08 — ATTACK SCENARIOS

Attack	Classification	Evidence
A1 P3 DONE before failed gate	refuted by evidence	gate70 < DONE85 < COMMIT86
A2 P4 DONE before failed gate	refuted by evidence	gate27 < DONE45 < COMMIT46
A3 P5 DONE before failed gate	refuted by evidence	gate54 < DONE68 < COMMIT69
A4 DONE but canonical set wrong	refuted by evidence	exact extra/missing checks
A5 count=3 but wrong codes	refuted by evidence	unexpected + missing gates
A6 P5 rows missing	refuted by evidence	total=9 and joined_n=9
A7 bad input accepted	refuted by evidence	accepted=0 + independent verdict
A8 P4_DONE but P4 evidence missing	confirmed and fix required	evidence hashed but never gated
A9 digest omits harness	refuted by evidence	harness serialization + MD5
A10 digest omits P4 evidence bytes	refuted, with caveat	bytes included; validity not proven (A8)
A11 digest omits stamp success semantics	confirmed and fix required	only op
A12 P6_DONE after partial upstream	refuted for normal execution	atomic upstream DONE + P6 gate transaction
A13 stamp says DONE without matching current-run proof	confirmed and fix required	EXISTS unscoped; any birth row satisfies mismatch query
A14 duplicate-key JSON forgery	refuted by evidence	escaping + jq fail-closed
A15 psql interpolation makes check inert	refuted by evidence	no quoted-variable assumption
A16 old CODEX_R3_PASS gate runs plan	refuted; live rc64	source requires R4
A17 hidden official write	refuted by evidence	sandbox-only targets + fresh official snapshot
A18 PASS with no upstream stamp at all	refuted by evidence	all three EXISTS required; current-run binding remains broken under A13

Blocking attacks: A8, A11, A13.