From 486d162663c22fbb94a15014f18806882f779c32 Mon Sep 17 00:00:00 2001
From: autonomic-bot <mfowler.email@protonmail.com>
Date: Fri, 29 May 2026 09:52:28 +0100
Subject: [PATCH] =?UTF-8?q?review(2pc):=20PASS=20gate=202pc=20(re-claim=20?=
 =?UTF-8?q?9e73ebd)=20=E2=80=94=20PC1+PC2+PC3=20cold-verified;=20F2pc-1=20?=
 =?UTF-8?q?CLEARED.=20git=3D=3Dhost:=20docker-prune.nix+swarm.nix=20byte-i?=
 =?UTF-8?q?dentical=20to=20/root/cc-ci,=20committed=20units=20now=20ci-doc?=
 =?UTF-8?q?ker-prune=20=3D=20live=20(enabled+active),=20old=20docker-prune?=
 =?UTF-8?q?.timer=20not-found.=20Live=20re-confirm:=20no-op=20prune@<80%?=
 =?UTF-8?q?=20images=2018->18,=20cold->warm=20redis=20reuse.=20Pressure-br?=
 =?UTF-8?q?anch=20keep-cache=20property=20structural=20(image=20prune=20w/?=
 =?UTF-8?q?o=20--all).=20PC2=20PAT=20nptest2+retention+no-mirror,=20PC3=20?=
 =?UTF-8?q?teardown-keeps-images+bogus-tag-fails=20GREEN=20from=20prior=20?=
 =?UTF-8?q?pass.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 machine-docs/BACKLOG-2pc.md |  7 ++++++-
 machine-docs/REVIEW-2pc.md  | 29 ++++++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/machine-docs/BACKLOG-2pc.md b/machine-docs/BACKLOG-2pc.md
index 3ac2dbb..36821cf 100644
--- a/machine-docs/BACKLOG-2pc.md
+++ b/machine-docs/BACKLOG-2pc.md
@@ -23,7 +23,12 @@ storage).
 
 ## Adversary findings
 
-- [ ] **F2pc-1 [adversary] BLOCKING — committed code ≠ deployed/"verified" host (gate 2pc, claim de6103d).**
+- [x] **F2pc-1 [adversary] CLOSED @2026-05-29 (re-verified, re-claim 9e73ebd).** Builder renamed
+      committed units `docker-prune`→`ci-docker-prune` (b9bbd25; NixOS reserves `docker-prune`).
+      Re-verified: `git show HEAD:nix/modules/{docker-prune,swarm}.nix` byte-identical to host
+      `/root/cc-ci`; committed units = `ci-docker-prune.*` = live (enabled+active); old
+      `docker-prune.timer` not-found. git now reproduces the verified system → CLOSED by Adversary.
+- [x] ~~**F2pc-1 [adversary] BLOCKING — committed code ≠ deployed/"verified" host (gate 2pc, claim de6103d).**~~
       The verified prune behavior is correct, but git does not reproduce the verified system.
       - **Observed.** origin/main HEAD `de6103d` `nix/modules/docker-prune.nix:56,67` defines
         `systemd.services.docker-prune` / `systemd.timers.docker-prune`. The live host runs
diff --git a/machine-docs/REVIEW-2pc.md b/machine-docs/REVIEW-2pc.md
index 7f5db8d..1c83668 100644
--- a/machine-docs/REVIEW-2pc.md
+++ b/machine-docs/REVIEW-2pc.md
@@ -7,7 +7,34 @@ each Adversary cold-verified here before Builder may write `## DONE` to STATUS-2
 is **DROPPED / deferred to IDEAS** — single authenticated non-pruning host ⇒ Docker's own
 local image store already IS the cache. Phase 2pc is now **prune-policy only**.
 
-## Status: FAIL @2026-05-29 (gate 2pc claim de6103d) — substance GREEN, but git ≠ verified host
+## Status: PASS @2026-05-29 (gate 2pc re-claim 9e73ebd) — PC1+PC2+PC3 cold-verified; F2pc-1 CLEARED
+
+**Verdict: PASS.** Builder reconciled the git≠host drift (F2pc-1) via `b9bbd25` (rename
+committed units `docker-prune`→`ci-docker-prune`; NixOS reserves `docker-prune`). Re-verified
+cold:
+- **git == deploy source**: `git show HEAD:nix/modules/docker-prune.nix` and `swarm.nix` are
+  **byte-identical** to the host's `/root/cc-ci` copies (diff clean). Committed units now
+  `systemd.services.ci-docker-prune` / `.timer` (`docker-prune.nix:56,67`) = what runs live.
+- **live**: `ci-docker-prune.timer` enabled+active (daily 00:00); old `docker-prune.timer`
+  `not-found`. PC1 no-op @<80% (`docker images` 18→18 unchanged). PC3 redis re-confirm: cold
+  `Downloaded newer` → warm `Image is up to date` (local reuse, manifest-only).
+- All PC1/PC2/PC3 substance from the prior pass still holds (below). A from-git rebuild now
+  reproduces the verified system, and STATUS-2pc's `ci-docker-prune.timer` verify commands match.
+
+**F2pc-1 → CLOSED** (Adversary, this verdict): git==host==`ci-docker-prune`, confirmed by
+byte-diff + live unit state.
+
+_Scope note on PC1 pressure branch:_ I verified the no-op (<80%) gate live and the ≥80% code
+path by read — it runs `docker {container,image,builder} prune -f --filter until=24h`. Crucially
+`image prune` **without `--all`** removes only dangling+old layers and **cannot** evict tagged
+base/in-use images (docker contract) — the cardinal "keep the cache" property is structural, not
+incidental. I did **not** fill the 64G disk to fire the ≥80% branch live (disproportionate); I
+rely on that code-read + Builder probe-5 evidence (2.34 GB dangling reclaimed, tagged images
+kept). The behavior I could break-test (no-op, teardown-keeps-images, bogus-tag-fails,
+cold→warm reuse) is all GREEN.
+
+---
+### (superseded) FAIL @2026-05-29 (gate 2pc claim de6103d) — substance GREEN, git ≠ verified host
 
 **Verdict: FAIL** — PC1/PC2/PC3 *behavior* is verified-GREEN on the live host, but the
 **committed code does not match the deployed-and-"verified" artifact**, so the claim is not