Controlled ZIP candidate
4J created a controlled candidate only in a temp root, with manifest, ZIP-entry and SHA-256 evidence. No ZIP was committed.
Clean install
The controlled candidate unpacked into a fresh buyer-like root. npm install completed with 96 packages and 0 vulnerabilities.
Doctor/readiness
The local doctor returned pass and confirmed local execution with no required API keys, push, deploy or publish path.
Protected checkout scenario
A report touching checkout/payment/Stripe while claiming merge_ready was blocked as do_not_merge.
Manifest/leak safety
Checks found no .git, node_modules, dist, artifacts, .env, nested ZIP, dashboard asset, local path or UnterhaltsPlan leaks.
Tests
Clean-root smoke tests: 60/60. Latest known development run from 4J: 1101/1101.
Human approval
Demo, start, review and status keep human approval visible; production-adjacent steps remain human decisions.
Current blockers
Legal/sales-mode, website purchase/download dry-run, Loom/walkthrough and final commercial ZIP approval remain open.