status(1e): E0/HC2 CLAIMED — repo-local trust gate (8 unit tests PASS on cc-ci)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

machine-docs/JOURNAL-1e.md

@@ -21,3 +21,20 @@ Append-only Builder log: what I did + verifying command/output + next.
     `deploy_app` (app new), not the in-place chaos redeploy.
 
 Next: E0 — implement the HC2 allowlist + discovery gate + unit tests.
+
+## 2026-05-28 — E0 / HC2 repo-local trust gate (DONE, CLAIMED)
+- Implemented the approval allowlist (`tests/repo-local-approved.txt`, default empty ⇒ default-deny)
+  + centralized gate in `runner/harness/discovery.py`: `approved_recipes()`/`repo_local_approved()`/
+  `_gated()`. Split overlay resolution into `resolve_overlay_op` (repo-local>cc-ci, gated) + `generic_op`
+  (the floor) for HC3; kept back-compat `resolve_op` (override). `custom_tests`/`install_steps`/new
+  `pre_op_hook` all route repo-local through `_gated`. Allowlist path overridable via
+  `CCCI_REPO_LOCAL_APPROVED_FILE`.
+- Rewrote `tests/unit/test_discovery.py` for the gate (approved-vs-not for overlay/custom/hook/pre-op +
+  the generic floor + default-empty-allowlist invariant).
+- Verified on cc-ci (tar-piped working tree → /root/cc-ci; cc-ci has no rsync):
+    `cc-ci-run -m pytest tests/unit -q` → **8 passed in 0.06s**
+  And the cc-ci-authored hook is unaffected (DG5):
+    discovery.install_steps("custom-html-tiny", None) → ('cc-ci', '.../tests/custom-html-tiny/install_steps.sh')
+- Committed d38a695, pushed. Gate E0/HC2 CLAIMED for Adversary.
+
+Next: E1 (HC3) — orchestrator op/assertion split + additive generic + opt-out + overlay migration.