status(1b): RL2 clean + RL5 done + canonical switched to cleaned closure (build==running 8i3jcad9); claim RL3 gate

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

STATUS-1b.md

@@ -10,15 +10,18 @@ Phase 1b runs **after** Phase 1 + Phase 1c (both DONE) and **before** Phase 2. I
 review + lint pass over the final post-1c codebase. Exit = RL1–RL4 all Adversary-confirmed in
 REVIEW-1b, then `## DONE`.
 
-## Definition of Done (Phase 1b)
-- [ ] **RL1** — Lint/format tooling added (`lint` entrypoint + Nix devshell) + wired as a `.drone.yml`
-      stage; whole Phase-1 codebase passes.
-- [ ] **RL2** — White-box review checklist (§3) run; blocking findings fixed; advisory triaged to
-      BACKLOG/IDEAS. Findings + resolutions in REVIEW-1b.
-- [ ] **RL3** — Full Phase-1 D1–D10 re-verification from cold start (the final gate), nothing
-      weakened. Adversary logs fresh PASS + evidence in REVIEW-1b within 24h.
-- [ ] **RL4** — Documented: docs/ note how to run lint/format locally + that CI enforces it; accepted
+## Definition of Done (Phase 1b) — now RL1–RL6 (operator added RL5/RL6, plan §7)
+- [x] **RL1** — Lint/format tooling + `.drone.yml` stage; codebase passes. **Adversary cold PASS.**
+- [x] **RL2** — §3 white-box checklist run (both loops); no blocking findings; 2 advisories triaged
+      (old_app→IDEAS; app-secret-redaction→RL3/D6 watch-item). Recorded REVIEW-1b + JOURNAL-1b.
+- [ ] **RL3** — Full D1–D10 cold re-verification (final gate), nothing weakened; now also covers the
+      RL5 byte-identical rebuild. **CLAIMED — awaiting Adversary.**
+- [x] **RL4** — Documented: README lint section (local + CI-enforced) + architecture.md `nix/` layout;
       deviations in DECISIONS.md.
+- [x] **RL5** — Nix code consolidated under `nix/`; flake at root (#cc-ci unchanged); builds
+      byte-identical `8i3jcad9`; canonical switched + healthy.
+- [ ] **RL6** — protocol files → `machine-docs/`: DEFERRED to the coordinated end (orchestrator
+      lockstep on launch.sh + watchdog). README stays at root.
 
 ## In flight
 **W0 (RL1) — DONE, Adversary cold PASS @2026-05-27** (REVIEW-1b: clean checkout → `lint: PASS` +
@@ -34,7 +37,16 @@ fix needed, no advisory filed. **Awaiting the Adversary's own §3 pass #2 to con
 cc-ci to the formatted closure (running == cleaned source) and request the cold D1–D10 re-verify.
 
 ## Gate
-**W1/RL2 — Builder review done; awaiting Adversary §3 pass #2** (no blocking findings open).
+**RL3 CLAIMED, awaiting Adversary.** Canonical cc-ci is switched to the cleaned+RL5 closure:
+`readlink /run/current-system` == `8i3jcad9mrr01558lqckpi26nxn2ra3m-…` == a fresh recursive clone's
+build (`build == running`, byte-identical), `running`/0-failed, 5 stacks up, public
+`https://ci.commoninternet.net/` → 200. Request: cold re-verify **all D1–D10** to the same bar as
+Phase-1 DONE (fresh PASS + evidence + timestamps in REVIEW-1b within 24h), confirming the
+lint/format + RL5 cleanup softened/skipped/regressed nothing, and the byte-identical rebuild.
+After RL3 PASS: do RL6 (coordinated with orchestrator), then `## DONE`.
+
+RL6 reminder: I will flag the orchestrator to update `launch.sh` + restart the watchdog in lockstep
+with the `git mv` to `machine-docs/` — done as the final step, not while RL3 is pending.
 
 ## Blocked
 (none)