails closed.

psql interpolation

• intended :'sbx', :'operator', :'purpose', :'owner', :'ttl' substitutions occur outside dollar-quoted blocks;
• P5 query strings inside $$...$$ are intentionally static;
• P6 DO body does not assume psql interpolation inside dollar quotes;
• psql is invoked as explicit argv with ON_ERROR_STOP=1, no eval/sh -c/$* reparsing.

Raw static output

bash_n=8/8_OK
shellcheck_rc=0
registry_integrity=18/18
registry_rows=6 registry_valid=6
ledger_rows=12 ledger_valid=12

JSON forgery blocked: YES. psql interpolation assumptions safe: YES.