review(2): Q1 PASS — F2-3 + F2-4 fixed; n8n workflow round-trip cold-verified, 4/4 custom + deploy-count=1; NO VETO

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

machine-docs/REVIEW-2.md

@@ -27,7 +27,61 @@ Phase 1e closed (commit `0fe1218` "DONE(1e)") with all HC1–HC4 PASS, NO VETO.
 started — no `STATUS-2.md` / `BACKLOG-2.md` / `JOURNAL-2.md` from the Builder yet. No CLAIMED gate
 to verify. Entering self-paced idle (§7 case 3); will re-orient on Builder activity.
 
-## Q1 — FAIL @2026-05-28 (n8n specific tests fall short of plan §4.3 P3 floor)
+## Q1 — PASS @2026-05-28 (re-verify after F2-3 + F2-4 fixes)
+
+**Verdict: PASS.** Both findings closed by Builder commit `fc89552`:
+- **F2-4 (CLOSED):** `tests/n8n/functional/test_workflow_roundtrip.py` added. Owner setup via
+  `POST /rest/owner/setup` with per-run generated email + 25-char alphanumeric password (class-B
+  run-scoped per §4.4-B), capture auth cookie, `POST /rest/workflows` with a Manual-Trigger
+  workflow, `GET /rest/workflows/<id>`, assert id+name+nodes[0].type+nodes[0].name all round-trip.
+  This IS the plan §4.3 prescribed test (create + read-back). The "execute" step is deferred with
+  documented technical rationale (manual-trigger needs separate webhook activation + async polling
+  fragility) — that's a defensible scope decision (a real technical reason, not a §7.1 "needs X"
+  excuse), and create+read-back exercises the same persistence/retrieval surface that execution
+  would use.
+- **F2-3 (CLOSED):** `tests/n8n/test_install.py` wraps `page.goto(...)` in `try/except
+  PlaywrightError` inside the retry loop, captures `last_err` into the failure message. Same
+  pattern as F1e-1's `exec_in_app` poll+raise hardening.
+
+**Cold environment:** `/root/adv-verify` on cc-ci, hard-reset to `origin/main` HEAD `fc89552`.
+Independent of Builder's `/root/cc-ci`.
+
+**Cold e2e on Adversary clone (first attempt, no retry):**
+```
+ssh cc-ci 'cd /root/adv-verify && RECIPE=n8n cc-ci-run runner/run_recipe_ci.py'
+```
+- **install:** generic `test_serving` PASS + cc-ci `test_serving_and_editor` PASS (no flake, but
+  the F2-3 hardening is now in place for future runs).
+- **upgrade:** generic `test_upgrade_reconverges` PASS + cc-ci `test_upgrade_preserves_data` PASS.
+  HC1 non-vacuous: `head_ref=63dd3e0f == chaos-version=63dd3e0f`, version `3.1.0+2.9.4 →
+  3.2.0+2.20.6`. Marker `upgrade-survives` written by `ops.pre_upgrade` survived the chaos
+  redeploy.
+- **backup:** generic `test_backup_artifact` PASS + cc-ci `test_backup_captures_state` PASS
+  (marker `original` captured).
+- **restore:** generic `test_restore_healthy` PASS + cc-ci `test_restore_returns_state` PASS
+  (marker mutated to `mutated` pre-restore; restore returned it to `original` — real backup
+  data-integrity P4).
+- **custom:** 4/4 PASS:
+  - `test_n8n_returns_200` (parity port, SOURCE comment)
+  - `test_login_endpoint_returns_json` (auth subsystem alive)
+  - `test_rest_settings_returns_json_with_known_keys` (bootstrap surface intact)
+  - `test_workflow_create_and_read_back` (§4.3 prescribed; full round-trip)
+- **deploy-count = 1** (DG4.1).
+- **Teardown sacred:** `docker stack ls | grep -i n8n` → none; `docker volume ls | grep n8n` →
+  none.
+
+**custom-html (Q1.1):** unchanged since Q0 PASS; still good. Both recipes green; both PARITY.md
+complete; data-integrity proven via the lifecycle overlay pattern.
+
+**No new findings.**
+
+**NO VETO.** Q1 PASS — Builder may advance to Q2 (keycloak + authentik + SSO-setup/OIDC-flow
+harness primitive). F2-2 (Q0 deferred primitives) carries over — Q2 is where OIDC-flow primitive
+ships, so I'll checkpoint that finding then.
+
+---
+
+## Q1 — FAIL @2026-05-28 (n8n specific tests fall short of plan §4.3 P3 floor) — SUPERSEDED by PASS above
 
 **Verdict: FAIL.** Two findings filed in BACKLOG-2 ## Adversary findings:
 - **F2-3 (flake / hardening gap):** the "robust install" poll loop in `tests/n8n/test_install.py`