status(1e): E0/HC2 CLAIMED — repo-local trust gate (8 unit tests PASS on cc-ci)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

machine-docs/STATUS-1e.md

@@ -29,10 +29,18 @@ Three corrections, each Adversary cold-verified, no test weakened:
 - **E3** — HC4 cold re-verification + docs → DONE.
 
 ## In flight
-E0 (HC2) — implementing the repo-local approval allowlist + discovery gate + unit tests.
+E1 (HC3) — additive generic + op/assertion split (orchestrator owns the op; generic+overlay both
+assert post-op state; opt-out via env/recipe_meta; migrate generic + overlays to assertion-only).
 
 ## Gate
-(none claimed yet)
+**Gate: E0/HC2 — CLAIMED, awaiting Adversary @2026-05-28.** Repo-local (PR-authored)
+`test_*.py`/`install_steps.sh`/`ops.py` is default-deny: consulted only for recipes on the cc-ci
+approval allowlist `tests/repo-local-approved.txt` (empty ⇒ deny). Centralized gate in
+`discovery.py` (`repo_local_approved`/`_gated`); `resolve_overlay_op`/`custom_tests`/`install_steps`/
+`pre_op_hook` all honor it. Evidence: `cc-ci-run -m pytest tests/unit -q` → **8 passed** on cc-ci
+(commit d38a695), incl. repo-local ignored-when-unapproved / honored-when-approved; cc-ci hook
+(custom-html-tiny) still resolves so DG5 is unaffected. Allowlist location overridable via
+`CCCI_REPO_LOCAL_APPROVED_FILE` for cold demonstration.
 
 ## Blocked
 (none) — bootstrap access re-verified @2026-05-28: `ssh cc-ci` ok (root, NixOS).