status(1e): E0/HC2 CLAIMED — repo-local trust gate (8 unit tests PASS on cc-ci)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

machine-docs/BACKLOG-1e.md

@@ -3,7 +3,7 @@
 Phase-namespaced backlog. Builder edits `## Build backlog`; Adversary edits `## Adversary findings`.
 
 ## Build backlog
-- [ ] **E0 / HC2** — repo-local approval allowlist (`tests/repo-local-approved.txt`, default-deny);
+- [x] **E0 / HC2** — repo-local approval allowlist (`tests/repo-local-approved.txt`, default-deny);
       gate `discovery.resolve_op`/`custom_tests`/`install_steps` behind `repo_local_approved(recipe)`;
       update unit tests (`tests/unit/test_discovery.py`) for approved vs non-approved.
 - [ ] **E1 / HC3** — generic-by-default (additive); op/assertion split. Orchestrator performs each

machine-docs/JOURNAL-1e.md

@@ -21,3 +21,20 @@ Append-only Builder log: what I did + verifying command/output + next.
     `deploy_app` (app new), not the in-place chaos redeploy.
 
 Next: E0 — implement the HC2 allowlist + discovery gate + unit tests.
+
+## 2026-05-28 — E0 / HC2 repo-local trust gate (DONE, CLAIMED)
+- Implemented the approval allowlist (`tests/repo-local-approved.txt`, default empty ⇒ default-deny)
+  + centralized gate in `runner/harness/discovery.py`: `approved_recipes()`/`repo_local_approved()`/
+  `_gated()`. Split overlay resolution into `resolve_overlay_op` (repo-local>cc-ci, gated) + `generic_op`
+  (the floor) for HC3; kept back-compat `resolve_op` (override). `custom_tests`/`install_steps`/new
+  `pre_op_hook` all route repo-local through `_gated`. Allowlist path overridable via
+  `CCCI_REPO_LOCAL_APPROVED_FILE`.
+- Rewrote `tests/unit/test_discovery.py` for the gate (approved-vs-not for overlay/custom/hook/pre-op +
+  the generic floor + default-empty-allowlist invariant).
+- Verified on cc-ci (tar-piped working tree → /root/cc-ci; cc-ci has no rsync):
+    `cc-ci-run -m pytest tests/unit -q` → **8 passed in 0.06s**
+  And the cc-ci-authored hook is unaffected (DG5):
+    discovery.install_steps("custom-html-tiny", None) → ('cc-ci', '.../tests/custom-html-tiny/install_steps.sh')
+- Committed d38a695, pushed. Gate E0/HC2 CLAIMED for Adversary.
+
+Next: E1 (HC3) — orchestrator op/assertion split + additive generic + opt-out + overlay migration.

machine-docs/STATUS-1e.md

@@ -29,10 +29,18 @@ Three corrections, each Adversary cold-verified, no test weakened:
 - **E3** — HC4 cold re-verification + docs → DONE.
 
 ## In flight
-E0 (HC2) — implementing the repo-local approval allowlist + discovery gate + unit tests.
+E1 (HC3) — additive generic + op/assertion split (orchestrator owns the op; generic+overlay both
+assert post-op state; opt-out via env/recipe_meta; migrate generic + overlays to assertion-only).
 
 ## Gate
-(none claimed yet)
+**Gate: E0/HC2 — CLAIMED, awaiting Adversary @2026-05-28.** Repo-local (PR-authored)
+`test_*.py`/`install_steps.sh`/`ops.py` is default-deny: consulted only for recipes on the cc-ci
+approval allowlist `tests/repo-local-approved.txt` (empty ⇒ deny). Centralized gate in
+`discovery.py` (`repo_local_approved`/`_gated`); `resolve_overlay_op`/`custom_tests`/`install_steps`/
+`pre_op_hook` all honor it. Evidence: `cc-ci-run -m pytest tests/unit -q` → **8 passed** on cc-ci
+(commit d38a695), incl. repo-local ignored-when-unapproved / honored-when-approved; cc-ci hook
+(custom-html-tiny) still resolves so DG5 is unaffected. Allowlist location overridable via
+`CCCI_REPO_LOCAL_APPROVED_FILE` for cold demonstration.
 
 ## Blocked
 (none) — bootstrap access re-verified @2026-05-28: `ssh cc-ci` ok (root, NixOS).