refactor(1b): RL6 — move Builder protocol files into machine-docs/ (README stays root)

git mv STATUS*/BACKLOG*/JOURNAL*/DECISIONS.md -> machine-docs/. README.md kept at root (operator
decision). Updated in-repo refs: README (status line + lint section + Loop-state section) and
docs/install.md -> machine-docs/...

Safe to move now: launch.sh already has resolve_state() (prefers machine-docs/ else root) used by
every STATUS/REVIEW read, and the running watchdog (pid 133191) was restarted AFTER that update, so
it is location-agnostic. scripts/lint.sh -> lint: PASS post-move. Adversary moves its own REVIEW*.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

README.md

@@ -7,8 +7,9 @@ at that commit onto a real single-node Docker Swarm, runs install / upgrade / ba
 This repo declares the **entire server** as a NixOS flake and holds the test harness, the
 per-recipe test trees, and the docs to enroll a recipe or rebuild the box from scratch.
 
-> Status: under active autonomous construction. See `STATUS.md` for the live phase and
-> `plan.md`-driven milestones in `BACKLOG.md`. Definition of Done is D1–D10 (see the build plan).
+> Status: under active autonomous construction. See `machine-docs/STATUS.md` for the live phase and
+> `plan.md`-driven milestones in `machine-docs/BACKLOG.md`. Definition of Done is D1–D10 (see the
+> build plan).
 
 ## Layout
 
@@ -47,12 +48,13 @@ nix develop .#lint --command bash scripts/lint.sh --fix   # auto-format + apply
 
 Covers Nix (`nixpkgs-fmt` · `statix` · `deadnix`), Python (`ruff` lint+format), Shell
 (`shellcheck` · `shfmt`), and YAML (`yamllint`). Config lives in `ruff.toml` / `.yamllint.yaml`;
-tool/strictness choices are in `DECISIONS.md`. **CI enforces it:** the `lint` step in the
+tool/strictness choices are in `machine-docs/DECISIONS.md`. **CI enforces it:** the `lint` step in the
 `.drone.yml` push pipeline runs the same command and **fails the build** on any unclean file, so
 keep commits clean (`--fix` before pushing).
 
 ## Loop state (autonomous build)
 
-`STATUS.md` (phase/blockers), `BACKLOG.md` (work + adversary findings), `REVIEW.md` (independent
-verification), `JOURNAL.md` (build log), `DECISIONS.md` (architecture choices). See the build plan
-for the two-loop Builder/Adversary protocol.
+The multi-agent loop state lives under **`machine-docs/`**: `STATUS.md` (phase/blockers),
+`BACKLOG.md` (work + adversary findings), `REVIEW.md` (independent verification), `JOURNAL.md`
+(build log), `DECISIONS.md` (architecture choices) — plus the phase-namespaced `*-1b.md` / `*-1c.md`
+variants. See the build plan for the two-loop Builder/Adversary protocol.

docs/install.md

@@ -12,7 +12,7 @@ post-steps. The proxy (traefik), Drone, comment-bridge, dashboard and backupbot
 self-heal drift), mirroring `swarm-init`; they are **serialized** (proxy→drone→bridge→dashboard→
 backupbot) so a single switch converges on a blank host. Target: a NixOS 24.11 host reachable over SSH (root).
 *(Verified on a throwaway Incus VM: blank host + the two repos + the age key → one `nixos-rebuild
-switch` → fully converged cc-ci, 0 failed units — see DECISIONS.md Phase-1c / D8.)*
+switch` → fully converged cc-ci, 0 failed units — see machine-docs/DECISIONS.md Phase-1c / D8.)*
 
 ## Preconditions
 

machine-docs/STATUS-1b.md

@@ -43,22 +43,25 @@ weakened**; cardinal-rule PASS; 2 fresh category-spanning green runs (custom-htm
 + carry-forward of the Phase-1 Adversary-verified 6/6 set. **RL1–RL5 all Adversary-PASS, no open
 `[adversary]` findings, NO VETO.**
 
-### ⚑ READY FOR THE RL6 COORDINATED CUTOVER — orchestrator action requested
-RL6 is the **only** thing left before `## DONE`. It cannot be done unilaterally: the watchdog
-(`launch.sh`) reads `STATUS-1b.md` / `REVIEW-1b.md` at the **repo root**, so moving them stalls the
-loops until `launch.sh` is updated + the watchdog restarted.
+### RL6 — Builder part DONE (machine-docs/ move executed). Adversary: move REVIEW* + re-verify.
+Verified the orchestrator's enabling condition is already in place: `launch.sh` (mtime 21:28:03) has
+`resolve_state()` (prefers `machine-docs/$base`, else root), used by EVERY STATUS/REVIEW read
+(`phase_done` L70, handoff watcher L147); the **running watchdog (pid 133191) was restarted at
+21:28:36 — after that update** → it is location-agnostic and "survives the move whenever it happens"
+(its own comment). So the move is safe now (no strict-lockstep instant required; `resolve_state` is
+per-file).
 
-**Orchestrator: please update `launch.sh` to the `machine-docs/` paths and restart the watchdog, then
-signal me.** No phase transition is pending; this is the final 1b step. On your signal, IN LOCKSTEP:
-- **Builder `git mv` → `machine-docs/`:** `STATUS*.md` (3), `BACKLOG*.md` (3), `JOURNAL*.md` (3),
-  `DECISIONS.md`. **README.md STAYS at root** (operator decision).
-- **Adversary `git mv` → `machine-docs/`:** `REVIEW*.md` (3) (single-writer rule).
-- **In-repo ref updates (Builder):** `README.md` (Loop-state section + DECISIONS refs) and
-  `docs/install.md:15`. (No `AGENTS.md`/`.drone.yml`/`scripts` refs exist in-repo; the `cc-ci-plan/`
-  plans are outside this repo.)
-Then Adversary re-verifies refs + watchdog handoff; then Builder writes `## DONE`.
+Builder executed:
+- `git mv STATUS*.md BACKLOG*.md JOURNAL*.md DECISIONS.md → machine-docs/` (README.md STAYS at root).
+- Updated in-repo refs: `README.md` (status line + lint section + Loop-state section) and
+  `docs/install.md` → `machine-docs/…`. `scripts/lint.sh` → **lint: PASS** post-move.
+- (No `AGENTS.md`/`.drone.yml`/`scripts` protocol-file refs in-repo. The `cc-ci-plan/` plans are the
+  orchestrator's — not edited from here.)
 
-Until that signal I keep STATUS-1b.md / JOURNAL-1b.md / etc. at the repo root.
+**Adversary:** please `git mv REVIEW*.md → machine-docs/` (yours to move, single-writer rule) and
+re-verify (a) in-repo refs updated + (b) the watchdog handoff still works via `resolve_state`. REVIEW*
+at root + my files in `machine-docs/` is a valid intermediate. On your RL6 PASS (RL1–RL5 still PASS,
+no VETO), Builder writes `## DONE`.
 
 ## Blocked
 (none)