fix grasp-audit test isolation to prevent cross-spec relay state corruption

Add Purgatory-prefixed fixture variants (PurgatoryValidRepoSent,
PurgatoryOwnerStateDataPushed) that create independent repos never
shared with the main fixture chain. Purgatory tests that mutate relay
state (replacement announcements, new state events, deletions) now use
these isolated fixtures so they cannot corrupt the repo that
push-authorization tests depend on.

Run purgatory tests before push-auth in the full suite, since push-auth
sends new replaceable state events (kind 30618) for the shared repo_id
that would displace the original served state event.

3 files changed, 285 insertions, 80 deletions

diff --git a/grasp-audit/src/bin/grasp-audit.rs b/grasp-audit/src/bin/grasp-audit.rs
index b3fa0db..d192f04 100644
--- a/grasp-audit/src/bin/grasp-audit.rs
+++ b/grasp-audit/src/bin/grasp-audit.rs
@@ -144,51 +144,56 @@ async fn main() -> Result<()> {
                     println!("Running all tests...\n");
                     let mut all_results = AuditResult::new("All GRASP-01 Tests");
 
-                    // Repository creation tests
+                    // NIP-01 smoke tests (stateless - no shared fixture dependencies)
+                    println!("  → NIP-01 smoke tests...");
+                    let nip01_results = specs::Nip01SmokeTests::run_all(&client).await;
+                    all_results.merge(nip01_results);
+
+                    // NIP-11 document tests (stateless)
+                    println!("  → NIP-11 document tests...");
+                    let nip11_results = specs::Nip11DocumentTests::run_all(&client).await;
+                    all_results.merge(nip11_results);
+
+                    // CORS tests (stateless HTTP checks)
+                    println!("  → CORS tests...");
+                    let cors_results = specs::CorsTests::run_all(&client, &relay_domain).await;
+                    all_results.merge(cors_results);
+
+                    // Repository creation tests (uses ValidRepoSent only - no state events)
                     println!("  → Repository creation tests...");
                     let repo_results = specs::RepositoryCreationTests::run_all(&client, &relay_domain).await;
                     all_results.merge(repo_results);
 
-                    // Git clone tests
+                    // Git clone tests (uses ValidRepoSent only - no state events)
                     println!("  → Git clone tests...");
                     let clone_results = specs::GitCloneTests::run_all(&client, &relay_domain).await;
                     all_results.merge(clone_results);
 
-                    // Git filter capability tests
+                    // Git filter capability tests (uses ValidRepoSent only - no state events)
                     println!("  → Git filter capability tests...");
                     let filter_results = specs::GitFilterTests::run_all(&client, &relay_domain).await;
                     all_results.merge(filter_results);
 
-                    // Push authorization tests
-                    println!("  → Push authorization tests...");
-                    let push_results = specs::PushAuthorizationTests::run_all(&client, &relay_domain).await;
-                    all_results.merge(push_results);
-
-                    // Event acceptance policy tests
+                    // Event acceptance policy tests (uses ValidRepoServed - no extra state events)
                     println!("  → Event acceptance policy tests...");
                     let event_results = specs::EventAcceptancePolicyTests::run_all(&client).await;
                     all_results.merge(event_results);
 
-                    // NIP-01 smoke tests
-                    println!("  → NIP-01 smoke tests...");
-                    let nip01_results = specs::Nip01SmokeTests::run_all(&client).await;
-                    all_results.merge(nip01_results);
-
-                    // NIP-11 document tests
-                    println!("  → NIP-11 document tests...");
-                    let nip11_results = specs::Nip11DocumentTests::run_all(&client).await;
-                    all_results.merge(nip11_results);
-
-                    // CORS tests
-                    println!("  → CORS tests...");
-                    let cors_results = specs::CorsTests::run_all(&client, &relay_domain).await;
-                    all_results.merge(cors_results);
-
-                    // Purgatory tests
+                    // Purgatory tests MUST run before push-auth.
+                    // Push-auth sends new replaceable state events (kind 30618) for the same
+                    // repo_id as OwnerStateDataPushed (e.g. test_head_set_after_git_push_with_required_oids
+                    // sends a develop1 state event that displaces the original). If purgatory ran
+                    // after push-auth, is_event_on_relay(original_id) would return false because
+                    // the original state event has been replaced on the relay.
                     println!("  → Purgatory tests...");
                     let purgatory_results = specs::PurgatoryTests::run_all(&client).await;
                     all_results.merge(purgatory_results);
 
+                    // Push authorization tests (mutates shared state - must run last among git specs)
+                    println!("  → Push authorization tests...");
+                    let push_results = specs::PushAuthorizationTests::run_all(&client, &relay_domain).await;
+                    all_results.merge(push_results);
+
                     println!();
                     all_results
                 }
diff --git a/grasp-audit/src/fixtures.rs b/grasp-audit/src/fixtures.rs
index 45d3094..0a9bf65 100644
--- a/grasp-audit/src/fixtures.rs
+++ b/grasp-audit/src/fixtures.rs
@@ -287,6 +287,36 @@ pub enum FixtureKind {
     /// - Returns: the served PR event
     PREvent2Served,
 
+    /// Independent repo announcement, used exclusively by purgatory tests.
+    ///
+    /// Creates its own fresh repo announcement (unique repo_id) that is NOT shared with
+    /// the main ValidRepoSent chain. The shared ValidRepoSent may already be promoted
+    /// (served) by the time purgatory tests run if earlier specs triggered OwnerStateDataPushed.
+    /// This fixture is never promoted by any other test, so the announcement stays in purgatory.
+    ///
+    /// - No dependencies
+    /// - Sends its own announcement to the relay
+    /// - Returns the repo announcement event (kind 30617)
+    PurgatoryValidRepoSent,
+
+    /// Independent owner state data pushed, used exclusively by purgatory tests.
+    ///
+    /// This fixture creates its own completely independent repo (fresh UUID, own announcement,
+    /// own state event, own git push) that is NOT shared with the main OwnerStateDataPushed
+    /// chain. It exists so that purgatory tests which mutate relay state (sending replacement
+    /// announcements, new state events pointing to non-existent commits, etc.) do not corrupt
+    /// the shared repo that push-authorization tests depend on.
+    ///
+    /// Stages (self-contained, no external dependencies):
+    /// 1. Creates a fresh repo announcement with a unique repo_id
+    /// 2. Creates and sends an owner state event (purgatory)
+    /// 3. Pushes git data (DETERMINISTIC_COMMIT_HASH) to release from purgatory
+    /// 4. Verifies state event is served
+    ///
+    /// - No dependencies (creates its own ValidRepoSent + OwnerStateDataPushed internally)
+    /// - Returns the owner state event (kind 30618) after git data is pushed
+    PurgatoryOwnerStateDataPushed,
+
     /// Owner's state event with git data successfully pushed (full 4-stage fixture)
     ///
     /// This fixture represents the complete flow for testing state push authorization:
@@ -372,6 +402,12 @@ impl FixtureKind {
             Self::PREvent2GitDataPushed => vec![Self::PREvent2Sent],
             Self::PREvent2Served => vec![Self::PREvent2GitDataPushed],
 
+            // PurgatoryValidRepoSent has no dependencies — creates its own fresh repo
+            Self::PurgatoryValidRepoSent => vec![],
+
+            // PurgatoryOwnerStateDataPushed depends on PurgatoryValidRepoSent
+            Self::PurgatoryOwnerStateDataPushed => vec![Self::PurgatoryValidRepoSent],
+
             // OwnerStateDataPushed depends on OwnerRepoStateSent (git push + purgatory release)
             Self::OwnerStateDataPushed => vec![Self::OwnerRepoStateSent],
 
@@ -416,6 +452,10 @@ impl FixtureKind {
             Self::PREvent2Served => true,
             // HeadSetToDevelopBranch sends its state event internally
             Self::HeadSetToDevelopBranch => true,
+            // PurgatoryValidRepoSent sends its own announcement internally
+            Self::PurgatoryValidRepoSent => true,
+            // PurgatoryOwnerStateDataPushed sends its own state event and git push internally
+            Self::PurgatoryOwnerStateDataPushed => true,
             // ValidRepoServed doesn't send anything itself, just returns cached event
             Self::ValidRepoServed => true,
             // OwnerRepoStateSent sends its state event and notes purgatory internally
@@ -926,6 +966,9 @@ impl<'a> TestContext<'a> {
             FixtureKind::PREvent2GitDataPushed => self.build_pr_event_2_git_data_pushed().await,
             FixtureKind::PREvent2Served => self.build_pr_event_2_served().await,
 
+            FixtureKind::PurgatoryValidRepoSent => self.build_purgatory_valid_repo_sent().await,
+            FixtureKind::PurgatoryOwnerStateDataPushed => self.build_purgatory_owner_state_data_pushed().await,
+
             FixtureKind::OwnerStateDataPushed => self.build_owner_state_data_pushed().await,
 
             FixtureKind::MaintainerStateDataPushed => {
@@ -1000,6 +1043,166 @@ impl<'a> TestContext<'a> {
             .ok_or_else(|| anyhow::anyhow!("Missing d tag in repo announcement"))
     }
 
+    /// Build PurgatoryValidRepoSent fixture: independent repo announcement for purgatory tests.
+    ///
+    /// Creates a fresh repo announcement with a unique repo_id, sends it to the relay,
+    /// and returns it. Never promoted by any other test so the announcement stays in purgatory.
+    async fn build_purgatory_valid_repo_sent(&self) -> Result<Event> {
+        use nostr_sdk::prelude::*;
+
+        let repo_id = format!(
+            "fixture-PurgatoryValidRepoSent-{}",
+            &uuid::Uuid::new_v4().to_string()[..8]
+        );
+
+        let relay_domain = self.get_relay_domain().await?;
+        let relay_url = format!("ws://{}", relay_domain);
+        let http_url = format!("http://{}", relay_domain);
+
+        let npub = self
+            .client
+            .public_key()
+            .to_bech32()
+            .map_err(|e| anyhow::anyhow!("Failed to convert pubkey to bech32: {}", e))?;
+
+        let announcement = self
+            .client
+            .event_builder(Kind::GitRepoAnnouncement, "")
+            .tag(Tag::identifier(&repo_id))
+            .tag(Tag::custom(TagKind::custom("name"), vec![repo_id.clone()]))
+            .tag(Tag::custom(
+                TagKind::custom("clone"),
+                vec![format!("{}/{}/{}.git", http_url, npub, repo_id)],
+            ))
+            .tag(Tag::custom(TagKind::custom("relays"), vec![relay_url]))
+            .build(self.client.keys())
+            .map_err(|e| anyhow::anyhow!("Failed to build repo announcement: {}", e))?;
+
+        self.client.send_event(announcement.clone()).await?;
+
+        Ok(announcement)
+    }
+
+    /// Build PurgatoryOwnerStateDataPushed fixture: a self-contained independent repo for purgatory tests.
+    ///
+    /// Creates its own fresh repo announcement (unique repo_id), state event, and git push
+    /// without touching the shared OwnerStateDataPushed chain. This ensures that purgatory
+    /// tests which mutate relay state (replacement announcements, new state events, deletions)
+    /// do not corrupt the repo that push-authorization tests depend on.
+    async fn build_purgatory_owner_state_data_pushed(&self) -> Result<Event> {
+        use nostr_sdk::prelude::*;
+
+        // ============================================================
+        // Step 1: Get the cached PurgatoryValidRepoSent announcement
+        // (ensured as a dependency before this is called)
+        // ============================================================
+        let announcement = self.get_cached_dependency(FixtureKind::PurgatoryValidRepoSent)?;
+        let repo_id = self.extract_repo_id(&announcement)?;
+
+        let relay_domain = self.get_relay_domain().await?;
+
+        let npub = self
+            .client
+            .public_key()
+            .to_bech32()
+            .map_err(|e| anyhow::anyhow!("Failed to convert pubkey to bech32: {}", e))?;
+
+        // ============================================================
+        // Step 2: Create and send owner state event (enters purgatory)
+        // ============================================================
+        let base_time = Timestamp::now().as_secs();
+        let older_timestamp = Timestamp::from(base_time - 10);
+
+        let state_event = self
+            .client
+            .event_builder(Kind::RepoState, "")
+            .tag(Tag::identifier(&repo_id))
+            .tag(Tag::custom(
+                TagKind::custom("refs/heads/main"),
+                vec![DETERMINISTIC_COMMIT_HASH.to_string()],
+            ))
+            .tag(Tag::custom(
+                TagKind::custom("HEAD"),
+                vec!["ref: refs/heads/main".to_string()],
+            ))
+            .custom_time(older_timestamp)
+            .build(self.client.keys())
+            .map_err(|e| anyhow::anyhow!("Failed to build state event: {}", e))?;
+
+        self.client
+            .send_event_and_note_purgatory(state_event.clone())
+            .await?;
+
+        // ============================================================
+        // Step 3: Clone repo, create deterministic commit, push
+        // ============================================================
+        let clone_path = clone_repo(&relay_domain, &npub, &repo_id)
+            .map_err(|e| anyhow::anyhow!("Failed to clone repo: {}", e))?;
+
+        let cleanup = |path: &PathBuf| {
+            let _ = fs::remove_dir_all(path);
+        };
+
+        let commit_hash = match create_deterministic_commit(&clone_path, "Initial commit") {
+            Ok(h) => h,
+            Err(e) => {
+                cleanup(&clone_path);
+                return Err(anyhow::anyhow!("Failed to create deterministic commit: {}", e));
+            }
+        };
+
+        if commit_hash != DETERMINISTIC_COMMIT_HASH {
+            cleanup(&clone_path);
+            return Err(anyhow::anyhow!(
+                "Commit hash mismatch: got {}, expected {}",
+                commit_hash,
+                DETERMINISTIC_COMMIT_HASH
+            ));
+        }
+
+        let branch_out = Command::new("git")
+            .args(["branch", "main"])
+            .current_dir(&clone_path)
+            .output();
+        if let Ok(o) = &branch_out {
+            if !o.status.success() {
+                // branch may already exist (detached HEAD clone) — ignore
+            }
+        }
+
+        let _ = Command::new("git")
+            .args(["checkout", "main"])
+            .current_dir(&clone_path)
+            .output();
+
+        let push_result = try_push(&clone_path);
+        cleanup(&clone_path);
+
+        match push_result {
+            Ok(true) => {}
+            Ok(false) => {
+                return Err(anyhow::anyhow!(
+                    "PurgatoryOwnerStateDataPushed git push rejected (state event points to {})",
+                    DETERMINISTIC_COMMIT_HASH
+                ));
+            }
+            Err(e) => return Err(anyhow::anyhow!("PurgatoryOwnerStateDataPushed push error: {}", e)),
+        }
+
+        // ============================================================
+        // Step 4: Verify state event released from purgatory
+        // ============================================================
+        tokio::time::sleep(Duration::from_millis(200)).await;
+
+        if !self.client.is_event_on_relay(state_event.id).await? {
+            return Err(anyhow::anyhow!(
+                "PurgatoryOwnerStateDataPushed state event not released from purgatory"
+            ));
+        }
+
+        Ok(state_event)
+    }
+
     /// Build OwnerStateDataPushed fixture: git push + purgatory release for owner's state event
     ///
     /// `OwnerRepoStateSent` is ensured as a dependency before this is called — the state event
diff --git a/grasp-audit/src/specs/grasp01/purgatory.rs b/grasp-audit/src/specs/grasp01/purgatory.rs
index 29eabad..0686da8 100644
--- a/grasp-audit/src/specs/grasp01/purgatory.rs
+++ b/grasp-audit/src/specs/grasp01/purgatory.rs
@@ -46,7 +46,11 @@ impl PurgatoryTests {
         results.add(Self::test_announcement_not_served_before_git_data(client).await);
         results.add(Self::test_announcement_served_after_git_push(client).await);
         results.add(Self::test_bare_repo_exists_for_purgatory_announcement(client).await);
+
+        // State event purgatory tests
         results.add(Self::test_state_event_accepted_for_purgatory_announcement(client).await);
+        results.add(Self::test_state_event_not_served_before_git_data(client).await);
+        results.add(Self::test_state_event_served_after_git_push(client).await);
 
         // Deletion event tests (NIP-09)
         results.add(Self::test_deletion_by_event_id_removes_purgatory_state_event(client).await);
@@ -54,10 +58,6 @@ impl PurgatoryTests {
             Self::test_deletion_by_coordinate_removes_purgatory_state_event(client).await,
         );
 
-        // State event purgatory tests (already implemented)
-        results.add(Self::test_state_event_not_served_before_git_data(client).await);
-        results.add(Self::test_state_event_served_after_git_push(client).await);
-
         // PR purgatory tests
         results.add(Self::test_pr_event_accepted_into_purgatory_and_isnt_served(client).await);
         results.add(Self::test_pr_event_in_purgatory_git_push_accepted(client).await);
@@ -92,9 +92,12 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Create a fresh repo announcement (not the served variant)
+            // Use the purgatory-specific fixture which creates its own independent repo.
+            // The shared ValidRepoSent may already be promoted (served) by the time this
+            // test runs if earlier specs triggered OwnerStateDataPushed. PurgatoryValidRepoSent
+            // is never promoted by any other test so the announcement stays in purgatory.
             let repo = ctx
-                .get_fixture(FixtureKind::ValidRepoSent)
+                .get_fixture(FixtureKind::PurgatoryValidRepoSent)
                 .await
                 .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
 
@@ -106,7 +109,7 @@ impl PurgatoryTests {
                 .ok_or("Missing d tag in repo announcement")?
                 .to_string();
 
-            // Query for the announcement - should NOT be served
+            // Query for the announcement - should NOT be served (purgatory)
             let filter = Filter::new()
                 .kind(Kind::GitRepoAnnouncement)
                 .author(client.public_key())
@@ -153,13 +156,13 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // OwnerStateDataPushed fixture handles the full lifecycle:
+            // PurgatoryOwnerStateDataPushed fixture handles the full lifecycle:
             // 1. Creates repo announcement (purgatory)
             // 2. Creates state event (purgatory)
             // 3. Pushes git data
             // 4. Verifies events are served
             let state_event = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
                 .map_err(|e| format!("Failed to complete full lifecycle: {}", e))?;
 
@@ -190,18 +193,16 @@ impl PurgatoryTests {
                 ));
             }
 
-            // Verify state event is served
-            let state_filter = Filter::new()
-                .kind(Kind::RepoState)
-                .author(client.public_key())
-                .identifier(&repo_id);
-
-            let state_events = client
-                .query(state_filter)
+            // Verify state event is served by querying its specific event ID.
+            // We intentionally query by ID rather than kind+author+identifier because
+            // other tests (e.g. push-auth) may have sent a newer replaceable state event
+            // for the same repo_id, which would displace this one in an identifier query.
+            let served = client
+                .is_event_on_relay(state_event.id)
                 .await
-                .map_err(|e| format!("Failed to query state events: {}", e))?;
+                .map_err(|e| format!("Failed to query state event: {}", e))?;
 
-            if !state_events.iter().any(|e| e.id == state_event.id) {
+            if !served {
                 return Err(format!(
                     "State event not served after git push. Event ID: {}",
                     state_event.id
@@ -234,9 +235,9 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Get a repo announcement (in purgatory, no git data yet)
+            // Get the purgatory-specific repo announcement (never promoted by other tests)
             let repo = ctx
-                .get_fixture(FixtureKind::ValidRepoSent)
+                .get_fixture(FixtureKind::PurgatoryValidRepoSent)
                 .await
                 .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
 
@@ -314,9 +315,9 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Get a repo announcement (in purgatory)
+            // Get the purgatory-specific repo announcement (never promoted by other tests)
             let repo = ctx
-                .get_fixture(FixtureKind::ValidRepoSent)
+                .get_fixture(FixtureKind::PurgatoryValidRepoSent)
                 .await
                 .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
 
@@ -407,11 +408,13 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Get a repo with git data already pushed
+            // Use the isolated purgatory repo so this test's new state event
+            // does not displace the shared OwnerStateDataPushed state event
+            // that push-authorization tests depend on.
             let existing_state = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
-                .map_err(|e| format!("Failed to get existing repo: {}", e))?;
+                .map_err(|e| format!("Failed to get purgatory test repo: {}", e))?;
 
             let repo_id = existing_state
                 .tags
@@ -461,7 +464,7 @@ impl PurgatoryTests {
     /// Spec: GRASP-01 Line 22
     /// "...kept in purgatory (not served) until the related git data arrives"
     ///
-    /// This test verifies the full lifecycle using OwnerStateDataPushed fixture:
+    /// This test verifies the full lifecycle using PurgatoryOwnerStateDataPushed fixture:
     /// 1. State event is sent (enters purgatory)
     /// 2. Git data is pushed matching the state event
     /// 3. State event is now served
@@ -474,32 +477,22 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // OwnerStateDataPushed handles the full lifecycle
+            // PurgatoryOwnerStateDataPushed handles the full lifecycle
             let state_event = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
                 .map_err(|e| format!("Failed to complete full lifecycle: {}", e))?;
 
-            // Verify state event is now served
-            let repo_id = state_event
-                .tags
-                .iter()
-                .find(|t| t.kind() == TagKind::d())
-                .and_then(|t| t.content())
-                .ok_or("Missing d tag in state event")?
-                .to_string();
-
-            let filter = Filter::new()
-                .kind(Kind::RepoState)
-                .author(client.public_key())
-                .identifier(&repo_id);
-
-            let events = client
-                .query(filter)
+            // Verify state event is served by querying its specific event ID.
+            // We intentionally query by ID rather than kind+author+identifier because
+            // other tests (e.g. push-auth) may have sent a newer replaceable state event
+            // for the same repo_id, which would displace this one in an identifier query.
+            let served = client
+                .is_event_on_relay(state_event.id)
                 .await
-                .map_err(|e| format!("Failed to query state events: {}", e))?;
+                .map_err(|e| format!("Failed to query state event: {}", e))?;
 
-            if !events.iter().any(|e| e.id == state_event.id) {
+            if !served {
                 return Err(format!(
                     "State event not served after git push. Event ID: {}",
                     state_event.id
@@ -665,7 +658,7 @@ impl PurgatoryTests {
     /// each referencing an event the author is requesting to be deleted."
     ///
     /// This test verifies:
-    /// 1. Get a promoted repo (OwnerStateDataPushed) so git pushes are possible
+    /// 1. Get a promoted repo (PurgatoryOwnerStateDataPushed) so git pushes are possible
     /// 2. Clone the repo and create a unique commit (not yet pushed)
     /// 3. Submit a state event pointing to that unique commit (enters purgatory)
     /// 4. Send a kind 5 deletion event referencing the state event by event ID
@@ -681,11 +674,12 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Stage 1: get a promoted repo with git data already on the relay
+            // Stage 1: get the isolated purgatory repo (independent from the shared
+            // OwnerStateDataPushed chain that push-authorization tests depend on)
             let existing_state = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
-                .map_err(|e| format!("Failed to get promoted repo: {}", e))?;
+                .map_err(|e| format!("Failed to get purgatory test repo: {}", e))?;
 
             let repo_id = existing_state
                 .tags
@@ -788,7 +782,7 @@ impl PurgatoryTests {
     /// event up to the `created_at` timestamp of the deletion request event."
     ///
     /// This test verifies:
-    /// 1. Get a promoted repo (OwnerStateDataPushed) so git pushes are possible
+    /// 1. Get a promoted repo (PurgatoryOwnerStateDataPushed) so git pushes are possible
     /// 2. Generate a fresh keypair for a new maintainer
     /// 3. Send a replacement owner announcement adding the new maintainer (goes to DB)
     /// 4. Send a state event signed by the new maintainer pointing to a unique commit
@@ -807,11 +801,14 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Stage 1: get a promoted repo with git data already on the relay
+            // Stage 1: get the isolated purgatory repo (independent from the shared
+            // OwnerStateDataPushed chain that push-authorization tests depend on).
+            // This test sends a replacement announcement (kind 30617) for the repo which
+            // would corrupt the shared repo's maintainer set if we used OwnerStateDataPushed.
             let existing_state = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
-                .map_err(|e| format!("Failed to get promoted repo: {}", e))?;
+                .map_err(|e| format!("Failed to get purgatory test repo: {}", e))?;
 
             let repo_id = existing_state
                 .tags