Duration semantics (e.g., "> 0.90 continuously for >=5s").
Hysteresis / exit criteria (e.g., "<0.70 for >=120s").
Fail if: any gate says "high/low/stale/degraded" without numerical or boolean criteria.
2.2 Gate Effect
Gate outcome is explicit: Active / ReduceOnly / Kill.
Dispatch constraints explicitly stated when relevant:
Disk Kill: no dispatch including close/hedge/cancel
Kill containment: allowed only if eligible, else hard-stop
Reason codes split: what goes in mode_reasons vs open_permission_reason_codes (and explicit exclusions).
Fail if: effect is described with narrative words ("should block opens") but not with TradingMode and dispatch rules.
2.3 Precedence & Chokepoint Enforcement
Every gate participates in a single precedence ladder (PolicyGuard), not scattered "local decisions."
Plan states the one chokepoint where opens are allowed/blocked (e.g., "build_order_intent() is the only intent builder and it is guarded by PolicyGuard result + OpenPermission latch").
No feature flag can bypass the chokepoint.
Fail if: any section introduces an alternate dispatch path ("temporary bypass") or "manual override" without contract-defined approvals.
2.4 Test Proof
Every MUST / MUST NOT has an explicit test name or measurable acceptance criteria.
Boundary tests exist for every threshold with > or >=:
exactly at threshold should behave correctly (0.90 vs 0.9001)
Cooldown windows tested (e.g., no exit at 119s, exit allowed at >=120s).
Where contract names tests, plan either lists the exact name or says "wrapper alias required."
Fail if: a gate is defined but not tied to a test.
3) "Must Not Leak" Reason-Code Hygiene (common silent failure)
Plan explicitly states: F1_CERT and EvidenceChain failures MUST NOT appear in open_permission_reason_codes; they belong in mode_reasons.
Plan includes a test asserting this exclusion.
Reason-code lists are deterministic order (stable output) to prevent flaky diffs and debugging confusion.
Fail if: plan describes the rule but no test exists.
4) Artifact & Path Canon (auditability buffer)
For each required artifact class (F1_CERT, TruthCapsule, DecisionSnapshot, reviews, incidents):
Exact file paths match contract canonical paths.
Schema keys listed (at least required keys).
Write timing stated relative to dispatch (e.g., "write BEFORE dispatch").