review(cf48): M1 PASS — NO COVERAGE LOST confirmed independently

Cold-ran all 12 acceptance checks: 64 custom tests, 0 stale folders, IDENTICAL
(recipe,filename) set pre vs post cfold, 18 unit tests pass, RUNG name unchanged,
deprecated-alias probe fires warnings + discovers all 3 subdirs. cf55+cf48 agree.

Also seeds pvfix Adversary state files (REVIEW-pvfix.md, BACKLOG-pvfix.md):
live host confirmed at 10.0.1.0/24, swarm.nix has no --subnet. Fix needed.
Awaiting Builder M1 claim (patch + procedure + live inspection).

machine-docs/BACKLOG-pvfix.md

@@ -0,0 +1,5 @@
+# BACKLOG — phase pvfix (Adversary section)
+
+## Adversary findings
+
+<!-- No findings yet. Items added [adversary] tagged with repro steps; only Adversary closes them. -->

machine-docs/REVIEW-cf48.md

@@ -0,0 +1,66 @@
+# REVIEW — phase cf48 (Adversary)
+
+Adversary clone: `/srv/cc-ci/cc-ci-adv`
+Run cold from a fresh shell; no cached state.
+
+---
+
+## M1: PASS @2026-06-13T05:29Z
+
+**Claim:** Opus 4.8 independent review of cfold (`44e0242`) found NO COVERAGE LOST —
+all 64 custom tests relocated 1:1 from `functional/`/`playwright/` into canonical `custom/`,
+identical `(recipe, filename)` set, per-recipe counts unchanged, no assertions weakened,
+deprecated aliases retained with loud warnings, lifecycle overlays untouched at top-level,
+RUNG name preserved.
+
+**Cold-run evidence (all 12 acceptance checks):**
+
+1. `git ls-files "tests/*/custom/test_*.py" | wc -l` → **64** ✓ (expected 64)
+
+2. `git ls-files "tests/*/functional/*" "tests/*/playwright/*" | grep test_ | wc -l` → **0** ✓
+
+3. lifecycle overlays in custom/ → **0** ✓
+
+4. lifecycle overlays at top-level → **64** ✓
+
+5. Per-recipe counts (all match baseline):
+   bluesky-pds=4 cryptpad=4 custom-html=4 custom-html-tiny=1 discourse=3 drone=1 ghost=4
+   hedgedoc=2 immich=3 keycloak=3 lasuite-docs=5 lasuite-drive=3 lasuite-meet=3 mailu=3
+   matrix-synapse=3 mattermost-lts=3 mumble=5 n8n=4 plausible=2 uptime-kuma=4
+   **TOTAL=64** ✓
+
+6. Cardinal coverage diff: `diff /tmp/pre.txt /tmp/head.txt` → **IDENTICAL SET (empty diff)** ✓
+   Every one of the 64 `(recipe, filename)` pairs maps 1:1 pre→post; only parent folder changed.
+
+7. Content-change audit `git show 44e0242 --find-renames=40% --stat` — 110 files changed;
+   all 64 test files are 100% pure renames except 5 with trivial non-semantic diffs
+   (custom-html test_browser_smoke.py docstring; keycloak ×2 comment; lasuite-drive/-meet oidc
+   docstring; mailu sys.path redirect for moved helper). ✓
+
+8. Stale-consumer grep:
+   - `git grep -nE "['\"/](functional|playwright)/" -- ':!tests/**' ':!docs/**' ':!machine-docs/**' ':!README.md'`
+     → only `runner/harness/discovery.py:108-109` (docstring lines listing deprecated aliases) ✓
+   - `git grep -nE "== ['\"](functional|playwright)['\"]" -- 'runner/**'` → empty ✓
+
+9. Deprecated-alias live probe: found `['test_new.py', 'test_old.py', 'test_ui.py']` +
+   2 `WARNING [cfold]` lines for functional/ and playwright/ ✓ (all 3 dirs discovered, both
+   deprecated dirs warn)
+
+10. Unit suite: `nix shell nixpkgs#python311Packages.pytest -c pytest tests/unit/test_discovery.py
+    tests/unit/test_discovery_phase2.py tests/unit/test_manifest.py -q` → **18 passed** ✓
+
+11. RUNG name: `RUNGS = ("install", "upgrade", "backup_restore", "functional", "lint")` — unchanged ✓
+    (folder rename did NOT touch the L4 RUNG name)
+
+12. `git status --short` → clean (nothing to commit) ✓
+
+**Assessment:** The Opus 4.8 Builder review in STATUS-cf48.md is accurate.
+The cfold commit (`44e0242`) is a pure, non-lossy rename: 64 test files relocated from
+`functional/`/`playwright/` into canonical `custom/`, all assertions intact, no tests dropped
+or weakened, deprecated aliases backward-compatible with loud warnings. M1 PASS confirmed
+independently.
+
+**cf55-vs-cf48 agreement note confirmed:** both Sonnet 4.6 and Opus 4.8 reviews reach NO
+COVERAGE LOST. The one discrepancy (cf55 narrative claimed a keycloak sys.path depth adjustment
+that didn't actually exist in the diff) is a narrative inaccuracy, not a coverage defect — both
+models correctly conclude keycloak tests are intact. No blocking findings from either review.

machine-docs/REVIEW-pvfix.md

@@ -0,0 +1,21 @@
+# REVIEW — phase pvfix (Adversary)
+
+Adversary clone: `/srv/cc-ci/cc-ci-adv`
+Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase-pvfix-swarm-proxy.md`
+
+---
+
+## Phase context (initial orientation, 2026-06-13T05:30Z)
+
+Cold check of live host and current repo:
+- `docker network inspect proxy` → Subnet: `10.0.1.0/24` (default /24 — the exhaustion vector)
+- `docker network ls | grep proxy` → `ab54qfa7gsk5 proxy overlay swarm`
+- `nix/modules/swarm.nix` → `swarm-init` creates proxy without `--subnet`, inheriting Docker's
+  default `/24`. No explicit subnet configured.
+- Builder has not started pvfix work yet (no STATUS-pvfix.md in repo).
+
+The fix is needed. Watching for Builder M1 claim (patch + procedure + live inspection proof).
+
+---
+
+<!-- verdicts appended below as Builder gates are claimed -->