# STATUS — Phase 1b (review & lint pass)

## DONE
**Phase 1b COMPLETE @2026-05-27.** All Definition-of-Done items **RL1–RL6** are Adversary-PASS within
24h, **no standing VETO, no open `[adversary]` findings** (machine-docs/REVIEW-1b.md final sign-off):
- **RL1** lint/format toolchain (`nix develop .#lint` + `scripts/lint.sh` + `.drone.yml` stage) — cold
  PASS with a break-it probe (injected violations → `lint: FAIL`); whole codebase `lint: PASS`.
- **RL2** §3 white-box checklist (both loops) — no blocking findings; advisories triaged to IDEAS.
- **RL3** full cold D1–D10 re-verification on the cleaned+RL5 byte-identical closure — every D1–D10
  fresh PASS, **nothing weakened** (test diff = ruff line-wrapping only), 2 fresh category-spanning
  e2e (custom-html #151, keycloak #152) + carried 6/6, D6 leak-clean, D8 fresh-clone rebuild==running.
- **RL4** docs (README lint section + architecture.md `nix/` layout + DECISIONS).
- **RL5** all Nix code under `nix/` (`nix/modules`, `nix/hosts`); flake at root (`#cc-ci` unchanged);
  builds **byte-identical `8i3jcad9`**.
- **RL6** protocol files → `machine-docs/` (README stays root); watchdog `resolve_state` survived the
  lockstep cutover; refs updated.

Final Builder health check: cc-ci (`cc-nix-test`, 100.90.116.4) `running`/0-failed, toplevel
`8i3jcad9mrr01558lqckpi26nxn2ra3m` == fresh-recursive-clone build (`build == running`, byte-identical),
5 infra stacks up, public `https://ci.commoninternet.net/` → 200. The lint/format + `nix/` + `machine-docs/`
refactor regressed nothing; the codebase is now formatted, lint-clean, and lint-enforced in CI.

Carried advisories (non-blocking, → IDEAS / operator): flaky Gitea→Drone *push* webhook (lint stage is
wired + proven via its exact command, auto-fire needs the operator's gateway/webhook); `old_app` fixture
copy-paste; absent `tests/_template/`; bare-name DECISIONS refs.

**Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1b-review-lint.md`
**Loop state for THIS phase:** STATUS-1b / BACKLOG-1b / REVIEW-1b / JOURNAL-1b (DECISIONS.md shared).
The repo's STATUS.md / BACKLOG.md / REVIEW.md are Phase-1 HISTORY; STATUS-1c etc. are Phase-1c
HISTORY (DONE @2026-05-27). Neither is this phase's state.

## Phase
Phase 1b runs **after** Phase 1 + Phase 1c (both DONE) and **before** Phase 2. It is a **bounded**
review + lint pass over the final post-1c codebase. Exit = RL1–RL4 all Adversary-confirmed in
REVIEW-1b, then `## DONE`.

## Definition of Done (Phase 1b) — now RL1–RL6 (operator added RL5/RL6, plan §7)
- [x] **RL1** — Lint/format tooling + `.drone.yml` stage; codebase passes. **Adversary cold PASS.**
- [x] **RL2** — §3 white-box checklist run (both loops); no blocking findings; 2 advisories triaged
      (old_app→IDEAS; app-secret-redaction→RL3/D6 watch-item). Recorded REVIEW-1b + JOURNAL-1b.
- [ ] **RL3** — Full D1–D10 cold re-verification (final gate), nothing weakened; now also covers the
      RL5 byte-identical rebuild. **CLAIMED — awaiting Adversary.**
- [x] **RL4** — Documented: README lint section (local + CI-enforced) + architecture.md `nix/` layout;
      deviations in DECISIONS.md.
- [x] **RL5** — Nix code consolidated under `nix/`; flake at root (#cc-ci unchanged); builds
      byte-identical `8i3jcad9`; canonical switched + healthy.
- [ ] **RL6** — protocol files → `machine-docs/`: DEFERRED to the coordinated end (orchestrator
      lockstep on launch.sh + watchdog). README stays at root.

## In flight
**W0 (RL1) — DONE, Adversary cold PASS @2026-05-27** (REVIEW-1b: clean checkout → `lint: PASS` +
break-it probe → `lint: FAIL`). Advisory (non-blocking): confirm a real push fires the Drone lint
build at RL3 (flaky push webhook, §4.1).

**W1 (RL2) — Builder §3 self-review complete, clean.** All blocking invariants hold (tests-real,
harness-DRY [no recipe conditionals in shared harness; quirks are data via `recipe_meta.py`],
nix-idempotent, no-footguns [all sleeps are poll-loop intervals], no-secrets, log-redaction); no
fix needed, no advisory filed. **Awaiting the Adversary's own §3 pass #2 to confirm RL2.**

**W2 (RL3/RL4) — next.** RL4 docs already landed (README lint section). After RL2 confirms: rebuild
cc-ci to the formatted closure (running == cleaned source) and request the cold D1–D10 re-verify.

## Gate — RL3 PASS; ONLY RL6 (coordinated) remains before DONE

**Gate: RL6 CLAIMED, awaiting Adversary** — Builder moved STATUS/BACKLOG/JOURNAL/DECISIONS →
`machine-docs/` + updated refs (pushed @992d87c); Adversary please `git mv REVIEW*.md → machine-docs/`,
re-verify refs + watchdog handoff, and log the RL6 verdict. Then Builder writes `## DONE`.

**RL3 ✅ PASS @2026-05-27** (Adversary cold, REVIEW-1b): full D1–D10 re-verified on the cleaned+RL5
byte-identical closure (`8i3jcad9`==running==fresh-clone build), fresh evidence <24h, **nothing
weakened**; cardinal-rule PASS; 2 fresh category-spanning green runs (custom-html #151, keycloak #152)
+ carry-forward of the Phase-1 Adversary-verified 6/6 set. **RL1–RL5 all Adversary-PASS, no open
`[adversary]` findings, NO VETO.**

### RL6 — Builder part DONE (machine-docs/ move executed). Adversary: move REVIEW* + re-verify.
Verified the orchestrator's enabling condition is already in place: `launch.sh` (mtime 21:28:03) has
`resolve_state()` (prefers `machine-docs/$base`, else root), used by EVERY STATUS/REVIEW read
(`phase_done` L70, handoff watcher L147); the **running watchdog (pid 133191) was restarted at
21:28:36 — after that update** → it is location-agnostic and "survives the move whenever it happens"
(its own comment). So the move is safe now (no strict-lockstep instant required; `resolve_state` is
per-file).

Builder executed:
- `git mv STATUS*.md BACKLOG*.md JOURNAL*.md DECISIONS.md → machine-docs/` (README.md STAYS at root).
- Updated in-repo refs: `README.md` (status line + lint section + Loop-state section) and
  `docs/install.md` → `machine-docs/…`. `scripts/lint.sh` → **lint: PASS** post-move.
- (No `AGENTS.md`/`.drone.yml`/`scripts` protocol-file refs in-repo. The `cc-ci-plan/` plans are the
  orchestrator's — not edited from here.)

**Adversary:** please `git mv REVIEW*.md → machine-docs/` (yours to move, single-writer rule) and
re-verify (a) in-repo refs updated + (b) the watchdog handoff still works via `resolve_state`. REVIEW*
at root + my files in `machine-docs/` is a valid intermediate. On your RL6 PASS (RL1–RL5 still PASS,
no VETO), Builder writes `## DONE`.

## Blocked
(none)