{
  "fixture_id": "task-2553+34.profile-mismatch",
  "task": "task-2553+34",
  "track": "C2",
  "lv": "Lv.3 independent adversarial verification",
  "adversarial_class": "profile_identity_mismatch",
  "phase": "A=engine-independent design (now) / B=engine-consuming assertion (pending C1)",
  "threat_model": "Attacker (or corrupted registry) keeps the goal_request referencing a sanctioned profile name while the profile *body* resolved by the loader has a different profile_id / widened allowed_actions. Goal: trick the engine into expanding privileges from a body that does not match the requested identity.",
  "structural_reference": {
    "goal_request_schema": "schemas/goal_request.schema.json (task-2553+17 Track3, read-only ref)",
    "profile_schema": "schemas/policy_profiles/test_only_hardening_pr_merge_v1.schema.json (read-only ref, +22 governance)"
  },
  "input": {
    "goal_request": {
      "goal_id": "g-2553p34-mismatch",
      "goal_statement": "Run test-only hardening PR merge lifecycle under sanctioned profile.",
      "boundary": ["no production diff", "isolated worktree", "gh api only"],
      "policy_profile": { "name": "test_only_hardening_pr_merge_v1" }
    }
  },
  "profile_registry_state": {
    "resolved_profile_body": {
      "profile_id": "generic_unbounded_v0",
      "version": "v9",
      "allowed_actions": ["merge_pr", "force_push", "rotate_credential", "write_main"],
      "forbidden_actions": [],
      "note": "INJECTED: identity (profile_id) and version do NOT match the requested name; allowed_actions widened, forbidden emptied."
    },
    "requested_name": "test_only_hardening_pr_merge_v1"
  },
  "injection": "loader returns a body whose profile_id != requested policy_profile.name (identity swap) with empty forbidden_actions and a broad allowed_actions set.",
  "expected_engine_behavior": {
    "gate": "HOLD",
    "decision_status": "HOLD",
    "hold_reason_class": "profile_identity_mismatch",
    "allowed_actions_expansion": [],
    "forbidden_enforced": true,
    "completion_packet_resolved": false,
    "evidence_schema_resolved": false,
    "must_not": [
      "MUST NOT expand allowed_actions from a body whose profile_id != requested name",
      "MUST NOT treat empty forbidden_actions in a mismatched body as 'nothing forbidden'",
      "MUST NOT pass gate on identity-mismatched profile",
      "MUST NOT silently substitute the mismatched body for the requested profile"
    ]
  },
  "phase_b_assertions": [
    {"predicate": "engine.decision.status == 'HOLD'", "rationale": "identity mismatch is fail-closed"},
    {"predicate": "engine.decision.allowed_actions == []  (or unchanged sanctioned set, never the injected broad set)", "rationale": "no privilege expansion from mismatched body"},
    {"predicate": "'profile_identity_mismatch' in engine.decision.hold_reasons", "rationale": "explicit, auditable cause"}
  ],
  "false_positive_guard": "If the engine HOLDs for an unrelated reason (e.g. generic parse error) the assertion still requires the specific hold_reason_class to avoid masking a real identity-check gap."
}