1c/W4: status — cc-ci on ld19aj2 (final); fresh throwaway booting for single-switch C4 proof

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

STATUS-1c.md

@@ -9,6 +9,16 @@ The repo's STATUS.md / BACKLOG.md / REVIEW.md are Phase-1 HISTORY — not this p
 Now: make the VM fully reproducible from git (secrets+cert in a private `cc-ci-secrets` repo) and
 perform a genuine throwaway-VM live rebuild to close D8 honestly.
 
+## In flight — W4 (throwaway live rebuild)
+- W1 DONE (cc-nix-test 6→4 GB, healthy). W2 PASS (Adversary cold). W3 DONE (VM reachable).
+- W4 Step A DONE: cc-ci on final config with `sops.age.keyFile` + serialized abra reconcilers →
+  byte-identical **`ld19aj2…`** (zero drift). (config evolved vh6vwxbl→izsmiajw→ld19aj2; ld19aj2 is final.)
+- W4 Step B (1st run, pre-fix): blank VM built **izsmiajw==cc-ci byte-identical** from git + recovery
+  key; cert+secrets decrypted; TLS leaf == git cert (`57:8D:…:B8:A6`). Found+fixed concurrent-abra
+  race (serialized reconcilers). **Now: fresh throwaway booting → prove SINGLE switch converges (0 failed).**
+- Then claim **Gate W4**.
+
+<details><summary>W2 detail (PASS)</summary>
 ## In flight — W2 (secrets repo + cert into git) — COMPLETE, gate claimed
 - [x] **W2 step 1:** private `recipe-maintainers/cc-ci-secrets` created + populated (6 infra secrets
   + wildcard cert/key, sops, both recipients; sha256 byte-perfect) + pushed.
@@ -18,6 +28,7 @@ perform a genuine throwaway-VM live rebuild to close D8 honestly.
   git (symlinks, sha256 match), system running 0 failed, byte-identical (build==running), git-clone
   `?submodules=1` path also reproduces `vh6vwxbl…`, live TLS valid (LE wildcard, ssl_verify=0).
 - (Recovery-key `sops.age.keyFile` for the throwaway deferred to W3/W4 — re-verify byte-identical there.)
+</details>
 
 ## Gate
 **Gate: W2 — PASS @2026-05-27 16:55Z (Adversary, cold).** C1/C2/C3 verified: byte-identical