diff --git a/AGENTS.md b/AGENTS.md
index 2605115..ec5a6ef 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -28,7 +28,7 @@ Do not start from memory or old chat context. Re-anchor on repository files.
 
 ## Current Operating State
 
-- Active work: `DIFFENCE Zenodo snapshot sync completed after GitHub lightweight diffusion MIA triage, DEB, CPSample, DSiRe / LoRA-WiSE, hyperparameter-free SecMI, DME, FreMIA, and CopyMark gates. Status: latest verdict note, workspace-evidence index, Research ROADMAP, AGENTS, intake/implementation workspace notes, and root ROADMAP are synchronized to the DIFFENCE Zenodo snapshot sync. Zenodo 10.5281/zenodo.13706131 publishes an immutable Diffence-master.zip code snapshot with matching MD5, 604 entries, code/config/split-index files, but still no classifier/diffusion checkpoints, defended/undefended logits, score rows, ROC arrays, metric JSON, or verifier. GitHub lightweight triage remains false-positive evidence only, and DEB remains paper-source-only grey-box mechanism watch. No MedMNIST/CIFAR/TinyImageNet/CelebA/LSUN/SVHN/Stable Diffusion/LoRA-WiSE/model/checkpoint/generated-image/notebook/Google Drive payload download, script execution, DEB implementation-from-paper, CPU sidecar, GPU work, Platform/Runtime row, schema change, or product copy is released. active_gpu_question = none; next_gpu_candidate = none; CPU sidecar = none selected after DIFFENCE Zenodo snapshot sync.`
+- Active work: `Public metadata asset sweep completed after the DIFFENCE Zenodo snapshot sync, GitHub lightweight diffusion MIA triage, DEB, CPSample, DSiRe / LoRA-WiSE, hyperparameter-free SecMI, DME, FreMIA, and CopyMark gates. Status: latest verdict note, workspace-evidence index, Research ROADMAP, AGENTS, intake workspace note, and root ROADMAP are synchronized to the public metadata asset sweep. Authenticated Hugging Face metadata and GitHub artifact-shaped searches found no new non-duplicate image/latent-image diffusion-MIA replay packet. The only relevant HF surfaces remain known CLiD and CopyMark entries: CLiD's 1.62 GB gated zip still returns 403 for authenticated HEAD/range probes, and CopyMark's 5.66 GB zip is already covered by the official score-artifact gate. No CLiD/CopyMark ZIP, image payload, Stable Diffusion/CommonCanvas/LDM/Kohaku/COCO/LAION payload, model/checkpoint, full-repo download, script execution, CPU sidecar, GPU work, Platform/Runtime row, schema change, or product copy is released. active_gpu_question = none; next_gpu_candidate = none; CPU sidecar = none selected after public metadata asset sweep.`
 - Next GPU candidate: none selected
 - Long-horizon control: follow `ROADMAP.md` section
   `Long-Horizon Research Task Board（2026-05-13 起）` before reopening any
diff --git a/ROADMAP.md b/ROADMAP.md
index 68c5301..4218c89 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -2,6 +2,34 @@
 
 > Last updated: 2026-05-15
 
+## 2026-05-15 Public Metadata Asset Sweep
+
+Lane A checked the post-DIFFENCE public metadata surface before opening another
+asset gate. Authenticated Hugging Face metadata search and GitHub
+artifact-shaped searches still expose only already-known CLiD and CopyMark
+surfaces: `zsf/COCO_MIA_ori_split1` has a gated `mia_COCO.zip`
+(`1,620,731,171` bytes) and descriptive README, but authenticated `HEAD` and
+`Range: bytes=-1048576` still return `403`, so no metadata-only ZIP central
+directory or row manifest can be inspected. `chumengl/copymark` has a
+non-gated `datasets.zip` (`5,662,307,542` bytes), but CopyMark's useful small
+score/ROC/image-log artifacts are already covered by the official score gate.
+GitHub code searches for replay-shaped artifacts such as
+`member_scores_all_steps.pth`, `COCO_MIA_ori_split1`, and
+`AUROC TPR_at_1_threshold diffusion` returned only already-covered CopyMark,
+CLiD, or DiffAudit evidence hits.
+
+Decision: `public metadata sweep / only known CLiD and CopyMark HF surfaces /
+CLiD ZIP still range-inaccessible with auth / no new replay packet / no
+download / no GPU release / no admitted row`. Do not download CLiD
+`mia_COCO.zip`, CopyMark `datasets.zip`, image folders, Stable Diffusion /
+CommonCanvas / LDM / Kohaku / COCO / LAION payloads, model folders, target or
+shadow checkpoints; do not clone large external repositories by default, run
+CLiD/CopyMark/PIA/PFAMI/SecMI/GSA scripts, regenerate features, fit attack
+models, or launch GPU jobs from this sweep. Current slots remain
+`active_gpu_question = none`, `next_gpu_candidate = none`, and
+`CPU sidecar = none selected after public metadata asset sweep`. See
+[docs/evidence/public-metadata-asset-sweep-20260515.md](docs/evidence/public-metadata-asset-sweep-20260515.md).
+
 ## 2026-05-15 GitHub Lightweight Diffusion MIA Triage
 
 Lane A external asset search checked four direct GitHub search hits that looked
diff --git a/docs/evidence/public-metadata-asset-sweep-20260515.md b/docs/evidence/public-metadata-asset-sweep-20260515.md
new file mode 100644
index 0000000..64d0a8c
--- /dev/null
+++ b/docs/evidence/public-metadata-asset-sweep-20260515.md
@@ -0,0 +1,113 @@
+# Public Metadata Asset Sweep
+
+> Date: 2026-05-15
+> Status: public metadata sweep / only known CLiD and CopyMark HF surfaces / CLiD ZIP still range-inaccessible with auth / no new replay packet / no download / no GPU release / no admitted row
+
+## Question
+
+After the DIFFENCE Zenodo snapshot sync and the lightweight GitHub triage, does
+fresh public metadata from Hugging Face or GitHub expose a non-duplicate
+image/latent-image diffusion-MIA replay packet with target identity,
+member/nonmember semantics, and response or score artifacts?
+
+This sweep used authenticated Hugging Face metadata, small dataset README
+reads, GitHub repository search, and GitHub code search. It did not download
+Hugging Face ZIP payloads, image folders, model weights, checkpoints, generated
+responses, or full external repositories, and it did not run attack scripts or
+GPU jobs.
+
+## Surfaces Checked
+
+| Surface | Result |
+| --- | --- |
+| Hugging Face dataset search terms | `diffusion membership inference`, `membership inference diffusion`, `MIA diffusion`, `COCO_MIA`, `CopyMark`, `SecMI`, `CLiD`, `privacy diffusion model` |
+| Relevant HF hits | `zsf/COCO_MIA_ori_split1` and `chumengl/copymark` only |
+| Lexical false positives | `clides/*`, `CliDyn/*`, `SWE-Arena/cli_data`, and other unrelated `CLiD` string matches |
+| GitHub repository search | Recent broad queries returned survey/awesome repos or unrelated infrastructure, not new artifact-bearing diffusion-MIA repos |
+| GitHub code search | Exact artifact queries such as `member_scores_all_steps.pth` and `COCO_MIA_ori_split1` only returned already-covered CopyMark, CLiD, or DiffAudit evidence files |
+
+## Hugging Face Findings
+
+Authenticated metadata access is available for the local account, but it does
+not change the CLiD boundary.
+
+| Dataset | Metadata finding | Decision impact |
+| --- | --- | --- |
+| `zsf/COCO_MIA_ori_split1` | `private = false`, `gated = auto`, `lastModified = 2025-01-04T07:57:18Z`, `3` siblings: `.gitattributes` (`2,307` bytes), `README.md` (`871` bytes), and `mia_COCO.zip` (`1,620,731,171` bytes, blob `d5f7fa657f00e2867ce38a060a2e7c4661e2f8be`) | Still CLiD candidate-only. The dataset card says the ZIP is a randomly selected MS-COCO packet processed for CLiD fine-tuning, but it exposes no public image ID, caption, row order, member/nonmember, or score manifest preview. Authenticated `HEAD` and `Range: bytes=-1048576` against `mia_COCO.zip` still returned `403`, so ZIP central-directory inspection is not available without resolving access/download policy. |
+| `chumengl/copymark` | `private = false`, `gated = false`, `lastModified = 2024-06-17T06:12:46Z`, `3` siblings: `.gitattributes` (`2,307` bytes), `README.md` (`36` bytes), and `datasets.zip` (`5,662,307,542` bytes, blob `c097608a500782a0d84938541d9472d9c0db190f`) | Already covered by the CopyMark provenance and official score-artifact gates. Downloading the `5.66` GB ZIP would not answer a new current decision because the useful small score/ROC/log artifacts are already committed in `caradryanl/CopyMark`, and the missing blockers remain checkpoint hashes, row-ID-bound score manifests, small immutable packets, and ready verifiers. |
+
+The CLiD dataset README remains descriptive only: it links the NeurIPS 2024
+CLiD paper and official code, and says the dataset was randomly selected from
+MS-COCO and processed for CLiD. It does not publish row identities or split
+manifests.
+
+## GitHub Findings
+
+The exact code searches were intentionally artifact-shaped rather than paper
+title-shaped:
+
+| Query | New artifact result |
+| --- | --- |
+| `score_result_test.json diffusion` | no new non-DiffAudit artifact hit |
+| `member_scores_all_steps.pth` | only `caradryanl/CopyMark` and existing DiffAudit evidence |
+| `mia_eval_idxs diffusion` | no new non-DiffAudit artifact hit |
+| `COCO_MIA_ori_split1` | only `zhaisf/CLiD` and existing DiffAudit evidence |
+| `AUROC TPR_at_1_threshold diffusion` | no new non-DiffAudit artifact hit |
+
+The broader repository searches for recent pushed repositories containing
+`membership inference`, `stable diffusion`, `member nonmember`, `AUROC`, or
+`score` mostly returned survey lists, awesome lists, and unrelated application
+repositories. They did not expose a new candidate with target checkpoint
+identity, exact member/nonmember rows, response packets, score rows, ROC arrays,
+metric JSON, or a verifier.
+
+## Decision
+
+`public metadata sweep / only known CLiD and CopyMark HF surfaces /
+CLiD ZIP still range-inaccessible with auth / no new replay packet / no
+download / no GPU release / no admitted row`.
+
+This closes the immediate Hugging Face/GitHub metadata branch for the current
+cycle. The only relevant HF assets are the already-known CLiD and CopyMark
+surfaces:
+
+- CLiD remains strong candidate evidence, but still cannot be promoted because
+  its public score rows are numeric-only and the gated ZIP does not expose a
+  metadata-only manifest or central directory through authenticated range
+  access.
+- CopyMark remains official Research-side score-artifact support evidence, but
+  the HF dataset ZIP is too large and not decision-changing because the public
+  GitHub tree already exposes the useful small score/ROC/image-log artifacts.
+
+Current slots remain `active_gpu_question = none`,
+`next_gpu_candidate = none`, and
+`CPU sidecar = none selected after public metadata asset sweep`.
+
+Smallest valid reopen condition:
+
+- CLiD publishes or exposes a row manifest mapping `inter_output/*` rows to
+  immutable MS-COCO image IDs, captions, target/shadow split, and
+  member/nonmember role; or authenticated metadata-only ZIP inspection becomes
+  possible without downloading image payloads.
+- CopyMark publishes a compact row-ID-bound score manifest, checkpoint hashes,
+  a no-training verifier, or a small immutable data/checkpoint packet that
+  avoids the full HF ZIP and model-folder downloads.
+- A new public repository or dataset appears with a genuinely new, small
+  score/response/ROC/metric/verifier packet rather than only code, README,
+  notebooks, figures, or large raw image/model archives.
+
+Stop condition:
+
+- Do not download `zsf/COCO_MIA_ori_split1/mia_COCO.zip`,
+  `chumengl/copymark/datasets.zip`, image folders, Stable Diffusion weights,
+  CommonCanvas/LDM/Kohaku/COCO/LAION payloads, or target/shadow checkpoints.
+- Do not clone large external repositories by default, run CLiD/CopyMark/PIA/
+  PFAMI/SecMI/GSA scripts, regenerate features, fit attack models, or launch
+  GPU work from this sweep.
+- Do not change Platform/Runtime admitted rows, schemas, recommendation logic,
+  product copy, or admitted evidence bundles.
+
+## Platform and Runtime Impact
+
+None. Platform and Runtime continue consuming only the admitted `recon / PIA
+baseline / PIA defended / GSA / DPDM W-1` set.
diff --git a/docs/evidence/workspace-evidence-index.md b/docs/evidence/workspace-evidence-index.md
index 450481e..76cfb1f 100644
--- a/docs/evidence/workspace-evidence-index.md
+++ b/docs/evidence/workspace-evidence-index.md
@@ -5,27 +5,37 @@ This index separates current track state from archived research history.
 ## Current Track State
 
 Latest Research update:
+[public-metadata-asset-sweep-20260515.md](public-metadata-asset-sweep-20260515.md)
+records the post-DIFFENCE Hugging Face/GitHub metadata sweep. Authenticated HF
+metadata still exposes only known CLiD and CopyMark surfaces:
+`zsf/COCO_MIA_ori_split1/mia_COCO.zip` remains range-inaccessible with auth,
+`chumengl/copymark/datasets.zip` remains too large and already covered by the
+CopyMark score-artifact gate, and GitHub artifact-shaped searches returned no
+new non-duplicate replay packet. No download, GPU release, CPU sidecar, or
+admitted row is selected.
+
+Previous Research update:
 [diffence-classifier-defense-artifact-gate-20260515.md](diffence-classifier-defense-artifact-gate-20260515.md)
 now includes the immutable Zenodo `10.5281/zenodo.13706131` code snapshot:
 `604` entries with code/config/split-index files, but still no
 checkpoint-bound logits, scores, ROC arrays, metric JSON, verifier, download,
 GPU release, or admitted row.
 
-Previous Research update:
+Earlier Research update:
 [github-lightweight-diffusion-mia-triage-20260515.md](github-lightweight-diffusion-mia-triage-20260515.md)
 records a Lane A external search triage. Four direct GitHub
 diffusion-MIA hits were lightweight/course-style false positives with no
 target/split/response/score/ROC/metric/verifier artifacts, download, GPU
 release, or admitted row.
 
-Earlier Research update:
+Prior Research update:
 [deb-medical-diffusion-artifact-gate-20260515.md](deb-medical-diffusion-artifact-gate-20260515.md)
 records a Lane B mechanism gate. DEB is a paper-source-only medical
 diffusion grey-box discrete-codebook / intermediate-trajectory MIA watch; no
 public code, target/split/score/ROC/metric artifacts, verifier, download, GPU
 release, or admitted row is selected.
 
-Prior Research update:
+Earlier progress review:
 [daily-research-review-20260515.md](daily-research-review-20260515.md)
 records the required progress review after the DSiRe / LoRA-WiSE and CPSample
 gates. The review confirms the latest verdict note exists, current slots are
@@ -36,7 +46,7 @@ product-copy, recommendation, download, CPU sidecar, or GPU change was released.
 
 | Track | Active docs | Role |
 | --- | --- | --- |
-| Black-box | [workspaces/black-box/README.md](../../workspaces/black-box/README.md), [plan.md](../../workspaces/black-box/plan.md), [copymark-official-score-artifact-gate-20260515.md](copymark-official-score-artifact-gate-20260515.md), [shake-to-leak-code-artifact-gate-20260515.md](shake-to-leak-code-artifact-gate-20260515.md), [fseclab-mia-diffusion-code-artifact-gate-20260515.md](fseclab-mia-diffusion-code-artifact-gate-20260515.md), [genai-confessions-blackbox-artifact-gate-20260515.md](genai-confessions-blackbox-artifact-gate-20260515.md), [clid-official-inter-output-replay-20260515.md](clid-official-inter-output-replay-20260515.md), [midst-tabddpm-ept-scout-20260515.md](midst-tabddpm-ept-scout-20260515.md), [diffusion-memorization-asset-gate-20260515.md](diffusion-memorization-asset-gate-20260515.md), [rediffuse-openreview-split-manifest-audit-20260515.md](rediffuse-openreview-split-manifest-audit-20260515.md), [beans-lora-delta-sensitivity-20260513.md](beans-lora-delta-sensitivity-20260513.md), [quantile-regression-asset-verdict-20260513.md](quantile-regression-asset-verdict-20260513.md), [miagm-asset-verdict-20260513.md](miagm-asset-verdict-20260513.md), [noise-as-probe-asset-verdict-20260513.md](noise-as-probe-asset-verdict-20260513.md), [zenodo-code-reference-audit-20260513.md](zenodo-code-reference-audit-20260513.md), [zenodo-finetuned-diffusion-asset-verdict-20260513.md](zenodo-finetuned-diffusion-asset-verdict-20260513.md), [laion-mi-url-availability-probe-20260513.md](laion-mi-url-availability-probe-20260513.md), [laion-mi-asset-verdict-20260513.md](laion-mi-asset-verdict-20260513.md), [commoncanvas-denoising-loss-20260513.md](commoncanvas-denoising-loss-20260513.md), [midst-tabddpm-shadow-distributional-scout-20260513.md](midst-tabddpm-shadow-distributional-scout-20260513.md), [midst-tabddpm-nearest-neighbor-scout-20260513.md](midst-tabddpm-nearest-neighbor-scout-20260513.md), [copymark-commoncanvas-multiseed-stability-20260513.md](copymark-commoncanvas-multiseed-stability-20260513.md), [fashion-mnist-ddpm-pia-loss-scout-20260513.md](fashion-mnist-ddpm-pia-loss-scout-20260513.md), [kohaku-danbooru-asset-decision-20260513.md](kohaku-danbooru-asset-decision-20260513.md), [tiny-known-split-gradient-prototype-alignment-20260513.md](tiny-known-split-gradient-prototype-alignment-20260513.md), [copymark-commoncanvas-response-preflight-20260512.md](copymark-commoncanvas-response-preflight-20260512.md), [copymark-commoncanvas-query-asset-20260512.md](copymark-commoncanvas-query-asset-20260512.md), [copymark-provenance-intake-20260512.md](copymark-provenance-intake-20260512.md), [external-diffusion-benchmark-provenance-scan-20260512.md](external-diffusion-benchmark-provenance-scan-20260512.md), [true-second-membership-benchmark-scope-20260512.md](true-second-membership-benchmark-scope-20260512.md), [gradient-norm-stability-gate-20260512.md](gradient-norm-stability-gate-20260512.md), [tiny-overfit-gradient-norm-scout-20260512.md](tiny-overfit-gradient-norm-scout-20260512.md), [tiny-overfit-mse-upperbound-20260512.md](tiny-overfit-mse-upperbound-20260512.md), [tiny-known-split-denoising-sanity-20260512.md](tiny-known-split-denoising-sanity-20260512.md), [mnist-ddpm-x0-reconstruction-scout-20260512.md](mnist-ddpm-x0-reconstruction-scout-20260512.md), [beans-sd15-membership-semantics-correction-20260512.md](beans-sd15-membership-semantics-correction-20260512.md), [beans-sd15-clip-distance-scout-20260512.md](beans-sd15-clip-distance-scout-20260512.md), [beans-sd15-simple-distance-scout-20260512.md](beans-sd15-simple-distance-scout-20260512.md), [beans-sd15-response-contract-ready-20260512.md](beans-sd15-response-contract-ready-20260512.md), [beans-sd15-response-contract-scout-20260512.md](beans-sd15-response-contract-scout-20260512.md), [mnist-ddpm-pia-portability-smoke-20260512.md](mnist-ddpm-pia-portability-smoke-20260512.md), [midfreq-residual-comparator-audit-20260512.md](midfreq-residual-comparator-audit-20260512.md), [midfreq-residual-stability-result-20260512.md](midfreq-residual-stability-result-20260512.md), [midfreq-residual-stability-decision-20260512.md](midfreq-residual-stability-decision-20260512.md), [midfreq-residual-signcheck-20260512.md](midfreq-residual-signcheck-20260512.md), [midfreq-same-noise-residual-preflight-20260512.md](midfreq-same-noise-residual-preflight-20260512.md), [midfreq-residual-scorer-contract-20260512.md](midfreq-residual-scorer-contract-20260512.md), [midfreq-residual-collector-contract-20260512.md](midfreq-residual-collector-contract-20260512.md), [midfreq-residual-tiny-runner-contract-20260512.md](midfreq-residual-tiny-runner-contract-20260512.md), [midfreq-residual-real-asset-preflight-20260512.md](midfreq-residual-real-asset-preflight-20260512.md) | CopyMark official score-artifact support evidence with public member/nonmember logs, aggregate ROC/threshold JSONs, selected all-step tensors, laion_ridar/mixing results, but no checkpoint hashes, compact row-ID-bound score manifest, small immutable data/checkpoint packet, or ready verifier; Shake-to-Leak code-public fine-tuning-amplified generative privacy watch-plus with target/data/score artifacts missing, FSECLab MIA-Diffusion official DDIM/DCGAN code-public but checkpoint/score/result-missing watch-plus, GenAI Confessions raw-input data-public but response/checkpoint missing black-box boundary watch, strong official CLiD CPU inter-output replay that remains prompt-conditioned candidate-only, weak MIDST TabDDPM EPT scout after nearest-neighbor and shadow-distributional failures, Diffusion Memorization semantic-shift watch, ReDiffuse official OpenReview split-manifest provenance, Reconstruction, variation, H2/simple-distance, weak Beans LoRA parameter-delta sensitivity and conditional denoising-loss under repaired known-split membership semantics, Quantile Regression sample-conditioned reconstruction-loss mechanism reference that is artifact-incomplete, MIAGM generated-distribution reference that is artifact-incomplete, Noise as a Probe semantic-initial-noise mechanism watch that is reproduction-incomplete, Zenodo fine-tuned diffusion paper/code-backed archive watch that remains split-manifest incomplete, LAION-mi metadata-only watch after failed fixed `25/25` URL availability probe, true second membership benchmark scope, weak CommonCanvas conditional denoising-loss scout, weak MIDST TabDDPM nearest-neighbor scout, weak MIDST shadow-distributional scout, weak Fashion-MNIST DDPM PIA-loss scout, Kohaku/Danbooru membership-semantics block, CopyMark provenance intake, local CommonCanvas query asset, completed `50/50` CommonCanvas responses with weak pixel-distance, CLIP image-similarity, prompt-response consistency, multi-seed response-stability, and conditional denoising-loss scorers, weak `64/64` gradient-prototype alignment scout, external provenance scan, Beans contract/debug boundary, MNIST/DDPM raw-loss and x0 simple-scorer scouts, tiny known-split raw-MSE sanity checks, tiny overfit gradient-norm mechanism signal and weakened stability gate, and same-noise residual candidate status. |
+| Black-box | [workspaces/black-box/README.md](../../workspaces/black-box/README.md), [plan.md](../../workspaces/black-box/plan.md), [public-metadata-asset-sweep-20260515.md](public-metadata-asset-sweep-20260515.md), [copymark-official-score-artifact-gate-20260515.md](copymark-official-score-artifact-gate-20260515.md), [shake-to-leak-code-artifact-gate-20260515.md](shake-to-leak-code-artifact-gate-20260515.md), [fseclab-mia-diffusion-code-artifact-gate-20260515.md](fseclab-mia-diffusion-code-artifact-gate-20260515.md), [genai-confessions-blackbox-artifact-gate-20260515.md](genai-confessions-blackbox-artifact-gate-20260515.md), [clid-official-inter-output-replay-20260515.md](clid-official-inter-output-replay-20260515.md), [midst-tabddpm-ept-scout-20260515.md](midst-tabddpm-ept-scout-20260515.md), [diffusion-memorization-asset-gate-20260515.md](diffusion-memorization-asset-gate-20260515.md), [rediffuse-openreview-split-manifest-audit-20260515.md](rediffuse-openreview-split-manifest-audit-20260515.md), [beans-lora-delta-sensitivity-20260513.md](beans-lora-delta-sensitivity-20260513.md), [quantile-regression-asset-verdict-20260513.md](quantile-regression-asset-verdict-20260513.md), [miagm-asset-verdict-20260513.md](miagm-asset-verdict-20260513.md), [noise-as-probe-asset-verdict-20260513.md](noise-as-probe-asset-verdict-20260513.md), [zenodo-code-reference-audit-20260513.md](zenodo-code-reference-audit-20260513.md), [zenodo-finetuned-diffusion-asset-verdict-20260513.md](zenodo-finetuned-diffusion-asset-verdict-20260513.md), [laion-mi-url-availability-probe-20260513.md](laion-mi-url-availability-probe-20260513.md), [laion-mi-asset-verdict-20260513.md](laion-mi-asset-verdict-20260513.md), [commoncanvas-denoising-loss-20260513.md](commoncanvas-denoising-loss-20260513.md), [midst-tabddpm-shadow-distributional-scout-20260513.md](midst-tabddpm-shadow-distributional-scout-20260513.md), [midst-tabddpm-nearest-neighbor-scout-20260513.md](midst-tabddpm-nearest-neighbor-scout-20260513.md), [copymark-commoncanvas-multiseed-stability-20260513.md](copymark-commoncanvas-multiseed-stability-20260513.md), [fashion-mnist-ddpm-pia-loss-scout-20260513.md](fashion-mnist-ddpm-pia-loss-scout-20260513.md), [kohaku-danbooru-asset-decision-20260513.md](kohaku-danbooru-asset-decision-20260513.md), [tiny-known-split-gradient-prototype-alignment-20260513.md](tiny-known-split-gradient-prototype-alignment-20260513.md), [copymark-commoncanvas-response-preflight-20260512.md](copymark-commoncanvas-response-preflight-20260512.md), [copymark-commoncanvas-query-asset-20260512.md](copymark-commoncanvas-query-asset-20260512.md), [copymark-provenance-intake-20260512.md](copymark-provenance-intake-20260512.md), [external-diffusion-benchmark-provenance-scan-20260512.md](external-diffusion-benchmark-provenance-scan-20260512.md), [true-second-membership-benchmark-scope-20260512.md](true-second-membership-benchmark-scope-20260512.md), [gradient-norm-stability-gate-20260512.md](gradient-norm-stability-gate-20260512.md), [tiny-overfit-gradient-norm-scout-20260512.md](tiny-overfit-gradient-norm-scout-20260512.md), [tiny-overfit-mse-upperbound-20260512.md](tiny-overfit-mse-upperbound-20260512.md), [tiny-known-split-denoising-sanity-20260512.md](tiny-known-split-denoising-sanity-20260512.md), [mnist-ddpm-x0-reconstruction-scout-20260512.md](mnist-ddpm-x0-reconstruction-scout-20260512.md), [beans-sd15-membership-semantics-correction-20260512.md](beans-sd15-membership-semantics-correction-20260512.md), [beans-sd15-clip-distance-scout-20260512.md](beans-sd15-clip-distance-scout-20260512.md), [beans-sd15-simple-distance-scout-20260512.md](beans-sd15-simple-distance-scout-20260512.md), [beans-sd15-response-contract-ready-20260512.md](beans-sd15-response-contract-ready-20260512.md), [beans-sd15-response-contract-scout-20260512.md](beans-sd15-response-contract-scout-20260512.md), [mnist-ddpm-pia-portability-smoke-20260512.md](mnist-ddpm-pia-portability-smoke-20260512.md), [midfreq-residual-comparator-audit-20260512.md](midfreq-residual-comparator-audit-20260512.md), [midfreq-residual-stability-result-20260512.md](midfreq-residual-stability-result-20260512.md), [midfreq-residual-stability-decision-20260512.md](midfreq-residual-stability-decision-20260512.md), [midfreq-residual-signcheck-20260512.md](midfreq-residual-signcheck-20260512.md), [midfreq-same-noise-residual-preflight-20260512.md](midfreq-same-noise-residual-preflight-20260512.md), [midfreq-residual-scorer-contract-20260512.md](midfreq-residual-scorer-contract-20260512.md), [midfreq-residual-collector-contract-20260512.md](midfreq-residual-collector-contract-20260512.md), [midfreq-residual-tiny-runner-contract-20260512.md](midfreq-residual-tiny-runner-contract-20260512.md), [midfreq-residual-real-asset-preflight-20260512.md](midfreq-residual-real-asset-preflight-20260512.md) | Public metadata sweep after HF auth and GitHub artifact searches found no new non-duplicate replay packet; CLiD ZIP remains range-inaccessible with auth, CopyMark HF ZIP remains already-covered and too large to change the current decision; CopyMark official score-artifact support evidence with public member/nonmember logs, aggregate ROC/threshold JSONs, selected all-step tensors, laion_ridar/mixing results, but no checkpoint hashes, compact row-ID-bound score manifest, small immutable data/checkpoint packet, or ready verifier; Shake-to-Leak code-public fine-tuning-amplified generative privacy watch-plus with target/data/score artifacts missing, FSECLab MIA-Diffusion official DDIM/DCGAN code-public but checkpoint/score/result-missing watch-plus, GenAI Confessions raw-input data-public but response/checkpoint missing black-box boundary watch, strong official CLiD CPU inter-output replay that remains prompt-conditioned candidate-only, weak MIDST TabDDPM EPT scout after nearest-neighbor and shadow-distributional failures, Diffusion Memorization semantic-shift watch, ReDiffuse official OpenReview split-manifest provenance, Reconstruction, variation, H2/simple-distance, weak Beans LoRA parameter-delta sensitivity and conditional denoising-loss under repaired known-split membership semantics, Quantile Regression sample-conditioned reconstruction-loss mechanism reference that is artifact-incomplete, MIAGM generated-distribution reference that is artifact-incomplete, Noise as a Probe semantic-initial-noise mechanism watch that is reproduction-incomplete, Zenodo fine-tuned diffusion paper/code-backed archive watch that remains split-manifest incomplete, LAION-mi metadata-only watch after failed fixed `25/25` URL availability probe, true second membership benchmark scope, weak CommonCanvas conditional denoising-loss scout, weak MIDST TabDDPM nearest-neighbor scout, weak MIDST shadow-distributional scout, weak Fashion-MNIST DDPM PIA-loss scout, Kohaku/Danbooru membership-semantics block, CopyMark provenance intake, local CommonCanvas query asset, completed `50/50` CommonCanvas responses with weak pixel-distance, CLIP image-similarity, prompt-response consistency, multi-seed response-stability, and conditional denoising-loss scorers, weak `64/64` gradient-prototype alignment scout, external provenance scan, Beans contract/debug boundary, MNIST/DDPM raw-loss and x0 simple-scorer scouts, tiny known-split raw-MSE sanity checks, tiny overfit gradient-norm mechanism signal and weakened stability gate, and same-noise residual candidate status. |
 | Gray-box | [workspaces/gray-box/README.md](../../workspaces/gray-box/README.md), [plan.md](../../workspaces/gray-box/plan.md), [dsire-lora-wise-dataset-size-boundary-20260515.md](dsire-lora-wise-dataset-size-boundary-20260515.md), [hyperfree-secmi-reproduction-gate-20260515.md](hyperfree-secmi-reproduction-gate-20260515.md), [dme-dual-model-entropy-artifact-gate-20260515.md](dme-dual-model-entropy-artifact-gate-20260515.md), [fremia-frequency-filter-artifact-gate-20260515.md](fremia-frequency-filter-artifact-gate-20260515.md), [vae2diffusion-latent-space-inversion-gate-20260515.md](vae2diffusion-latent-space-inversion-gate-20260515.md), [fcre-medical-frequency-artifact-gate-20260515.md](fcre-medical-frequency-artifact-gate-20260515.md), [privacy-leakage-tdm-artifact-gate-20260515.md](privacy-leakage-tdm-artifact-gate-20260515.md), [tmia-dm-temporal-artifact-gate-20260515.md](tmia-dm-temporal-artifact-gate-20260515.md), [quantile-diffusion-mia-secmia-terror-replay-20260515.md](quantile-diffusion-mia-secmia-terror-replay-20260515.md), [noise-aggregation-small-noise-artifact-gate-20260515.md](noise-aggregation-small-noise-artifact-gate-20260515.md), [sima-scorebased-artifact-gate-20260515.md](sima-scorebased-artifact-gate-20260515.md), [tracing-roots-feature-packet-mia-20260515.md](tracing-roots-feature-packet-mia-20260515.md), [../product-bridge/tracing-roots-candidate-evidence-card.md](../product-bridge/tracing-roots-candidate-evidence-card.md), [cdi-official-artifact-gate-20260515.md](cdi-official-artifact-gate-20260515.md), [fashion-mnist-ddpm-score-jacobian-sensitivity-20260514.md](fashion-mnist-ddpm-score-jacobian-sensitivity-20260514.md), [fashion-mnist-ddpm-sima-score-norm-20260514.md](fashion-mnist-ddpm-sima-score-norm-20260514.md), [mofit-artifact-verdict-20260513.md](mofit-artifact-verdict-20260513.md), [secmi-consumer-contract-review-20260512.md](secmi-consumer-contract-review-20260512.md), [post-midfreq-next-lane-reselection-20260512.md](post-midfreq-next-lane-reselection-20260512.md), [graybox-paper-candidate-reentry-review-20260512.md](graybox-paper-candidate-reentry-review-20260512.md) | DSiRe / LoRA-WiSE future weight-only dataset-size recovery boundary gate, Hyperparameter-free SecMI third-party code/report support-family gate, DME complexity-bias MIA stub-repo-only watch, FreMIA frequency-filter MIA paper-source-plus-stub-repo watch, PIA, SecMI, VAE2Diffusion latent-space decoder-geometry MIA code-public watch-plus with split/checkpoint/score artifacts missing, FCRE medical-image frequency-calibrated reconstruction-error paper-source watch, single-table Tabular Privacy Leakage TDM watch-plus with official MIDST toolkit code but no paper score packet, TMIA-DM temporal-noise / noise-gradient paper-only watch, Quantile Diffusion MIA third-party SecMI-style `t_error` support packet, Noise Aggregation small-noise predicted-noise aggregation MIA paper-source-only watch, official SimA score-based MIA watch-plus with code-public but split/checkpoint/score artifacts missing, Tracing the Roots positive-but-provenance-limited trajectory feature-packet MIA with a candidate-only product-bridge card, official CDI dataset-inference gate as code-public but large-assets-required/no ready score packet/no GPU release, weak Fashion-MNIST score-Jacobian sensitivity scout, weak Fashion-MNIST SimA score-norm scout, MoFit artifact-incomplete watch, archived paper-candidate, DCR copying/memorization semantic-shift watch, and gray-box defense boundary status. |
 | White-box | [workspaces/white-box/README.md](../../workspaces/white-box/README.md), [plan.md](../../workspaces/white-box/plan.md), [whitebox-gsa-zenodo-archive-verdict-20260513.md](whitebox-gsa-zenodo-archive-verdict-20260513.md), [whitebox-influence-curvature-feasibility-scout-20260511.md](whitebox-influence-curvature-feasibility-scout-20260511.md), [gsa-diagonal-fisher-feasibility-microboard-20260511.md](gsa-diagonal-fisher-feasibility-microboard-20260511.md), [gsa-diagonal-fisher-layer-scope-review-20260511.md](gsa-diagonal-fisher-layer-scope-review-20260511.md), [gsa-diagonal-fisher-stability-board-20260511.md](gsa-diagonal-fisher-stability-board-20260511.md), [post-fisher-next-lane-reselection-20260511.md](post-fisher-next-lane-reselection-20260511.md) | GSA, DPDM, admitted-family GSA Zenodo archive identity, Finding NeMo, and white-box boundary status. |
 | Cross-box | [workspaces/cross-box/README.md](../../workspaces/cross-box/README.md), [cross-box-boundary-status.md](cross-box-boundary-status.md), [cross-box-successor-scope-20260512.md](cross-box-successor-scope-20260512.md), [post-ib-next-lane-reselection-20260512.md](post-ib-next-lane-reselection-20260512.md), [ic-same-spec-evaluator-feasibility-scout-20260512.md](ic-same-spec-evaluator-feasibility-scout-20260512.md) | Cross-track score-sharing, cross-permission boundary, and successor reopen conditions. |
diff --git a/workspaces/implementation/challenger-queue.md b/workspaces/implementation/challenger-queue.md
index 1f1df15..4e7e0eb 100644
--- a/workspaces/implementation/challenger-queue.md
+++ b/workspaces/implementation/challenger-queue.md
@@ -9,10 +9,10 @@ timeline. Historical run IDs and dated notes are in `legacy/`.
 
 | Field | Value |
 | --- | --- |
-| Active work | `GitHub lightweight diffusion MIA triage completed` |
+| Active work | `Public metadata asset sweep completed` |
 | Active GPU task | none running |
 | Next GPU candidate | none selected |
-| CPU sidecar | none selected after GitHub lightweight diffusion MIA triage |
+| CPU sidecar | none selected after public metadata asset sweep |
 | Gray-box status | PIA remains admitted; tri-score is positive-but-bounded internal candidate; ReDiffuse candidate-only; Fashion-MNIST SimA score-norm and score-Jacobian sensitivity weak |
 | Non-gray-box GPU | none selected |
 
@@ -20,6 +20,7 @@ timeline. Historical run IDs and dated notes are in `legacy/`.
 
 | Candidate | Track | Mode | Gate | Blocker | Next action |
 | --- | --- | --- | --- | --- | --- |
+| HF/GitHub public metadata replay packet search | intake / Lane A | closed / no new artifact | authenticated HF metadata and GitHub artifact-shaped searches checked for small target/split/score/ROC/manifest packets after DIFFENCE | only known CLiD and CopyMark HF surfaces appeared; CLiD `mia_COCO.zip` remains `403` for authenticated HEAD/range probes, CopyMark HF zip is already covered and too large, and GitHub code search returned only already-covered CopyMark/CLiD/DiffAudit evidence hits | keep as anti-duplication evidence; do not download CLiD/CopyMark ZIPs, images, model/checkpoint payloads, clone large repos, run scripts, release CPU/GPU sidecar, or promote Platform/Runtime rows |
 | GitHub lightweight diffusion MIA repos | intake / Lane A | false-positive triage | four direct GitHub search hits were checked: acha1934 fine-tuned diffusion MIA, KarinMalka1 personalization forensics, abramwit Boeing 707 toy project, and josephho9 empirical-score MNIST prototype | no public checkpoint-bound target, immutable target member/nonmember manifest, row-bound response packet, score rows, ROC arrays, metric JSON, trained attack weights, or verifier; some require Colab/Google Drive/local training | keep as anti-duplication evidence only; do not download notebooks/images/models/Drive payloads, run scripts, train/fine-tune, release CPU/GPU sidecar, or promote Platform/Runtime rows |
 | DEB medical diffusion MIA | gray-box / Lane B | paper-source-only mechanism watch | MDPI Applied Sciences 2026 article reports Discrete Encoding-Based grey-box intermediate-trajectory metrics against SecMI, PIA, and SimA on CIFAR/TinyImageNet and MedMNIST2D subsets | no public code, target checkpoint hashes, immutable member/nonmember manifests, intermediate-state packet, score rows, ROC arrays, metric JSON, or verifier; requires intermediate generation-state access rather than final images only | keep as mechanism watch only; do not download MedMNIST/CIFAR/TinyImageNet/Stable Diffusion assets, implement DEB from the paper, release GPU/CPU sidecar, or promote Platform/Runtime rows |
 | same-noise residual comparator family | black-box | candidate-only / hold | seed-12 and seed-23 `64/64` packets retain signal, but low/full residual comparators match or beat mid-band on AUC | single DDPM/CIFAR10 asset, finite tails, no product boundary, mid-frequency specificity not supported | stop same-contract GPU expansion; reopen only with new comparator, second asset, or protocol |
diff --git a/workspaces/intake/README.md b/workspaces/intake/README.md
index 206c638..4f22070 100644
--- a/workspaces/intake/README.md
+++ b/workspaces/intake/README.md
@@ -4,6 +4,15 @@
 
 - Direction: new method evaluation and paper scouting.
 - No active intake review.
+- Public metadata asset sweep after the DIFFENCE Zenodo sync found no new
+  non-duplicate image/latent-image replay packet. Authenticated HF metadata
+  still exposes only known `zsf/COCO_MIA_ori_split1` and `chumengl/copymark`
+  surfaces: CLiD's `mia_COCO.zip` remains `403` for authenticated `HEAD` and
+  range probes, while CopyMark's `datasets.zip` is large and already covered
+  by the official score-artifact gate. GitHub artifact-shaped searches only
+  returned already-covered CopyMark, CLiD, or DiffAudit evidence hits. No ZIP,
+  image, model, checkpoint, full-repo download, CPU sidecar, GPU work, or
+  admitted Platform/Runtime row is released.
 - GitHub lightweight diffusion MIA triage checked four direct search hits:
   `acha1934/Black-box-Membership-Inference-Attacks-against-Fine-tuned-Diffusion-Models`,
   `KarinMalka1/Stable-Diffusion-Personalization-Forensics`,