03 — PRIMITIVE REVIEW

P1 — sandbox create

Isolation/name guard and compensating drop are structurally sound. File-based psql plumbing fixes the heredoc issue. Blockers: shell command construction through $*, arbitrary TTL text, no automatic expiry engine, and misleading --force semantics (existing DB still causes CREATE DATABASE failure).

P2 — sandbox drop

Safe against dropping official/non-staging names: strict regex, active in-sandbox registry requirement, and defense-in-depth guard before DROP. Required hardening: record drop-attempt before execution and drop-success only after readback; store explicit retired tombstone state; add automated TTL scanner.

P3 — vocab build

Writes only inside the selected sandbox and registers its objects. It is invokable as planned. It loads valid fixtures only when row count is zero; a partial/noncanonical set is silently retained rather than rejected. Add an exact expected-set pre/postcondition.

P4 — verify

Not fail-closed. INVARIANT_FAIL is a SELECT result, not an exception. psql exits zero and the runner prints P4_DONE even when the sentinel row exists. It also does not require exactly the three expected operation codes. Convert invariant mismatch to a fatal exception and prove exact set/count/status.

P5 — bad-input harness

Blocking defect:

EXCEPTION WHEN OTHERS ... pass=(ex='reject')

Every case uses ex='reject', so any exception—wrong SQLSTATE, missing prerequisite, typo, or unrelated runtime error—is marked pass. Expected signals listed in the plan are never compared. The residue/bad-accepted checks are plain SELECTs and cannot make psql fail. The runner can print P5_DONE after a logically failed harness.

Required: per-case expected SQLSTATE/reject-code; exact comparison; uniqueness/count=9; fatal postcondition outside the evidence transaction.

P6 — evidence readback

Blocking false-PASS risk:

• digest is emitted before the overall gate;
• gate does not prove P4 ran or all rows are validated;
• gate does not require nine exact case identities/signals;
• orphan SELECT is not part of the gate;
• gate is a SELECT string, not an exception/exit code;
• runner unconditionally prints P6_DONE after SQL exits zero.

P6 must gate first on exact prerequisite ledger entries, exact validated vocab, exact test matrix, no unexpected acceptance, no orphan, and then emit digest/PASS. Any mismatch must exit nonzero and must not emit PASS/digest/seal.