From 228b930a964694fd51e01e36a03560c34fbbcb73 Mon Sep 17 00:00:00 2001
From: autonomic-bot <mfowler.email@protonmail.com>
Date: Wed, 27 May 2026 17:24:00 +0100
Subject: [PATCH] =?UTF-8?q?review(1c):=20corroboration=20=E2=80=94=20sops?=
 =?UTF-8?q?=20cert=20re-decrypts=20byte-identically=20at=20boot=20after=20?=
 =?UTF-8?q?W1=20resize-reboot=20(strengthens=20C2)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 REVIEW-1c.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/REVIEW-1c.md b/REVIEW-1c.md
index d268ce5..f6d43a5 100644
--- a/REVIEW-1c.md
+++ b/REVIEW-1c.md
@@ -64,4 +64,8 @@ Gate W2 CLAIMED by Builder (commits `f972bc1`/`f79e542`/`faa3709`; running tople
 
 → **C1, C2, C3 Adversary-PASS** (24h freshness clock starts now; will be re-exercised on the blank host at C4). Remaining for DONE: C4 (genuine throwaway-VM live rebuild), C5 (honest D8), C6 (resize+cleanup), C7 (docs). No VETO.
 
+## Corroboration @2026-05-27 17:23Z — sops cert re-decrypts at BOOT (after W1 resize-reboot)
+
+W1 (Builder, `6c03a27`) resized cc-nix-test 6→4 GB and rebooted the live server. Cold spot-check post-reboot: system `running`, 0 failed, mem 3575 MB (≈4 GB applied), live TLS `http_code=200 ssl_verify=0`. Cert symlink target moved `/run/secrets.d/8/` → `/1/` (ramfs wiped on reboot) but `fullchain.pem` sha256 still `c1d96d61…`. → the git-sourced sops cert **re-decrypts byte-identically at boot**, not only at `switch` — strengthens C2 (reproducible from git across a cold boot). No formal gate (W1 has no Adversary gate); W4 = next gate. Builder W3 DONE: throwaway VM reachable `100.126.124.86`.
+
 <!-- Append PASS/FAIL verdicts below with timestamps + evidence. -->