chore(vcr-mem): re-validate scry consumed surface against scry-sai-core 2.3.0 (#383, #242)

crates/synth-cli/Cargo.toml

@@ -72,5 +72,7 @@ gimli = { version = "0.33", default-features = false, features = ["read", "std"]
 # Tracks scry 2.x (SCPV v3): the major bump reshaped the provenance wire format,
 # but synth's consumed surface (call_graph / function_summaries / stack_usage /
 # reachable_from_exports / operand_stack) is unchanged and additive-only, so the
-# bump is transparent here. See scry#63 / scry v2.0.0.
+# bump is transparent here. See scry#63 / scry v2.0.0. Empirically re-verified
+# against scry v2.3.0 (2026-06-27, lockfile bumped) — scry_shadow_stack_budget
+# stays GREEN, so the "transparent" claim is tested, not just asserted.
 scry-sai-core = "2.0"

crates/synth-cli/tests/scry_shadow_stack_budget.rs

@@ -1,9 +1,14 @@
 //! VCR-MEM-001 (#383) layer-2 substrate — scry shadow-stack-depth proof, in-tree.
 //!
 //! Proves, in CI against the REAL gust-family module, that synth can obtain a
-//! SOUND worst-case shadow-stack budget from scry (`scry-sai-core` v1.12, the
-//! crates.io library finalized in scry#51 / scry PR #53). This is the layer-2
-//! "proof the budget is sufficient" half of #383 — the half scry owns:
+//! SOUND worst-case shadow-stack budget from scry (`scry-sai-core`, the crates.io
+//! library finalized in scry#51 / scry PR #53). First validated on v1.12, then
+//! across the SCPV v3 major bump (v2.x); re-verified GREEN on **scry v2.3.0**
+//! (2026-06-27) — the consumed surface (`stack_usage.max_stack_bytes`,
+//! `function_summaries[].recursive`, `reachable_from_exports`) is unchanged, so
+//! the "2.x bump is transparent" claim in `Cargo.toml` is empirically backed, not
+//! just asserted. This is the layer-2 "proof the budget is sufficient" half of
+//! #383 — the half scry owns:
 //!
 //!   - layer-1 (synth-side): the ELF `.bss` retarget mechanics that consume the
 //!     budget — still silicon-gated on gale's `--stack-first` answer.