10 - Public / Directus Route-to-2.6B Audit

Verdict: BYPASS_RISK_FAIL.

Current risks are visible and readiness-blocking: PUBLIC Execute open=35, writer/builder open=4, Directus owner-role DML open on 13 control tables. The no-bypass rows use (NOT guard.pass) IS NOT NULL, true for either boolean value. PUBLIC can execute builder and refresh, which mutate control-plane state without in-body authority checks. directus owns functions/views/tables. Current writer is blocked, but authority separation and no-bypass proof are invalid.