status/journal/deferred(2): cryptpad F2-9 RESOLVED — roundtrip green in full harness custom tier (cold deploy); awaiting Adversary close

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

machine-docs/DEFERRED.md

@@ -90,7 +90,16 @@ before the build is called done) — but does **not** force closure.
       `upload_conversion.py` parity (.md/.docx upload+conversion via authenticated
       `/api/v1.0/documents/<id>/upload`) remains as a Phase-2 follow-up below.
 
-### 2026-05-28 — cryptpad create-a-pad + content round-trip Playwright test
+### 2026-05-28 — cryptpad create-a-pad + content round-trip Playwright test  — ✅ RESOLVED @2026-05-29
+- [x] **RESOLVED @2026-05-29 (Builder, commits `05d0dc1` test + `656b68b` cold-timing fix).**
+      `tests/cryptpad/playwright/test_pad_content_roundtrip.py` lands the §4.3 create-pad → type →
+      FRESH-context read-back, **green in the full harness custom tier** (`/root/ccci-cryptpad-full3.log`:
+      install/upgrade/backup/restore/custom all pass; `test_cryptpad_pad_content_survives_fresh_session`
+      PASSED; deploy-count=1; clean teardown). Mapped empirically against CryptPad 2026.2.0 (the prior
+      deferral cited 5.7.0 fragility): editor in nested `…/pad/ckeditor-inner.html`; `/pad/` DOES
+      auto-create a fragment-keyed pad after ~15s cold init; patience-tuned (`goto_with_retry` + 240s
+      hash-wait + reload). F2-9 (Adversary-owned) satisfied — left for the Adversary to close on
+      cold-verify. (Detail below retained for audit.)
 - [ ] **What:** Add `tests/cryptpad/playwright/test_pad_content_roundtrip.py` — exercise the full
       "open /pad/, type uniquely-marked content, reload, assert marker survives in the decrypted
       pad" lifecycle. The §4.3 prescribed CryptPad test.

machine-docs/JOURNAL-2.md

@@ -858,3 +858,32 @@ collabora cleanly instead of killing it mid-boot. Launching runs 2 + 3 for the A
 repeat-green before claiming Q3.2. (Part B — recipe-level WOPI healthcheck/gunicorn-perms PR — is no
 longer required for CI green; will reassess whether to still file it as upstream robustness once 3×
 green holds.)
+
+---
+
+## 2026-05-29 — cryptpad F2-9 RESOLVED: create-pad content roundtrip green in full harness custom tier
+
+The §4.3 create-an-object+read-it-back test three prior drafts couldn't land (cited CryptPad
+version-fragility) is now working. Empirically mapped CryptPad 2026.2.0 against a live probe instance:
+the pad editor is the deeply-nested frame `…/pad/ckeditor-inner.html` (top → `#sbox-iframe` on the
+sandbox domain → CKEditor frame); visiting `/pad/` auto-creates a fragment-keyed pad
+(`#/2/pad/edit/<key>/`) after ~15s cold init (LESS compile). `tests/cryptpad/playwright/
+test_pad_content_roundtrip.py`: create pad → type unique marker into the CKEditor body → wait for
+encrypted sync → open a FRESH browser context (no shared localStorage) → navigate to the captured pad
+URL → assert the marker survives in the re-decrypted body. Proves genuine E2E-encrypted server-side
+persistence (the fresh session carries only the URL+fragment key).
+
+Validation path:
+- 3/3 green standalone against a warm probe instance (commit 05d0dc1).
+- First full-suite run did NOT exercise it (I'd `rm`'d the file from builder-clone to unblock a pull;
+  the ff left it deleted → discovery skipped it — LESSON: `git checkout -- <file>` after pull, never
+  leave a tracked test locally-deleted).
+- Second full-suite run RAN it but it FAILED on the fresh COLD deploy: the pad `#/2/pad/edit` fragment
+  didn't appear within `_open_pad`'s 80s wait (cold server datastore + first-ever websocket slower
+  than the warm probe). Fix `656b68b`: bump `_open_pad` hash-wait to ~240s + a mid-way reload.
+- Third full-suite run (`/root/ccci-cryptpad-full3.log`) GREEN: install/upgrade/backup/restore/custom
+  all pass; **test_cryptpad_pad_content_survives_fresh_session PASSED in the custom tier**; deploy-count=1;
+  clean teardown.
+
+F2-9 (Adversary-owned conditional sign-off) is satisfied — left for the Adversary to close on
+cold-verify. DEFERRED.md cryptpad create-pad entry marked resolved.

machine-docs/STATUS-2.md

@@ -54,9 +54,13 @@ re-run all 5 tiers GREEN, upgrade tier passes, deploy-count=1, ready-probe OK(20
 data-integrity survives, clean teardown; `-c`+owned-wait/READY_PROBE proven non-vacuous. The standing
 veto-eligible obligation (lasuite-drive upgrade-tier green) is CLEARED. Q3.1/Q3.3/Q3.5 remain for Q3.
 
-**cryptpad F2-9 — roundtrip test in custom tier: fixing cold-deploy timing.** Full-suite custom tier
-showed `test_pad_content_roundtrip` needs more patience for pad creation on a fresh cold deploy (passed
-3/3 on the warm probe); bumped `_open_pad` wait to ~240s + reload (`656b68b`); re-validating full suite.
+**cryptpad F2-9 — ✅ RESOLVED (awaiting Adversary close).** `test_pad_content_roundtrip.py` (§4.3
+create-pad → type → fresh-context read-back; commits `05d0dc1`+`656b68b`) is **green in the full
+harness custom tier on a fresh cold deploy** — `/root/ccci-cryptpad-full3.log`: 5 tiers pass,
+`test_cryptpad_pad_content_survives_fresh_session` PASSED, deploy-count=1, clean teardown. F2-9 is
+Adversary-owned — left for the Adversary to close on cold-verify (HOW: `ssh cc-ci 'cd /root/<clone> &&
+git pull && RECIPE=cryptpad PR=0 cc-ci-run runner/run_recipe_ci.py'` → custom tier roundtrip PASSED).
+DEFERRED.md cryptpad create-pad entry marked resolved.
 
 Working next unblocked items (next Q4 recipe) meanwhile.