status(shot): M2 evidence assembled — P3/P4 ledgers complete, proof table, durations, dashboard checks

STATUS-shot.md

@@ -4,34 +4,54 @@ SSOT: /srv/cc-ci/cc-ci-plan/plan-phase-shot-screenshots.md
 
 ## Current section
 
-Gate: M1 CLAIMED, awaiting Adversary.
-P1 audit matrix COMPLETE (all 19 enrolled recipes, every PNG visually inspected).
-P2 diagnoses COMPLETE (see BACKLOG-shot.md P2 — each with evidence).
-Meanwhile working (unblocked, pre-M2): P3 harness default-wait improvement + unit tests.
+Gate: M1 PASS (REVIEW-shot.md ae10b55). Finding A1 CLOSED (5fc8699).
+Gate: M2 CLAIMED, awaiting Adversary.
 
-## M1 claim — verification map (WHAT/HOW/EXPECTED/WHERE)
+## M2 claim — verification map (WHAT/HOW/EXPECTED/WHERE)
 
-WHAT: M1 = full audit matrix (19/19 enrolled recipes, BACKLOG-shot.md "P1 — Audit matrix") +
-root-cause diagnosis with evidence for every non-OK row (BACKLOG-shot.md "P2") + N/A candidates
-argued (bluesky-pds: blocked-upstream N/A; mumble: explicitly NOT an N/A — real web UI).
-Claimed at commit 8978fa6 (matrix+diagnoses) — claim commit follows.
+WHAT: every enrolled recipe (19) is OK or Adversary-agreed N/A; fixes merged to main; fresh proof
+runs incl. 2 via drone !testme; verdicts/levels/durations unaffected; screenshot path stays
+best-effort end-to-end (R7); no PNG shows credentials.
 
-- Enrolled set (19): `ls tests/*/recipe_meta.py` minus fixtures `_generic, regression, concurrency,
-  custom-html-bkp-bad, custom-html-rst-bad` (those first three have no recipe_meta.py; the two
-  `-bad` ones do but are harness canaries).
-- Matrix: BACKLOG-shot.md "P1 — Audit matrix". Reproduce any row:
-  `ssh cc-ci 'grep -o "\"screenshot\": *[^,}]*" /var/lib/cc-ci-runs/<run>/results.json; stat -c%s /var/lib/cc-ci-runs/<run>/screenshot.png'`
-  then scp the PNG and Read it. Run ids are in the matrix "latest run" column.
-- plausible NULL evidence: Drone sqlite, build 357 ci step (step_id 947):
-  `ssh cc-ci 'docker run --rm -v drone_ci_commoninternet_net_data:/data alpine sh -c "apk add -q sqlite; sqlite3 /data/database.sqlite \"select log_data from logs where log_id=947\"" | grep -o "screenshot[^\"]*"'`
-  EXPECTED: `capture failed … last status=500` after 15 attempts/45s.
-- bluesky-pds NULL evidence: `grep '"install"' /var/lib/cc-ci-runs/m2rr-bluesky-pds/results.json`
-  → fail, level=0; capture is gated on deploy_ok (runner/run_recipe_ci.py:1024).
-- Default capture path under audit: runner/harness/screenshot.py:84-93 (domcontentloaded, no paint
-  wait) — the BLANK/LOADING mechanism; accept_statuses excludes 500 — the plausible mechanism.
-- mumble web UI exists: tests/mumble/recipe_meta.py header (compose.mumbleweb.yml, HEALTH_PATH "/").
-- custom-html fresh install serves nginx default: no install_steps.sh in tests/custom-html/ (only
-  pre_backup/pre_upgrade seeds in ops.py, which run AFTER the capture moment).
+Fix commits on main: ce50f64 (harness settle+blank-retry), 7ad7d1f (A1 keep-larger), b98a471
+(plausible SECRET_KEY_BASE 62→68ch — the real NULL root cause; no hook needed), 80e5713+3c33129
+(mattermost hook → /login + click "View in Browser"; public settle()). Unit: 207 pass
+(`cc-ci-run -m pytest tests/unit -q`), lint PASS (`nix develop .#lint --command scripts/lint.sh`).
+
+HOW to verify per recipe — artifacts on cc-ci `/var/lib/cc-ci-runs/<run>/{results.json,
+screenshot.png,summary.html}`; scp the PNG and Read it. Full table with run dirs, levels
+(each = its baseline), exact PNG bytes, and what each image shows: BACKLOG-shot.md "P4 — Proof
+runs". Fixed-class proofs: immich=370 (drone !testme immich#2, posted 05:56:32Z), plausible=371
+(drone !testme plausible#3), keycloak, cryptpad, lasuite-meet, lasuite-docs, lasuite-drive, n8n,
+mattermost-lts (shot-proof3-* = hook v2 → real login form), mumble (best-available loader frame —
+see N/A-variant below). Healthy-class (ghost 444183B, hedgedoc 131967B, discourse 66121B,
+custom-html 35707B, custom-html-tiny 12950B, mailu 33800B, matrix-synapse 33296B,
+uptime-kuma 30858B): cite the P1-matrix artifacts (m2r-*/m2p-* dirs per P1 table) — plan §3 P4 allows
+existing artifact + visual check for class-3; all Read by Builder, all credential-free.
+
+EXPECTED on re-run of any fixed recipe: results.json `screenshot: "screenshot.png"`, PNG ≥ ~26KB
+real app view (mumble excepted), level equal to that recipe's baseline (immich 4, plausible 4,
+keycloak 4, cryptpad 4, lasuite-* 4, n8n 4, mattermost-lts 2, mumble 4).
+
+R7 / budget: wait components 45(nav, only-on-failure)+10(settle)+0.5+4(blank retry)+0.5 = 60s,
+unit-tested (test_wait_budget_within_step_cap); capture() still swallows everything → None →
+placeholder; double-wrapped at the call site (run_recipe_ci.py:1024-1037, unchanged).
+
+Durations (drone, same recipe+PR pre/post): immich 199s→198s, plausible 209s→166s. Drone sqlite:
+`select build_id, build_finished-build_started from builds where build_id in (356,357,370,371)`.
+
+Dashboard/card: `https://ci.commoninternet.net/` grid references runs/370+371 screenshot.png (both
+HTTP 200); summary.html embeds screenshot.png; /badge/immich.svg 200.
+
+N/A + N/A-variant (need Adversary agreement at this gate):
+- bluesky-pds: unchanged upstream MODULE_NOT_FOUND breakage (DEFERRED.md, evidence
+  ab-bluesky-pds-oldmain 2026-06-11, install=fail level=0) → capture correctly skipped, placeholder
+  correct.
+- mumble: web client (rankenstein/mumble-web:0.5) never paints UI for an anonymous browser —
+  ≥90s observation, no console errors, no failed requests, connect-dialog DOM absent, no
+  autoconnect overrides (probes: /tmp/mumble-probe{3,4}.out, /tmp/mumble-orch{4,5}.log on cc-ci).
+  The 7980B loader frame IS the genuine anonymous web view; voice covered by protocol tests.
+  DEFERRED.md entry filed (upstream question). Claimed as documented best-available, not a defect.
 
 ## Blocked