06 - Exact Signoff Audit

Verdict: SIGNOFF_SPOOF_RISK.

Checksum, collection, tier, SAFE binding verdict, evidence, expiry, and superseded flags are checked. Fatal gaps: no plan_id or plan_version input; only reviewer_type, not reviewer identity/authority; OTHER passes; binding verdict/evidence/expiry are not proven consistent with joined review; no binding FK to review or plan; Directus full DML on both signoff tables.

Read-only proof: arbitrary_other_type_passes=true; no_plan_id_or_version_input_passes=true. Current bindings=0 and apply candidates unsigned=13.