diff --git a/AGENTS.md b/AGENTS.md
index 6d2e3d0..640f89d 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -28,7 +28,7 @@ Do not start from memory or old chat context. Re-anchor on repository files.
 
 ## Current Operating State
 
-- Active work: `Rectified Flow MIA artifact gate completed after the public metadata asset sweep, DIFFENCE Zenodo snapshot sync, GitHub lightweight diffusion MIA triage, DEB, CPSample, DSiRe / LoRA-WiSE, hyperparameter-free SecMI, DME, FreMIA, and CopyMark gates. Status: latest verdict note, workspace-evidence index, Research ROADMAP, AGENTS, intake/implementation workspace notes, and root ROADMAP are synchronized to the Rectified Flow MIA artifact gate. arXiv 2603.13421 is a non-duplicate Rectified Flow / Flow Matching MIA mechanism watch with reported complexity-calibrated Monte Carlo score gains, but the promised mx-ethan-rao/MIA_Rectified_Flow public repository is empty and no split manifest, checkpoint, score row, ROC array, metric JSON, verifier, dataset/model/checkpoint/image download, implementation from paper, CPU sidecar, GPU work, Platform/Runtime row, schema change, or product copy is released. active_gpu_question = none; next_gpu_candidate = none; CPU sidecar = none selected after Rectified Flow MIA artifact gate.`
+- Active work: `Structural MIA T2I artifact gate completed after the Rectified Flow MIA artifact gate, public metadata asset sweep, DIFFENCE Zenodo snapshot sync, GitHub lightweight diffusion MIA triage, DEB, CPSample, DSiRe / LoRA-WiSE, hyperparameter-free SecMI, DME, FreMIA, and CopyMark gates. Status: latest verdict note, workspace-evidence index, Research ROADMAP, AGENTS, intake/implementation workspace notes, and root ROADMAP are synchronized to the Structural MIA T2I artifact gate. arXiv 2407.13252 is a non-duplicate structure-level text-to-image MIA mechanism watch with reported Latent Diffusion and Stable Diffusion low-FPR gains, but the arXiv source is TeX/figures only, the OpenReview supplement is PDF-only, and no official code, split manifest, checkpoint, score row, ROC array, metric JSON, verifier, dataset/model/checkpoint/image download, implementation from paper, CPU sidecar, GPU work, Platform/Runtime row, schema change, or product copy is released. active_gpu_question = none; next_gpu_candidate = none; CPU sidecar = none selected after Structural MIA T2I artifact gate.`
 - Next GPU candidate: none selected
 - Long-horizon control: follow `ROADMAP.md` section
   `Long-Horizon Research Task Board（2026-05-13 起）` before reopening any
diff --git a/ROADMAP.md b/ROADMAP.md
index ddcee64..e960d9b 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -2,6 +2,32 @@
 
 > Last updated: 2026-05-15
 
+## 2026-05-15 Structural MIA T2I Artifact Gate
+
+Lane B mechanism discovery checked arXiv `2407.13252` /
+`Unveiling Structural Memorization: Structural Membership Inference Attack for
+Text-to-Image Diffusion Models` because it is a direct T2I membership line with
+a non-duplicate structure-level signal. The proposed attack performs DDIM
+inversion/noising in the T2I latent space, decodes the corrupted latent back to
+pixel space, and uses structural similarity between the original and corrupted
+image as the membership signal. The arXiv source reports strong paper-table
+metrics, including Latent Diffusion `512x512` `AUC = 0.930`,
+`TPR@1%FPR = 0.575`, and Stable Diffusion v1-1 `512x512` `AUC = 0.920`,
+`TPR@1%FPR = 0.512`.
+
+Decision: `paper-source-only structural T2I MIA watch / OpenReview supplement
+PDF-only / no code-score artifact / no download / no GPU release / no admitted
+row`. The arXiv source is TeX plus figure PDFs, exact GitHub title/code
+searches found no official repository or artifact release, and the OpenReview
+supplement is a `1,923,114` byte ZIP containing only `supplementary.pdf`. No
+LAION-400M/LAION2B-en/COCO2017-Val image download, Stable Diffusion / Latent
+Diffusion / BLIP / checkpoint acquisition, DDIM inversion implementation,
+SSIM/structure scoring, prompt/guidance/distortion sweeps, CPU sidecar, GPU
+work, Platform row, Runtime schema, or product copy is selected. Current slots
+remain `active_gpu_question = none`, `next_gpu_candidate = none`, and
+`CPU sidecar = none selected after Structural MIA T2I artifact gate`. See
+[docs/evidence/structural-mia-t2i-artifact-gate-20260515.md](docs/evidence/structural-mia-t2i-artifact-gate-20260515.md).
+
 ## 2026-05-15 Rectified Flow MIA Artifact Gate
 
 Lane B mechanism discovery checked arXiv `2603.13421` /
@@ -1928,8 +1954,9 @@ claim。
 | --- | --- |
 | Active GPU question | none |
 | Next GPU candidate | none |
-| CPU sidecar | none selected after Rectified Flow MIA artifact gate. The admitted bundle remains five-row `admitted-only`; recent watch/watch-plus/support-only/candidate/score-artifact/semantic-shift/defense-watch, public-metadata, and rectified-flow mechanism gates did not change Platform/Runtime rows, schemas, product copy, downloads, or GPU release. |
-| Latest mechanism watch | Rectified Flow MIA / arXiv `2603.13421` is non-duplicate and mechanism-relevant, but the promised GitHub repository is empty; reopen only if public splits, checkpoints, code, score/ROC/metric artifacts, or a verifier appear. |
+| CPU sidecar | none selected after Structural MIA T2I artifact gate. The admitted bundle remains five-row `admitted-only`; recent watch/watch-plus/support-only/candidate/score-artifact/semantic-shift/defense-watch, public-metadata, rectified-flow, and structural-T2I mechanism gates did not change Platform/Runtime rows, schemas, product copy, downloads, or GPU release. |
+| Latest mechanism watch | Structural MIA T2I / arXiv `2407.13252` is non-duplicate and mechanism-relevant, but the arXiv source is TeX/figures only, exact GitHub searches found no official release, and the OpenReview supplement is PDF-only; reopen only if public code, row manifests, target hashes, score/ROC/metric artifacts, or a verifier appear. |
+| Previous mechanism watch | Rectified Flow MIA / arXiv `2603.13421` is non-duplicate and mechanism-relevant, but the promised GitHub repository is empty; reopen only if public splits, checkpoints, code, score/ROC/metric artifacts, or a verifier appear. |
 | Latest closed search branch | HF/GitHub public metadata sweep is closed unless CLiD exposes a row manifest or metadata-only ZIP inspection, CopyMark publishes compact row-bound verifier artifacts, or a new repository/dataset appears with a small target/split/score/ROC/metric packet. |
 | Highest-value next action | Continue non-duplicate asset search only for candidates with public target identity, member/nonmember split artifacts, and response/score coverage. CPSample remains defense watch-plus; reopen it only if checkpoint-bound denoiser/classifier artifacts or hashes, exact train/test/subset row identities, protected/unprotected row-bound score packets, ROC/metric JSON, retained-utility metrics, and a defended-vs-undefended adaptive-attacker consumer contract are public. DSiRe / LoRA-WiSE remains a future weight-only privacy lane candidate, but reopen it only if DiffAudit explicitly opens a weight-only LoRA dataset-size recovery consumer contract with MAE/MAPE/accuracy as primary metrics and language separating aggregate model-weight cardinality leakage from per-sample MIA. CopyMark is now official Research-side score-artifact support evidence, but reopen it only if authors publish a compact row-ID-bound score manifest, checkpoint hashes, a no-training verifier, or a small immutable data/checkpoint packet that avoids the full HF zip and model-folder downloads. VAE2Diffusion remains code-public latent-space MIA watch-plus; reopen it only if public split manifests, matching checkpoints or generated response/feature caches, score rows, ROC/metric JSON, verifier outputs, or another bounded no-training artifact appears. DCR remains copying/memorization semantic-shift watch-plus; reopen it only if a public available LAION split or equivalent immutable image manifest, target checkpoint/generated response packets, score rows, ROC/metric JSON, verifier outputs, or an explicit copying/memorization consumer-boundary lane appear. FCRE remains a medical-image frequency-calibrated reconstruction-error paper-source watch item; reopen it only if official code plus frozen split manifests, matching target checkpoints, generated reconstruction packets, reusable score rows, ROC/metric JSON, verifier outputs, or a reviewed medical-image consumer-boundary lane appear. Tabular Privacy Leakage TDM is a single-table tabular code-public watch-plus item; reopen it only if paper-bound Berka/Diabetes target checkpoints, immutable split manifests, generated synthetic tables, reusable score rows, ROC/metric JSON, verifier outputs, or a reviewed tabular consumer-boundary lane appear. TMIA-DM remains a temporal-noise / noise-gradient paper-only mechanism watch item; reopen it only if official public code plus immutable target/split artifacts and reusable score/ROC/metric packets appear. Shake-to-Leak is a fine-tuning-amplified generative-privacy code-public watch-plus item, but reopen it only if public checkpoint-bound score artifacts, immutable split manifests, generated private-set packets, or ready verifier outputs appear. FSECLab MIA-Diffusion is a direct diffusion-MIA code-public watch-plus item, but reopen it only if public checkpoint-bound score artifacts, immutable split manifests, generated sample packets, or ready verifier outputs appear. MT-MIA remains useful public score-packet support evidence, but reopen it only if DiffAudit explicitly opens a relational-tabular synthetic-data membership lane, authors publish row-ID-bound verifier artifacts, or paperization needs clearly labeled cross-domain support outside Platform/Runtime rows. Reopen LSA-Probe only if real public adversarial-cost score artifacts, exact music/audio target identities, and exact member/nonmember manifests appear, or if DiffAudit explicitly opens a music/audio lane. Reopen DualMD/DistillMD only if public checkpoint-bound defended/undefended score artifacts, ROC arrays, metric JSON, generated response packets, or a bounded verifier appear and a consumer-boundary decision explicitly admits disjoint-training defense evidence. Reopen DIFFENCE only if public checkpoint-bound defended/undefended score artifacts or a bounded verifier appear and a consumer-boundary decision explicitly admits classifier-defense evidence. Reopen MIAHOLD/HOLD++ only if public checkpoint-bound score artifacts or a bounded verifier appear, plus an explicit TTS/audio consumer-boundary decision before any audio lane execution. Reopen the Quantile/SecMI-style support packet only if explicit quantile-regression score outputs, trained quantile artifacts, or a bounded verifier command are released, or if a consumer-boundary review approves third-party SecMI-style packets as paperization support without Platform/Runtime admission. Reopen ReproMIA only if a current non-withdrawn paper plus official public code, exact target/split manifests, and reusable score/metric artifacts appear; reopen Tracing Roots only if raw target checkpoint identity, raw sample manifests, or a feature-packet consumer-boundary decision appears; reopen CLiD only if authors publish a row manifest or HF gated access allows metadata-only manifest inspection. |
 | Stop condition | Do not download CIFAR-10, CelebA, LSUN, Stable Diffusion weights, denoiser/classifier checkpoints, generated images, or missing Google Drive placeholders for CPSample; do not run `python main.py`, train classifiers, fine-tune denoisers, generate protected/unprotected images, run `--inference_attack`, or launch CPU/GPU sidecars from this gate. Do not download LoRA-WiSE parquet shards, image folders, Stable Diffusion weights, or LoRA tensor payloads; do not run `python dsire.py`, FAISS/SVD sweeps, CPU sidecars, or GPU work unless a separate weight-only consumer contract is opened. Do not download CopyMark HF `datasets.zip`, image folders, Stable Diffusion/CommonCanvas/LDM/Kohaku weights, LAION/COCO/CC12M/YFCC/DataComp/FFHQ/CelebA-HQ/CommonCatalog payloads, or model folders; do not clone the full repo by default, run PIA/PFAMI/SecMI/GSA scripts, regenerate features, fit XGBoost models, or launch GPU work from the CopyMark official score artifact gate. Do not download CIFAR-10, CelebA, ImageNet-1K, Pokemon, COCO, Flickr, LAION, Stable Diffusion weights, VAE/LDM checkpoints, split payloads, generated responses, or pullback/per-dim caches for VAE2Diffusion; do not train LDMs, fine-tune Stable Diffusion, run SimA/PFAMI/PIA variants, or launch GPU work from that gate. Do not download LAION payloads, DCR Drive split folders, Stable Diffusion weights, generated image sets, or retrieval outputs; do not fine-tune, infer, run retrieval, or launch GPU work for DCR. Do not download FeTS, ChestX-ray8, CIFAR-10, or medical-image payloads, train diffusion targets, run DDIM reconstruction, sweep frequency bands, or launch GPU work for FCRE. Do not download Berka/Diabetes/MIDST resources, train ClavaDDPM targets or shadows, run Tartan Federer/Ensemble/EPT attacks, promote MIDST toolkit integration-test fixtures, or launch GPU work for Tabular Privacy Leakage TDM. Do not download CIFAR/Tiny-ImageNet/Pokemon/LAION/COCO assets, train or fine-tune diffusion targets, reconstruct temporal-noise trajectory pipelines, or launch GPU work for TMIA-DM. Do not download Stable Diffusion weights, LAION/person images, synthetic private sets, or checkpoints for Shake-to-Leak; do not run `sp_gen.py`, LoRA/DB/End2End fine-tuning, SecMI scripts, or data extraction from that gate. Do not download CIFAR-10, CelebA, DDIM/DCGAN checkpoints, generated samples, or full repo payloads for FSECLab MIA-Diffusion; do not run DDIM/DCGAN training, sampling, attack scripts, or TTUR evaluation from that gate. Do not download MT-MIA raw figshare datasets, synthetic CSV payloads, ClavaDDPM/RelDiff training assets, or the full repository; do not regenerate high-cost RelDiff outputs or promote relational-tabular score packets without a consumer-boundary decision. Do not download MAESTRO, FMA-Large, DiffWave, MusicLDM, audio clips, checkpoints, or GitHub Pages demo JSON as LSA-Probe experiment evidence; do not implement LSA-Probe from the TeX or demo. Do not download the DualMD/DistillMD SharePoint Pokemon payload, Stable Diffusion weights, CIFAR/CIFAR100/STL10/Tiny-ImageNet datasets, or run DDPM/LDM training, distillation, SecMIA/PIA, black-box attack scripts, or launch GPU jobs from this gate. Do not download DIFFENCE Google Drive diffusion/target model folders or CIFAR/SVHN datasets; do not train classifiers or diffusion models, generate DIFFENCE reconstructions, run MIA scripts, or launch GPU jobs from that gate. Do not download MIAHOLD/HOLD++ Grad-TTS, HiFi-GAN, CLD-SGM, CIFAR, CelebA, LJSpeech, or LibriTTS assets; do not scrape W&B, train HOLD++ CIFAR/audio models, regenerate PIA scores, or launch GPU jobs from that gate. Do not clone the full `neilkale/quantile-diffusion-mia` repository by default, download pretrained DDPM checkpoints/CIFAR archives/SharePoint model folders, run training, fit quantile models, recover W&B artifacts, or launch GPU jobs from that support packet. Do not promote CPSample, DSiRe / LoRA-WiSE, CopyMark, VAE2Diffusion, DCR, FCRE, Tabular Privacy Leakage TDM, TMIA-DM, Shake-to-Leak, FSECLab MIA-Diffusion, MT-MIA, LSA-Probe, DualMD/DistillMD, DIFFENCE, or MIAHOLD as admitted rows, Quantile replay as a Quantile Regression result, or any of these lines as admitted Platform/Runtime rows. Keep the existing no-download/no-GPU constraints for ReproMIA, DMin, ELSA, Memorization Anisotropy, FERMI, DurMI, FMIA, CLiD, StablePrivateLoRA, MIDM, GGDM, Diffusion Memorization, ReDiffuse, and same-family MIDST expansions. |
diff --git a/docs/evidence/structural-mia-t2i-artifact-gate-20260515.md b/docs/evidence/structural-mia-t2i-artifact-gate-20260515.md
new file mode 100644
index 0000000..e0aa23d
--- /dev/null
+++ b/docs/evidence/structural-mia-t2i-artifact-gate-20260515.md
@@ -0,0 +1,118 @@
+# Structural MIA T2I Artifact Gate
+
+> Date: 2026-05-15
+> Status: paper-source-only structural T2I MIA watch / OpenReview supplement PDF-only / no code-score artifact / no download / no GPU release / no admitted row
+
+## Question
+
+Does arXiv `2407.13252` / `Unveiling Structural Memorization: Structural
+Membership Inference Attack for Text-to-Image Diffusion Models` expose a
+non-duplicate text-to-image diffusion MIA artifact that should change
+DiffAudit's active execution slots or admitted Platform/Runtime boundary?
+
+This gate was opened because the mechanism is structurally different from
+pixel-loss, SecMI, PIA, CLiD likelihood, CopyMark benchmark-score, and
+Rectified Flow vector-field routes. The check used arXiv API metadata, the
+arXiv source tarball, exact-title GitHub repository/code searches, and the
+OpenReview supplementary attachment. It did not download LAION/COCO image
+payloads, Stable Diffusion or Latent Diffusion weights, generated images, or
+run DDIM inversion / SSIM scoring.
+
+## Public Surface
+
+| Field | Value |
+| --- | --- |
+| Paper line | `Unveiling Structural Memorization: Structural Membership Inference Attack for Text-to-Image Diffusion Models` |
+| arXiv | `https://arxiv.org/abs/2407.13252v1` |
+| Published / updated | `2024-07-18T08:07:28Z` |
+| OpenReview supplement | `https://openreview.net/attachment?id=GQkPMFUWVf&name=supplementary_material` |
+| Supplement payload | `1,923,114` byte ZIP with one entry: `supplementary.pdf` (`2,016,750` bytes), no code/data/results files |
+| arXiv source tarball | `4,327,174` bytes, `38` entries, TeX plus figure PDFs |
+| GitHub exact-title search | No official repository found for exact title or `2407.13252`; code search found only unrelated paper-index metadata |
+
+The public paper source contains rendered ROC/log-ROC figures and table values,
+but no machine-readable score rows, ROC arrays, metric JSON, image manifests,
+checkpoint hashes, generated response packets, or verifier.
+
+## Mechanism Signal
+
+The proposed attack uses structure-level memorization in text-to-image models.
+Given an input image, it encodes the image into the T2I latent space, performs
+DDIM inversion/noising, decodes the corrupted latent back to pixel space, and
+uses structural similarity between the original and corrupted output as the
+membership signal. The paper argues that member image structures are preserved
+better than nonmember image structures during early diffusion steps.
+
+This is mechanism-relevant because it is not another raw denoising-loss,
+reverse-denoise distance, prompt likelihood, final-layer gradient, frequency
+filter, or Flow Matching vector-field statistic. It is also closer to a
+practical text-to-image model setting than small unconditional DDPM-only
+probes.
+
+## Reported Metrics
+
+These are paper-source metrics read from the arXiv source, not locally
+replayed.
+
+| Target | Resolution | Method | AUC | ASR | TPR@1%FPR | TPR@0.1%FPR |
+| --- | --- | --- | ---: | ---: | ---: | ---: |
+| Latent Diffusion | `512x512` | Structural MIA | `0.930` | `0.860` | `0.575` | `0.245` |
+| Latent Diffusion | `256x256` | Structural MIA | `0.841` | `0.763` | `0.368` | `0.173` |
+| Stable Diffusion v1-1 | `512x512` | Structural MIA | `0.920` | `0.852` | `0.512` | `0.234` |
+| Stable Diffusion v1-1 | `256x256` | Structural MIA | `0.811` | `0.750` | `0.302` | `0.107` |
+
+The paper states that the hold-out set is `5,000` COCO2017-Val images; member
+sets are randomly sampled from LAION-400M for Latent Diffusion and LAION2B-en
+for Stable Diffusion v1-1. Those sample identities are described but not
+released as public machine-readable manifests.
+
+## Gate Result
+
+| Gate | Result |
+| --- | --- |
+| Target identity | Partial. The paper names Latent Diffusion and Stable Diffusion v1-1, but no checkpoint hashes, exact model revisions, or executable target bundles are public. |
+| Exact member split | Fail. The paper describes random LAION member sampling, but no immutable LAION member image IDs, URLs, captions, or split manifest are public. |
+| Exact nonmember split | Partial/fail. COCO2017-Val is named as hold-out, but no exact row order, filtered image IDs, or evaluation manifest is public. |
+| Query/response or score coverage | Fail. Public artifacts have tables and figure PDFs only, not score rows, ROC arrays, metric JSON, generated packets, or verifier output. |
+| Mechanism delta | Pass for watch. Structure-level forward-diffusion SSIM is non-duplicate and relevant to T2I membership. |
+| Download justification | Fail. Downloading LAION/COCO/model payloads or implementing SSIM scoring would not evaluate a released artifact; it would create a new reproduction. |
+| GPU release | Fail. Missing public artifacts, not local compute, are the blocker. |
+
+## Decision
+
+`paper-source-only structural T2I MIA watch / OpenReview supplement PDF-only /
+no code-score artifact / no download / no GPU release / no admitted row`.
+
+Structural MIA should remain a Research-only watch item. It is a useful
+mechanism reference because it attacks structural memorization in text-to-image
+models and reports strong low-FPR table metrics. It is not an execution target
+because the public surface lacks the concrete row identity and score artifacts
+that DiffAudit needs for a bounded replay or product row.
+
+Current slots remain `active_gpu_question = none`,
+`next_gpu_candidate = none`, and
+`CPU sidecar = none selected after Structural MIA T2I artifact gate`.
+
+Smallest valid reopen condition:
+
+- authors publish official code plus exact LAION/COCO member/nonmember
+  manifests, target model revisions or hashes, generated/corrupted response
+  packets, score rows, ROC arrays, metric JSON, and a verifier; or
+- an independent public artifact package exposes the same row-bound structural
+  scores without requiring LAION crawling, Stable Diffusion downloads, or local
+  reproduction from the paper.
+
+Stop condition:
+
+- Do not download LAION-400M, LAION2B-en, COCO2017-Val images, Stable
+  Diffusion, Latent Diffusion, BLIP, generated images, or checkpoint payloads
+  from this gate.
+- Do not implement DDIM inversion, structure-level SSIM scoring, prompt
+  variants, distortion robustness, or guidance-scale sweeps from the paper.
+- Do not launch GPU work, add Platform/Runtime rows, change schemas, or change
+  product copy until row-bound public artifacts exist.
+
+## Platform and Runtime Impact
+
+None. Platform and Runtime continue consuming only the admitted `recon / PIA
+baseline / PIA defended / GSA / DPDM W-1` set.
diff --git a/docs/evidence/workspace-evidence-index.md b/docs/evidence/workspace-evidence-index.md
index b9444be..5929566 100644
--- a/docs/evidence/workspace-evidence-index.md
+++ b/docs/evidence/workspace-evidence-index.md
@@ -5,6 +5,15 @@ This index separates current track state from archived research history.
 ## Current Track State
 
 Latest Research update:
+[structural-mia-t2i-artifact-gate-20260515.md](structural-mia-t2i-artifact-gate-20260515.md)
+records a direct text-to-image structural MIA mechanism watch. arXiv
+`2407.13252` reports strong SSIM/forward-diffusion structure-level metrics, but
+the arXiv source is TeX/figures only, exact GitHub searches found no official
+release, and the OpenReview supplement ZIP contains only `supplementary.pdf`.
+No code, target/split/score/ROC/metric artifacts, verifier, download, CPU
+sidecar, GPU release, or admitted row is selected.
+
+Previous Research update:
 [rectified-flow-mia-artifact-gate-20260515.md](rectified-flow-mia-artifact-gate-20260515.md)
 records a non-duplicate Rectified Flow / Flow Matching MIA mechanism watch.
 arXiv `2603.13421` reports complexity-calibrated Monte Carlo vector-field
@@ -13,7 +22,7 @@ scoring with strong low-FPR gains, but the promised
 checkpoints, scores, ROC arrays, metric JSON, verifier, download, CPU sidecar,
 GPU release, or admitted row is selected.
 
-Previous Research update:
+Earlier Research update:
 [public-metadata-asset-sweep-20260515.md](public-metadata-asset-sweep-20260515.md)
 records the post-DIFFENCE Hugging Face/GitHub metadata sweep. Authenticated HF
 metadata still exposes only known CLiD and CopyMark surfaces:
@@ -56,7 +65,7 @@ product-copy, recommendation, download, CPU sidecar, or GPU change was released.
 | Track | Active docs | Role |
 | --- | --- | --- |
 | Black-box | [workspaces/black-box/README.md](../../workspaces/black-box/README.md), [plan.md](../../workspaces/black-box/plan.md), [public-metadata-asset-sweep-20260515.md](public-metadata-asset-sweep-20260515.md), [copymark-official-score-artifact-gate-20260515.md](copymark-official-score-artifact-gate-20260515.md), [shake-to-leak-code-artifact-gate-20260515.md](shake-to-leak-code-artifact-gate-20260515.md), [fseclab-mia-diffusion-code-artifact-gate-20260515.md](fseclab-mia-diffusion-code-artifact-gate-20260515.md), [genai-confessions-blackbox-artifact-gate-20260515.md](genai-confessions-blackbox-artifact-gate-20260515.md), [clid-official-inter-output-replay-20260515.md](clid-official-inter-output-replay-20260515.md), [midst-tabddpm-ept-scout-20260515.md](midst-tabddpm-ept-scout-20260515.md), [diffusion-memorization-asset-gate-20260515.md](diffusion-memorization-asset-gate-20260515.md), [rediffuse-openreview-split-manifest-audit-20260515.md](rediffuse-openreview-split-manifest-audit-20260515.md), [beans-lora-delta-sensitivity-20260513.md](beans-lora-delta-sensitivity-20260513.md), [quantile-regression-asset-verdict-20260513.md](quantile-regression-asset-verdict-20260513.md), [miagm-asset-verdict-20260513.md](miagm-asset-verdict-20260513.md), [noise-as-probe-asset-verdict-20260513.md](noise-as-probe-asset-verdict-20260513.md), [zenodo-code-reference-audit-20260513.md](zenodo-code-reference-audit-20260513.md), [zenodo-finetuned-diffusion-asset-verdict-20260513.md](zenodo-finetuned-diffusion-asset-verdict-20260513.md), [laion-mi-url-availability-probe-20260513.md](laion-mi-url-availability-probe-20260513.md), [laion-mi-asset-verdict-20260513.md](laion-mi-asset-verdict-20260513.md), [commoncanvas-denoising-loss-20260513.md](commoncanvas-denoising-loss-20260513.md), [midst-tabddpm-shadow-distributional-scout-20260513.md](midst-tabddpm-shadow-distributional-scout-20260513.md), [midst-tabddpm-nearest-neighbor-scout-20260513.md](midst-tabddpm-nearest-neighbor-scout-20260513.md), [copymark-commoncanvas-multiseed-stability-20260513.md](copymark-commoncanvas-multiseed-stability-20260513.md), [fashion-mnist-ddpm-pia-loss-scout-20260513.md](fashion-mnist-ddpm-pia-loss-scout-20260513.md), [kohaku-danbooru-asset-decision-20260513.md](kohaku-danbooru-asset-decision-20260513.md), [tiny-known-split-gradient-prototype-alignment-20260513.md](tiny-known-split-gradient-prototype-alignment-20260513.md), [copymark-commoncanvas-response-preflight-20260512.md](copymark-commoncanvas-response-preflight-20260512.md), [copymark-commoncanvas-query-asset-20260512.md](copymark-commoncanvas-query-asset-20260512.md), [copymark-provenance-intake-20260512.md](copymark-provenance-intake-20260512.md), [external-diffusion-benchmark-provenance-scan-20260512.md](external-diffusion-benchmark-provenance-scan-20260512.md), [true-second-membership-benchmark-scope-20260512.md](true-second-membership-benchmark-scope-20260512.md), [gradient-norm-stability-gate-20260512.md](gradient-norm-stability-gate-20260512.md), [tiny-overfit-gradient-norm-scout-20260512.md](tiny-overfit-gradient-norm-scout-20260512.md), [tiny-overfit-mse-upperbound-20260512.md](tiny-overfit-mse-upperbound-20260512.md), [tiny-known-split-denoising-sanity-20260512.md](tiny-known-split-denoising-sanity-20260512.md), [mnist-ddpm-x0-reconstruction-scout-20260512.md](mnist-ddpm-x0-reconstruction-scout-20260512.md), [beans-sd15-membership-semantics-correction-20260512.md](beans-sd15-membership-semantics-correction-20260512.md), [beans-sd15-clip-distance-scout-20260512.md](beans-sd15-clip-distance-scout-20260512.md), [beans-sd15-simple-distance-scout-20260512.md](beans-sd15-simple-distance-scout-20260512.md), [beans-sd15-response-contract-ready-20260512.md](beans-sd15-response-contract-ready-20260512.md), [beans-sd15-response-contract-scout-20260512.md](beans-sd15-response-contract-scout-20260512.md), [mnist-ddpm-pia-portability-smoke-20260512.md](mnist-ddpm-pia-portability-smoke-20260512.md), [midfreq-residual-comparator-audit-20260512.md](midfreq-residual-comparator-audit-20260512.md), [midfreq-residual-stability-result-20260512.md](midfreq-residual-stability-result-20260512.md), [midfreq-residual-stability-decision-20260512.md](midfreq-residual-stability-decision-20260512.md), [midfreq-residual-signcheck-20260512.md](midfreq-residual-signcheck-20260512.md), [midfreq-same-noise-residual-preflight-20260512.md](midfreq-same-noise-residual-preflight-20260512.md), [midfreq-residual-scorer-contract-20260512.md](midfreq-residual-scorer-contract-20260512.md), [midfreq-residual-collector-contract-20260512.md](midfreq-residual-collector-contract-20260512.md), [midfreq-residual-tiny-runner-contract-20260512.md](midfreq-residual-tiny-runner-contract-20260512.md), [midfreq-residual-real-asset-preflight-20260512.md](midfreq-residual-real-asset-preflight-20260512.md) | Public metadata sweep after HF auth and GitHub artifact searches found no new non-duplicate replay packet; CLiD ZIP remains range-inaccessible with auth, CopyMark HF ZIP remains already-covered and too large to change the current decision; CopyMark official score-artifact support evidence with public member/nonmember logs, aggregate ROC/threshold JSONs, selected all-step tensors, laion_ridar/mixing results, but no checkpoint hashes, compact row-ID-bound score manifest, small immutable data/checkpoint packet, or ready verifier; Shake-to-Leak code-public fine-tuning-amplified generative privacy watch-plus with target/data/score artifacts missing, FSECLab MIA-Diffusion official DDIM/DCGAN code-public but checkpoint/score/result-missing watch-plus, GenAI Confessions raw-input data-public but response/checkpoint missing black-box boundary watch, strong official CLiD CPU inter-output replay that remains prompt-conditioned candidate-only, weak MIDST TabDDPM EPT scout after nearest-neighbor and shadow-distributional failures, Diffusion Memorization semantic-shift watch, ReDiffuse official OpenReview split-manifest provenance, Reconstruction, variation, H2/simple-distance, weak Beans LoRA parameter-delta sensitivity and conditional denoising-loss under repaired known-split membership semantics, Quantile Regression sample-conditioned reconstruction-loss mechanism reference that is artifact-incomplete, MIAGM generated-distribution reference that is artifact-incomplete, Noise as a Probe semantic-initial-noise mechanism watch that is reproduction-incomplete, Zenodo fine-tuned diffusion paper/code-backed archive watch that remains split-manifest incomplete, LAION-mi metadata-only watch after failed fixed `25/25` URL availability probe, true second membership benchmark scope, weak CommonCanvas conditional denoising-loss scout, weak MIDST TabDDPM nearest-neighbor scout, weak MIDST shadow-distributional scout, weak Fashion-MNIST DDPM PIA-loss scout, Kohaku/Danbooru membership-semantics block, CopyMark provenance intake, local CommonCanvas query asset, completed `50/50` CommonCanvas responses with weak pixel-distance, CLIP image-similarity, prompt-response consistency, multi-seed response-stability, and conditional denoising-loss scorers, weak `64/64` gradient-prototype alignment scout, external provenance scan, Beans contract/debug boundary, MNIST/DDPM raw-loss and x0 simple-scorer scouts, tiny known-split raw-MSE sanity checks, tiny overfit gradient-norm mechanism signal and weakened stability gate, and same-noise residual candidate status. |
-| Gray-box | [workspaces/gray-box/README.md](../../workspaces/gray-box/README.md), [plan.md](../../workspaces/gray-box/plan.md), [rectified-flow-mia-artifact-gate-20260515.md](rectified-flow-mia-artifact-gate-20260515.md), [dsire-lora-wise-dataset-size-boundary-20260515.md](dsire-lora-wise-dataset-size-boundary-20260515.md), [hyperfree-secmi-reproduction-gate-20260515.md](hyperfree-secmi-reproduction-gate-20260515.md), [dme-dual-model-entropy-artifact-gate-20260515.md](dme-dual-model-entropy-artifact-gate-20260515.md), [fremia-frequency-filter-artifact-gate-20260515.md](fremia-frequency-filter-artifact-gate-20260515.md), [vae2diffusion-latent-space-inversion-gate-20260515.md](vae2diffusion-latent-space-inversion-gate-20260515.md), [fcre-medical-frequency-artifact-gate-20260515.md](fcre-medical-frequency-artifact-gate-20260515.md), [privacy-leakage-tdm-artifact-gate-20260515.md](privacy-leakage-tdm-artifact-gate-20260515.md), [tmia-dm-temporal-artifact-gate-20260515.md](tmia-dm-temporal-artifact-gate-20260515.md), [quantile-diffusion-mia-secmia-terror-replay-20260515.md](quantile-diffusion-mia-secmia-terror-replay-20260515.md), [noise-aggregation-small-noise-artifact-gate-20260515.md](noise-aggregation-small-noise-artifact-gate-20260515.md), [sima-scorebased-artifact-gate-20260515.md](sima-scorebased-artifact-gate-20260515.md), [tracing-roots-feature-packet-mia-20260515.md](tracing-roots-feature-packet-mia-20260515.md), [../product-bridge/tracing-roots-candidate-evidence-card.md](../product-bridge/tracing-roots-candidate-evidence-card.md), [cdi-official-artifact-gate-20260515.md](cdi-official-artifact-gate-20260515.md), [fashion-mnist-ddpm-score-jacobian-sensitivity-20260514.md](fashion-mnist-ddpm-score-jacobian-sensitivity-20260514.md), [fashion-mnist-ddpm-sima-score-norm-20260514.md](fashion-mnist-ddpm-sima-score-norm-20260514.md), [mofit-artifact-verdict-20260513.md](mofit-artifact-verdict-20260513.md), [secmi-consumer-contract-review-20260512.md](secmi-consumer-contract-review-20260512.md), [post-midfreq-next-lane-reselection-20260512.md](post-midfreq-next-lane-reselection-20260512.md), [graybox-paper-candidate-reentry-review-20260512.md](graybox-paper-candidate-reentry-review-20260512.md) | Rectified Flow / Flow Matching MIA paper-source-only mechanism watch with promised but empty public repo, DSiRe / LoRA-WiSE future weight-only dataset-size recovery boundary gate, Hyperparameter-free SecMI third-party code/report support-family gate, DME complexity-bias MIA stub-repo-only watch, FreMIA frequency-filter MIA paper-source-plus-stub-repo watch, PIA, SecMI, VAE2Diffusion latent-space decoder-geometry MIA code-public watch-plus with split/checkpoint/score artifacts missing, FCRE medical-image frequency-calibrated reconstruction-error paper-source watch, single-table Tabular Privacy Leakage TDM watch-plus with official MIDST toolkit code but no paper score packet, TMIA-DM temporal-noise / noise-gradient paper-only watch, Quantile Diffusion MIA third-party SecMI-style `t_error` support packet, Noise Aggregation small-noise predicted-noise aggregation MIA paper-source-only watch, official SimA score-based MIA watch-plus with code-public but split/checkpoint/score artifacts missing, Tracing the Roots positive-but-provenance-limited trajectory feature-packet MIA with a candidate-only product-bridge card, official CDI dataset-inference gate as code-public but large-assets-required/no ready score packet/no GPU release, weak Fashion-MNIST score-Jacobian sensitivity scout, weak Fashion-MNIST SimA score-norm scout, MoFit artifact-incomplete watch, archived paper-candidate, DCR copying/memorization semantic-shift watch, and gray-box defense boundary status. |
+| Gray-box | [workspaces/gray-box/README.md](../../workspaces/gray-box/README.md), [plan.md](../../workspaces/gray-box/plan.md), [structural-mia-t2i-artifact-gate-20260515.md](structural-mia-t2i-artifact-gate-20260515.md), [rectified-flow-mia-artifact-gate-20260515.md](rectified-flow-mia-artifact-gate-20260515.md), [dsire-lora-wise-dataset-size-boundary-20260515.md](dsire-lora-wise-dataset-size-boundary-20260515.md), [hyperfree-secmi-reproduction-gate-20260515.md](hyperfree-secmi-reproduction-gate-20260515.md), [dme-dual-model-entropy-artifact-gate-20260515.md](dme-dual-model-entropy-artifact-gate-20260515.md), [fremia-frequency-filter-artifact-gate-20260515.md](fremia-frequency-filter-artifact-gate-20260515.md), [vae2diffusion-latent-space-inversion-gate-20260515.md](vae2diffusion-latent-space-inversion-gate-20260515.md), [fcre-medical-frequency-artifact-gate-20260515.md](fcre-medical-frequency-artifact-gate-20260515.md), [privacy-leakage-tdm-artifact-gate-20260515.md](privacy-leakage-tdm-artifact-gate-20260515.md), [tmia-dm-temporal-artifact-gate-20260515.md](tmia-dm-temporal-artifact-gate-20260515.md), [quantile-diffusion-mia-secmia-terror-replay-20260515.md](quantile-diffusion-mia-secmia-terror-replay-20260515.md), [noise-aggregation-small-noise-artifact-gate-20260515.md](noise-aggregation-small-noise-artifact-gate-20260515.md), [sima-scorebased-artifact-gate-20260515.md](sima-scorebased-artifact-gate-20260515.md), [tracing-roots-feature-packet-mia-20260515.md](tracing-roots-feature-packet-mia-20260515.md), [../product-bridge/tracing-roots-candidate-evidence-card.md](../product-bridge/tracing-roots-candidate-evidence-card.md), [cdi-official-artifact-gate-20260515.md](cdi-official-artifact-gate-20260515.md), [fashion-mnist-ddpm-score-jacobian-sensitivity-20260514.md](fashion-mnist-ddpm-score-jacobian-sensitivity-20260514.md), [fashion-mnist-ddpm-sima-score-norm-20260514.md](fashion-mnist-ddpm-sima-score-norm-20260514.md), [mofit-artifact-verdict-20260513.md](mofit-artifact-verdict-20260513.md), [secmi-consumer-contract-review-20260512.md](secmi-consumer-contract-review-20260512.md), [post-midfreq-next-lane-reselection-20260512.md](post-midfreq-next-lane-reselection-20260512.md), [graybox-paper-candidate-reentry-review-20260512.md](graybox-paper-candidate-reentry-review-20260512.md) | Structural T2I MIA paper-source-only mechanism watch with OpenReview PDF-only supplement, Rectified Flow / Flow Matching MIA paper-source-only mechanism watch with promised but empty public repo, DSiRe / LoRA-WiSE future weight-only dataset-size recovery boundary gate, Hyperparameter-free SecMI third-party code/report support-family gate, DME complexity-bias MIA stub-repo-only watch, FreMIA frequency-filter MIA paper-source-plus-stub-repo watch, PIA, SecMI, VAE2Diffusion latent-space decoder-geometry MIA code-public watch-plus with split/checkpoint/score artifacts missing, FCRE medical-image frequency-calibrated reconstruction-error paper-source watch, single-table Tabular Privacy Leakage TDM watch-plus with official MIDST toolkit code but no paper score packet, TMIA-DM temporal-noise / noise-gradient paper-only watch, Quantile Diffusion MIA third-party SecMI-style `t_error` support packet, Noise Aggregation small-noise predicted-noise aggregation MIA paper-source-only watch, official SimA score-based MIA watch-plus with code-public but split/checkpoint/score artifacts missing, Tracing the Roots positive-but-provenance-limited trajectory feature-packet MIA with a candidate-only product-bridge card, official CDI dataset-inference gate as code-public but large-assets-required/no ready score packet/no GPU release, weak Fashion-MNIST score-Jacobian sensitivity scout, weak Fashion-MNIST SimA score-norm scout, MoFit artifact-incomplete watch, archived paper-candidate, DCR copying/memorization semantic-shift watch, and gray-box defense boundary status. |
 | White-box | [workspaces/white-box/README.md](../../workspaces/white-box/README.md), [plan.md](../../workspaces/white-box/plan.md), [whitebox-gsa-zenodo-archive-verdict-20260513.md](whitebox-gsa-zenodo-archive-verdict-20260513.md), [whitebox-influence-curvature-feasibility-scout-20260511.md](whitebox-influence-curvature-feasibility-scout-20260511.md), [gsa-diagonal-fisher-feasibility-microboard-20260511.md](gsa-diagonal-fisher-feasibility-microboard-20260511.md), [gsa-diagonal-fisher-layer-scope-review-20260511.md](gsa-diagonal-fisher-layer-scope-review-20260511.md), [gsa-diagonal-fisher-stability-board-20260511.md](gsa-diagonal-fisher-stability-board-20260511.md), [post-fisher-next-lane-reselection-20260511.md](post-fisher-next-lane-reselection-20260511.md) | GSA, DPDM, admitted-family GSA Zenodo archive identity, Finding NeMo, and white-box boundary status. |
 | Cross-box | [workspaces/cross-box/README.md](../../workspaces/cross-box/README.md), [cross-box-boundary-status.md](cross-box-boundary-status.md), [cross-box-successor-scope-20260512.md](cross-box-successor-scope-20260512.md), [post-ib-next-lane-reselection-20260512.md](post-ib-next-lane-reselection-20260512.md), [ic-same-spec-evaluator-feasibility-scout-20260512.md](ic-same-spec-evaluator-feasibility-scout-20260512.md) | Cross-track score-sharing, cross-permission boundary, and successor reopen conditions. |
 | Defense | [workspaces/defense/README.md](../../workspaces/defense/README.md), [cpsample-defense-artifact-gate-20260515.md](cpsample-defense-artifact-gate-20260515.md), [dualmd-distillmd-defense-artifact-gate-20260515.md](dualmd-distillmd-defense-artifact-gate-20260515.md), [diffence-classifier-defense-artifact-gate-20260515.md](diffence-classifier-defense-artifact-gate-20260515.md), [miahold-higher-order-langevin-artifact-gate-20260515.md](miahold-higher-order-langevin-artifact-gate-20260515.md), [stableprivatelora-defense-artifact-gate-20260515.md](stableprivatelora-defense-artifact-gate-20260515.md), [ib-risk-targeted-unlearning-successor-scope.md](ib-risk-targeted-unlearning-successor-scope.md), [ib-adaptive-defense-contract-20260511.md](ib-adaptive-defense-contract-20260511.md), [ib-defense-aware-reopen-scout-20260512.md](ib-defense-aware-reopen-scout-20260512.md), [ib-defense-reopen-protocol-audit-20260512.md](ib-defense-reopen-protocol-audit-20260512.md), [ib-defended-shadow-reopen-protocol-20260512.md](ib-defended-shadow-reopen-protocol-20260512.md), [ib-reopen-shadow-reference-guard-20260512.md](ib-reopen-shadow-reference-guard-20260512.md), [ib-defended-shadow-training-manifest-20260512.md](ib-defended-shadow-training-manifest-20260512.md), [ib-shadow-local-identity-scout-20260512.md](ib-shadow-local-identity-scout-20260512.md), [ib-shadow-local-gsa-risk-preflight-20260515.md](ib-shadow-local-gsa-risk-preflight-20260515.md) | CPSample sampling-time classifier-protected defense watch-plus, DualMD/DistillMD disjoint-split defense watch-plus, DIFFENCE classifier-defense watch-plus, MIAHOLD/HOLD++ higher-order Langevin defense watch-plus, StablePrivateLoRA defense watch-plus, risk-targeted unlearning boundary, true shadow-local GSA-only risk preflight, and defended-shadow/adaptive reopen conditions. |
diff --git a/workspaces/implementation/challenger-queue.md b/workspaces/implementation/challenger-queue.md
index eedcf8d..ea6f27b 100644
--- a/workspaces/implementation/challenger-queue.md
+++ b/workspaces/implementation/challenger-queue.md
@@ -9,10 +9,10 @@ timeline. Historical run IDs and dated notes are in `legacy/`.
 
 | Field | Value |
 | --- | --- |
-| Active work | `Rectified Flow MIA artifact gate completed` |
+| Active work | `Structural MIA T2I artifact gate completed` |
 | Active GPU task | none running |
 | Next GPU candidate | none selected |
-| CPU sidecar | none selected after Rectified Flow MIA artifact gate |
+| CPU sidecar | none selected after Structural MIA T2I artifact gate |
 | Gray-box status | PIA remains admitted; tri-score is positive-but-bounded internal candidate; ReDiffuse candidate-only; Fashion-MNIST SimA score-norm and score-Jacobian sensitivity weak |
 | Non-gray-box GPU | none selected |
 
@@ -20,6 +20,7 @@ timeline. Historical run IDs and dated notes are in `legacy/`.
 
 | Candidate | Track | Mode | Gate | Blocker | Next action |
 | --- | --- | --- | --- | --- | --- |
+| Structural MIA for T2I | gray-box / Lane B | paper-source-only mechanism watch | arXiv `2407.13252` proposes structure-level membership inference for Latent Diffusion and Stable Diffusion using DDIM inversion/noising plus SSIM, with strong reported low-FPR paper metrics | arXiv source is TeX/figures only, OpenReview supplement is PDF-only, no official code repo or score/split/checkpoint/verifier artifact was found | keep as non-duplicate mechanism watch only; do not download LAION/COCO/model/checkpoint/image payloads, implement SSIM/DDIM scoring, release CPU/GPU sidecar, or promote Platform/Runtime rows |
 | Rectified Flow MIA | gray-box / Lane B | paper-source-only mechanism watch | arXiv `2603.13421` proposes Rectified Flow / Flow Matching MIA statistics `T_naive`, `T_mc`, and complexity-calibrated `T_mc_cal`, with reported low-FPR gains on CIFAR-10, SVHN, and TinyImageNet | promised GitHub repo `mx-ethan-rao/MIA_Rectified_Flow` is empty; no public refs, code, split manifests, checkpoints, score rows, ROC arrays, metric JSON, or verifier | keep as non-duplicate mechanism watch only; do not download datasets/models/checkpoints/images, implement from paper, train RF models, release CPU/GPU sidecar, or promote Platform/Runtime rows |
 | HF/GitHub public metadata replay packet search | intake / Lane A | closed / no new artifact | authenticated HF metadata and GitHub artifact-shaped searches checked for small target/split/score/ROC/manifest packets after DIFFENCE | only known CLiD and CopyMark HF surfaces appeared; CLiD `mia_COCO.zip` remains `403` for authenticated HEAD/range probes, CopyMark HF zip is already covered and too large, and GitHub code search returned only already-covered CopyMark/CLiD/DiffAudit evidence hits | keep as anti-duplication evidence; do not download CLiD/CopyMark ZIPs, images, model/checkpoint payloads, clone large repos, run scripts, release CPU/GPU sidecar, or promote Platform/Runtime rows |
 | GitHub lightweight diffusion MIA repos | intake / Lane A | false-positive triage | four direct GitHub search hits were checked: acha1934 fine-tuned diffusion MIA, KarinMalka1 personalization forensics, abramwit Boeing 707 toy project, and josephho9 empirical-score MNIST prototype | no public checkpoint-bound target, immutable target member/nonmember manifest, row-bound response packet, score rows, ROC arrays, metric JSON, trained attack weights, or verifier; some require Colab/Google Drive/local training | keep as anti-duplication evidence only; do not download notebooks/images/models/Drive payloads, run scripts, train/fine-tune, release CPU/GPU sidecar, or promote Platform/Runtime rows |
diff --git a/workspaces/intake/README.md b/workspaces/intake/README.md
index eceb477..9e2c102 100644
--- a/workspaces/intake/README.md
+++ b/workspaces/intake/README.md
@@ -4,6 +4,16 @@
 
 - Direction: new method evaluation and paper scouting.
 - No active intake review.
+- Structural MIA for T2I / arXiv `2407.13252` is a paper-source-only
+  mechanism watch. It is non-duplicate because it targets text-to-image
+  structure-level memorization using DDIM inversion/noising plus SSIM between
+  original and corrupted images, with reported Latent Diffusion and Stable
+  Diffusion low-FPR gains. The arXiv source is TeX/figures only, exact-title
+  GitHub searches found no official code/artifact release, and the OpenReview
+  supplement is a ZIP containing only `supplementary.pdf`. No LAION/COCO
+  image, model/checkpoint, generated response, score row, ROC array, metric
+  JSON, verifier, CPU sidecar, GPU work, or admitted Platform/Runtime row is
+  released.
 - Rectified Flow MIA / arXiv `2603.13421` is a paper-source-only mechanism
   watch. It is non-duplicate because it targets Rectified Flow / Flow Matching
   vector fields with `T_naive`, `T_mc`, and complexity-calibrated `T_mc_cal`,