chore(runbooks): log #1042 merge-guard privileged-flag live-probe (#1051)

Dual-independent post-install live-probe of the v4.4.44 merge-guard privileged-flag binding: convergent PASS across both arms, zero under-blocks. Docs-only runbook log; no version bump.

Author: michael-wojcik

pact-plugin/tests/runbooks/RUNBOOK_RUN_DATES.md

@@ -153,3 +153,9 @@ the calibration record.
 | Run date (UTC) | Operator | Plugin version | Verdict | Harness-independence evidence | Notes (real cases; deny paths; stub gate) |
 | -------------- | -------- | -------------- | ------- | ----------------------------- | ----------------------------------------- |
 | 2026-06-26 | michael-wojcik | 4.4.43 | #1031 PASS · #1032 PASS · stub PASS | DUAL independent harnesses — security-engineer (primary) + test-engineer (clean-room: re-derived envelopes from source, did NOT read peer); verdicts CONVERGE; test-engineer subprocess==in-process 10/10 + R-B positive control proves mint capability | Post-install probe of the INSTALLED v4.4.43 hooks (not pytest). Mode-independent (file-on-disk token store; session scoping intentionally INERT → every deny on the (op,target) axis alone). #1031: R-A minted pr 1029 not prose distractor 1028; R-B minted pr 1034 from clicked-option command only (padded question ignored); R-C kept full colon-bearing branch origin:feature → all PRE allow exit0 + consume. #1032: A1/A1b/A2/A3/A4/A5 NO-MINT (step-3b option-anchoring / no-options fail-closed) → DENY-NOTOKEN exit2; A6 token-exists-mismatch (valid {merge,1029} token vs force-push exec, _token_matches_command False) → DENY-MISMATCH exit2, token unchanged. Stub gate AST-confirmed + full-source-read: NO unconditional always-allow in check_merge_authorization. No HALT. Gated closure (#924 discipline) satisfied → #1031/#1032 closed. |
+
+## merge-guard-1042-privileged-flags-live-probe (#1042 privileged flags ride past auth binding)
+
+| Run date (UTC) | Operator | Plugin version | Verdict | Harness-independence evidence | Notes (real cases; deny paths; non-vacuity) |
+| -------------- | -------- | -------------- | ------- | ----------------------------- | ------------------------------------------- |
+| 2026-06-27 | michael-wojcik | 4.4.44 | C1 AUTHORIZE · C2–C5 REFUSE (both arms) · dual-independent CONVERGE PASS | DUAL independent harnesses under an independence guard — security-engineer (primary; crafted-stdin through the REAL hooks.json pre/post entry points, isolated `CLAUDE_CONFIG_DIR`, zero `~/.claude` contamination) + test-engineer (independent faithfulness; deterministic-token READ arm + genuine post-hook MINT seam `minted=True`, isolated `te_indep/` dir; observed only peer FILENAMES via one `ls`, never contents). Each LOCKED its verdict BEFORE cross-reading; reconciliation routed through the lead; both honesty-disclosed sources. Verdicts CONVERGE; the two probes surfaced DIFFERENT peripheral over-blocks (genuine-independence signature). | Post-install probe of the INSTALLED v4.4.44 hooks (== merge commit `b01639d5`), not pytest. Mode-independent (file-on-disk token store; session scoping intentionally INERT → deny keys on op+target+`bound_flags` alone). Cases (read-arm `pre` + mint→read seam `post→pre`): C1 faithful bare merge → AUTHORIZE (+token consumed); C2 `--admin` / C3 `-R other/repo` / C4 `--no-verify` / C5 dropped `--match-head-commit <sha>` → all REFUSE with reason TOKEN_MISMATCH (op+target IDENTICAL, only `bound_flags` differ). Non-vacuity proven 3 ways per case: in-process denylist-pop FLIPs REFUSE→AUTHORIZE; faithful-with-flag (C2c/C3c/C4c/C5c) AUTHORIZEs; ALLOW path consumes the token (AUTHORIZE branch genuinely reached — rules out always-deny/always-allow/silent-no-op/parse-error). Completeness: 11/11 CLI spelling variants REFUSE incl. the `-dR` cluster end-to-end DENY (the R4 redirect-under-block class) + `git --no-veri` abbreviation expansion. Residuals (NONE an under-block): backtick-into-value capture = over-block-only usability; shell-quote/op-token obfuscation = control's pre-existing literal-string boundary (accepted in #1042 review); `--no-verify` APPROVAL refused by post-hook decline-veto = independent over-block, decline-veto false-positive class (#1049), not a #1042 gap. No HALT. Gated closure (#924 discipline) satisfied → #1042 closed. |