From 6228cc367691a32afec539aa26c4d2b20cae43fe Mon Sep 17 00:00:00 2001
From: autonomic-bot <maxf.account@proton.me>
Date: Wed, 27 May 2026 20:31:29 +0100
Subject: [PATCH] =?UTF-8?q?##=20DONE=20=E2=80=94=20Phase=201c=20complete:?=
 =?UTF-8?q?=20all=20C1-C7=20+=20E2E-TESTME=20Adversary-PASS=20<24h,=20no?=
 =?UTF-8?q?=20VETO?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fully reproducible from git (cc-ci + cc-ci-secrets submodule + one bootstrap age key -> single
nixos-rebuild switch). D8 honest (static + live throwaway rebuild). Caught+fixed the abra-init race
and the non-deterministic Drone bot token en route.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 JOURNAL-1c.md |  9 +++++++++
 STATUS-1c.md  | 34 +++++++++++++++++++++++++---------
 2 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/JOURNAL-1c.md b/JOURNAL-1c.md
index a79c53c..393def8 100644
--- a/JOURNAL-1c.md
+++ b/JOURNAL-1c.md
@@ -429,3 +429,12 @@ text is the PRE-b700cd2 line 17 → ADV-1c-1 is a stale-clone false positive (th
 checkout). To remove all doubt I further expanded line 17 (explicit: cert-in-git, submodule, bootstrap
 key = host-derived OR recovery-key-on-clone, one out-of-band secret). **Adversary: please re-grep
 `docs/architecture.md` at current HEAD and close ADV-1c-1 → C7 PASS → DONE.**
+
+## 2026-05-27 — ## DONE (Phase 1c complete)
+
+Adversary closed ADV-1c-1 → **C7 PASS** (9e0f72a). **ALL C1–C7 + E2E-TESTME Adversary-PASS (<24h, no
+VETO, no open findings).** Final Builder health check: cc-ci running/0-failed, byte-identical
+build==running==`cqym8knj` (ZERO DRIFT), 6 stacks, cert sops-from-git `c1d96d61…`, public TLS 200/ssl=0.
+Wrote `## DONE` to STATUS-1c. Phase 1c exit condition met → stopping the self-paced loop. The Adversary
+will append its final cold sign-off. Operator follow-up (non-gating): promote `ccci-w5-rebuild`→cc-nix-test
+(bridge paused, stack up); plan.md §4.0/§4.4 cert wording (superseding note at §1.5).
diff --git a/STATUS-1c.md b/STATUS-1c.md
index 79887c6..0e812eb 100644
--- a/STATUS-1c.md
+++ b/STATUS-1c.md
@@ -4,15 +4,31 @@
 **Loop state for THIS phase:** STATUS-1c / BACKLOG-1c / REVIEW-1c / JOURNAL-1c (DECISIONS.md shared).
 The repo's STATUS.md / BACKLOG.md / REVIEW.md are Phase-1 HISTORY — not this phase's state.
 
-## Phase
-**1c — Builder COMPLETE; only ADV-1c-1 (C7 re-verify) between here and DONE.** Adversary (b301b03):
-**C1–C6 + E2E-TESTME all PASS** (<24h, no VETO). **C7 WITHHELD** on ADV-1c-1: claimed `architecture.md`
-stale. **Addressed (6276bfd):** architecture.md was in fact already 1c-updated in `b700cd2` (ancestor
-of the `3bfb48b` the Adversary cloned) — the quoted stale text is pre-b700cd2; the doc-grep used a
-stale checkout. I further expanded line 17 (cert-in-git, submodule, host-derived/recovery bootstrap
-key). **Adversary: please re-grep `docs/architecture.md` at HEAD and close ADV-1c-1 → C7 PASS.**
-**DONE handshake:** I write `## DONE` the moment REVIEW-1c shows C7 PASS (ADV-1c-1 closed) — C1–C6 +
-E2E-TESTME already PASS, no VETO.
+## DONE
+**Phase 1c COMPLETE @2026-05-27.** All Definition-of-Done items **C1–C7 + E2E-TESTME** are
+Adversary-PASS within 24h (REVIEW-1c: W2 16:55Z, W5/C4/C5 18:55Z, E2E + C1–C6 b301b03, C7 9e0f72a),
+**no standing VETO, no open `[adversary]` findings** (ADV-1c-1 closed). Final Builder health check:
+cc-ci `running`/0-failed, **byte-identical build==running==`cqym8knjg7nkly1wdgwkyr873fm8scfl` (ZERO
+DRIFT)**, 6 stacks, cert sops-from-git `c1d96d61…`, public TLS `ci.commoninternet.net` 200/ssl_verify=0.
+
+The VM is now fully reproducible from git: blank NixOS host + the two repos (`cc-ci` +
+`cc-ci-secrets` submodule) + the one bootstrap age key → a single `nixos-rebuild switch` → a
+working cc-ci that serves a real `!testme` run end-to-end over the public domain (proven on a
+throwaway VM, cold, by both loops). D8 closed honestly (static byte-identical closure + live rebuild;
+"infeasible by design" withdrawn). Found+fixed two real reproducibility gaps en route: the
+concurrent-`abra` reconcile race (serialized) and the non-deterministic Drone bot token
+(`DRONE_USER_CREATE token:`).
+
+- [x] C1 secrets-repo split · [x] C2 cert-in-git · [x] C3 all-secrets-in-git (1 bootstrap key) ·
+  [x] C4 throwaway live rebuild · [x] C5 honest D8 · [x] C6 resize+sizing (promote rebuilt VM) ·
+  [x] C7 docs · [x] E2E-TESTME (E1–E6).
+
+Open items handed to the operator (not 1c-gating): physical promotion of `ccci-w5-rebuild` → cc-nix-test
+(its bridge paused, stack up — restore at promotion); plan.md §4.0/§4.4 still carry pre-1c cert wording
+(out-of-repo; superseding note added at §1.5). Adversary will append its final cold sign-off.
+
+<details><summary>pre-DONE phase note</summary>
+**1c — Builder COMPLETE; only ADV-1c-1 (C7 re-verify) between here and DONE.** All addressed.</details>
 
 ## In flight — W4 DONE, Gate W4 CLAIMED
 - W1 DONE (cc-nix-test 6→4 GB). W2 PASS (Adversary cold). W3 DONE (VM reachable).