feat: announcement purgatory

Extends purgatory to hold repository announcements until git data arrives, preventing empty repositories from being served to clients. When an announcement is received, a bare repo is created immediately and the announcement is held in purgatory. It is only promoted and served once a git push confirms real content exists. If no push arrives before expiry, the bare repo is deleted and the announcement is silently discarded. Key behaviours: - Soft expiry: announcements are hidden from clients but kept alive while git pushes are in progress, reviving on successful push - Expiry is extended when a matching state event or git push is observed - NIP-09 deletion events remove announcements from purgatory - Purgatory state (announcements, state events, PR events, expired set) is persisted to disk on graceful shutdown and restored on startup, with elapsed downtime subtracted from expiry deadlines - Purgatory announcements drive StateOnly sync in the sync system so state events are fetched from listed relays before promotion - SyncLevel added to RepoSyncIndex to distinguish purgatory repos (StateOnly) from promoted repos (Full L2+L3 sync)
author: DanConwayDev <DanConwayDev@protonmail.com> 2026-02-23 15:41:32 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2026-02-23 15:41:32 +0000
commit: c54ce061d6d278cce8362d5af085808ca60c239b (patch)
tree: ec967d6195d9f7ec4f061449596611afe3a0950f
parent: e0ad39a489b3398f8208713bf728db0cb11475b0 (diff)
parent: 113928aa84894ea8f65c247d9987527e792b32a9 (diff)
54 files changed, 6091 insertions, 2055 deletions
diff --git a/docs/explanation/grasp-02-proactive-sync-purgatory-git-data.md b/docs/explanation/grasp-02-proactive-sync-purgatory-git-data.md
index 31c3e46..8fb5798 100644
--- a/docs/explanation/grasp-02-proactive-sync-purgatory-git-data.md
+++ b/docs/explanation/grasp-02-proactive-sync-purgatory-git-data.md
@@ -12,7 +12,13 @@
 ## Overview
-When Nostr events arrive before their git data, they enter **purgatory** waiting to be served. But they don't wait passively—ngit-grasp **actively hunts** for the missing git data across all git servers assoicated with the repo until it finds what it needs.
+When Nostr events arrive before their git data, they enter **purgatory** waiting to be served. But they don't wait passively—ngit-grasp **actively hunts** for the missing git data across all git servers associated with the repo until it finds what it needs.
+This applies to three types of purgatory entries:
+- **Announcement purgatory** — kind 30617 announcements waiting for a git push to prove the repo has content
+- **State event purgatory** — kind 30618 state events waiting for their referenced git objects
+- **PR event purgatory** — kind 1617/1618 PR events waiting for their referenced commits
 ### How It Works
@@ -42,6 +48,7 @@ We respect remote server capacity with:
 ✅ **Respectful throttling** - 5 concurrent + 30/min per domain, plays nice with other implementations  
 ✅ **Smart timing** - 3min delay for user pushes, 500ms for synced events  
 ✅ **30min expiry** - Auto-cleanup of events when data never arrives  
+✅ **Soft expiry for announcements** - Bare repo deleted at 30min, event retained 24h to allow revival  
 ✅ **Fully testable** - Mock-based architecture for reliable unit tests
 ---
@@ -73,6 +80,16 @@ Timeline D: Data never arrives
  t=60s:   Retry → all servers checked, no data
  ...
  t=1800s: 30 minutes expired → event discarded, purgatory cleaned up 🗑️
+Timeline E: Announcement purgatory (no git data within 30 min)
+  t=0s:    Announcement received → bare repo created, enters announcement purgatory
+  t=0.5s:  Start hunting git servers for any content
+  ...
+  t=1800s: 30 minutes expired → bare repo deleted, event retained (soft_expired=true)
+  t=3600s: State event arrives (slow sync) → bare repo recreated, expiry reset ✅
+  t=5400s: Git push arrives → announcement promoted to DB, served to clients ✅
+  OR
+  t=86400s: 24 hours elapsed, no revival → event added to expired_events, removed 🗑️
 ```
 **Without proactive sync**: Events in Timeline C would wait indefinitely (or until manual git push).  
@@ -330,11 +347,11 @@ Both methods check `has_capacity()` and trigger `try_process_next()` if true.
 ---
-## 30-Minute Purgatory Expiry
+## Purgatory Expiry
-Purgatory entries **automatically expire** after 30 minutes to prevent unbounded memory growth.
+### State and PR Events: 30-Minute Hard Expiry
-### Why 30 Minutes?
+State and PR purgatory entries **automatically expire** after 30 minutes.
 From the [GRASP-01 spec](https://github.com/DanConwayDev/grasp/blob/main/01.md#purgatory):
@@ -346,25 +363,40 @@ This balances:
 - 🧹 **Short enough** to prevent memory leaks from abandoned events
 - 🔄 **Recoverable** events are still on other relays and can be re-submitted
-### Implementation
+Each entry tracks `expires_at: Instant` (30 min from creation). The sync loop checks expiry before processing via `has_pending_events()`. If all events for an identifier have expired, the identifier is removed from the sync queue.
-Each purgatory entry tracks:
+To prevent infinite re-sync loops, expired event IDs are added to an `expired_events` set. If a sync delivers an event that previously expired, it is rejected with `"previously expired from purgatory without git data"`.
- `created_at: Instant` - When added to purgatory
+**Implementation**: [`src/purgatory/mod.rs:DEFAULT_EXPIRY`](../../src/purgatory/mod.rs)
- `expires_at: Instant` - When to discard (created_at + 30min)
-The main sync loop checks expiry before processing:
+### Announcement Purgatory: Two-Phase Soft Expiry
-```rust
+Announcements use a different expiry strategy because they have an additional concern: the bare git repo created on arrival must be cleaned up, but we also need to avoid re-syncing the announcement event on every sync cycle.
-if !self.has_pending_events(&identifier) {
-    // No events remain (expired or released) → remove from sync queue
-    self.sync_queue.remove(&identifier);
-}
-```
-**Note**: Expiry is checked implicitly via `has_pending_events()`. If all events for an identifier have expired, the identifier is removed from the sync queue.
+**Phase 1 — Initial 30-minute expiry:**
-**Implementation**: [`src/purgatory/mod.rs:DEFAULT_EXPIRY`](../../src/purgatory/mod.rs)
+- Delete the bare git repo (frees disk space, respects the protocol's 30-minute expiry)
+- Set `soft_expired = true` on the entry
+- Extend `expires_at` by **24 hours** (`SOFT_EXPIRY_EXTENDED`)
+- Continue syncing state events for this repo (same as active purgatory)
+**Phase 2 — 24-hour soft expiry:**
+- Add event ID to `expired_events` (prevents re-sync loops)
+- Remove entry completely from `announcement_purgatory`
+**Why not just hard-expire at 30 minutes?**
+The protocol's 30-minute expiry creates a dilemma for announcements:
+- **Option A: Add to `failed_events` at 30 min** → Permanently rejects future state events, losing potential revival when state events arrive late (e.g. from a slow sync)
+- **Option B: Remove entirely at 30 min** → The announcement gets re-fetched on every subsequent sync cycle, wasting bandwidth indefinitely
+Soft expiry is the solution: the bare repo is deleted at 30 minutes (respecting the protocol), but the event is retained for 24 hours. During this window, a late-arriving state event can **revive** the announcement—`extend_announcement_expiry()` recreates the bare repo, clears `soft_expired`, and resets the 30-minute timer. After 24 hours with no revival, the event is added to `expired_events` and fully removed.
+**Why 24 hours specifically?** This covers the worst-case sync delay. A relay that was offline for up to 24 hours will re-sync state events when it reconnects. The 24-hour window ensures announcements remain revivable throughout that period without permanently occupying disk space.
+**Implementation**: [`src/purgatory/mod.rs:SOFT_EXPIRY_EXTENDED`](../../src/purgatory/mod.rs)
 ---
@@ -670,6 +702,7 @@ The purgatory sync system is a sophisticated, production-ready implementation th
 ✅ **Throttles respectfully** - 5 concurrent + 30/min per domain, round-robin fairness  
 ✅ **Times strategically** - 3min for user events, 500ms for synced events  
 ✅ **Expires responsibly** - 30min auto-cleanup prevents memory leaks  
+✅ **Soft-expires announcements** - Bare repo deleted at 30min, event retained 24h for revival  
 ✅ **Tests thoroughly** - Mock-based architecture enables comprehensive unit tests
 This design ensures ngit-grasp can serve repositories reliably even when git data and Nostr events arrive out-of-order or from different sources, while respecting remote server capacity and providing excellent observability.
diff --git a/docs/explanation/grasp-02-proactive-sync.md b/docs/explanation/grasp-02-proactive-sync.md
index ed8fdbf..6696e27 100644
--- a/docs/explanation/grasp-02-proactive-sync.md
+++ b/docs/explanation/grasp-02-proactive-sync.md
@@ -47,20 +47,37 @@ This state starts afresh when the binary loads.
 ### RepoSyncIndex (Source of Truth)
 ```rust
-/// What we WANT to sync - derived from events received via self-subscription.
+/// What we WANT to sync - derived from events received via self-subscription
-/// Updated immediately when self-subscriber batch fires.
+/// and from purgatory announcements.
+/// Updated immediately when self-subscriber batch fires or purgatory sync timer runs.
 /// Key: repo addressable ref - 30617:pubkey:identifier
 pub type RepoSyncIndex = Arc<RwLock<HashMap<String, RepoSyncNeeds>>>;
+/// Controls which sync filters are built for a repo
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Default)]
+pub enum SyncLevel {
+    #[default]
+    Full,       // Full L2 + L3 sync (promoted repos with git data)
+    StateOnly,  // Only state events (kind 30618) — for purgatory announcements
+}
 #[derive(Debug, Clone, Default)]
 pub struct RepoSyncNeeds {
    /// Relay URLs listed in this repo's 30617 announcement
    pub relays: HashSet<String>,
    /// Root event IDs - 1617/1618/1621 - that reference this repo
    pub root_events: HashSet<EventId>,
+    /// Controls which filters are built: Full (L2+L3) or StateOnly (kind 30618 only)
+    pub sync_level: SyncLevel,
 }
 ```
+**Two sources populate `RepoSyncIndex`:**
+1. **`SelfSubscriber`** — monitors the relay's own event stream for accepted announcements (kinds 30617, 1617, 1618, 1621). Adds entries with `SyncLevel::Full`. When an announcement is promoted from purgatory to the database, the SelfSubscriber sees it and upgrades the entry to `Full`.
+2. **Purgatory announcement sync timer** (`run_purgatory_announcement_sync`, every 5 seconds) — iterates `purgatory.announcements_for_sync()` and ensures each purgatory announcement has a `SyncLevel::StateOnly` entry in `RepoSyncIndex`. This is the only registration path for purgatory announcements because they are not saved to the database and therefore never seen by the SelfSubscriber.
 ### RelaySyncIndex (Confirmed State + Connection)
 ```rust
@@ -336,7 +353,23 @@ The sync system uses three background tasks that run continuously:
 1. Queue events to `PendingUpdates`
 2. Timer fires (interval, does not reset on events)
-3. Process batch: update RepoSyncIndex → derive targets → send AddFilters to SyncManager
+3. Process batch: update RepoSyncIndex with `SyncLevel::Full` → derive targets → send AddFilters to SyncManager
+**Note**: The SelfSubscriber only sees announcements that have been accepted to the database (promoted from purgatory). Purgatory announcements are registered separately by the purgatory sync timer (see below).
+### 4. Purgatory Announcement Sync Timer (`run_purgatory_announcement_sync`)
+**Purpose**: Register purgatory announcements in `RepoSyncIndex` so state events are synced for them
+**Interval**: Every 5 seconds (200ms in test mode)
+**Flow**:
+1. Iterate `purgatory.announcements_for_sync()`
+2. For each announcement not already in `RepoSyncIndex`: insert with `SyncLevel::StateOnly`
+3. When an announcement is promoted (git data arrives), the SelfSubscriber sees the newly accepted event and upgrades the entry to `SyncLevel::Full`
+**Why a separate timer?** Purgatory announcements are never saved to the database, so the SelfSubscriber never sees them. The timer bridges this gap, ensuring state events are synced for repos that may still receive git data.
 ---
@@ -602,9 +635,10 @@ flowchart TB
 - Self-subscriber monitors own relay for 30617, 1617, 1618, 1621 (NOT 1619 or 30618)
 - Batches events in `PendingUpdates` (5 second window via interval timer)
- `process_batch()` updates RepoSyncIndex, then builds AddFilters **directly** (no compute_actions)
+- `process_batch()` updates RepoSyncIndex with `SyncLevel::Full`, then builds AddFilters **directly** (no compute_actions)
 - AddFilters sent via channel to SyncManager, which calls `handle_new_sync_filters()`
 - This path does NOT use compute_actions because it's building fresh filters from the updated index
+- Purgatory announcements (not in DB) are registered separately by the purgatory sync timer with `SyncLevel::StateOnly`
 ---
@@ -687,16 +721,23 @@ fn compute_actions(
 - **Tags**: lowercase `a`, uppercase `A`, and `q` tags for comprehensive coverage
 - **Batching**: Per 100 repo refs
 - **Function**: `build_repo_tag_filters(repos, since)`
+- **Only for `SyncLevel::Full` repos** — purgatory announcements (`StateOnly`) skip this layer
 ### Layer 3: Events Tagging Our Root Events
 - **Tags**: lowercase `e`, uppercase `E`, and `q` tags for comprehensive coverage
 - **Batching**: Per 100 event IDs
 - **Function**: `build_root_event_tag_filters(root_events, since)`
+- **Only for `SyncLevel::Full` repos** — purgatory announcements (`StateOnly`) skip this layer
+### Combined Layer 2+3 (SyncLevel-Aware)
+The `build_sync_level_aware_filters()` function combines both layers, partitioning repos by `SyncLevel`:
-### Combined Layer 2+3
+- **`Full` repos**: state event filters + repo-tag filters + root-event-tag filters
+- **`StateOnly` repos**: state event filters only (kind 30618 with `#d` tags)
-The `build_layer2_and_layer3_filters()` function combines both layers. Used by:
+Used by:
 - `recompute_new_sync_filters_for_relay` for new item subscriptions
 - `reconstruct_filters` for rebuilding from confirmed state
@@ -871,9 +912,9 @@ flowchart TB
 ```
 src/sync/
-├── mod.rs              # SyncManager, main loop, data structures
+├── mod.rs              # SyncManager, main loop, data structures, SyncLevel, run_purgatory_announcement_sync
 ├── algorithms.rs       # derive_relay_targets(), compute_actions()
-├── filters.rs          # build_announcement_filter(), build_layer2_and_layer3_filters()
+├── filters.rs          # build_announcement_filter(), build_sync_level_aware_filters()
 ├── health.rs           # RelayHealthTracker with exponential backoff
 ├── relay_connection.rs # RelayConnection, RelayEvent handling
 ├── self_subscriber.rs  # SelfSubscriber with batching
diff --git a/docs/explanation/purgatory-design.md b/docs/explanation/purgatory-design.md
index b984745..8e7d75c 100644
--- a/docs/explanation/purgatory-design.md
+++ b/docs/explanation/purgatory-design.md
@@ -8,7 +8,11 @@
 ## Overview
-Purgatory is an in-memory holding area that solves the **"which arrives first?"** problem in GRASP. Either nostr events or git pushes can arrive in any order:
+Purgatory is an in-memory holding area that solves two related problems in GRASP:
+### Problem 1: "Which arrives first?" (State and PR events)
+Either nostr events or git pushes can arrive in any order:
 - **Event first**: Event waits in purgatory until git data arrives
 - **Git first**: Placeholder waits in purgatory until event arrives
@@ -19,28 +23,61 @@ When both halves arrive, they are processed together and saved to the database.
 > Accepted repo state announcements, PRs and PR Updates SHOULD be accepted with message "purgatory: won't be served until git data arrives" and kept in purgatory (not served) until the related git data arrives and otherwise discarded after 30 minutes.
+### Problem 2: Misleading empty repository announcements
+When a repository announcement arrives, we must create the bare git repo immediately so pushes can succeed. But if no git data ever arrives, we would serve an empty repo and its announcement indefinitely—clients see the announcement, try to clone, and get nothing.
+**Solution**: New announcements go to **announcement purgatory** instead of being immediately accepted:
+1. **Announcement arrives** → Create bare repo immediately, add announcement to purgatory
+2. **Git data arrives** → Promote announcement from purgatory to active (now served to clients)
+3. **No git data before expiry** → Delete bare repo, discard announcement (never served)
+This ensures we only serve announcements for repos that actually have content.
 ---
 ## Key Design Principles
-### 1. In-Memory Only
+### 1. Graceful-Shutdown Persistence
+Purgatory state is **saved to disk on graceful shutdown** and **restored on startup**. This preserves in-flight work across planned restarts (deployments, reboots).
+On `SIGINT` / Ctrl-C, `main.rs` calls `purgatory.save_to_disk()` before exiting. On startup, if the state file exists, `purgatory.restore_from_disk()` is called before the server begins accepting connections.
+**What is persisted:**
+| Store | Persisted? | Notes |
+|-------|-----------|-------|
+| `announcement_purgatory` | ✅ Yes | Non-soft-expired entries only (bare repo must exist) |
+| `state_events` | ✅ Yes | All active entries |
+| `pr_events` | ✅ Yes | Both events and placeholders |
+| `expired_events` | ✅ Yes | Prevents re-sync loops after restart |
+| `sync_queue` | ❌ No | Rebuilt automatically after restore |
-Purgatory data is **not persisted** to disk. On restart, all purgatory entries are lost. This is acceptable because:
+**What is NOT persisted (unclean shutdown):**
+On a crash or `SIGKILL`, the state file is not written. In that case:
 - Events are still on other relays (can be re-submitted)
 - Git data can be re-pushed
 - 30-minute expiry means data is transient anyway
-### 2. Separate Storage for State vs PR Events
+**State file location:** `<git_data_path>/purgatory-state.json`
+**Downtime accounting:** Expiry deadlines are stored as duration offsets from the save timestamp. On restore, elapsed downtime is subtracted from each deadline. Entries that expired during downtime are immediately swept by the next cleanup tick.
+**Soft-expired announcements are excluded:** Their bare repos have already been deleted, so they cannot be meaningfully restored. They will be re-fetched via background sync if needed.
-State events (kind 30618) and PR events (kind 1617/1618) have fundamentally different matching patterns:
+### 2. Separate Storage for Each Event Type
-| Event Type | Index | Matching Strategy |
+| Store | Index | Purpose |
-|------------|-------|-------------------|
+|-------|-------|---------|
-| **State Events** | `identifier` (d tag) | Compare refs at push time |
+| `announcement_purgatory` | `(PublicKey, String)` — `(owner, identifier)` | Announcements awaiting git data |
-| **PR Events** | `event_id` (hex string) | Direct match via `refs/nostr/<event-id>` |
+| `state_events` | `identifier` (d tag) | State events awaiting git data |
+| `pr_events` | `event_id` (hex string) | PR events awaiting git data |
-They use **separate DashMap stores** for efficient concurrent access.
+Announcement purgatory uses `(pubkey, identifier)` because identifier alone is not unique across different owners.
 ### 3. Late Binding for State Events
@@ -78,7 +115,23 @@ With purgatory checking during authorization:
 2. Git push arrives → Checks **database + purgatory** → State found → **AUTHORIZED** ✅
 3. After push succeeds → Save event to database → Remove from purgatory
-See [`src/git/authorization.rs:51-162`](../../src/git/authorization.rs) for implementation.
+See [`src/git/authorization.rs`](../../src/git/authorization.rs) for implementation.
+### 6. Announcement Purgatory: Bare Repo Created Immediately
+**Decision:** Create the bare git repo when announcement enters purgatory.
+**Why:** Git pushes may arrive at any time. Without a repo, pushes fail.
+**Consequence:** We allocate disk space for repos that may expire unused. Must delete repos on expiry.
+### 7. Replacement Announcements Skip Purgatory
+**Decision:** Announcements replacing an existing active (database) announcement are accepted immediately.
+**Why:** The repository is already proven active with content.
+**How:** Check if active announcement exists for `(pubkey, identifier)` before routing to purgatory.
 ---
@@ -103,22 +156,54 @@ pub struct RefUpdate {
 }
 ```
+### Announcement Purgatory Entry
+```rust
+pub struct AnnouncementPurgatoryEntry {
+    /// The kind 30617 announcement event
+    pub event: Event,
+    /// Repository identifier from 'd' tag
+    pub identifier: String,
+    /// Event author pubkey
+    pub owner: PublicKey,
+    /// Path to the bare git repo on disk (created immediately on entry)
+    pub repo_path: PathBuf,
+    /// Relay URLs from 'relays'/'clone' tags — for sync registration
+    pub relays: HashSet<String>,
+    /// When added to purgatory
+    pub created_at: Instant,
+    /// Expiry deadline (30 min from creation, may be extended)
+    pub expires_at: Instant,
+    /// Whether the bare repo has been deleted (soft expiry phase)
+    pub soft_expired: bool,
+}
+```
+**Indexed by `(pubkey, identifier)`** because identifier is not unique across different owners.
 ### State Purgatory Entry
 ```rust
 pub struct StatePurgatoryEntry {
    /// The nostr state event (kind 30618) awaiting git data
    pub event: Event,
-    
    /// Repository identifier from 'd' tag
    pub identifier: String,
-    
    /// Event author pubkey
    pub author: PublicKey,
-    
    /// When added to purgatory
    pub created_at: Instant,
-    
    /// Expiry deadline (30 min from creation, may be extended)
    pub expires_at: Instant,
 }
@@ -132,14 +217,14 @@ pub struct StatePurgatoryEntry {
 pub struct PrPurgatoryEntry {
    /// The nostr PR event, if received (None = git data arrived first)
    pub event: Option<Event>,
-    
    /// Expected commit SHA from 'c' tag (if event exists)
    /// or actual commit pushed (if git arrived first)
    pub commit: String,
-    
    /// When added to purgatory
    pub created_at: Instant,
-    
    /// Expiry deadline (30 min from creation)
    pub expires_at: Instant,
 }
@@ -151,24 +236,180 @@ pub struct PrPurgatoryEntry {
 ```rust
 pub struct Purgatory {
+    /// Announcement events indexed by (owner, identifier)
+    announcement_purgatory: DashMap<(PublicKey, String), AnnouncementPurgatoryEntry>,
    /// State events indexed by identifier (d tag)
    /// Multiple state events per identifier allowed (different authors)
-    state_events: Arc<DashMap<String, Vec<StatePurgatoryEntry>>>,
+    state_events: DashMap<String, Vec<StatePurgatoryEntry>>,
-    
    /// PR events indexed by event_id (hex string)
    /// Single entry per event ID
-    pr_events: Arc<DashMap<String, PrPurgatoryEntry>>,
+    pr_events: DashMap<String, PrPurgatoryEntry>,
-    
    /// Sync queue for background git data fetching
-    sync_queue: Arc<DashMap<String, SyncQueueEntry>>,
+    sync_queue: DashMap<String, SyncQueueEntry>,
-    
-    _git_data_path: PathBuf,
+    /// Events that previously expired without git data (prevents re-sync loops)
+    expired_events: DashMap<EventId, Instant>,
+}
+```
+### Persistence State (Disk Format)
+`Instant` fields cannot be serialized directly. Each entry type has a corresponding `Serializable*` wrapper that stores time fields as `u64` second offsets from a `saved_at: SystemTime` reference point. On restore, elapsed downtime is subtracted to produce the correct remaining TTL.
+```rust
+struct PurgatoryState {
+    version: u32,                    // currently 1
+    saved_at: SystemTime,            // reference for offset math
+    /// Non-soft-expired announcements indexed by "owner_hex:identifier"
+    announcement_purgatory: HashMap<String, SerializableAnnouncementPurgatoryEntry>,
+    /// State events indexed by repository identifier
+    state_events: HashMap<String, Vec<SerializableStatePurgatoryEntry>>,
+    /// PR events (and placeholders) indexed by event ID hex
+    pr_events: HashMap<String, SerializablePrPurgatoryEntry>,
+    /// Expired event IDs → approximate expiry SystemTime
+    expired_events: HashMap<String, SystemTime>,
 }
 ```
+The `announcement_purgatory` field uses `#[serde(default)]` so that state files written before announcement persistence was added (version 1 without the field) still deserialize correctly.
+---
+## Announcement Purgatory Flows
+### New Announcement Flow
+```
+Announcement arrives
+    |
+    v
+Is there an active announcement for (pubkey, identifier) in DB?
+    |
+    +-- YES --> Accept immediately (replacement, repo already proven)
+    |
+    +-- NO --> Is there a purgatory entry for (pubkey, identifier)?
+                |
+                +-- YES --> Replace purgatory entry, extend expiry 30 min
+                |           Return OK to client (but don't serve)
+                |
+                +-- NO --> Create bare repo
+                           Add to purgatory
+                           Return OK to client (but don't serve)
+```
+### Git Data Arrival → Promotion
+```
+Git push/fetch completes with data
+    |
+    v
+process_purgatory_announcements() called
+    |
+    v
+Is there a purgatory announcement for (owner, identifier)?
+    |
+    +-- YES --> promote_announcement() removes from purgatory
+    |           Save event to database
+    |           Notify WebSocket clients
+    |           (Sync upgrades to Full automatically via SelfSubscriber)
+    |
+    +-- NO --> Normal processing
+```
+### State Event Arrival for Purgatory Announcement
+```
+State event arrives
+    |
+    v
+fetch_repository_data_with_purgatory() checks DB + purgatory
+    |
+    +-- Announcement found in purgatory -->
+    |       Validate authorization against purgatory announcement
+    |       Extend purgatory announcement expiry (reset 30-min timer)
+    |       If soft-expired: recreate bare repo, clear soft_expired flag
+    |       Route state event to state purgatory
+    |
+    +-- No announcement anywhere --> Reject
+```
+### Announcement Expiry (Two-Phase Soft Expiry)
+The protocol specifies 30-minute expiry for announcements. We implement a two-phase soft expiry:
+**Phase 1 — Initial 30-minute expiry (`soft_expired == false`):**
+- Delete the bare git repo (frees disk space, respects protocol expiry)
+- Set `soft_expired = true`
+- Extend `expires_at` by 24 hours (`SOFT_EXPIRY_EXTENDED`)
+- Continue syncing state events (same as active purgatory)
+**Phase 2 — 24-hour soft expiry (`soft_expired == true`):**
+- Add event ID to `expired_events` (prevents re-sync loops)
+- Remove entry completely from `announcement_purgatory`
+**Why soft expiry?** Without it, we'd face a dilemma:
+- Add expired announcements to `failed_events` → permanently reject future state events, losing potential revival when state events arrive late
+- Re-fetch the announcement event on every sync cycle → wasting bandwidth and creating unnecessary sync traffic
+Soft expiry retains the event for 24 hours so that late-arriving state events (e.g. from a slow sync) can revive the announcement without forcing a full re-announcement flow.
+**Revival:** If a state event arrives for a soft-expired announcement, `extend_announcement_expiry()` recreates the bare repo, clears `soft_expired`, and resets the 30-minute timer.
+### Expiry Extension Triggers
+The 30-minute purgatory timer is reset (extended) in three scenarios:
+| Trigger | Location | Why |
+|---------|----------|-----|
+| State event arrives | `StatePolicy::process_state_event()` | Repo is actively receiving metadata |
+| Git push authorized against purgatory state | `get_state_authorization_for_specific_owner_repo()` | Repo is actively receiving git data |
+| Replacement announcement arrives | `AnnouncementPolicy::validate()` | Announcement updated |
+All three call `purgatory.extend_announcement_expiry(owner, identifier, 1800s)`.
+### Purgatory Lifecycle
+```
+                    ┌─────────────────────────────────────┐
+                    │                                     │
+                    v                                     │
+Announcement ──> ACTIVE ──────────────────────────────────┤
+  arrives        (bare repo exists)                       │
+                    │                                     │
+                    ├── Git data ──> PROMOTED (exit)      │
+                    │                                     │
+                    ├── Deletion ──> REMOVED (exit)       │
+                    │                                     │
+                    v                                     │
+               SOFT_EXPIRED ──────────────────────────────┘
+               (bare repo deleted,        ^
+                event retained)           │
+                    │                     │
+                    ├── State event arrives (revival)
+                    │
+                    └── Extended expiry ──> REMOVED (exit)
+```
+| Exit | Trigger | Action |
+|------|---------|--------|
+| **Promotion** | Git data arrives | Move to database, sync upgrades to Full |
+| **Soft expiry** | Initial 30-min timeout | Delete bare repo, retain event, continue sync |
+| **Full expiry** | 24-hour soft expiry | Add to expired_events, remove from purgatory |
+| **Deletion** | Kind 5 event | Delete bare repo, remove from purgatory |
+| **Replacement** | Newer announcement (same pubkey, identifier) | Replace entry, extend expiry |
+| **Service change** | Newer announcement removes our service | Remove from purgatory |
 ---
-## Event Flows
+## State and PR Event Flows
 ### State Event Arrival (Kind 30618)
@@ -377,11 +618,12 @@ Purgatory includes a background sync system that fetches git data from remote se
                         ▼
 ┌─────────────────────────────────────────────────────┐
 │   process_newly_available_git_data(repo, oids)      │
-│  1. Find satisfiable state events in purgatory      │
+│  1. Find satisfiable announcement in purgatory      │
-│  2. Find satisfiable PR events in purgatory         │
+│  2. Find satisfiable state events in purgatory      │
-│  3. Save events to database                         │
+│  3. Find satisfiable PR events in purgatory         │
-│  4. Sync git data to other owner repos              │
+│  4. Save events to database                         │
-│  5. Remove from purgatory                           │
+│  5. Sync git data to other owner repos              │
+│  6. Remove from purgatory                           │
 └─────────────────────────────────────────────────────┘
 ```
@@ -402,8 +644,8 @@ pub struct SyncQueueEntry {
 **Backoff strategy:**
 - First attempt: 20 seconds
- Second attempt: 2 minutes
+- Second attempt: 40 seconds
- Subsequent attempts: 2 minutes
+- Subsequent attempts: capped at 2 minutes
 ### Sync Delays
@@ -428,7 +670,7 @@ pub struct ThrottleManager {
 ```
 **Rate limiting:**
- Default: 5 requests per domain per 30 seconds
+- Default: 5 concurrent requests per domain, 30 requests per minute
 - Tracks request timestamps in a sliding window
 - Queues identifiers when domain is throttled
 - Processes queue when capacity frees up
@@ -439,7 +681,47 @@ See [`src/purgatory/sync/throttle.rs`](../../src/purgatory/sync/throttle.rs) for
 ## Purgatory API
-### Adding Entries
+### Announcement Purgatory
+```rust
+impl Purgatory {
+    /// Add an announcement to purgatory (bare repo already created by caller)
+    pub fn add_announcement(
+        &self,
+        event: Event,
+        identifier: String,
+        owner: PublicKey,
+        repo_path: PathBuf,
+        relays: HashSet<String>,
+    );
+    /// Promote announcement: remove from purgatory, return event for DB save
+    pub fn promote_announcement(
+        &self,
+        owner: &PublicKey,
+        identifier: &str,
+    ) -> Option<Event>;
+    /// Get announcements by identifier (for authorization checks)
+    pub fn get_announcements_by_identifier(
+        &self,
+        identifier: &str,
+    ) -> Vec<AnnouncementPurgatoryEntry>;
+    /// Extend expiry (and revive soft-expired entries, recreating bare repo)
+    pub fn extend_announcement_expiry(
+        &self,
+        owner: &PublicKey,
+        identifier: &str,
+        duration: Duration,
+    );
+    /// Get all announcements for sync registration
+    pub fn announcements_for_sync(&self) -> Vec<AnnouncementPurgatoryEntry>;
+}
+```
+### State and PR Purgatory
 ```rust
 impl Purgatory {
@@ -453,13 +735,7 @@ impl Purgatory {
    
    /// Add a PR placeholder (git-data-first scenario)
    pub fn add_pr_placeholder(&self, event_id: String, commit: String);
-}
-```
-### Finding Entries
-```rust
-impl Purgatory {
    /// Find state events waiting for an identifier
    pub fn find_state(&self, identifier: &str) -> Vec<StatePurgatoryEntry>;
    
@@ -476,13 +752,7 @@ impl Purgatory {
    
    /// Find a PR placeholder specifically (git-data-first)
    pub fn find_pr_placeholder(&self, event_id: &str) -> Option<String>;
-}
-```
-### Removing Entries
-```rust
-impl Purgatory {
    /// Remove all state events for an identifier
    pub fn remove_state(&self, identifier: &str);
    
@@ -499,36 +769,14 @@ impl Purgatory {
 ```rust
 impl Purgatory {
    /// Remove expired entries (called every 60 seconds)
-    /// Returns (state_removed, pr_removed)
+    /// Handles two-phase soft expiry for announcements
-    pub fn cleanup(&self) -> (usize, usize);
+    pub fn cleanup(&self);
    
-    /// Extend expiry for entries about to be processed
+    /// Extend expiry for state/PR entries about to be processed
-    /// Ensures at least `duration` remaining
    pub fn extend_expiry(&self, identifier: &str, event_ids: &[EventId], duration: Duration);
    
-    /// Get current counts for metrics
+    /// Check if an event previously expired (prevents re-sync loops)
-    pub fn count(&self) -> (usize, usize);
+    pub fn is_expired(&self, event_id: &EventId) -> bool;
-}
-```
-### Sync Queue Management
-```rust
-impl Purgatory {
-    /// Enqueue identifier for sync with custom delay
-    pub fn enqueue_sync(&self, identifier: &str, delay: Duration);
-    
-    /// Enqueue with default delay (3 minutes)
-    pub fn enqueue_sync_default(&self, identifier: &str);
-    
-    /// Enqueue with immediate delay (500ms)
-    pub fn enqueue_sync_immediate(&self, identifier: &str);
-    
-    /// Check if identifier has pending events
-    pub fn has_pending_events(&self, identifier: &str) -> bool;
-    
-    /// Remove identifier from sync queue
-    pub fn remove_from_sync_queue(&self, identifier: &str);
 }
 ```
@@ -558,12 +806,6 @@ pub fn can_apply_state(
    event: &Event,
    repo_path: &Path,
 ) -> Result<bool>;
-/// Get refs from state that aren't being pushed
-pub fn get_unpushed_refs(
-    state_refs: &[RefPair],
-    pushed_refs: &[RefPair],
-) -> Vec<RefPair>;
 ```
 See [`src/purgatory/helpers.rs`](../../src/purgatory/helpers.rs) for implementation.
@@ -572,123 +814,37 @@ See [`src/purgatory/helpers.rs`](../../src/purgatory/helpers.rs) for implementat
 ## Integration Points
-### 1. Event Policy (Nip34WritePolicy)
+### 1. Announcement Policy (`src/nostr/policy/announcement.rs`)
-State and PR events are added to purgatory when git data doesn't exist:
+Routes new announcements to purgatory or accepts replacements:
-```rust
+- If active DB announcement exists for `(pubkey, identifier)` → `Accept` immediately
-// From src/nostr/policy/state.rs
+- If purgatory entry exists → replace it, extend expiry, return `Accept`
-async fn handle_state(&self, event: &Event) -> WritePolicyResult {
+- Otherwise → return `AcceptPurgatory`, caller calls `add_to_purgatory()` which creates bare repo and adds to purgatory
-    let identifier = extract_identifier(event)?;
-    
-    // Check if we have matching git data
-    if self.has_matching_git_data(&identifier, event).await? {
-        return WritePolicyResult::Accept;
-    }
-    
-    // Add to purgatory
-    self.purgatory.add_state(
-        event.clone(),
-        identifier.clone(),
-        event.pubkey,
-    );
-    
-    WritePolicyResult::Reject {
-        status: true,  // Client sees OK
-        message: "purgatory: awaiting git data".into()
-    }
-}
-```
-### 2. Git Push Authorization
+### 2. State Event Policy (`src/nostr/policy/state.rs`)
-Authorization checks both database and purgatory:
+Checks purgatory announcements for authorization and extends their expiry:
 ```rust
-// From src/git/authorization.rs
+// Fetch announcements from both DB and purgatory
-pub async fn authorize_push(
+let repo_data = fetch_repository_data_with_purgatory(db, purgatory, identifier).await?;
-    database: &SharedDatabase,
-    identifier: &str,
+// For each authorized owner with a purgatory announcement, extend expiry
-    owner_pubkey: &str,
+purgatory.extend_announcement_expiry(&owner_pk, &identifier, Duration::from_secs(1800));
-    request_body: &Bytes,
-    purgatory: &Arc<Purgatory>,  // Critical!
-    repo_path: &std::path::Path,
-) -> anyhow::Result<AuthorizationResult> {
-    // Parse pushed refs
-    let pushed_refs = parse_pushed_refs(request_body);
-    
-    // Check database for state events
-    let db_result = get_authorization_from_db(database, identifier).await?;
-    
-    if !db_result.authorized {
-        // No state in database - check purgatory
-        let purgatory_result = get_state_authorization_for_specific_owner_repo(
-            database,
-            identifier,
-            owner_pubkey,
-            purgatory,
-            &pushed_refs,
-            repo_path,
-        ).await?;
-        
-        return purgatory_result;
-    }
-    
-    db_result
-}
 ```
-### 3. Post-Push Processing
+### 3. Git Push Authorization (`src/git/authorization.rs`)
-After successful push, events from purgatory are saved to database:
+`fetch_repository_data_with_purgatory()` merges DB announcements with purgatory announcements for authorization. On successful authorization via purgatory state events, also extends announcement expiry.
-```rust
+### 4. Git Data Processing (`src/git/sync.rs`)
-// From src/git/handlers.rs
-if from_purgatory {
-    if let (Some(db), Some(purg)) = (&database, &purgatory) {
-        // Save state event to database
-        db.save_event(&state.event).await?;
-        
-        // Remove from purgatory
-        purg.remove_state_event(identifier, &state.event.id);
-    }
-}
-```
-### 4. Background Sync Loop
+`process_purgatory_announcements()` is called after any git push or background sync fetch. It promotes announcements from purgatory to the database and notifies WebSocket clients.
-Started during application initialization:
+### 5. Sync Registration (`src/sync/`)
-```rust
+A background timer (`run_purgatory_announcement_sync`, every 5 seconds) ensures purgatory announcements are registered in `RepoSyncIndex` with `SyncLevel::StateOnly`. When an announcement is promoted, the `SelfSubscriber` upgrades it to `SyncLevel::Full`.
-// From src/main.rs
-let purgatory = Arc::new(Purgatory::new(git_data_path));
-let ctx = Arc::new(RealSyncContext::new(
-    database.clone(),
-    purgatory.clone(),
-    config.domain.clone(),
-    git_data_path.clone(),
-));
-let throttle_manager = Arc::new(ThrottleManager::new(5, 30));
-throttle_manager.set_context(ctx.clone());
-// Start sync loop
-let sync_handle = purgatory.clone().start_sync_loop(ctx, throttle_manager);
-// Start cleanup task
-let cleanup_handle = tokio::spawn(async move {
-    let mut interval = tokio::time::interval(Duration::from_secs(60));
-    loop {
-        interval.tick().await;
-        let (state_removed, pr_removed) = purgatory.cleanup();
-        if state_removed + pr_removed > 0 {
-            tracing::debug!(
-                "Purgatory cleanup removed {} state, {} PR entries",
-                state_removed, pr_removed
-            );
-        }
-    }
-});
-```
 ---
@@ -697,8 +853,9 @@ let cleanup_handle = tokio::spawn(async move {
 ```
 src/
 ├── purgatory/
-│   ├── mod.rs              # Main Purgatory struct and API
+│   ├── mod.rs              # Main Purgatory struct, API, save_to_disk, restore_from_disk
-│   ├── types.rs            # RefPair, StatePurgatoryEntry, PrPurgatoryEntry
+│   ├── types.rs            # RefPair, AnnouncementPurgatoryEntry, StatePurgatoryEntry, PrPurgatoryEntry
+│   ├── persistence.rs      # instant_to_offset / offset_to_instant time conversion utilities
 │   ├── helpers.rs          # Ref extraction and matching functions
 │   └── sync/
 │       ├── mod.rs          # Sync module exports
@@ -710,9 +867,10 @@ src/
 ├── git/
 │   ├── authorization.rs    # authorize_push with purgatory checking
 │   ├── handlers.rs         # handle_receive_pack with post-push processing
-│   └── sync.rs             # process_newly_available_git_data
+│   └── sync.rs             # process_newly_available_git_data, process_purgatory_announcements
 └── nostr/
    └── policy/
+        ├── announcement.rs # Route announcements to purgatory
        ├── state.rs        # State event policy with purgatory
        └── pr_event.rs     # PR event policy with purgatory
 ```
@@ -725,7 +883,8 @@ src/
 Located in each module:
- **[`src/purgatory/mod.rs`](../../src/purgatory/mod.rs)** - Core purgatory operations
+- **[`src/purgatory/mod.rs`](../../src/purgatory/mod.rs)** - Core purgatory operations including announcement purgatory; persistence round-trip tests for all entry types (state, PR, announcement, expired events, downtime calculation, soft-expired exclusion, missing-repo skip)
+- **[`src/purgatory/persistence.rs`](../../src/purgatory/persistence.rs)** - `instant_to_offset` / `offset_to_instant` round-trip tests
 - **[`src/purgatory/helpers.rs`](../../src/purgatory/helpers.rs)** - Ref matching logic
 - **[`src/purgatory/sync/functions.rs`](../../src/purgatory/sync/functions.rs)** - Sync functions with MockSyncContext
 - **[`src/purgatory/sync/throttle.rs`](../../src/purgatory/sync/throttle.rs)** - Throttle manager
@@ -734,17 +893,33 @@ Located in each module:
 Located in [`tests/`](../../tests/):
+- **Announcement purgatory flow** - Announcement enters purgatory, git data promotes it
+- **Announcement soft expiry** - Bare repo deleted after 30 min, event retained 24h
+- **Announcement revival** - State event revives soft-expired announcement
 - **State event purgatory flow** - Event arrives, git push releases it
 - **PR event purgatory flow** - Event arrives, git push releases it
 - **Git-data-first flow** - Git push creates placeholder, event completes it
 - **Authorization with purgatory** - Push authorized by purgatory state
 - **Background sync** - Sync fetches git data and releases events
+- **Persistence across restart** - Save/restore cycle preserves all entry types including announcements
 ---
 ## Key Learnings
-### 1. Purgatory Authorization is Critical
+### 1. Announcement Purgatory Prevents Misleading Empty Repos
+Without announcement purgatory, we'd serve announcements for repos with no content. Clients would see the announcement, try to clone, and get nothing.
+**Solution:** Announcements wait in purgatory until git data proves content exists.
+### 2. Soft Expiry Avoids Sync Loops
+The protocol's 30-minute expiry creates a problem: without soft expiry, we'd either permanently block repositories or constantly re-sync expired announcement events.
+**Solution:** Soft expiry retains the event for 24 hours after deleting the bare repo, allowing revival without re-fetching.
+### 3. Purgatory Authorization is Critical
 Without checking purgatory during authorization, we have a deadlock:
 - State event goes to purgatory (no git data)
@@ -753,7 +928,7 @@ Without checking purgatory during authorization, we have a deadlock:
 **Solution:** `authorize_push()` checks both database and purgatory.
-### 2. Late Binding for State Events
+### 4. Late Binding for State Events
 Extracting refs at event arrival time doesn't work when:
 - Multiple state events arrive for same identifier
@@ -761,7 +936,7 @@ Extracting refs at event arrival time doesn't work when:
 **Solution:** Extract and match refs at push time via `find_matching_states()`.
-### 3. Bidirectional Waiting for PR Events
+### 5. Bidirectional Waiting for PR Events
 PR events can arrive before or after git data:
 - Event first → Wait for git push
@@ -769,26 +944,21 @@ PR events can arrive before or after git data:
 **Solution:** `PrPurgatoryEntry.event: Option<Event>` with `None` = placeholder.
-### 4. Sync Queue Debouncing
+### 6. Persistence Requires Instant → Duration Conversion
-When events arrive in bursts (e.g., negentropy sync), we don't want to spawn a sync task for each event.
-**Solution:** `enqueue_sync()` resets `attempt_count` and updates `next_attempt` if already queued.
-### 5. Domain Throttling with Queues
+`std::time::Instant` is not serializable and is not meaningful across process boundaries. Expiry deadlines must be converted to a portable form.
-When a domain is throttled, we still want to eventually sync from it.
+**Solution:** Store each deadline as a `u64` second offset from a `saved_at: SystemTime` reference. On restore, subtract elapsed downtime from each offset to compute the new `Instant`. Entries whose deadline already passed during downtime get `expires_at = now` and are swept by the next cleanup tick.
-**Solution:** `ThrottleManager` maintains per-domain queues and processes them when capacity frees.
+**Soft-expired announcements are excluded from persistence** because their bare repos have been deleted. Restoring them would leave purgatory entries pointing at non-existent repos. They are simply dropped; background sync will re-fetch the announcement event if needed.
 ---
 ## Related Documentation
- [Inline Authorization](inline-authorization.md) - Why purgatory checking during authorization is essential
 - [Architecture Overview](architecture.md) - Full system design
- [Background Sync](../how-to/purgatory-sync.md) - How to configure and monitor sync
+- [GRASP-02 Proactive Sync](grasp-02-proactive-sync.md) - Relay-to-relay event sync with SyncLevel
- [Test Strategy](../reference/test-strategy.md) - How we test purgatory
+- [GRASP-02 Purgatory Git Data Fetching](grasp-02-proactive-sync-purgatory-git-data.md) - Background git data hunting
 ---
diff --git a/grasp-audit/README.md b/grasp-audit/README.md
index 4d2401f..936f10f 100644
--- a/grasp-audit/README.md
+++ b/grasp-audit/README.md
@@ -245,7 +245,7 @@ pub async fn test_something(client: &AuditClient) -> TestResult {
            let ctx = TestContext::new(client);
            // 2. Prerequisites (cached per-TestContext)
-            let repo = ctx.get_fixture(FixtureKind::ValidRepo).await?;
+            let repo = ctx.get_fixture(FixtureKind::ValidRepoSent).await?;
            // 3. Test-specific event
            let my_event = client.create_issue(&repo, "Title", "Content", vec![])?;
@@ -298,10 +298,10 @@ Fixtures use deterministic commit hashes for reproducible testing:
 | Constant                                         | Hash                                       | Used By                                          |
 | ------------------------------------------------ | ------------------------------------------ | ------------------------------------------------ |
-| `DETERMINISTIC_COMMIT_HASH`                      | `64ea71d79a57a7acb334cd9651f8aec067c0ce5d` | Owner fixtures (RepoState, OwnerStateDataPushed) |
+| `DETERMINISTIC_COMMIT_HASH`                      | `d6e4b26ccf9c268d18d60e6d09804313cc850821` | Owner fixtures (RepoState, OwnerStateDataPushed) |
-| `MAINTAINER_DETERMINISTIC_COMMIT_HASH`           | `1c2d472c9b71ed51968a66500281a3c4a6840464` | MaintainerStateDataPushed                        |
+| `MAINTAINER_DETERMINISTIC_COMMIT_HASH`           | `d26703c007eff6d17fee3bb70ce8be5d1427d0e7` | MaintainerStateDataPushed                        |
-| `RECURSIVE_MAINTAINER_DETERMINISTIC_COMMIT_HASH` | `05939b82de66fbdb9c077d0a64fc68522f3cb8e0` | RecursiveMaintainerStateDataPushed               |
+| `RECURSIVE_MAINTAINER_DETERMINISTIC_COMMIT_HASH` | `54a2b4b3cbc3373ad1438b8ffad1681d12bc6c4a` | RecursiveMaintainerStateDataPushed               |
-| `PR_TEST_COMMIT_HASH`                            | `5d40fb1555a0c28bf4d650515a73aaa54d4d9bfb` | PR fixtures (PREvent, PREventGenerated)          |
+| `PR_TEST_COMMIT_HASH`                            | `5a51b30e4615b572dcd5b9e487861b58605a5c21` | PR fixtures (PREvent, PREventGenerated)          |
 #### Fixture Dependencies
diff --git a/grasp-audit/src/client.rs b/grasp-audit/src/client.rs
index 91a93dc..5c263ad 100644
--- a/grasp-audit/src/client.rs
+++ b/grasp-audit/src/client.rs
@@ -209,6 +209,36 @@ impl AuditClient {
        Ok(event_id)
    }
+    /// Send event and note whether it entered purgatory (not served) or was served immediately.
+    ///
+    /// This is a tolerant version of `send_event_expect_purgatory_not_served` that doesn't
+    /// fail if purgatory is not observed. It returns whether purgatory was observed so
+    /// fixtures can proceed regardless of relay implementation status.
+    ///
+    /// Returns (EventId, bool) where bool = true if event was NOT served (purgatory observed).
+    pub async fn send_event_and_note_purgatory(&self, event: Event) -> Result<(EventId, bool)> {
+        if self.config.read_only {
+            return Err(anyhow!("Client is in read-only mode"));
+        }
+        let output = self.client.send_event(&event).await?;
+        let event_id = *output.id();
+        // Check if any relay rejected the event and return the error message
+        if !output.failed.is_empty() {
+            let (relay_url, error) = output.failed.iter().next().unwrap();
+            return Err(anyhow!("Relay {} rejected event: {}", relay_url, error));
+        }
+        // Wait a bit for event to propagate
+        tokio::time::sleep(Duration::from_millis(300)).await;
+        // Check if event is served (not in purgatory) or not served (in purgatory)
+        let in_purgatory = !self.is_event_on_relay(event.id).await?;
+        Ok((event_id, in_purgatory))
+    }
    /// check if an event is on the relay
    pub async fn is_event_on_relay(&self, id: EventId) -> Result<bool> {
        Ok(!self
diff --git a/grasp-audit/src/fixtures.rs b/grasp-audit/src/fixtures.rs
index bbc7740..45d3094 100644
--- a/grasp-audit/src/fixtures.rs
+++ b/grasp-audit/src/fixtures.rs
@@ -47,7 +47,7 @@
 //! let ctx = TestContext::new(&client);
 //!
 //! // Request a fixture - behavior depends on mode
-//! let repo = ctx.get_fixture(FixtureKind::ValidRepo).await?;
+//! let repo = ctx.get_fixture(FixtureKind::ValidRepoSent).await?;
 //! # Ok(())
 //! # }
 //! ```
@@ -61,59 +61,68 @@ use std::sync::{Arc, Mutex};
 /// Deterministic commit hash used in RepoState fixtures (Owner variant)
 /// This is the hash produced by creating a commit with:
 /// - Message: "Initial commit"
-/// - File: test.txt containing "Initial commit"
+/// - File: test.txt containing "Initial commit\n" (with trailing newline)
 /// - Author date: 2024-01-01T00:00:00Z
 /// - Committer date: 2024-01-01T00:00:00Z
 /// - GPG signing: disabled
 /// - User: "GRASP Audit Test <test@grasp-audit.local>"
-/// - Parent: Initial empty commit (09cc37de80f3434fa98864a86730b8d7777bd6ae)
+/// - Parent: none (root commit)
-pub const DETERMINISTIC_COMMIT_HASH: &str = "64ea71d79a57a7acb334cd9651f8aec067c0ce5d";
+pub const DETERMINISTIC_COMMIT_HASH: &str = "d6e4b26ccf9c268d18d60e6d09804313cc850821";
 /// Deterministic commit hash for maintainer fixtures (Maintainer variant)
 /// This is the hash produced by creating a commit with:
 /// - Message: "Maintainer initial commit"
-/// - File: test.txt containing "Maintainer initial commit"
+/// - File: test.txt containing "Maintainer initial commit\n" (with trailing newline)
 /// - Author date: 2024-01-01T00:00:00Z
 /// - Committer date: 2024-01-01T00:00:00Z
 /// - GPG signing: disabled
 /// - User: "GRASP Audit Test <test@grasp-audit.local>"
 /// - Parent: none (root commit)
-///   NOTE: This value is different from DETERMINISTIC_COMMIT_HASH due to different content
+pub const MAINTAINER_DETERMINISTIC_COMMIT_HASH: &str = "d26703c007eff6d17fee3bb70ce8be5d1427d0e7";
-pub const MAINTAINER_DETERMINISTIC_COMMIT_HASH: &str = "1c2d472c9b71ed51968a66500281a3c4a6840464";
 /// Deterministic commit hash for recursive maintainer fixtures (RecursiveMaintainer variant)
 /// This is the hash produced by creating a commit with:
 /// - Message: "Recursive maintainer initial commit"
-/// - File: test.txt containing "Recursive maintainer initial commit"
+/// - File: test.txt containing "Recursive maintainer initial commit\n" (with trailing newline)
 /// - Author date: 2024-01-01T00:00:00Z
 /// - Committer date: 2024-01-01T00:00:00Z
 /// - GPG signing: disabled
 /// - User: "GRASP Audit Test <test@grasp-audit.local>"
 /// - Parent: none (root commit)
-///   NOTE: This value is different from DETERMINISTIC_COMMIT_HASH due to different content
 pub const RECURSIVE_MAINTAINER_DETERMINISTIC_COMMIT_HASH: &str =
-    "05939b82de66fbdb9c077d0a64fc68522f3cb8e0";
+    "54a2b4b3cbc3373ad1438b8ffad1681d12bc6c4a";
 /// Deterministic commit hash for PR test fixtures (PRTestCommit variant)
 /// This is the hash produced by creating a commit with:
 /// - Message: "PR test deterministic commit"
-/// - File: test.txt containing "PR test deterministic commit"
+/// - File: test.txt containing "PR test deterministic commit\n" (with trailing newline)
+/// - Author date: 2024-01-01T00:00:00Z
+/// - Committer date: 2024-01-01T00:00:00Z
+/// - GPG signing: disabled
+/// - User: "GRASP Audit Test <test@grasp-audit.local>"
+/// - Parent: none (root commit)
+pub const PR_TEST_COMMIT_HASH: &str = "5a51b30e4615b572dcd5b9e487861b58605a5c21";
+/// Deterministic commit hash for second PR test fixtures (PRTestCommit2 variant)
+/// This is the hash produced by creating a commit with:
+/// - Message: "PR test deterministic commit 2"
+/// - File: test.txt containing "PR test deterministic commit 2\n" (with trailing newline)
 /// - Author date: 2024-01-01T00:00:00Z
 /// - Committer date: 2024-01-01T00:00:00Z
 /// - GPG signing: disabled
 /// - User: "GRASP Audit Test <test@grasp-audit.local>"
 /// - Parent: none (root commit)
-pub const PR_TEST_COMMIT_HASH: &str = "5d40fb1555a0c28bf4d650515a73aaa54d4d9bfb";
+pub const PR_TEST_COMMIT_HASH_2: &str = "99420bc57835f5bc8ca20ab21a8d12850043920e";
 /// Types of test fixtures available
 ///
 /// ## Fixture Dependencies
 ///
-/// Several fixtures depend on `ValidRepo` - they all use the SAME repo_id
+/// Several fixtures depend on `ValidRepoSent` - they all use the SAME repo_id
 /// within a single TestContext instance to ensure proper fixture relationships:
-/// - `RepoState` → uses ValidRepo's repo_id
+/// - `RepoState` → uses ValidRepoSent's repo_id
-/// - `MaintainerAnnouncement` + `MaintainerState` → uses ValidRepo's repo_id
+/// - `MaintainerAnnouncement` + `MaintainerState` → uses ValidRepoSent's repo_id
-/// - `RecursiveMaintainerRepoAndState` → uses ValidRepo's repo_id
+/// - `RecursiveMaintainerRepoAndState` → uses ValidRepoSent's repo_id
 ///
 /// This enables testing recursive maintainer authorization chains where multiple
 /// parties publish announcements and state events for the same repository.
@@ -122,10 +131,16 @@ pub enum FixtureKind {
    /// Basic repository announcement (kind 30617)
    /// - Signed by owner keys (`client.keys()`)
    /// - Lists `client.maintainer_pubkey_hex()` in maintainers tag
-    ValidRepo,
+    ValidRepoSent,
+    /// Repository announcement that is queryable from the relay (served, not in purgatory)
+    /// - Depends on OwnerStateDataPushed (git data pushed, announcement promoted)
+    /// - Returns the same event as ValidRepoSent (now queryable)
+    /// - Use this for tests that need to query the announcement back from the relay
+    ValidRepoServed,
    /// Repository with one issue (kind 1621)
-    /// - Requires ValidRepo (reuses same repo_id)
+    /// - Requires ValidRepoServed (needs queryable repo for issue to reference)
    RepoWithIssue,
    /// Repository with issue and comment (kind 1111)
@@ -133,14 +148,30 @@ pub enum FixtureKind {
    RepoWithComment,
    /// Repository state announcement (kind 30618) for owner
-    /// - Requires ValidRepo (uses same repo_id)
+    /// - Requires ValidRepoSent (uses same repo_id)
    /// - Signed by owner keys (`client.keys()`)
    /// - Points to DETERMINISTIC_COMMIT_HASH
    /// - Timestamp: 10 seconds in the past
    RepoState,
-    /// PR (Pull Request) event for the SAME repo_id as ValidRepo
+    /// Owner's repository state announcement (kind 30618) sent to relay and accepted into purgatory
-    /// - Requires ValidRepo (uses same repo_id)
+    ///
+    /// This is the "sent" stage: the state event has been published to the relay and
+    /// accepted (OK response), but no git data has been pushed yet so it remains in
+    /// purgatory and is not served to clients.
+    ///
+    /// Use this when you need the state event to exist on the relay but do not need
+    /// the full push/serve cycle. For the complete cycle (git pushed + verified served),
+    /// use `OwnerStateDataPushed`.
+    ///
+    /// - Requires ValidRepoSent (uses same repo_id)
+    /// - Signed by owner keys (`client.keys()`)
+    /// - Points to DETERMINISTIC_COMMIT_HASH
+    /// - Timestamp: 10 seconds in the past
+    OwnerRepoStateSent,
+    /// PR (Pull Request) event for the SAME repo_id as ValidRepoServed
+    /// - Requires ValidRepoServed (uses same repo_id, needs queryable repo)
    /// - Signed by `client.pr_author_keys()`
    /// - Kind 1618 (NIP-34 PR)
    /// - Includes `a` tag referencing the repo
@@ -153,7 +184,7 @@ pub enum FixtureKind {
    /// This is a "Generated" stage fixture - the event is created but not published.
    /// Useful for tests that need the PR event ID before the event exists on the relay.
    ///
-    /// - Requires ValidRepo (uses same repo_id)
+    /// - Requires ValidRepoServed (uses same repo_id, needs queryable repo)
    /// - Signed by `client.pr_author_keys()`
    /// - Kind 1618 (NIP-34 PR)
    /// - Includes `c` tag pointing to PR_TEST_COMMIT_HASH
@@ -187,7 +218,7 @@ pub enum FixtureKind {
    /// (the "wrong" commit), but no PR event exists yet on the relay.
    ///
    /// Server state after this fixture:
-    /// - ValidRepo announcement on relay
+    /// - ValidRepoServed announcement on relay (repo is queryable)
    /// - refs/nostr/<pr-event-id> exists on git server with wrong commit
    /// - PR event is NOT on relay (but returned for tests to publish later)
    ///
@@ -203,7 +234,7 @@ pub enum FixtureKind {
    /// then the PR event was published (which may trigger cleanup).
    ///
    /// Server state after this fixture:
-    /// - ValidRepo announcement on relay
+    /// - ValidRepoServed announcement on relay
    /// - PR event is on relay
    /// - refs/nostr/<pr-event-id> may have been cleaned up (that's what tests verify)
    ///
@@ -212,6 +243,50 @@ pub enum FixtureKind {
    /// - Returns: the sent PR event
    PREventSentAfterWrongPush,
+    /// Second PR event generated (built) but NOT sent to relay
+    ///
+    /// Uses PR_TEST_COMMIT_HASH_2 (different from PR_TEST_COMMIT_HASH).
+    /// This allows testing purgatory mechanism with a separate PR event
+    /// that doesn't conflict with existing PR fixtures.
+    ///
+    /// - Requires ValidRepoServed (uses same repo_id, needs git data to exist)
+    /// - Signed by `client.pr_author_keys()`
+    /// - Kind 1618 (NIP-34 PR)
+    /// - Includes `c` tag pointing to PR_TEST_COMMIT_HASH_2
+    /// - NOT sent to relay
+    PREvent2Generated,
+    /// Second PR event sent to relay (enters purgatory)
+    ///
+    /// After this fixture:
+    /// - PR event is on relay but NOT served (in purgatory)
+    /// - No git data at refs/nostr/<pr-event-id>
+    ///
+    /// - Requires PREvent2Generated
+    /// - Sends the PR event to relay
+    /// - Returns: the sent PR event (in purgatory)
+    PREvent2Sent,
+    /// Git data pushed for second PR event AFTER event was sent
+    ///
+    /// After this fixture:
+    /// - PR event was in purgatory
+    /// - Correct commit pushed to refs/nostr/<pr-event-id>
+    /// - PR event should be released from purgatory
+    ///
+    /// - Requires PREvent2Sent
+    /// - Pushes correct commit (PR_TEST_COMMIT_HASH_2) to refs/nostr/<pr-event-id>
+    /// - Returns: the PR event (should now be served)
+    PREvent2GitDataPushed,
+    /// Full fixture: second PR event sent, git pushed, event served
+    ///
+    /// Combines PREvent2Sent + PREvent2GitDataPushed for convenience.
+    ///
+    /// - Requires PREvent2GitDataPushed
+    /// - Returns: the served PR event
+    PREvent2Served,
    /// Owner's state event with git data successfully pushed (full 4-stage fixture)
    ///
    /// This fixture represents the complete flow for testing state push authorization:
@@ -221,7 +296,7 @@ pub enum FixtureKind {
    /// 4. **DataPushed**: Clones repo, creates deterministic commit, pushes to relay
    /// 5. **Verified**: Confirms event is served by relay
    ///
-    /// - Requires ValidRepo (uses same repo_id)
+    /// - Requires ValidRepoSent (uses same repo_id)
    /// - State event signed by owner keys (`client.keys()`)
    /// - Points to DETERMINISTIC_COMMIT_HASH
    /// - Git push verified to succeed (state matches pushed commit)
@@ -252,7 +327,7 @@ pub enum FixtureKind {
    /// not the owner's announcement, so this tests the recursive maintainer traversal.
    ///
    /// This fixture represents the complete flow for testing recursive maintainer push authorization:
-    /// 1. **Generated**: (MaintainerStateDataPushed dependency includes ValidRepo + OwnerStateDataPushed)
+    /// 1. **Generated**: (MaintainerStateDataPushed dependency includes ValidRepoSent + OwnerStateDataPushed)
    ///    Creates MaintainerAnnouncement + RecursiveMaintainerState
    /// 2. **Sent**: Sends events to relay (returns OK, accepted but 'purgatory:...' message)
    /// 3. **Verify Not Served**: Confirms event is not served by relays
@@ -276,16 +351,29 @@ impl FixtureKind {
    pub fn dependencies(&self) -> Vec<FixtureKind> {
        match self {
            // Base fixtures - no dependencies
-            Self::ValidRepo => vec![],
+            Self::ValidRepoSent => vec![],
-            // Fixtures that depend on ValidRepo
+            // ValidRepoServed depends on OwnerStateDataPushed (announcement promoted after git push)
-            Self::RepoWithIssue => vec![Self::ValidRepo],
+            Self::ValidRepoServed => vec![Self::OwnerStateDataPushed],
-            Self::RepoState => vec![Self::ValidRepo],
-            Self::PREvent => vec![Self::ValidRepo],
+            // Fixtures that depend on ValidRepoServed (need queryable announcement)
-            Self::PREventGenerated => vec![Self::ValidRepo],
+            Self::RepoWithIssue => vec![Self::ValidRepoServed],
+            Self::RepoState => vec![Self::ValidRepoSent],
+            // OwnerRepoStateSent depends on ValidRepoSent: state event sent, sitting in purgatory
+            Self::OwnerRepoStateSent => vec![Self::ValidRepoSent],
+            Self::PREvent => vec![Self::ValidRepoServed],
+            Self::PREventGenerated => vec![Self::ValidRepoServed],
            Self::PRWrongCommitPushedBeforeEvent => vec![Self::PREventGenerated],
            Self::PREventSentAfterWrongPush => vec![Self::PRWrongCommitPushedBeforeEvent],
-            Self::OwnerStateDataPushed => vec![Self::ValidRepo],
+            // Second PR event fixtures (for purgatory testing)
+            Self::PREvent2Generated => vec![Self::ValidRepoServed],
+            Self::PREvent2Sent => vec![Self::PREvent2Generated],
+            Self::PREvent2GitDataPushed => vec![Self::PREvent2Sent],
+            Self::PREvent2Served => vec![Self::PREvent2GitDataPushed],
+            // OwnerStateDataPushed depends on OwnerRepoStateSent (git push + purgatory release)
+            Self::OwnerStateDataPushed => vec![Self::OwnerRepoStateSent],
            // Fixtures that depend on RepoWithIssue
            Self::RepoWithComment => vec![Self::RepoWithIssue],
@@ -321,8 +409,17 @@ impl FixtureKind {
            Self::PRWrongCommitPushedBeforeEvent => true,
            // PREventSentAfterWrongPush sends the PR event internally
            Self::PREventSentAfterWrongPush => true,
+            // Second PR event fixtures handle their own events/git data
+            Self::PREvent2Generated => true,
+            Self::PREvent2Sent => true,
+            Self::PREvent2GitDataPushed => true,
+            Self::PREvent2Served => true,
            // HeadSetToDevelopBranch sends its state event internally
            Self::HeadSetToDevelopBranch => true,
+            // ValidRepoServed doesn't send anything itself, just returns cached event
+            Self::ValidRepoServed => true,
+            // OwnerRepoStateSent sends its state event and notes purgatory internally
+            Self::OwnerRepoStateSent => true,
            // All other fixtures return a single event for the caller to send
            _ => false,
        }
@@ -373,7 +470,7 @@ impl From<AuditMode> for ContextMode {
 /// let ctx = TestContext::new(&client);
 ///
 /// // Get a repository fixture - will be reused by subsequent TestContexts
-/// let repo = ctx.get_fixture(FixtureKind::ValidRepo).await?;
+/// let repo = ctx.get_fixture(FixtureKind::ValidRepoSent).await?;
 ///
 /// // For cargo test (isolated fixtures)
 /// let config = AuditConfig::isolated();
@@ -381,7 +478,7 @@ impl From<AuditMode> for ContextMode {
 /// let ctx = TestContext::new(&client);
 ///
 /// // Get a repository fixture - fresh for this TestContext only
-/// let repo = ctx.get_fixture(FixtureKind::ValidRepo).await?;
+/// let repo = ctx.get_fixture(FixtureKind::ValidRepoSent).await?;
 /// # Ok(())
 /// # }
 /// ```
@@ -436,7 +533,7 @@ impl<'a> TestContext<'a> {
    /// ```no_run
    /// # use grasp_audit::*;
    /// # async fn example(ctx: &TestContext<'_>) -> anyhow::Result<()> {
-    /// let repo = ctx.get_fixture(FixtureKind::ValidRepo).await?;
+    /// let repo = ctx.get_fixture(FixtureKind::ValidRepoSent).await?;
    /// # Ok(())
    /// # }
    /// ```
@@ -517,8 +614,8 @@ impl<'a> TestContext<'a> {
    /// ```no_run
    /// # use grasp_audit::*;
    /// # async fn example(ctx: &TestContext<'_>) -> anyhow::Result<()> {
-    /// // This ensures ValidRepo exists first, then creates MaintainerState
+    /// // This ensures ValidRepoSent exists first, then creates RepoState
-    /// let state = ctx.ensure_fixture(FixtureKind::MaintainerState).await?;
+    /// let state = ctx.ensure_fixture(FixtureKind::RepoState).await?;
    /// # Ok(())
    /// # }
    /// ```
@@ -625,10 +722,10 @@ impl<'a> TestContext<'a> {
    /// already-cached dependencies.
    async fn build_fixture_inner(&self, kind: FixtureKind) -> Result<Event> {
        match kind {
-            FixtureKind::ValidRepo => {
+            FixtureKind::ValidRepoSent => {
-                // ValidRepo has no dependencies - create a new repo announcement
+                // ValidRepoSent has no dependencies - create a new repo announcement
                let test_name = format!(
-                    "fixture-ValidRepo-{}",
+                    "fixture-ValidRepoSent-{}",
                    &uuid::Uuid::new_v4().to_string()[..8]
                );
@@ -638,9 +735,15 @@ impl<'a> TestContext<'a> {
                    .with_context(|| format!("create_repo_announcement failed for {}", test_name))
            }
+            FixtureKind::ValidRepoServed => {
+                // OwnerStateDataPushed is already ensured as a dependency.
+                // The announcement is now promoted (served). Return the cached ValidRepoSent event.
+                self.get_cached_dependency(FixtureKind::ValidRepoSent)
+            }
            FixtureKind::RepoWithIssue => {
-                // ValidRepo is ensured by ensure_fixture before this is called
+                // ValidRepoServed is ensured by ensure_fixture before this is called
-                let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+                let repo = self.get_cached_dependency(FixtureKind::ValidRepoServed)?;
                // Build issue referencing it - caller will send it
                self.client
@@ -658,8 +761,8 @@ impl<'a> TestContext<'a> {
            FixtureKind::RepoState => {
                use nostr_sdk::prelude::*;
-                // ValidRepo is ensured by ensure_fixture before this is called
+                // ValidRepoSent is ensured by ensure_fixture before this is called
-                let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+                let repo = self.get_cached_dependency(FixtureKind::ValidRepoSent)?;
                // Extract repo_id from repo announcement
                let repo_id = repo
@@ -692,18 +795,52 @@ impl<'a> TestContext<'a> {
                    .map_err(|e| anyhow::anyhow!("Failed to build state announcement: {}", e))
            }
+            FixtureKind::OwnerRepoStateSent => {
+                use nostr_sdk::prelude::*;
+                // ValidRepoSent is ensured by ensure_fixture before this is called
+                let repo = self.get_cached_dependency(FixtureKind::ValidRepoSent)?;
+                let repo_id = self.extract_repo_id(&repo)?;
+                let base_time = Timestamp::now().as_secs();
+                let older_timestamp = Timestamp::from(base_time - 10);
+                let state_event = self
+                    .client
+                    .event_builder(Kind::RepoState, "")
+                    .tag(Tag::identifier(&repo_id))
+                    .tag(Tag::custom(
+                        TagKind::custom("refs/heads/main"),
+                        vec![DETERMINISTIC_COMMIT_HASH.to_string()],
+                    ))
+                    .tag(Tag::custom(
+                        TagKind::custom("HEAD"),
+                        vec!["ref: refs/heads/main".to_string()],
+                    ))
+                    .custom_time(older_timestamp)
+                    .build(self.client.keys())
+                    .map_err(|e| anyhow::anyhow!("Failed to build state announcement: {}", e))?;
+                // Send to relay - event will be accepted but held in purgatory (no git data yet)
+                self.client
+                    .send_event_and_note_purgatory(state_event.clone())
+                    .await?;
+                Ok(state_event)
+            }
            FixtureKind::PREvent => {
                use nostr_sdk::prelude::*;
-                // ValidRepo is ensured by ensure_fixture before this is called
+                // ValidRepoServed is ensured by ensure_fixture before this is called
-                let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+                let repo = self.get_cached_dependency(FixtureKind::ValidRepoServed)?;
                let repo_id = repo
                    .tags
                    .iter()
                    .find(|t| t.kind() == TagKind::d())
                    .and_then(|t| t.content())
-                    .ok_or_else(|| anyhow::anyhow!("Missing repo_id in ValidRepo fixture"))?
+                    .ok_or_else(|| anyhow::anyhow!("Missing repo_id in ValidRepoServed fixture"))?
                    .to_string();
                // Create PR event 1 second in the past
@@ -738,15 +875,15 @@ impl<'a> TestContext<'a> {
                // This fixture is for "Generated" stage only
                use nostr_sdk::prelude::*;
-                // ValidRepo is ensured by ensure_fixture before this is called
+                // ValidRepoServed is ensured by ensure_fixture before this is called
-                let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+                let repo = self.get_cached_dependency(FixtureKind::ValidRepoServed)?;
                let repo_id = repo
                    .tags
                    .iter()
                    .find(|t| t.kind() == TagKind::d())
                    .and_then(|t| t.content())
-                    .ok_or_else(|| anyhow::anyhow!("Missing repo_id in ValidRepo fixture"))?
+                    .ok_or_else(|| anyhow::anyhow!("Missing repo_id in ValidRepoServed fixture"))?
                    .to_string();
                // Create PR event 1 second in the past
@@ -784,6 +921,11 @@ impl<'a> TestContext<'a> {
                self.build_pr_event_sent_after_wrong_push().await
            }
+            FixtureKind::PREvent2Generated => self.build_pr_event_2_generated().await,
+            FixtureKind::PREvent2Sent => self.build_pr_event_2_sent().await,
+            FixtureKind::PREvent2GitDataPushed => self.build_pr_event_2_git_data_pushed().await,
+            FixtureKind::PREvent2Served => self.build_pr_event_2_served().await,
            FixtureKind::OwnerStateDataPushed => self.build_owner_state_data_pushed().await,
            FixtureKind::MaintainerStateDataPushed => {
@@ -858,55 +1000,26 @@ impl<'a> TestContext<'a> {
            .ok_or_else(|| anyhow::anyhow!("Missing d tag in repo announcement"))
    }
-    /// Build OwnerStateDataPushed fixture: full 4-stage fixture for push authorization
+    /// Build OwnerStateDataPushed fixture: git push + purgatory release for owner's state event
    ///
-    /// This handles all stages of the fixture:
+    /// `OwnerRepoStateSent` is ensured as a dependency before this is called — the state event
-    /// 1. **Generated**: Creates RepoState (repo announcement + state event)
+    /// is already on the relay in purgatory. This fixture completes the cycle:
-    /// 2. **Sent**: Sends events to relay (returns OK, accepted but 'purgatory:...' message)
+    /// 1. **DataPushed**: Clones repo, creates deterministic commit, pushes to relay
-    /// 3. **Verify Not Served**: Confirms event is not served by relays
+    /// 2. **Verified**: Confirms state event is released from purgatory and served
-    /// 4. **DataPushed**: Clones repo, creates deterministic commit, pushes to relay
-    /// 5. **Verified**: Confirms event is served by relay
    ///
    /// # Returns
-    /// The state event (kind 30618) after all stages complete successfully
+    /// The state event (kind 30618) after git data is pushed and purgatory is released
    async fn build_owner_state_data_pushed(&self) -> Result<Event> {
        use nostr_sdk::prelude::*;
-        // ============================================================
+        // OwnerRepoStateSent is ensured by ensure_fixture before this is called.
-        // Stage 1: ValidRepo is ensured by ensure_fixture before this is called
+        // The state event is already on the relay in purgatory - retrieve it from cache.
-        // ============================================================
+        let state_event = self.get_cached_dependency(FixtureKind::OwnerRepoStateSent)?;
-        let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+        let repo = self.get_cached_dependency(FixtureKind::ValidRepoSent)?;
        let repo_id = self.extract_repo_id(&repo)?;
-        // Build state event
-        let base_time = Timestamp::now().as_secs();
-        let older_timestamp = Timestamp::from(base_time - 10); // 10 seconds ago
-        let state_event = self
-            .client
-            .event_builder(Kind::RepoState, "")
-            .tag(Tag::identifier(&repo_id))
-            .tag(Tag::custom(
-                TagKind::custom("refs/heads/main"),
-                vec![DETERMINISTIC_COMMIT_HASH.to_string()],
-            ))
-            .tag(Tag::custom(
-                TagKind::custom("HEAD"),
-                vec!["ref: refs/heads/main".to_string()],
-            ))
-            .custom_time(older_timestamp)
-            .build(self.client.keys())
-            .map_err(|e| anyhow::anyhow!("Failed to build state announcement: {}", e))?;
-        // ============================================================
-        // Stage 2 & 3: Send to Relay, get Accepted response and Verify its Not Served
-        // ============================================================
-        self.client
-            .send_event_expect_purgatory_not_served(state_event.clone())
-            .await?;
        // ============================================================
-        // Stage 4: DataPushed - Clone repo, create commit, push
+        // Stage 1: DataPushed - Clone repo, create commit, push
        // ============================================================
        // Get relay domain from connected relay
@@ -1008,7 +1121,7 @@ impl<'a> TestContext<'a> {
        }
        // ============================================================
-        // Stage 5: Verify state event is on relay
+        // Stage 2: Verify state event is released from purgatory
        // ============================================================
        tokio::time::sleep(Duration::from_millis(200)).await;
@@ -1048,8 +1161,8 @@ impl<'a> TestContext<'a> {
        // Extract repo_id from owner's state event (same d-tag structure)
        let repo_id = self.extract_repo_id(&owner_state)?;
-        // Get the repo (ValidRepo, also cached) for the owner's npub
+        // Get the repo (ValidRepoSent, also cached) for the owner's npub
-        let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+        let repo = self.get_cached_dependency(FixtureKind::ValidRepoSent)?;
        // Build maintainer's state event (state event ONLY - no announcement)
        let base_time = Timestamp::now().as_secs();
@@ -1074,9 +1187,11 @@ impl<'a> TestContext<'a> {
        // ============================================================
        // Stage 2 & 3: Send to Relay, get Accepted response and Verify its Not Served
        // ============================================================
-        self.client
+        let (_, _in_purgatory) = self
-            .send_event_expect_purgatory_not_served(maintainer_state_event.clone())
+            .client
+            .send_event_and_note_purgatory(maintainer_state_event.clone())
            .await?;
+        // Note: We don't fail if purgatory wasn't observed - the fixture proceeds regardless
        // ============================================================
        // Stage 4: DataPushed - Clone repo, create maintainer commit, push
@@ -1194,7 +1309,7 @@ impl<'a> TestContext<'a> {
    /// recursive maintainer force-pushes their commit on top.
    ///
    /// This handles all stages of the fixture:
-    /// 1. **Generated**: (MaintainerStateDataPushed dependency includes ValidRepo + OwnerStateDataPushed)
+    /// 1. **Generated**: (MaintainerStateDataPushed dependency includes ValidRepoSent + OwnerStateDataPushed)
    ///    Creates MaintainerAnnouncement + RecursiveMaintainerState
    /// 2. **Sent**: Sends events to relay (returns OK, accepted but 'purgatory:...' message)
    /// 3. **Verify Not Served**: Confirms event is not served by relays
@@ -1215,8 +1330,8 @@ impl<'a> TestContext<'a> {
        // Extract repo_id from maintainer's state event (same d-tag structure)
        let repo_id = self.extract_repo_id(&maintainer_state)?;
-        // Get the repo (ValidRepo, also cached) for the owner's npub
+        // Get the repo (ValidRepoSent, also cached) for the owner's npub
-        let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+        let repo = self.get_cached_dependency(FixtureKind::ValidRepoSent)?;
        // ============================================================
        // Stage 1 (continued): Generate MaintainerAnnouncement and RecursiveMaintainerState
@@ -1249,9 +1364,11 @@ impl<'a> TestContext<'a> {
        // ============================================================
        // Stage 2 & 3: Send to Relay, get Accepted response and Verify its Not Served
        // ============================================================
-        self.client
+        let (_, _in_purgatory) = self
-            .send_event_expect_purgatory_not_served(recursive_maintainer_state_event.clone())
+            .client
+            .send_event_and_note_purgatory(recursive_maintainer_state_event.clone())
            .await?;
+        // Note: We don't fail if purgatory wasn't observed - the fixture proceeds regardless
        // ============================================================
        // Stage 4: DataPushed - Clone repo, create recursive maintainer commit, push
@@ -1428,7 +1545,7 @@ impl<'a> TestContext<'a> {
    /// 3. A wrong commit is pushed to refs/nostr/<pr-event-id>
    ///
    /// Server state after:
-    /// - ValidRepo announcement on relay
+    /// - ValidRepoSent announcement on relay
    /// - refs/nostr/<pr-event-id> on git server pointing to DETERMINISTIC_COMMIT_HASH (wrong)
    /// - NO PR event on relay
    ///
@@ -1440,8 +1557,8 @@ impl<'a> TestContext<'a> {
        let pr_event = self.get_cached_dependency(FixtureKind::PREventGenerated)?;
        let pr_event_id = pr_event.id.to_hex();
-        // Get the ValidRepo to extract repo info
+        // Get the ValidRepoServed to extract repo info
-        let repo = self.get_cached_dependency(FixtureKind::ValidRepo)?;
+        let repo = self.get_cached_dependency(FixtureKind::ValidRepoServed)?;
        let repo_id = self.extract_repo_id(&repo)?;
        // Get relay domain for cloning
@@ -1462,10 +1579,14 @@ impl<'a> TestContext<'a> {
            let _ = fs::remove_dir_all(path);
        };
-        // Create a WRONG commit (Owner variant, not PRTestCommit)
+        // Create a WRONG commit using a unique file (not PRTestCommit)
-        // This commit hash will NOT match what's in the PR event's `c` tag
+        // We use create_commit (non-deterministic) so it always succeeds even if the
+        // repo already has a commit (e.g. from OwnerStateDataPushed) with the same
+        // deterministic content. The only requirement is that the hash differs from
+        // PR_TEST_COMMIT_HASH, which is guaranteed since PR_TEST_COMMIT_HASH is a
+        // deterministic root-commit with specific content and dates.
        let wrong_commit_hash =
-            match create_deterministic_commit_with_variant(&clone_path, CommitVariant::Owner) {
+            match create_commit(&clone_path, "wrong commit - not the PR test commit") {
                Ok(h) => h,
                Err(e) => {
                    cleanup(&clone_path);
@@ -1520,7 +1641,7 @@ impl<'a> TestContext<'a> {
    ///
    /// This fixture builds on PRWrongCommitPushedBeforeEvent by sending the PR event.
    /// After this fixture, the relay has:
-    /// - ValidRepo announcement
+    /// - ValidRepoServed announcement
    /// - PR event
    /// - refs/nostr/<pr-event-id> may have been cleaned up (that's what tests verify)
    ///
@@ -1539,6 +1660,173 @@ impl<'a> TestContext<'a> {
        Ok(pr_event)
    }
+    /// Build PREvent2Generated fixture
+    ///
+    /// Creates a PR event with `c` tag pointing to PR_TEST_COMMIT_HASH_2.
+    /// The event is NOT sent to the relay.
+    async fn build_pr_event_2_generated(&self) -> Result<Event> {
+        use nostr_sdk::prelude::*;
+        let repo = self.get_cached_dependency(FixtureKind::ValidRepoServed)?;
+        let repo_id = self.extract_repo_id(&repo)?;
+        let base_time = Timestamp::now().as_secs();
+        let pr_timestamp = Timestamp::from(base_time - 1);
+        self.client
+            .event_builder(Kind::GitPullRequest, "Test PR 2 for GRASP validation")
+            .tag(Tag::custom(
+                TagKind::custom("a"),
+                vec![format!(
+                    "30617:{}:{}",
+                    self.client.public_key().to_hex(),
+                    repo_id
+                )],
+            ))
+            .tag(Tag::custom(
+                TagKind::custom("c"),
+                vec![PR_TEST_COMMIT_HASH_2.to_string()],
+            ))
+            .custom_time(pr_timestamp)
+            .build(self.client.pr_author_keys())
+            .map_err(|e| anyhow::anyhow!("Failed to build PR event 2: {}", e))
+    }
+    /// Build PREvent2Sent fixture
+    ///
+    /// Sends the PR event to relay. Event should enter purgatory.
+    async fn build_pr_event_2_sent(&self) -> Result<Event> {
+        let pr_event = self.get_cached_dependency(FixtureKind::PREvent2Generated)?;
+        let (_, in_purgatory) = self
+            .client
+            .send_event_and_note_purgatory(pr_event.clone())
+            .await?;
+        if !in_purgatory {
+            return Err(anyhow::anyhow!(
+                "PR event 2 was served immediately - purgatory not implemented"
+            ));
+        }
+        Ok(pr_event)
+    }
+    /// Build PREvent2GitDataPushed fixture
+    ///
+    /// Pushes correct commit to refs/nostr/<pr-event-id> after event was sent.
+    async fn build_pr_event_2_git_data_pushed(&self) -> Result<Event> {
+        use nostr_sdk::prelude::*;
+        let pr_event = self.get_cached_dependency(FixtureKind::PREvent2Sent)?;
+        let pr_event_id = pr_event.id.to_hex();
+        let repo = self.get_cached_dependency(FixtureKind::ValidRepoServed)?;
+        let repo_id = self.extract_repo_id(&repo)?;
+        let relay_domain = self.get_relay_domain().await?;
+        let npub = repo
+            .pubkey
+            .to_bech32()
+            .map_err(|e| anyhow::anyhow!("Failed to convert pubkey: {}", e))?;
+        let clone_path = clone_repo(&relay_domain, &npub, &repo_id)
+            .map_err(|e| anyhow::anyhow!("Failed to clone repo: {}", e))?;
+        let cleanup = |path: &PathBuf| {
+            let _ = fs::remove_dir_all(path);
+        };
+        // Reset to orphan state and create deterministic root commit
+        // Step 1: Create orphan branch (removes all history)
+        let _ = Command::new("git")
+            .args(["checkout", "--orphan", "pr-branch"])
+            .current_dir(&clone_path)
+            .output();
+        // Step 2: Clear staged files (orphan keeps files staged from previous branch)
+        let _ = Command::new("git")
+            .args(["rm", "-rf", "--cached", "."])
+            .current_dir(&clone_path)
+            .output();
+        // Step 3: Remove all working directory files for clean state (except .git)
+        for entry in
+            fs::read_dir(&clone_path).map_err(|e| anyhow::anyhow!("Failed to read dir: {}", e))?
+        {
+            if let Ok(entry) = entry {
+                let path = entry.path();
+                if path.file_name() != Some(std::ffi::OsStr::new(".git")) {
+                    let _ = fs::remove_file(&path).or_else(|_| fs::remove_dir_all(&path));
+                }
+            }
+        }
+        let commit_hash = match create_deterministic_commit_with_variant(
+            &clone_path,
+            CommitVariant::PRTestCommit2,
+        ) {
+            Ok(h) => h,
+            Err(e) => {
+                cleanup(&clone_path);
+                return Err(anyhow::anyhow!("Failed to create PR test commit 2: {}", e));
+            }
+        };
+        if commit_hash != PR_TEST_COMMIT_HASH_2 {
+            cleanup(&clone_path);
+            return Err(anyhow::anyhow!(
+                "PR test commit 2 hash mismatch: got {}, expected {}",
+                commit_hash,
+                PR_TEST_COMMIT_HASH_2
+            ));
+        }
+        let push_output = Command::new("git")
+            .args([
+                "push",
+                "origin",
+                &format!("pr-branch:refs/nostr/{}", pr_event_id),
+            ])
+            .current_dir(&clone_path)
+            .output()
+            .map_err(|e| {
+                cleanup(&clone_path);
+                anyhow::anyhow!("Failed to execute git push: {}", e)
+            })?;
+        cleanup(&clone_path);
+        if !push_output.status.success() {
+            let stderr = String::from_utf8_lossy(&push_output.stderr);
+            return Err(anyhow::anyhow!(
+                "Push to refs/nostr/{} failed: {}",
+                pr_event_id,
+                stderr
+            ));
+        }
+        tokio::time::sleep(std::time::Duration::from_millis(500)).await;
+        Ok(pr_event)
+    }
+    /// Build PREvent2Served fixture
+    ///
+    /// Full fixture: event sent, git pushed, event now served.
+    async fn build_pr_event_2_served(&self) -> Result<Event> {
+        let pr_event = self.get_cached_dependency(FixtureKind::PREvent2GitDataPushed)?;
+        if !self.client.is_event_on_relay(pr_event.id).await? {
+            return Err(anyhow::anyhow!(
+                "PR event 2 not released from purgatory after git push"
+            ));
+        }
+        Ok(pr_event)
+    }
    /// Get relay domain (host:port) from the connected relay
    ///
    /// Extracts the domain from the relay URL for git HTTP operations.
@@ -1845,16 +2133,19 @@ pub enum CommitVariant {
    RecursiveMaintainer,
    /// PR test commit variant - for PR event tests
    PRTestCommit,
+    /// Second PR test commit variant - for second PR event tests
+    PRTestCommit2,
 }
 impl CommitVariant {
    /// Get the file content for this variant
    pub fn file_content(&self) -> &'static str {
        match self {
-            CommitVariant::Owner => "Initial commit",
+            CommitVariant::Owner => "Initial commit\n",
-            CommitVariant::Maintainer => "Maintainer initial commit",
+            CommitVariant::Maintainer => "Maintainer initial commit\n",
-            CommitVariant::RecursiveMaintainer => "Recursive maintainer initial commit",
+            CommitVariant::RecursiveMaintainer => "Recursive maintainer initial commit\n",
-            CommitVariant::PRTestCommit => "PR test deterministic commit",
+            CommitVariant::PRTestCommit => "PR test deterministic commit\n",
+            CommitVariant::PRTestCommit2 => "PR test deterministic commit 2\n",
        }
    }
@@ -1865,6 +2156,7 @@ impl CommitVariant {
            CommitVariant::Maintainer => "Maintainer initial commit",
            CommitVariant::RecursiveMaintainer => "Recursive maintainer initial commit",
            CommitVariant::PRTestCommit => "PR test deterministic commit",
+            CommitVariant::PRTestCommit2 => "PR test deterministic commit 2",
        }
    }
 }
@@ -2040,10 +2332,10 @@ mod tests {
        use std::collections::HashSet;
        let mut set = HashSet::new();
-        set.insert(FixtureKind::ValidRepo);
+        set.insert(FixtureKind::ValidRepoSent);
        set.insert(FixtureKind::RepoWithIssue);
-        assert!(set.contains(&FixtureKind::ValidRepo));
+        assert!(set.contains(&FixtureKind::ValidRepoSent));
        assert!(!set.contains(&FixtureKind::RepoWithComment));
    }
diff --git a/grasp-audit/src/result.rs b/grasp-audit/src/result.rs
index ae3ef26..0c3ec08 100644
--- a/grasp-audit/src/result.rs
+++ b/grasp-audit/src/result.rs
@@ -1,6 +1,6 @@
 //! Test result types
-use crate::specs::grasp01::{get_sections, GRASP_01_REQUIREMENTS, GRASP_COMMIT_ID};
+use crate::specs::grasp01::{get_sections, SpecRef, GRASP_01_REQUIREMENTS, GRASP_COMMIT_ID};
 use std::collections::BTreeMap;
 use std::time::{Duration, Instant};
@@ -68,10 +68,16 @@ pub struct TestResult {
 impl TestResult {
    /// Create a new test result
-    pub fn new(name: &str, spec_ref: &str, requirement: &str) -> Self {
+    ///
+    /// # Arguments
+    /// * `name` - Test name identifier
+    /// * `spec_ref` - Reference to the spec requirement being tested
+    /// * `requirement` - Human-readable description of what this test validates
+    ///   (can be more specific than the general spec text)
+    pub fn new(name: &str, spec_ref: SpecRef, requirement: &str) -> Self {
        TestResult {
            name: name.to_string(),
-            spec_ref: spec_ref.to_string(),
+            spec_ref: spec_ref.spec_ref_string().to_string(),
            requirement: requirement.to_string(),
            passed: false,
            error: None,
@@ -293,9 +299,13 @@ mod tests {
    #[tokio::test]
    async fn test_result_pass() {
-        let result = TestResult::new("test", "SPEC:1", "Must work")
+        let result = TestResult::new(
-            .run(|| async { Ok(()) })
+            "test",
-            .await;
+            SpecRef::NostrRelayNip01Compliant,
+            "Test requirement",
+        )
+        .run(|| async { Ok(()) })
+        .await;
        assert!(result.passed);
        assert!(result.error.is_none());
@@ -303,9 +313,13 @@ mod tests {
    #[tokio::test]
    async fn test_result_fail() {
-        let result = TestResult::new("test", "SPEC:1", "Must work")
+        let result = TestResult::new(
-            .run(|| async { Err("Failed".to_string()) })
+            "test",
-            .await;
+            SpecRef::NostrRelayNip01Compliant,
+            "Test requirement",
+        )
+        .run(|| async { Err("Failed".to_string()) })
+        .await;
        assert!(!result.passed);
        assert_eq!(result.error, Some("Failed".to_string()));
@@ -315,8 +329,15 @@ mod tests {
    fn test_audit_result() {
        let mut audit = AuditResult::new("Test Spec");
-        audit.add(TestResult::new("test1", "SPEC:1", "Req1").pass());
+        audit.add(TestResult::new("test1", SpecRef::NostrRelayNip01Compliant, "Test 1").pass());
-        audit.add(TestResult::new("test2", "SPEC:2", "Req2").fail("Error"));
+        audit.add(
+            TestResult::new(
+                "test2",
+                SpecRef::NostrRelayRejectMissingCloneRelays,
+                "Test 2",
+            )
+            .fail("Error"),
+        );
        assert_eq!(audit.total_count(), 2);
        assert_eq!(audit.passed_count(), 1);
diff --git a/grasp-audit/src/specs/grasp01/cors.rs b/grasp-audit/src/specs/grasp01/cors.rs
index f8b5f3b..e5d9a27 100644
--- a/grasp-audit/src/specs/grasp01/cors.rs
+++ b/grasp-audit/src/specs/grasp01/cors.rs
@@ -14,6 +14,7 @@
 //! cd grasp-audit && nix develop -c bash test-ngit-relay.sh --mode test
 //! ```
+use crate::specs::grasp01::SpecRef;
 use crate::{AuditClient, AuditResult, FixtureKind, TestContext, TestResult};
 use nostr_sdk::prelude::*;
@@ -44,7 +45,7 @@ impl CorsTests {
    pub async fn test_cors_allow_origin(_client: &AuditClient, relay_domain: &str) -> TestResult {
        TestResult::new(
            "cors_allow_origin",
-            "GRASP-01:git-http:cors:50",
+            SpecRef::CorsAllowOrigin,
            "Access-Control-Allow-Origin: * on all responses",
        )
        .run(|| {
@@ -90,7 +91,7 @@ impl CorsTests {
    pub async fn test_cors_allow_methods(_client: &AuditClient, relay_domain: &str) -> TestResult {
        TestResult::new(
            "cors_allow_methods",
-            "GRASP-01:git-http:cors:51",
+            SpecRef::CorsAllowMethods,
            "Access-Control-Allow-Methods: GET, POST on all responses",
        )
        .run(|| {
@@ -134,7 +135,7 @@ impl CorsTests {
    pub async fn test_cors_allow_headers(_client: &AuditClient, relay_domain: &str) -> TestResult {
        TestResult::new(
            "cors_allow_headers",
-            "GRASP-01:git-http:cors:52",
+            SpecRef::CorsAllowHeaders,
            "Access-Control-Allow-Headers: Content-Type on all responses",
        )
        .run(|| {
@@ -181,8 +182,8 @@ impl CorsTests {
    ) -> TestResult {
        TestResult::new(
            "cors_options_preflight",
-            "GRASP-01:git-http:cors:53",
+            SpecRef::CorsOptionsResponse,
-            "OPTIONS requests return 204 No Content",
+            "OPTIONS requests return 204 No Content with CORS headers",
        )
        .run(|| {
            let relay_domain = relay_domain.to_string();
@@ -245,13 +246,13 @@ impl CorsTests {
        let ctx = TestContext::new(client);
        // Create repository announcement to get a real repo path
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01",
+                    SpecRef::CorsAllowOrigin,
-                    "CORS headers on real repository endpoint",
+                    "CORS headers on real repository endpoints",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
            }
@@ -271,8 +272,8 @@ impl CorsTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01",
+                    SpecRef::CorsAllowOrigin,
-                    "CORS headers on real repository endpoint",
+                    "CORS headers on real repository endpoints",
                )
                .fail("Repository announcement missing d tag")
            }
@@ -283,8 +284,8 @@ impl CorsTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01",
+                    SpecRef::CorsAllowOrigin,
-                    "CORS headers on real repository endpoint",
+                    "CORS headers on real repository endpoints",
                )
                .fail(format!("Failed to convert pubkey to npub: {}", e))
            }
@@ -302,8 +303,8 @@ impl CorsTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01",
+                    SpecRef::CorsAllowOrigin,
-                    "CORS headers on real repository endpoint",
+                    "CORS headers on real repository endpoints",
                )
                .fail(format!("Failed to GET info/refs: {}", e))
            }
@@ -313,8 +314,8 @@ impl CorsTests {
        if let Err(e) = check_cors_allow_origin(&response, "info/refs") {
            return TestResult::new(
                test_name,
-                "GRASP-01",
+                SpecRef::CorsAllowOrigin,
-                "CORS headers on real repository endpoint",
+                "CORS headers on real repository endpoints",
            )
            .fail(&e);
        }
@@ -322,8 +323,8 @@ impl CorsTests {
        if let Err(e) = check_cors_allow_methods(&response, "info/refs") {
            return TestResult::new(
                test_name,
-                "GRASP-01",
+                SpecRef::CorsAllowMethods,
-                "CORS headers on real repository endpoint",
+                "CORS headers on real repository endpoints",
            )
            .fail(&e);
        }
@@ -331,16 +332,16 @@ impl CorsTests {
        if let Err(e) = check_cors_allow_headers(&response, "info/refs") {
            return TestResult::new(
                test_name,
-                "GRASP-01",
+                SpecRef::CorsAllowHeaders,
-                "CORS headers on real repository endpoint",
+                "CORS headers on real repository endpoints",
            )
            .fail(&e);
        }
        TestResult::new(
            test_name,
-            "GRASP-01",
+            SpecRef::CorsAllowOrigin,
-            "CORS headers on real repository endpoint",
+            "CORS headers on real repository endpoints",
        )
        .pass()
    }
diff --git a/grasp-audit/src/specs/grasp01/event_acceptance_policy.rs b/grasp-audit/src/specs/grasp01/event_acceptance_policy.rs
index 5b697d8..3375c4d 100644
--- a/grasp-audit/src/specs/grasp01/event_acceptance_policy.rs
+++ b/grasp-audit/src/specs/grasp01/event_acceptance_policy.rs
@@ -92,6 +92,7 @@
 //! - Transitive tests verify multi-hop acceptance chains
 use crate::fixtures::{send_and_verify_accepted, send_and_verify_rejected};
+use crate::specs::grasp01::SpecRef;
 use crate::{AuditClient, AuditResult, FixtureKind, TestContext, TestResult};
 use nostr_sdk::{Event, Filter, Kind, Tag, TagKind, Timestamp, ToBech32};
 use std::time::Duration;
@@ -148,20 +149,23 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_valid_repo_announcement(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_valid_repo_announcement",
-            "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayNip01Compliant,
-            "Accept valid repository announcements with service in clone and relays tags",
+            "MUST accept repo announcements listing service in clone & relays tags",
        )
        .run(|| async {
            // Create TestContext for mode-aware fixture management
            let ctx = TestContext::new(client);
            // Request repository fixture - behavior depends on mode
-            let event = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let event = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // Get relay URL for validation
            let relay_url = client
@@ -253,8 +257,8 @@ impl EventAcceptancePolicyTests {
    ) -> TestResult {
        TestResult::new(
            "reject_repo_announcement_missing_clone_tag",
-            "GRASP-01:nostr-relay:9",
+            SpecRef::NostrRelayRejectMissingCloneRelays,
-            "Reject repository announcements without service in clone tag",
+            "MUST reject announcements not listing service in clone tag",
        )
        .run(|| async {
            // Get relay URL from client
@@ -329,8 +333,8 @@ impl EventAcceptancePolicyTests {
    ) -> TestResult {
        TestResult::new(
            "reject_repo_announcement_missing_relays_tag",
-            "GRASP-01:nostr-relay:9",
+            SpecRef::NostrRelayRejectMissingCloneRelays,
-            "Reject repository announcements without service in relays tag",
+            "MUST reject announcements not listing service in relays tag",
        )
        .run(|| async {
            // Get relay URL from client
@@ -425,8 +429,8 @@ impl EventAcceptancePolicyTests {
    ) -> TestResult {
        TestResult::new(
            "accept_recursive_maintainer_announcement_without_service",
-            "GRASP-01:nostr-relay:9",
+            SpecRef::NostrRelayRejectMissingCloneRelays,
-            "Accept recursive maintainer announcement for chain discovery (even without GRASP server in clone)",
+            "MUST accept recursive maintainer announcements for chain discovery",
        )
        .run(|| async {
            // Create TestContext for mode-aware fixture management
@@ -593,7 +597,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_issue_via_a_tag(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_issue_via_a_tag",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
            "Accept issue referencing repo via 'a' tag",
        )
        .run(|| async {
@@ -601,12 +605,15 @@ impl EventAcceptancePolicyTests {
            let ctx = TestContext::new(client);
            // NEW: Get repository fixture (mode-aware)
-            let repo = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let repo = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // 2. Create issue that references the repo
            let issue = Self::create_issue_for_repo(client, &repo, "Test Issue 1")?;
@@ -628,7 +635,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_comment_via_capital_a_tag(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_comment_via_A_tag",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
            "Accept NIP-22 comment with root 'A' tag referencing repo",
        )
        .run(|| async {
@@ -636,12 +643,15 @@ impl EventAcceptancePolicyTests {
            let ctx = TestContext::new(client);
            // Get repository fixture (mode-aware)
-            let repo = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let repo = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // Extract repo_id and create `A` tag manually
            let repo_id =
@@ -681,20 +691,23 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_kind1_via_q_tag(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_kind1_via_q_tag",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
-            "Accept kind 1 note quoting repo via 'q' tag",
+            "Accept kind 1 text note quoting repo via 'q' tag",
        )
        .run(|| async {
            // Create TestContext
            let ctx = TestContext::new(client);
            // Get repository fixture (mode-aware)
-            let repo = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let repo = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // Extract repo_id and create `q` tag
            let repo_id =
@@ -731,8 +744,8 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_issue_quoting_issue_via_q(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_issue_quoting_issue_via_q",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
-            "Accept issue quoting accepted issue (transitive)",
+            "Accept issue quoting another accepted issue (transitive)",
        )
        .run(|| async {
            // Create TestContext
@@ -777,7 +790,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_comment_via_capital_e_tag(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_comment_via_E_tag",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
            "Accept NIP-22 comment with root 'E' tag to accepted issue",
        )
        .run(|| async {
@@ -816,7 +829,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_kind1_via_e_tag(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_kind1_via_e_tag",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
            "Accept kind 1 reply via 'e' tag to accepted kind 1",
        )
        .run(|| async {
@@ -824,12 +837,15 @@ impl EventAcceptancePolicyTests {
            let ctx = TestContext::new(client);
            // Get repository fixture (mode-aware)
-            let repo = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let repo = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // Create Kind 1 A that quotes the repo (makes it accepted)
            let repo_id = Self::extract_d_tag(&repo).ok_or("Failed to extract repo_id")?;
@@ -872,7 +888,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_kind1_referenced_in_issue(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_kind1_referenced_in_issue",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
            "Accept kind 1 referenced in accepted issue (forward ref)",
        )
        .run(|| async {
@@ -880,12 +896,15 @@ impl EventAcceptancePolicyTests {
            let ctx = TestContext::new(client);
            // Get repository fixture (mode-aware)
-            let repo = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let repo = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // Verify repo is queryable (ensures it's fully indexed before we reference it)
            let repo_id = Self::extract_d_tag(&repo).ok_or("Failed to extract repo_id")?;
@@ -964,7 +983,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_comment_referenced_in_comment(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_comment_referenced_in_comment",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
            "Accept comment referenced in another accepted comment (forward ref)",
        )
        .run(|| async {
@@ -1025,7 +1044,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_accept_kind1_referenced_in_kind1(client: &AuditClient) -> TestResult {
        TestResult::new(
            "accept_kind1_referenced_in_kind1",
-            "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMustAcceptTaggedEvents,
            "Accept kind 1 referenced in another accepted kind 1 (forward ref)",
        )
        .run(|| async {
@@ -1033,12 +1052,15 @@ impl EventAcceptancePolicyTests {
            let ctx = TestContext::new(client);
            // Get repository fixture (mode-aware)
-            let repo = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let repo = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // Create Kind 1 A locally but DON'T send it yet
            let kind1_a = client
@@ -1083,7 +1105,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_reject_orphan_issue(client: &AuditClient) -> TestResult {
        TestResult::new(
            "reject_orphan_issue",
-            "GRASP-01:nostr-relay:18",
+            SpecRef::NostrRelayMayRejectSpamCuration,
            "Reject issue referencing unaccepted repo",
        )
        .run(|| async {
@@ -1110,7 +1132,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_reject_orphan_kind1(client: &AuditClient) -> TestResult {
        TestResult::new(
            "reject_orphan_kind1",
-            "GRASP-01:nostr-relay:18",
+            SpecRef::NostrRelayMayRejectSpamCuration,
            "Reject kind 1 with no repo references",
        )
        .run(|| async {
@@ -1139,7 +1161,7 @@ impl EventAcceptancePolicyTests {
    pub async fn test_reject_comment_quoting_other_repo(client: &AuditClient) -> TestResult {
        TestResult::new(
            "reject_comment_quoting_other_repo",
-            "GRASP-01:nostr-relay:18",
+            SpecRef::NostrRelayMayRejectSpamCuration,
            "Reject comment quoting unaccepted repo",
        )
        .run(|| async {
@@ -1147,12 +1169,15 @@ impl EventAcceptancePolicyTests {
            let ctx = TestContext::new(client);
            // Get accepted repo A fixture (mode-aware)
-            let _repo_a = ctx.get_fixture(FixtureKind::ValidRepo).await.map_err(|e| {
+            let _repo_a = ctx
-                format!(
+                .get_fixture(FixtureKind::ValidRepoServed)
-                    "Test setup failed: could not get valid repository fixture: {}",
+                .await
-                    e
+                .map_err(|e| {
-                )
+                    format!(
-            })?;
+                        "Test setup failed: could not get valid repository fixture: {}",
+                        e
+                    )
+                })?;
            // Create Repo B but DON'T send it (unaccepted)
            let repo_b = Self::create_test_repo(client, "unaccepted-repo-b").await?;
diff --git a/grasp-audit/src/specs/grasp01/git_clone.rs b/grasp-audit/src/specs/grasp01/git_clone.rs
index e162558..0c223f4 100644
--- a/grasp-audit/src/specs/grasp01/git_clone.rs
+++ b/grasp-audit/src/specs/grasp01/git_clone.rs
@@ -15,6 +15,7 @@
 //! cd grasp-audit && nix develop -c bash test-ngit-relay.sh --mode test
 //! ```
+use crate::specs::grasp01::SpecRef;
 use crate::{AuditClient, FixtureKind, TestContext, TestResult};
 use nostr_sdk::prelude::*;
 use std::fs;
@@ -48,12 +49,12 @@ impl GitCloneTests {
        let ctx = TestContext::new(client);
        // Create repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:34",
+                    SpecRef::GitServeRepository,
                    "Repository must be cloneable via Git HTTP backend",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -74,7 +75,7 @@ impl GitCloneTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01",
+                    SpecRef::GitServeRepository,
                    "Repository must be cloneable via Git HTTP backend",
                )
                .fail("Repository announcement missing d tag")
@@ -86,7 +87,7 @@ impl GitCloneTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:34",
+                    SpecRef::GitServeRepository,
                    "Repository must be cloneable via Git HTTP backend",
                )
                .fail(format!("Failed to convert pubkey to npub: {}", e))
@@ -121,7 +122,7 @@ impl GitCloneTests {
                cleanup();
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:34",
+                    SpecRef::GitServeRepository,
                    "Repository must be cloneable via Git HTTP backend",
                )
                .fail(format!("Failed to execute git clone: {}", e));
@@ -133,7 +134,7 @@ impl GitCloneTests {
            let stderr = String::from_utf8_lossy(&output.stderr);
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:34",
+                SpecRef::GitServeRepository,
                "Repository must be cloneable via Git HTTP backend",
            )
            .fail(format!("Git clone failed: {}", stderr));
@@ -144,7 +145,7 @@ impl GitCloneTests {
            cleanup();
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:34",
+                SpecRef::GitServeRepository,
                "Repository must be cloneable via Git HTTP backend",
            )
            .fail("Cloned repository missing .git directory");
@@ -153,7 +154,7 @@ impl GitCloneTests {
        cleanup();
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:34",
+            SpecRef::GitServeRepository,
            "Repository must be cloneable via Git HTTP backend",
        )
        .pass()
@@ -170,12 +171,12 @@ impl GitCloneTests {
        let ctx = TestContext::new(client);
        // Create repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:34",
+                    SpecRef::GitServeRepository,
                    "Clone URL must follow correct format",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -203,7 +204,7 @@ impl GitCloneTests {
        if !valid_url.contains(&npub) {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:34",
+                SpecRef::GitServeRepository,
                "Clone URL must follow correct format",
            )
            .fail("URL missing npub");
@@ -212,7 +213,7 @@ impl GitCloneTests {
        if !valid_url.contains(&format!("{}.git", repo_id)) {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:34",
+                SpecRef::GitServeRepository,
                "Clone URL must follow correct format",
            )
            .fail("URL missing repository identifier");
@@ -241,7 +242,7 @@ impl GitCloneTests {
        if output.status.success() {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:34",
+                SpecRef::GitServeRepository,
                "Clone URL must follow correct format",
            )
            .fail("Invalid URL was accepted (should have been rejected)");
@@ -249,7 +250,7 @@ impl GitCloneTests {
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:34",
+            SpecRef::GitServeRepository,
            "Clone URL must follow correct format",
        )
        .pass()
@@ -273,12 +274,12 @@ impl GitCloneTests {
        let ctx = TestContext::new(client);
        // Create repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -299,7 +300,7 @@ impl GitCloneTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
                )
                .fail("Repository announcement missing d tag")
@@ -311,7 +312,7 @@ impl GitCloneTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
                )
                .fail(format!("Failed to convert pubkey to npub: {}", e))
@@ -331,7 +332,7 @@ impl GitCloneTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
                )
                .fail(format!("HTTP request failed: {}", e))
@@ -341,7 +342,7 @@ impl GitCloneTests {
        if !response.status().is_success() {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
            )
            .fail(format!(
@@ -356,7 +357,7 @@ impl GitCloneTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
                )
                .fail(format!("Failed to read response body: {}", e))
@@ -370,7 +371,7 @@ impl GitCloneTests {
        if !has_allow_reachable {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
            )
            .fail("Missing capability: allow-reachable-sha1-in-want");
@@ -379,7 +380,7 @@ impl GitCloneTests {
        if !has_allow_tip {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
            )
            .fail("Missing capability: allow-tip-sha1-in-want");
@@ -387,7 +388,7 @@ impl GitCloneTests {
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:42",
+            SpecRef::GitIncludeAllowSha1InWant,
            "MUST include allow-reachable-sha1-in-want and allow-tip-sha1-in-want in advertisement",
        )
        .pass()
diff --git a/grasp-audit/src/specs/grasp01/git_filter.rs b/grasp-audit/src/specs/grasp01/git_filter.rs
index 21bab0a..31d86aa 100644
--- a/grasp-audit/src/specs/grasp01/git_filter.rs
+++ b/grasp-audit/src/specs/grasp01/git_filter.rs
@@ -22,6 +22,7 @@
 //! cd grasp-audit && nix develop -c bash test-ngit-relay.sh --mode test
 //! ```
+use crate::specs::grasp01::SpecRef;
 use crate::{AuditClient, FixtureKind, TestContext, TestResult};
 use nostr_sdk::prelude::*;
 use std::fs;
@@ -61,12 +62,12 @@ impl GitFilterTests {
        let ctx = TestContext::new(client);
        // Create repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include uploadpack.allowFilter in advertisement",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -87,7 +88,7 @@ impl GitFilterTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include uploadpack.allowFilter in advertisement",
                )
                .fail("Repository announcement missing d tag")
@@ -99,7 +100,7 @@ impl GitFilterTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include uploadpack.allowFilter in advertisement",
                )
                .fail(format!("Failed to convert pubkey to npub: {}", e))
@@ -119,7 +120,7 @@ impl GitFilterTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include uploadpack.allowFilter in advertisement",
                )
                .fail(format!("HTTP request failed: {}", e))
@@ -129,7 +130,7 @@ impl GitFilterTests {
        if !response.status().is_success() {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST include uploadpack.allowFilter in advertisement",
            )
            .fail(format!(
@@ -144,7 +145,7 @@ impl GitFilterTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST include uploadpack.allowFilter in advertisement",
                )
                .fail(format!("Failed to read response body: {}", e))
@@ -155,7 +156,7 @@ impl GitFilterTests {
        if !body.contains("filter") {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST include uploadpack.allowFilter in advertisement",
            )
            .fail("Missing capability: filter");
@@ -163,7 +164,7 @@ impl GitFilterTests {
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:42",
+            SpecRef::GitIncludeAllowSha1InWant,
            "MUST include uploadpack.allowFilter in advertisement",
        )
        .pass()
@@ -184,12 +185,12 @@ impl GitFilterTests {
        let ctx = TestContext::new(client);
        // Create repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST serve filtered clone requests",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -243,7 +244,7 @@ impl GitFilterTests {
                cleanup();
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST serve filtered clone requests",
                )
                .fail(format!("Failed to execute git clone: {}", e));
@@ -255,7 +256,7 @@ impl GitFilterTests {
            let stderr = String::from_utf8_lossy(&output.stderr);
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST serve filtered clone requests",
            )
            .fail(format!("Filtered git clone failed: {}", stderr));
@@ -266,7 +267,7 @@ impl GitFilterTests {
            cleanup();
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST serve filtered clone requests",
            )
            .fail("Filtered clone missing .git directory");
@@ -275,7 +276,7 @@ impl GitFilterTests {
        cleanup();
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:42",
+            SpecRef::GitIncludeAllowSha1InWant,
            "MUST serve filtered clone requests",
        )
        .pass()
@@ -295,12 +296,12 @@ impl GitFilterTests {
        let ctx = TestContext::new(client);
        // Create repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST serve filtered fetch requests",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -352,7 +353,7 @@ impl GitFilterTests {
            cleanup();
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST serve filtered fetch requests",
            )
            .fail("Failed to create initial shallow clone for fetch test");
@@ -371,7 +372,7 @@ impl GitFilterTests {
                cleanup();
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:42",
+                    SpecRef::GitIncludeAllowSha1InWant,
                    "MUST serve filtered fetch requests",
                )
                .fail(format!("Failed to execute git fetch: {}", e));
@@ -383,7 +384,7 @@ impl GitFilterTests {
            let stderr = String::from_utf8_lossy(&output.stderr);
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:42",
+                SpecRef::GitIncludeAllowSha1InWant,
                "MUST serve filtered fetch requests",
            )
            .fail(format!("Filtered git fetch failed: {}", stderr));
@@ -392,7 +393,7 @@ impl GitFilterTests {
        cleanup();
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:42",
+            SpecRef::GitIncludeAllowSha1InWant,
            "MUST serve filtered fetch requests",
        )
        .pass()
diff --git a/grasp-audit/src/specs/grasp01/mod.rs b/grasp-audit/src/specs/grasp01/mod.rs
index 0a819ee..1694f58 100644
--- a/grasp-audit/src/specs/grasp01/mod.rs
+++ b/grasp-audit/src/specs/grasp01/mod.rs
@@ -19,6 +19,7 @@ pub mod git_clone;
 pub mod git_filter;
 pub mod nip01_smoke;
 pub mod nip11_document;
+pub mod purgatory;
 pub mod push_authorization;
 pub mod repository_creation;
 pub mod spec_requirements;
@@ -29,9 +30,10 @@ pub use git_clone::GitCloneTests;
 pub use git_filter::GitFilterTests;
 pub use nip01_smoke::Nip01SmokeTests;
 pub use nip11_document::Nip11DocumentTests;
+pub use purgatory::PurgatoryTests;
 pub use push_authorization::PushAuthorizationTests;
 pub use repository_creation::RepositoryCreationTests;
 pub use spec_requirements::{
-    get_requirement, get_requirements_for_section, get_sections, RequirementLevel, SpecRequirement,
+    get_requirement, get_requirement_by_ref, get_requirements_for_section, get_sections,
-    GRASP_01_REQUIREMENTS, GRASP_COMMIT_ID,
+    RequirementLevel, SpecRef, SpecRequirement, GRASP_01_REQUIREMENTS, GRASP_COMMIT_ID,
 };
diff --git a/grasp-audit/src/specs/grasp01/nip01_smoke.rs b/grasp-audit/src/specs/grasp01/nip01_smoke.rs
index 4d0b8a4..e3206fc 100644
--- a/grasp-audit/src/specs/grasp01/nip01_smoke.rs
+++ b/grasp-audit/src/specs/grasp01/nip01_smoke.rs
@@ -4,6 +4,7 @@
 //! We don't comprehensively test NIP-01 because rust-nostr already has 1000+ tests.
 //! These are just smoke tests to ensure the relay is working at all.
+use crate::specs::grasp01::SpecRef;
 use crate::{AuditClient, AuditResult, FixtureKind, TestContext, TestResult};
 use nostr_sdk::prelude::*;
@@ -32,8 +33,8 @@ impl Nip01SmokeTests {
    pub async fn test_websocket_connection(client: &AuditClient) -> TestResult {
        TestResult::new(
            "websocket_connection",
-            "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayNip01Compliant,
-            "Can establish WebSocket connection to /",
+            "MUST serve a relay at / via WebSocket",
        )
        .run(|| async {
            if !client.is_connected().await {
@@ -61,16 +62,16 @@ impl Nip01SmokeTests {
    pub async fn test_send_receive_event(client: &AuditClient) -> TestResult {
        TestResult::new(
            "send_receive_event",
-            "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayNip01Compliant,
-            "Can send EVENT and receive OK response",
+            "MUST accept valid EVENT messages",
        )
        .run(|| async {
-            // Step 1: GENERATE - Create TestContext and get ValidRepo fixture
+            // Step 1: GENERATE - Create TestContext and get ValidRepoServed fixture
            let ctx = TestContext::new(client);
            let event = ctx
-                .get_fixture(FixtureKind::ValidRepo)
+                .get_fixture(FixtureKind::ValidRepoServed)
                .await
-                .map_err(|e| format!("Failed to create ValidRepo fixture: {}", e))?;
+                .map_err(|e| format!("Failed to create ValidRepoServed fixture: {}", e))?;
            let event_id = event.id;
@@ -121,22 +122,22 @@ impl Nip01SmokeTests {
    ///
    /// ## Fixture-First Pattern
    ///
-    /// 1. **Generate**: Create TestContext and get ValidRepo fixture
+    /// 1. **Generate**: Create TestContext and get ValidRepoServed fixture
    /// 2. **Send**: Fixture already sends the event to relay
    /// 3. **Verify**: Subscribe and verify we receive the event
    pub async fn test_create_subscription(client: &AuditClient) -> TestResult {
        TestResult::new(
            "create_subscription",
-            "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayNip01Compliant,
-            "Can create subscription with REQ and receive EOSE",
+            "MUST support REQ subscriptions",
        )
        .run(|| async {
-            // Step 1: GENERATE - Create TestContext and get ValidRepo fixture
+            // Step 1: GENERATE - Create TestContext and get ValidRepoServed fixture
            let ctx = TestContext::new(client);
            let _event = ctx
-                .get_fixture(FixtureKind::ValidRepo)
+                .get_fixture(FixtureKind::ValidRepoServed)
                .await
-                .map_err(|e| format!("Failed to create ValidRepo fixture: {}", e))?;
+                .map_err(|e| format!("Failed to create ValidRepoServed fixture: {}", e))?;
            // Step 2: VERIFY - Subscribe to NIP-34 announcements from this author
            let filter = Filter::new()
@@ -165,8 +166,8 @@ impl Nip01SmokeTests {
    pub async fn test_close_subscription(client: &AuditClient) -> TestResult {
        TestResult::new(
            "close_subscription",
-            "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayNip01Compliant,
-            "Can close subscriptions",
+            "MUST support CLOSE to end subscriptions",
        )
        .run(|| async {
            // For now, we just verify we can query events
@@ -193,8 +194,8 @@ impl Nip01SmokeTests {
    pub async fn test_reject_invalid_signature(client: &AuditClient) -> TestResult {
        TestResult::new(
            "reject_invalid_signature",
-            "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayNip01Compliant,
-            "Rejects events with invalid signatures",
+            "MUST reject events with invalid signatures",
        )
        .run(|| async {
            // Create a valid event
@@ -247,8 +248,8 @@ impl Nip01SmokeTests {
    pub async fn test_reject_invalid_event_id(client: &AuditClient) -> TestResult {
        TestResult::new(
            "reject_invalid_event_id",
-            "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayNip01Compliant,
-            "Rejects events with invalid event IDs",
+            "MUST reject events where ID doesn't match hash",
        )
        .run(|| async {
            // Create a valid event
diff --git a/grasp-audit/src/specs/grasp01/nip11_document.rs b/grasp-audit/src/specs/grasp01/nip11_document.rs
index 19ceace..5bf53bd 100644
--- a/grasp-audit/src/specs/grasp01/nip11_document.rs
+++ b/grasp-audit/src/specs/grasp01/nip11_document.rs
@@ -8,6 +8,7 @@
 //! - Includes repo_acceptance_criteria field describing acceptance policy
 //! - Handles curation field correctly (present if curated, absent otherwise)
+use crate::specs::grasp01::SpecRef;
 use crate::{AuditClient, AuditResult, TestResult};
 pub struct Nip11DocumentTests;
@@ -37,8 +38,8 @@ impl Nip11DocumentTests {
    pub async fn test_nip11_document_exists(client: &AuditClient) -> TestResult {
        TestResult::new(
            "nip11_document_exists",
-            "GRASP-01:nostr-relay:26",
+            SpecRef::Nip11ServeDocument,
-            "Serve NIP-11 relay information document",
+            "MUST serve NIP-11 document",
        )
        .run(|| async {
            // 1. Extract HTTP(S) URL from client's WebSocket URL
@@ -96,8 +97,8 @@ impl Nip11DocumentTests {
    pub async fn test_nip11_supported_grasps_field(client: &AuditClient) -> TestResult {
        TestResult::new(
            "nip11_supported_grasps_field",
-            "GRASP-01:nostr-relay:28",
+            SpecRef::Nip11ListSupportedGrasps,
-            "NIP-11 document includes supported_grasps field with GRASP-01",
+            "MUST list supported GRASPs as string array",
        )
        .run(|| async {
            // 1. Fetch NIP-11 document
@@ -172,8 +173,8 @@ impl Nip11DocumentTests {
    pub async fn test_nip11_repo_acceptance_criteria_field(client: &AuditClient) -> TestResult {
        TestResult::new(
            "nip11_repo_acceptance_criteria_field",
-            "GRASP-01:nostr-relay:29",
+            SpecRef::Nip11ListRepoAcceptanceCriteria,
-            "NIP-11 document includes repo_acceptance_criteria field",
+            "MUST list repository acceptance criteria",
        )
        .run(|| async {
            // 1. Fetch NIP-11 document
@@ -227,8 +228,8 @@ impl Nip11DocumentTests {
    pub async fn test_nip11_curation_field(client: &AuditClient) -> TestResult {
        TestResult::new(
            "nip11_curation_field",
-            "GRASP-01:nostr-relay:30",
+            SpecRef::Nip11ListCurationPolicy,
-            "NIP-11 curation field present if curated, absent otherwise",
+            "MUST include curation if curated, omit otherwise",
        )
        .run(|| async {
            // 1. Fetch NIP-11 document
diff --git a/grasp-audit/src/specs/grasp01/purgatory.rs b/grasp-audit/src/specs/grasp01/purgatory.rs
new file mode 100644
index 0000000..29eabad
--- /dev/null
+++ b/grasp-audit/src/specs/grasp01/purgatory.rs
@@ -0,0 +1,983 @@
+//! GRASP-01 Purgatory Tests
+//!
+//! Tests for the GRASP-01 purgatory mechanism where events are accepted but not
+//! served until corresponding git data arrives.
+//!
+//! ## Purgatory Behavior (GRASP-01 Line 22)
+//!
+//! "New repository announcements, repo state announcements, PRs and PR Updates
+//! SHOULD be accepted with message 'purgatory: won't be served until git data arrives'
+//! and kept in purgatory (not served) until the related git data arrives and otherwise
+//! discarded after 30 minutes."
+//!
+//! ## Test Categories
+//!
+//! ### Announcement Purgatory (feature not yet implemented)
+//! - `test_announcement_not_served_before_git_data`
+//! - `test_announcement_served_after_git_push`
+//! - `test_bare_repo_exists_for_purgatory_announcement`
+//! - `test_state_event_accepted_for_purgatory_announcement`
+//!
+//! ### State Event Purgatory (already implemented)
+//! - `test_state_event_not_served_before_git_data`
+//! - `test_state_event_served_after_git_push`
+//!
+//! ### PR Purgatory (already implemented)
+//! - `test_pr_event_accepted_into_purgatory` - Event accepted, not queryable
+//! - `test_pr_event_in_purgatory_git_push_accepted` - Git push to refs/nostr/<event-id> succeeds
+//! - `test_pr_event_served_after_git_push` - Event becomes queryable after git data
+use crate::fixtures::{clone_repo, create_commit, try_push};
+use crate::specs::grasp01::SpecRef;
+use crate::{AuditClient, AuditResult, FixtureKind, TestContext, TestResult};
+use nostr_sdk::prelude::*;
+use std::fs;
+use std::time::Duration;
+/// Test suite for GRASP-01 purgatory behavior
+pub struct PurgatoryTests;
+impl PurgatoryTests {
+    /// Run all purgatory tests
+    pub async fn run_all(client: &AuditClient) -> AuditResult {
+        let mut results = AuditResult::new("GRASP-01 Purgatory Tests");
+        // Announcement purgatory tests (feature not yet implemented)
+        results.add(Self::test_announcement_not_served_before_git_data(client).await);
+        results.add(Self::test_announcement_served_after_git_push(client).await);
+        results.add(Self::test_bare_repo_exists_for_purgatory_announcement(client).await);
+        results.add(Self::test_state_event_accepted_for_purgatory_announcement(client).await);
+        // Deletion event tests (NIP-09)
+        results.add(Self::test_deletion_by_event_id_removes_purgatory_state_event(client).await);
+        results.add(
+            Self::test_deletion_by_coordinate_removes_purgatory_state_event(client).await,
+        );
+        // State event purgatory tests (already implemented)
+        results.add(Self::test_state_event_not_served_before_git_data(client).await);
+        results.add(Self::test_state_event_served_after_git_push(client).await);
+        // PR purgatory tests
+        results.add(Self::test_pr_event_accepted_into_purgatory_and_isnt_served(client).await);
+        results.add(Self::test_pr_event_in_purgatory_git_push_accepted(client).await);
+        results.add(Self::test_pr_event_served_after_git_push(client).await);
+        results
+    }
+    // ============================================================
+    // Announcement Purgatory Tests (#[ignore] - feature not yet implemented)
+    // ============================================================
+    /// Test: Repository announcement not served before git data arrives
+    ///
+    /// Spec: GRASP-01 Line 22
+    /// "New repository announcements... SHOULD be accepted with message
+    /// 'purgatory: won't be served until git data arrives' and kept in purgatory
+    /// (not served) until the related git data arrives"
+    ///
+    /// This test verifies:
+    /// 1. Send a valid repository announcement
+    /// 2. Event is accepted (OK response)
+    /// 3. Event is NOT queryable from the relay (in purgatory)
+    ///
+    /// NOTE: Announcement purgatory feature not yet implemented - test may fail
+    pub async fn test_announcement_not_served_before_git_data(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "announcement_not_served_before_git_data",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "Repository announcements SHOULD be accepted but not served until git data arrives",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // Create a fresh repo announcement (not the served variant)
+            let repo = ctx
+                .get_fixture(FixtureKind::ValidRepoSent)
+                .await
+                .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
+            let repo_id = repo
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in repo announcement")?
+                .to_string();
+            // Query for the announcement - should NOT be served
+            let filter = Filter::new()
+                .kind(Kind::GitRepoAnnouncement)
+                .author(client.public_key())
+                .identifier(&repo_id);
+            tokio::time::sleep(Duration::from_millis(300)).await;
+            let events = client
+                .query(filter)
+                .await
+                .map_err(|e| format!("Failed to query relay: {}", e))?;
+            if events.iter().any(|e| e.id == repo.id) {
+                return Err(format!(
+                    "Announcement was served immediately - purgatory not implemented. \
+                     Event ID: {} should NOT be queryable until git data arrives",
+                    repo.id
+                ));
+            }
+            Ok(())
+        })
+        .await
+    }
+    /// Test: Repository announcement served after git push
+    ///
+    /// Spec: GRASP-01 Line 22
+    /// "...kept in purgatory (not served) until the related git data arrives"
+    ///
+    /// This test verifies the full lifecycle:
+    /// 1. Send repository announcement (enters purgatory)
+    /// 2. Send state event (enters purgatory)
+    /// 3. Push git data matching state event
+    /// 4. Both announcement and state event are now served
+    ///
+    /// NOTE: Announcement purgatory feature not yet implemented - test may fail
+    pub async fn test_announcement_served_after_git_push(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "announcement_served_after_git_push",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "Repository announcements SHOULD be served after git data arrives",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // OwnerStateDataPushed fixture handles the full lifecycle:
+            // 1. Creates repo announcement (purgatory)
+            // 2. Creates state event (purgatory)
+            // 3. Pushes git data
+            // 4. Verifies events are served
+            let state_event = ctx
+                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .await
+                .map_err(|e| format!("Failed to complete full lifecycle: {}", e))?;
+            // Extract repo_id from state event
+            let repo_id = state_event
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in state event")?
+                .to_string();
+            // Verify announcement is now served
+            let announcement_filter = Filter::new()
+                .kind(Kind::GitRepoAnnouncement)
+                .author(client.public_key())
+                .identifier(&repo_id);
+            let announcements = client
+                .query(announcement_filter)
+                .await
+                .map_err(|e| format!("Failed to query announcements: {}", e))?;
+            if announcements.is_empty() {
+                return Err(format!(
+                    "Announcement not served after git push. Repo ID: {}",
+                    repo_id
+                ));
+            }
+            // Verify state event is served
+            let state_filter = Filter::new()
+                .kind(Kind::RepoState)
+                .author(client.public_key())
+                .identifier(&repo_id);
+            let state_events = client
+                .query(state_filter)
+                .await
+                .map_err(|e| format!("Failed to query state events: {}", e))?;
+            if !state_events.iter().any(|e| e.id == state_event.id) {
+                return Err(format!(
+                    "State event not served after git push. Event ID: {}",
+                    state_event.id
+                ));
+            }
+            Ok(())
+        })
+        .await
+    }
+    /// Test: Bare repository exists for purgatory announcement
+    ///
+    /// Spec: GRASP-01 Line 34
+    /// "MUST serve a git repository via an unauthenticated git smart http service
+    /// at `/<npub>/<identifier>.git` for each git repository announcement the relay
+    /// serves or has in purgatory."
+    ///
+    /// This test verifies that git HTTP service works even for repos in purgatory.
+    ///
+    /// NOTE: Announcement purgatory feature not yet implemented - test may fail
+    pub async fn test_bare_repo_exists_for_purgatory_announcement(
+        client: &AuditClient,
+    ) -> TestResult {
+        TestResult::new(
+            "bare_repo_exists_for_purgatory_announcement",
+            SpecRef::GitServeRepository,
+            "Git HTTP service MUST work for repos in purgatory",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // Get a repo announcement (in purgatory, no git data yet)
+            let repo = ctx
+                .get_fixture(FixtureKind::ValidRepoSent)
+                .await
+                .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
+            let repo_id = repo
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in repo announcement")?
+                .to_string();
+            let npub = client
+                .public_key()
+                .to_bech32()
+                .map_err(|e| format!("Failed to convert pubkey: {}", e))?;
+            // Get relay domain
+            let relay_url = client
+                .client()
+                .relays()
+                .await
+                .keys()
+                .next()
+                .ok_or("No relay connected")?
+                .to_string();
+            let relay_domain = relay_url
+                .replace("ws://", "")
+                .replace("wss://", "")
+                .replace(":8080", "");
+            // Check git HTTP service is available
+            let info_refs_url = format!(
+                "http://{}/{}/{}.git/info/refs?service=git-upload-pack",
+                relay_domain, npub, repo_id
+            );
+            let http_client = reqwest::Client::new();
+            let response = http_client
+                .get(&info_refs_url)
+                .send()
+                .await
+                .map_err(|e| format!("HTTP request failed: {}", e))?;
+            if !response.status().is_success() {
+                return Err(format!(
+                    "Git HTTP service not available for purgatory repo. \
+                     URL: {}, Status: {}",
+                    info_refs_url,
+                    response.status()
+                ));
+            }
+            Ok(())
+        })
+        .await
+    }
+    /// Test: State event accepted for purgatory announcement
+    ///
+    /// Spec: GRASP-01 Line 22
+    /// "New repository announcements, repo state announcements... SHOULD be accepted"
+    ///
+    /// This test verifies that state events are accepted even when the repo
+    /// announcement is in purgatory (no git data yet).
+    ///
+    /// NOTE: Announcement purgatory feature not yet implemented - test may fail
+    pub async fn test_state_event_accepted_for_purgatory_announcement(
+        client: &AuditClient,
+    ) -> TestResult {
+        TestResult::new(
+            "state_event_accepted_for_purgatory_announcement",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "State events SHOULD be accepted for repos in purgatory",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // Get a repo announcement (in purgatory)
+            let repo = ctx
+                .get_fixture(FixtureKind::ValidRepoSent)
+                .await
+                .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
+            // Build a state event for this repo
+            let repo_id = repo
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in repo announcement")?
+                .to_string();
+            let state_event = client
+                .event_builder(Kind::RepoState, "")
+                .tag(Tag::identifier(&repo_id))
+                .tag(Tag::custom(
+                    TagKind::custom("refs/heads/main"),
+                    vec!["abc123".to_string()],
+                ))
+                .tag(Tag::custom(
+                    TagKind::custom("HEAD"),
+                    vec!["ref: refs/heads/main".to_string()],
+                ))
+                .build(client.keys())
+                .map_err(|e| format!("Failed to build state event: {}", e))?;
+            // Send state event - should be accepted (even though repo is in purgatory)
+            let (_, in_purgatory) = client
+                .send_event_and_note_purgatory(state_event.clone())
+                .await
+                .map_err(|e| format!("Failed to send state event: {}", e))?;
+            // Event should be accepted (either in purgatory or served)
+            // We just verify it wasn't rejected
+            if !in_purgatory {
+                // Check if it's actually on the relay (might be served immediately)
+                let filter = Filter::new()
+                    .kind(Kind::RepoState)
+                    .author(client.public_key())
+                    .identifier(&repo_id);
+                let events = client
+                    .query(filter)
+                    .await
+                    .map_err(|e| format!("Failed to query: {}", e))?;
+                if events.iter().any(|e| e.id == state_event.id) {
+                    return Err(format!(
+                        "State event was served immediately - repo announcement purgatory not implemented. \
+                         Event ID: {} should NOT be queryable until git data arrives",
+                        state_event.id
+                    ));
+                }
+                return Err(format!(
+                    "State event was neither in purgatory nor served. \
+                     Event ID: {}",
+                    state_event.id
+                ));
+            }
+            // Feature IS implemented - state event in purgatory as expected
+            Ok(())
+        })
+        .await
+    }
+    // ============================================================
+    // State Event Purgatory Tests (non-ignored - already implemented)
+    // ============================================================
+    /// Test: State event not served before git data arrives
+    ///
+    /// Spec: GRASP-01 Line 22
+    /// "repo state announcements... SHOULD be accepted with message
+    /// 'purgatory: won't be served until git data arrives'"
+    ///
+    /// This test verifies:
+    /// 1. Send state event for a repo with git data
+    /// 2. State event points to a different commit than what's pushed
+    /// 3. State event is NOT queryable (in purgatory)
+    pub async fn test_state_event_not_served_before_git_data(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "state_event_not_served_before_git_data",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "State events SHOULD be accepted but not served until git data arrives",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // Get a repo with git data already pushed
+            let existing_state = ctx
+                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .await
+                .map_err(|e| format!("Failed to get existing repo: {}", e))?;
+            let repo_id = existing_state
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in state event")?
+                .to_string();
+            // Create a NEW state event pointing to a DIFFERENT commit
+            // This should enter purgatory since the commit doesn't exist
+            let new_state = client
+                .event_builder(Kind::RepoState, "")
+                .tag(Tag::identifier(&repo_id))
+                .tag(Tag::custom(
+                    TagKind::custom("refs/heads/main"),
+                    vec!["deadbeefdeadbeefdeadbeefdeadbeefdeadbeef".to_string()],
+                ))
+                .tag(Tag::custom(
+                    TagKind::custom("HEAD"),
+                    vec!["ref: refs/heads/main".to_string()],
+                ))
+                .build(client.keys())
+                .map_err(|e| format!("Failed to build state event: {}", e))?;
+            // Send the state event
+            let (_, in_purgatory) = client
+                .send_event_and_note_purgatory(new_state.clone())
+                .await
+                .map_err(|e| format!("Failed to send state event: {}", e))?;
+            if !in_purgatory {
+                return Err(format!(
+                    "State event was served immediately despite pointing to \
+                     non-existent commit. Event ID: {}",
+                    new_state.id
+                ));
+            }
+            Ok(())
+        })
+        .await
+    }
+    /// Test: State event served after git push
+    ///
+    /// Spec: GRASP-01 Line 22
+    /// "...kept in purgatory (not served) until the related git data arrives"
+    ///
+    /// This test verifies the full lifecycle using OwnerStateDataPushed fixture:
+    /// 1. State event is sent (enters purgatory)
+    /// 2. Git data is pushed matching the state event
+    /// 3. State event is now served
+    pub async fn test_state_event_served_after_git_push(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "state_event_served_after_git_push",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "State events SHOULD be served after matching git data arrives",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // OwnerStateDataPushed handles the full lifecycle
+            let state_event = ctx
+                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .await
+                .map_err(|e| format!("Failed to complete full lifecycle: {}", e))?;
+            // Verify state event is now served
+            let repo_id = state_event
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in state event")?
+                .to_string();
+            let filter = Filter::new()
+                .kind(Kind::RepoState)
+                .author(client.public_key())
+                .identifier(&repo_id);
+            let events = client
+                .query(filter)
+                .await
+                .map_err(|e| format!("Failed to query state events: {}", e))?;
+            if !events.iter().any(|e| e.id == state_event.id) {
+                return Err(format!(
+                    "State event not served after git push. Event ID: {}",
+                    state_event.id
+                ));
+            }
+            Ok(())
+        })
+        .await
+    }
+    // ============================================================
+    // PR Purgatory Tests
+    // ============================================================
+    /// Test: PR event accepted into purgatory (not served before git data)
+    ///
+    /// Spec: GRASP-01 Line 22
+    /// "PRs and PR Updates SHOULD be accepted with message
+    /// 'purgatory: won't be served until git data arrives'"
+    ///
+    /// This test verifies:
+    /// 1. PR event is sent and relay responds OK (accepted)
+    /// 2. PR event is NOT queryable (in purgatory, not served)
+    ///
+    /// PASS means: Relay accepted the event and is holding it in purgatory
+    /// FAIL means: Either event was rejected, or served immediately (purgatory not implemented)
+    ///
+    /// Note: This test cannot distinguish between "event in purgatory" and
+    /// "event accepted but never stored" - both result in event not being queryable.
+    /// The fixture verifies the relay responded OK, which is the best we can do
+    /// with black-box testing.
+    pub async fn test_pr_event_accepted_into_purgatory_and_isnt_served(
+        client: &AuditClient,
+    ) -> TestResult {
+        TestResult::new(
+            "pr_event_accepted_into_purgatory",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "PR event SHOULD be accepted but not served until git data arrives",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // PREvent2Sent fixture:
+            // 1. Sends PR event
+            // 2. Verifies relay responded OK (not rejected)
+            // 3. Verifies event is NOT queryable (in purgatory)
+            let pr_event = ctx
+                .get_fixture(FixtureKind::PREvent2Sent)
+                .await
+                .map_err(|e| format!("Failed to send PR event: {}", e))?;
+            // Double-check: event should not be queryable
+            let filter = Filter::new()
+                .kind(Kind::GitPullRequest)
+                .author(client.pr_author_keys().public_key())
+                .id(pr_event.id);
+            tokio::time::sleep(Duration::from_millis(300)).await;
+            let events = client
+                .query(filter)
+                .await
+                .map_err(|e| format!("Failed to query PR events: {}", e))?;
+            if !events.is_empty() {
+                return Err(format!(
+                    "PR event was served immediately - purgatory not implemented. Event ID: {}",
+                    pr_event.id
+                ));
+            }
+            Ok(())
+        })
+        .await
+    }
+    /// Test: Git push to refs/nostr/<pr-event-id> is accepted
+    ///
+    /// This test verifies that pushing git data for a PR event in purgatory
+    /// is accepted by the relay.
+    ///
+    /// PASS means: Git push succeeded, relay accepted the git data
+    /// FAIL means: Git push was rejected (wrong ref, permissions, etc.)
+    pub async fn test_pr_event_in_purgatory_git_push_accepted(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "pr_event_in_purgatory_git_push_accepted",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "Git push for PR event SHOULD be accepted",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // PREvent2GitDataPushed fixture:
+            // 1. Gets PR event in purgatory (PREvent2Sent)
+            // 2. Pushes commit to refs/nostr/<pr-event-id>
+            // 3. Verifies push succeeded
+            let _pr_event = ctx
+                .get_fixture(FixtureKind::PREvent2GitDataPushed)
+                .await
+                .map_err(|e| format!("Failed to push git data for PR event: {}", e))?;
+            Ok(())
+        })
+        .await
+    }
+    /// Test: PR event served after git data arrives
+    ///
+    /// This test verifies the full purgatory release mechanism:
+    /// after git data is pushed to refs/nostr/<pr-event-id>, the event
+    /// becomes queryable.
+    ///
+    /// PASS means: Event was released from purgatory and is now served
+    /// FAIL means: Event still not queryable after git push (purgatory release broken)
+    pub async fn test_pr_event_served_after_git_push(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "pr_event_served_after_git_push",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "PR event SHOULD be served after matching git data arrives",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // PREvent2Served fixture:
+            // 1. Gets PR event with git data pushed (PREvent2GitDataPushed)
+            // 2. Verifies event is now queryable
+            let pr_event = ctx
+                .get_fixture(FixtureKind::PREvent2Served)
+                .await
+                .map_err(|e| format!("Failed to complete purgatory release: {}", e))?;
+            // Double-check: event should be queryable now
+            let filter = Filter::new()
+                .kind(Kind::GitPullRequest)
+                .author(client.pr_author_keys().public_key())
+                .id(pr_event.id);
+            let events = client
+                .query(filter)
+                .await
+                .map_err(|e| format!("Failed to query PR events: {}", e))?;
+            if events.is_empty() {
+                return Err(format!(
+                    "PR event not served after git push. Event ID: {} should be queryable",
+                    pr_event.id
+                ));
+            }
+            Ok(())
+        })
+        .await
+    }
+    // ============================================================
+    // Deletion Event Tests (NIP-09)
+    // ============================================================
+    /// Test: Kind 5 deletion event by event ID removes a purgatory state event
+    ///
+    /// Spec: NIP-09
+    /// "A special event with kind 5... having a list of one or more `e` or `a` tags,
+    /// each referencing an event the author is requesting to be deleted."
+    ///
+    /// This test verifies:
+    /// 1. Get a promoted repo (OwnerStateDataPushed) so git pushes are possible
+    /// 2. Clone the repo and create a unique commit (not yet pushed)
+    /// 3. Submit a state event pointing to that unique commit (enters purgatory)
+    /// 4. Send a kind 5 deletion event referencing the state event by event ID
+    /// 5. Attempt to push the unique commit — MUST be rejected (no authorized state event)
+    pub async fn test_deletion_by_event_id_removes_purgatory_state_event(
+        client: &AuditClient,
+    ) -> TestResult {
+        TestResult::new(
+            "deletion_by_event_id_removes_purgatory_state_event",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "Kind 5 deletion by event ID SHOULD remove a purgatory state event, causing push rejection",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // Stage 1: get a promoted repo with git data already on the relay
+            let existing_state = ctx
+                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .await
+                .map_err(|e| format!("Failed to get promoted repo: {}", e))?;
+            let repo_id = existing_state
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in state event")?
+                .to_string();
+            let relay_domain = client
+                .relay_url()
+                .await
+                .map_err(|e| e.to_string())?
+                .trim_start_matches("ws://")
+                .trim_start_matches("wss://")
+                .to_string();
+            let npub = client
+                .public_key()
+                .to_bech32()
+                .map_err(|e| e.to_string())?;
+            // Stage 2: clone the repo and create a unique commit (not pushed yet)
+            let clone_path = clone_repo(&relay_domain, &npub, &repo_id)
+                .map_err(|e| format!("Failed to clone repo: {}", e))?;
+            let cleanup = || { let _ = fs::remove_dir_all(&clone_path); };
+            let unique_commit = match create_commit(&clone_path, "deletion test unique commit") {
+                Ok(h) => h,
+                Err(e) => { cleanup(); return Err(format!("Failed to create commit: {}", e)); }
+            };
+            // Stage 3: submit a state event pointing to the unique commit (enters purgatory)
+            let state_event = client
+                .event_builder(Kind::RepoState, "")
+                .tag(Tag::identifier(&repo_id))
+                .tag(Tag::custom(
+                    TagKind::custom("refs/heads/main"),
+                    vec![unique_commit.clone()],
+                ))
+                .tag(Tag::custom(
+                    TagKind::custom("HEAD"),
+                    vec!["ref: refs/heads/main".to_string()],
+                ))
+                .build(client.keys())
+                .map_err(|e| { cleanup(); format!("Failed to build state event: {}", e) })?;
+            let (_, in_purgatory) = client
+                .send_event_and_note_purgatory(state_event.clone())
+                .await
+                .map_err(|e| { cleanup(); format!("Failed to send state event: {}", e) })?;
+            if !in_purgatory {
+                cleanup();
+                return Err(format!(
+                    "State event was served immediately (not in purgatory). \
+                     Commit {} may already exist on relay.",
+                    unique_commit
+                ));
+            }
+            // Stage 4: send kind 5 deletion event referencing the state event by event ID
+            let deletion = client
+                .event_builder(Kind::EventDeletion, "")
+                .tag(Tag::event(state_event.id))
+                .tag(Tag::custom(TagKind::custom("k"), vec!["30618"]))
+                .build(client.keys())
+                .map_err(|e| { cleanup(); format!("Failed to build deletion event: {}", e) })?;
+            client
+                .send_event(deletion)
+                .await
+                .map_err(|e| { cleanup(); format!("Relay rejected deletion event: {}", e) })?;
+            tokio::time::sleep(Duration::from_millis(300)).await;
+            // Stage 5: attempt to push the unique commit — must be rejected
+            let push_result = try_push(&clone_path);
+            cleanup();
+            match push_result {
+                Ok(false) => Ok(()), // push rejected as expected
+                Ok(true) => Err(format!(
+                    "Push was accepted but should have been rejected. \
+                     The state event (id={}) was deleted, so commit {} \
+                     should not be authorized.",
+                    state_event.id, unique_commit
+                )),
+                Err(e) => Err(format!("Git push error: {}", e)),
+            }
+        })
+        .await
+    }
+    /// Test: Kind 5 deletion event by `a` tag coordinate removes a purgatory state event
+    ///
+    /// Spec: NIP-09
+    /// "When an `a` tag is used, relays SHOULD delete all versions of the replaceable
+    /// event up to the `created_at` timestamp of the deletion request event."
+    ///
+    /// This test verifies:
+    /// 1. Get a promoted repo (OwnerStateDataPushed) so git pushes are possible
+    /// 2. Generate a fresh keypair for a new maintainer
+    /// 3. Send a replacement owner announcement adding the new maintainer (goes to DB)
+    /// 4. Send a state event signed by the new maintainer pointing to a unique commit
+    ///    (enters purgatory — maintainer is authorized but commit doesn't exist yet)
+    /// 5. Delete by coordinate `30618:<new_maintainer_pubkey>:<identifier>`
+    /// 6. Clone repo, create that unique commit, attempt to push — MUST be rejected
+    ///    (the state event was deleted, so the commit is no longer authorized)
+    pub async fn test_deletion_by_coordinate_removes_purgatory_state_event(
+        client: &AuditClient,
+    ) -> TestResult {
+        TestResult::new(
+            "deletion_by_coordinate_removes_purgatory_state_event",
+            SpecRef::PurgatoryAcceptUntilGitData,
+            "Kind 5 deletion by `a` coordinate SHOULD remove a purgatory state event, causing push rejection",
+        )
+        .run(|| async {
+            let ctx = TestContext::new(client);
+            // Stage 1: get a promoted repo with git data already on the relay
+            let existing_state = ctx
+                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .await
+                .map_err(|e| format!("Failed to get promoted repo: {}", e))?;
+            let repo_id = existing_state
+                .tags
+                .iter()
+                .find(|t| t.kind() == TagKind::d())
+                .and_then(|t| t.content())
+                .ok_or("Missing d tag in state event")?
+                .to_string();
+            // Stage 2: generate a fresh keypair for a new maintainer
+            let new_maintainer_keys = Keys::generate();
+            let new_maintainer_hex = new_maintainer_keys.public_key().to_hex();
+            // Stage 3: send a replacement owner announcement that adds the new maintainer.
+            // This is a replacement (same pubkey + identifier already in DB) so it goes
+            // straight to the database without entering purgatory.
+            let relay_url = client
+                .relay_url()
+                .await
+                .map_err(|e| e.to_string())?;
+            let http_url = relay_url
+                .replace("ws://", "http://")
+                .replace("wss://", "https://");
+            let npub = client
+                .public_key()
+                .to_bech32()
+                .map_err(|e| e.to_string())?;
+            let replacement_announcement = client
+                .event_builder(Kind::GitRepoAnnouncement, "")
+                .tag(Tag::identifier(&repo_id))
+                .tag(Tag::custom(
+                    TagKind::custom("clone"),
+                    vec![format!("{}/{}/{}.git", http_url, npub, repo_id)],
+                ))
+                .tag(Tag::custom(
+                    TagKind::custom("relays"),
+                    vec![relay_url.clone()],
+                ))
+                .tag(Tag::custom(
+                    TagKind::custom("maintainers"),
+                    vec![new_maintainer_hex.clone()],
+                ))
+                .build(client.keys())
+                .map_err(|e| format!("Failed to build replacement announcement: {}", e))?;
+            client
+                .send_event(replacement_announcement)
+                .await
+                .map_err(|e| format!("Relay rejected replacement announcement: {}", e))?;
+            tokio::time::sleep(Duration::from_millis(200)).await;
+            // Stage 4: clone the repo and create a unique commit (not pushed yet)
+            let relay_domain = relay_url
+                .trim_start_matches("ws://")
+                .trim_start_matches("wss://")
+                .to_string();
+            let clone_path = clone_repo(&relay_domain, &npub, &repo_id)
+                .map_err(|e| format!("Failed to clone repo: {}", e))?;
+            let cleanup = || { let _ = fs::remove_dir_all(&clone_path); };
+            let unique_commit = match create_commit(&clone_path, "deletion coordinate test unique commit") {
+                Ok(h) => h,
+                Err(e) => { cleanup(); return Err(format!("Failed to create commit: {}", e)); }
+            };
+            // Stage 5: submit a state event signed by the new maintainer pointing to the
+            // unique commit. The new maintainer is now authorized (listed in the replacement
+            // announcement), so the state event should enter purgatory (commit doesn't exist).
+            let state_event = client
+                .event_builder(Kind::RepoState, "")
+                .tag(Tag::identifier(&repo_id))
+                .tag(Tag::custom(
+                    TagKind::custom("refs/heads/main"),
+                    vec![unique_commit.clone()],
+                ))
+                .tag(Tag::custom(
+                    TagKind::custom("HEAD"),
+                    vec!["ref: refs/heads/main".to_string()],
+                ))
+                .build(&new_maintainer_keys)
+                .map_err(|e| { cleanup(); format!("Failed to build state event: {}", e) })?;
+            let (_, in_purgatory) = client
+                .send_event_and_note_purgatory(state_event.clone())
+                .await
+                .map_err(|e| { cleanup(); format!("Failed to send state event: {}", e) })?;
+            if !in_purgatory {
+                cleanup();
+                return Err(format!(
+                    "State event was served immediately (not in purgatory). \
+                     Commit {} may already exist on relay.",
+                    unique_commit
+                ));
+            }
+            // Stage 6: send kind 5 deletion event signed by the new maintainer,
+            // referencing their state event by coordinate `30618:<pubkey>:<identifier>`
+            let coord = format!("30618:{}:{}", new_maintainer_hex, repo_id);
+            let deletion = client
+                .event_builder(Kind::EventDeletion, "")
+                .tag(Tag::custom(TagKind::custom("a"), vec![coord]))
+                .tag(Tag::custom(TagKind::custom("k"), vec!["30618"]))
+                .build(&new_maintainer_keys)
+                .map_err(|e| { cleanup(); format!("Failed to build deletion event: {}", e) })?;
+            client
+                .send_event(deletion)
+                .await
+                .map_err(|e| { cleanup(); format!("Relay rejected deletion event: {}", e) })?;
+            tokio::time::sleep(Duration::from_millis(300)).await;
+            // Stage 7: attempt to push the unique commit — must be rejected because
+            // the new maintainer's state event was deleted from purgatory
+            let push_result = try_push(&clone_path);
+            cleanup();
+            match push_result {
+                Ok(false) => Ok(()), // push rejected as expected
+                Ok(true) => Err(format!(
+                    "Push was accepted but should have been rejected. \
+                     The new maintainer's state event (id={}) was deleted by coordinate, \
+                     so commit {} should not be authorized.",
+                    state_event.id, unique_commit
+                )),
+                Err(e) => Err(format!("Git push error: {}", e)),
+            }
+        })
+        .await
+    }
+}
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::AuditConfig;
+    #[tokio::test]
+    #[ignore] // Requires running relay
+    async fn test_grasp01_purgatory_against_relay() {
+        let relay_url = std::env::var("RELAY_URL").expect(
+            "RELAY_URL environment variable must be set. Example: RELAY_URL=ws://localhost:18081",
+        );
+        let config = AuditConfig::isolated();
+        let client = AuditClient::new(&relay_url, config)
+            .await
+            .unwrap_or_else(|_| {
+                panic!(
+                    "Failed to connect to relay at {}. Ensure relay is running and accessible.",
+                    relay_url
+                )
+            });
+        let results = PurgatoryTests::run_all(&client).await;
+        results.print_report();
+        assert!(
+            results.all_passed(),
+            "Some purgatory tests failed. See report above."
+        );
+    }
+}
diff --git a/grasp-audit/src/specs/grasp01/push_authorization.rs b/grasp-audit/src/specs/grasp01/push_authorization.rs
index c1003b9..73cbe1f 100644
--- a/grasp-audit/src/specs/grasp01/push_authorization.rs
+++ b/grasp-audit/src/specs/grasp01/push_authorization.rs
@@ -19,7 +19,7 @@
 /// Expected hash for PR test deterministic commit
 ///
 /// This hash is produced by creating a commit with:
-/// - File: test.txt containing "PR test deterministic commit"
+/// - File: test.txt containing "PR test deterministic commit\n" (with trailing newline)
 /// - Message: "PR test deterministic commit"
 /// - Author: "GRASP Audit Test <test@grasp-audit.local>"
 /// - Author date: 2024-01-01T00:00:00Z
@@ -29,8 +29,9 @@
 ///
 /// Run `test_pr_test_commit_hash_discovery` to discover/verify this value.
 #[allow(dead_code)]
-const PR_TEST_COMMIT_HASH: &str = "5d40fb1555a0c28bf4d650515a73aaa54d4d9bfb";
+const PR_TEST_COMMIT_HASH: &str = "5a51b30e4615b572dcd5b9e487861b58605a5c21";
+use crate::specs::grasp01::SpecRef;
 use crate::{
    clone_repo, create_commit, create_deterministic_commit_with_variant, try_push, try_push_to_ref,
    AuditClient, CommitVariant, FixtureKind, TestContext, TestResult,
@@ -207,7 +208,7 @@ async fn setup_pr_test_repo(
 ) -> Result<(PathBuf, String, String, String), String> {
    // Get fixtures
    let repo_event = ctx
-        .get_fixture(FixtureKind::ValidRepo)
+        .get_fixture(FixtureKind::ValidRepoServed)
        .await
        .map_err(|e| format!("Failed to get repo announcement: {}", e))?;
@@ -406,12 +407,12 @@ impl PushAuthorizationTests {
        let ctx = TestContext::new(client);
        // Create repository (no state event)
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected without state event",
                )
                .fail(format!("Failed to create repo: {}", e))
@@ -435,7 +436,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected without state event",
                )
                .fail(&e)
@@ -449,7 +450,7 @@ impl PushAuthorizationTests {
            cleanup();
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push rejected without state event",
            )
            .fail(&e);
@@ -462,19 +463,19 @@ impl PushAuthorizationTests {
        match push_result {
            Ok(false) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push rejected without state event",
            )
            .pass(),
            Ok(true) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push rejected without state event",
            )
            .fail("Push accepted but should be rejected"),
            Err(e) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push rejected without state event",
            )
            .fail(&e),
@@ -507,13 +508,13 @@ impl PushAuthorizationTests {
        match ctx.get_fixture(FixtureKind::OwnerStateDataPushed).await {
            Ok(_state_event) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36", // TODO do we add purgatory line here?
+                SpecRef::GitAcceptPushesAlignState,
                "Push authorized with matching state",
            )
            .pass(),
            Err(e) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push authorized with matching state",
            )
            .fail(format!("{}", e)),
@@ -555,7 +556,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected when commit not in state event",
                )
                .fail(format!("Failed to create RepoState fixture: {}", e));
@@ -575,7 +576,7 @@ impl PushAuthorizationTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected when commit not in state event",
                )
                .fail("Missing repo_id in state event");
@@ -587,7 +588,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected when commit not in state event",
                )
                .fail(format!("Failed to convert pubkey to bech32: {}", e));
@@ -603,7 +604,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected when commit not in state event",
                )
                .fail(format!("Failed to clone repo: {}", e));
@@ -626,7 +627,7 @@ impl PushAuthorizationTests {
                cleanup();
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected when commit not in state event",
                )
                .fail(format!("Failed to create/checkout main branch: {}", e));
@@ -635,7 +636,7 @@ impl PushAuthorizationTests {
                cleanup();
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Push rejected when commit not in state event",
                )
                .fail(format!(
@@ -652,7 +653,7 @@ impl PushAuthorizationTests {
            cleanup();
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push rejected when commit not in state event",
            )
            .fail(format!("Failed to create wrong commit: {}", e));
@@ -666,10 +667,10 @@ impl PushAuthorizationTests {
        cleanup();
        match push_result {
-            Ok(false) => TestResult::new(test_name, "GRASP-01:git-http:36", "Push rejected when commit not in state event").pass(),
+            Ok(false) => TestResult::new(test_name, SpecRef::GitAcceptPushesAlignState, "Push rejected when commit not in state event").pass(),
-            Ok(true) => TestResult::new(test_name, "GRASP-01:git-http:36", "Push rejected when commit not in state event")
+            Ok(true) => TestResult::new(test_name, SpecRef::GitAcceptPushesAlignState, "Push rejected when commit not in state event")
                .fail("Push accepted but should be rejected. The pushed commit is not in the state event."),
-            Err(e) => TestResult::new(test_name, "GRASP-01:git-http:36", "Push rejected when commit not in state event").fail(&e),
+            Err(e) => TestResult::new(test_name, SpecRef::GitAcceptPushesAlignState, "Push rejected when commit not in state event").fail(&e),
        }
    }
@@ -704,13 +705,13 @@ impl PushAuthorizationTests {
        {
            Ok(_maintainer_state_event) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push authorized by maintainer state event only (no announcement)",
            )
            .pass(),
            Err(e) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push authorized by maintainer state event only (no announcement)",
            )
            .fail(format!("{}", e)),
@@ -747,13 +748,13 @@ impl PushAuthorizationTests {
        {
            Ok(_recursive_maintainer_state_event) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push authorized by recursive maintainer state event",
            )
            .pass(),
            Err(e) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Push authorized by recursive maintainer state event",
            )
            .fail(format!("{}", e)),
@@ -797,7 +798,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Non-maintainer state events ignored",
                )
                .fail(format!("Failed to get OwnerStateDataPushed fixture: {}", e));
@@ -815,7 +816,7 @@ impl PushAuthorizationTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Non-maintainer state events ignored",
                )
                .fail("Missing repo_id in state event");
@@ -827,7 +828,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Non-maintainer state events ignored",
                )
                .fail(format!("Failed to convert pubkey to bech32: {}", e));
@@ -842,7 +843,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Non-maintainer state events ignored",
                )
                .fail(format!("Failed to clone repo: {}", e));
@@ -864,7 +865,7 @@ impl PushAuthorizationTests {
                cleanup();
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Non-maintainer state events ignored",
                )
                .fail(format!("Failed to create commit: {}", e));
@@ -890,7 +891,7 @@ impl PushAuthorizationTests {
                cleanup();
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:36",
+                    SpecRef::GitAcceptPushesAlignState,
                    "Non-maintainer state events ignored",
                )
                .fail(format!("Failed to build rogue state event: {}", e));
@@ -902,7 +903,7 @@ impl PushAuthorizationTests {
            cleanup();
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:36",
+                SpecRef::GitAcceptPushesAlignState,
                "Non-maintainer state events ignored",
            )
            .fail(format!("Failed to send rogue state event: {}", e));
@@ -919,8 +920,8 @@ impl PushAuthorizationTests {
        cleanup();
        match push_result {
-            Ok(false) => TestResult::new(test_name, "GRASP-01:git-http:36", "Non-maintainer state events ignored").pass(),
+            Ok(false) => TestResult::new(test_name, SpecRef::GitAcceptPushesAlignState, "Non-maintainer state events ignored").pass(),
-            Ok(true) => TestResult::new(test_name, "GRASP-01:git-http:36", "Non-maintainer state events ignored")
+            Ok(true) => TestResult::new(test_name, SpecRef::GitAcceptPushesAlignState, "Non-maintainer state events ignored")
                .fail(format!(
                    "Push accepted but should be rejected. A non-maintainer (pubkey: {}) published \
                    a state event announcing commit {}, but the push was accepted. The relay should \
@@ -929,7 +930,7 @@ impl PushAuthorizationTests {
                    new_commit,
                    client.public_key()
                )),
-            Err(e) => TestResult::new(test_name, "GRASP-01:git-http:36", "Non-maintainer state events ignored").fail(&e),
+            Err(e) => TestResult::new(test_name, SpecRef::GitAcceptPushesAlignState, "Non-maintainer state events ignored").fail(&e),
        }
    }
@@ -955,12 +956,12 @@ impl PushAuthorizationTests {
        // ============================================================
        let ctx = TestContext::new(client);
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:40",
+                    SpecRef::GitAcceptRefsNostrEventId,
                    "Push to refs/nostr/<invalid-event-id> rejected",
                )
                .fail(format!("Failed to create repo: {}", e));
@@ -986,7 +987,7 @@ impl PushAuthorizationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:40",
+                    SpecRef::GitAcceptRefsNostrEventId,
                    "Push to refs/nostr/<invalid-event-id> rejected",
                )
                .fail(&e);
@@ -1001,7 +1002,7 @@ impl PushAuthorizationTests {
            cleanup();
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:40",
+                SpecRef::GitAcceptRefsNostrEventId,
                "Push to refs/nostr/<invalid-event-id> rejected",
            )
            .fail(&e);
@@ -1020,13 +1021,13 @@ impl PushAuthorizationTests {
        match push_result {
            Ok(false) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:40",
+                SpecRef::GitAcceptRefsNostrEventId,
                "Push to refs/nostr/<invalid-event-id> rejected",
            )
            .pass(),
            Ok(true) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:40",
+                SpecRef::GitAcceptRefsNostrEventId,
                "Push to refs/nostr/<invalid-event-id> rejected",
            )
            .fail(format!(
@@ -1037,7 +1038,7 @@ impl PushAuthorizationTests {
            )),
            Err(e) => TestResult::new(
                test_name,
-                "GRASP-01:git-http:40",
+                SpecRef::GitAcceptRefsNostrEventId,
                "Push to refs/nostr/<invalid-event-id> rejected",
            )
            .fail(format!("Push error: {}", e)),
@@ -1071,10 +1072,11 @@ impl PushAuthorizationTests {
            .get_fixture(FixtureKind::PRWrongCommitPushedBeforeEvent)
            .await
        {
-            Ok(_pr_event) => TestResult::new(test_name, "GRASP-01:git-http:40", desc).pass(),
+            Ok(_pr_event) => {
-            Err(e) => {
+                TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc).pass()
-                TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(format!("{}", e))
            }
+            Err(e) => TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
+                .fail(format!("{}", e)),
        }
    }
@@ -1100,7 +1102,7 @@ impl PushAuthorizationTests {
        {
            Ok(e) => e,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("{}", e));
            }
        };
@@ -1108,10 +1110,10 @@ impl PushAuthorizationTests {
        let pr_event_id = pr_event.id.to_hex();
        // Get repo info for cloning (fresh clone for verification)
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoServed).await {
            Ok(r) => r,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("{}", e));
            }
        };
@@ -1127,7 +1129,7 @@ impl PushAuthorizationTests {
        let owner_npub = match repo.pubkey.to_bech32() {
            Ok(n) => n,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("Failed to get owner npub: {}", e));
            }
        };
@@ -1136,7 +1138,8 @@ impl PushAuthorizationTests {
        let clone_path = match clone_repo(relay_domain, &owner_npub, &repo_id) {
            Ok(p) => p,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
+                    .fail(&e);
            }
        };
@@ -1146,7 +1149,8 @@ impl PushAuthorizationTests {
            Ok(exists) => exists,
            Err(e) => {
                let _ = fs::remove_dir_all(&clone_path);
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
+                    .fail(&e);
            }
        };
@@ -1154,13 +1158,13 @@ impl PushAuthorizationTests {
        // Ref should be deleted since the pushed commit doesn't match the PR event's `c` tag
        if refs_exist {
-            TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(format!(
+            TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc).fail(format!(
                "Expected refs/nostr/{} to be deleted when PR event published with non-matching commit, \
                 but the ref still exists. The relay should delete refs that don't match the event's `c` tag.",
                pr_event_id
            ))
        } else {
-            TestResult::new(test_name, "GRASP-01:git-http:40", desc).pass()
+            TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc).pass()
        }
    }
@@ -1186,7 +1190,7 @@ impl PushAuthorizationTests {
        {
            Ok(e) => e,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("{}", e));
            }
        };
@@ -1194,10 +1198,10 @@ impl PushAuthorizationTests {
        let pr_event_id = pr_event.id.to_hex();
        // Get repo info for cloning (fresh clone for this test)
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoServed).await {
            Ok(r) => r,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("{}", e));
            }
        };
@@ -1213,7 +1217,7 @@ impl PushAuthorizationTests {
        let owner_npub = match repo.pubkey.to_bech32() {
            Ok(n) => n,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("Failed to get owner npub: {}", e));
            }
        };
@@ -1222,15 +1226,16 @@ impl PushAuthorizationTests {
        let clone_path = match clone_repo(relay_domain, &owner_npub, &repo_id) {
            Ok(p) => p,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
+                    .fail(&e);
            }
        };
-        // Create a wrong commit (Owner variant, not PRTestCommit)
+        // Create a wrong commit (unique, not PRTestCommit) - use create_commit so it always
-        if let Err(e) = create_deterministic_commit_with_variant(&clone_path, CommitVariant::Owner)
+        // succeeds even when the clone already has the Owner deterministic content on disk.
-        {
+        if let Err(e) = create_commit(&clone_path, "wrong commit - not the PR test commit") {
            let _ = fs::remove_dir_all(&clone_path);
-            return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+            return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc).fail(&e);
        }
        // Try to push with wrong commit (should be rejected since PR event exists)
@@ -1238,7 +1243,8 @@ impl PushAuthorizationTests {
            Ok(success) => success,
            Err(e) => {
                let _ = fs::remove_dir_all(&clone_path);
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
+                    .fail(&e);
            }
        };
@@ -1246,11 +1252,11 @@ impl PushAuthorizationTests {
        // Should REJECT - PR event exists with different commit hash
        if push_succeeded {
-            return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+            return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                .fail("Push accepted (expected rejection due to commit hash mismatch)");
        }
-        TestResult::new(test_name, "GRASP-01:git-http:40", desc).pass()
+        TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc).pass()
    }
    /// Test 4: Push correct commit to refs/nostr/<pr-event-id> AFTER PR event exists
@@ -1275,7 +1281,7 @@ impl PushAuthorizationTests {
        {
            Ok(e) => e,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("{}", e));
            }
        };
@@ -1283,10 +1289,10 @@ impl PushAuthorizationTests {
        let pr_event_id = pr_event.id.to_hex();
        // Get repo info for cloning (fresh clone for this test)
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoServed).await {
            Ok(r) => r,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("{}", e));
            }
        };
@@ -1302,7 +1308,7 @@ impl PushAuthorizationTests {
        let owner_npub = match repo.pubkey.to_bech32() {
            Ok(n) => n,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail(format!("Failed to get owner npub: {}", e));
            }
        };
@@ -1311,26 +1317,27 @@ impl PushAuthorizationTests {
        let clone_path = match clone_repo(relay_domain, &owner_npub, &repo_id) {
            Ok(p) => p,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
+                    .fail(&e);
            }
        };
        // Create the CORRECT PR test commit (the one expected by PR event)
        if let Err(e) = reset_to_correct_pr_commit(&clone_path) {
            let _ = fs::remove_dir_all(&clone_path);
-            return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+            return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc).fail(&e);
        }
        // Check event is not yet served by relay (still in purgatory)
        match client.is_event_on_relay(pr_event.id).await {
            Ok(on_relay) => {
                if on_relay {
-                    return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                    return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                        .fail("PR event not in purgatory before correct commit pushed to refs/nostr/<event-id> (the relay serve the PR event)");
                }
            }
            Err(_) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail("failed to query relay");
            }
        }
@@ -1340,7 +1347,8 @@ impl PushAuthorizationTests {
            Ok(success) => success,
            Err(e) => {
                let _ = fs::remove_dir_all(&clone_path);
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc).fail(&e);
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
+                    .fail(&e);
            }
        };
@@ -1348,7 +1356,7 @@ impl PushAuthorizationTests {
        // Should ACCEPT - commit matches PR event's c tag
        if !push_succeeded {
-            return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+            return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                .fail("Push rejected (expected acceptance since commit matches PR event)");
        }
@@ -1361,17 +1369,17 @@ impl PushAuthorizationTests {
        match client.is_event_on_relay(pr_event.id).await {
            Ok(on_relay) => {
                if !on_relay {
-                    return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                    return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                        .fail("PR event not served after correct commit at refs/nostr/<event-id>");
                }
            }
            Err(_) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:40", desc)
+                return TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc)
                    .fail("failed to query relay");
            }
        }
-        TestResult::new(test_name, "GRASP-01:git-http:40", desc).pass()
+        TestResult::new(test_name, SpecRef::GitAcceptRefsNostrEventId, desc).pass()
    }
    /// Test that HEAD is set after a state event is published with an existing commit
@@ -1408,20 +1416,19 @@ impl PushAuthorizationTests {
        {
            Ok(e) => e,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc).fail(format!(
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc).fail(
-                    "Failed to create HeadSetToDevelopBranch fixture: {}",
+                    format!("Failed to create HeadSetToDevelopBranch fixture: {}", e),
-                    e
+                );
-                ));
            }
        };
        // ============================================================
        // Step 2: Extract repo_id and owner npub from ValidRepo (cached by fixture)
        // ============================================================
-        let valid_repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let valid_repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(e) => e,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to get ValidRepo fixture: {}", e));
            }
        };
@@ -1434,7 +1441,7 @@ impl PushAuthorizationTests {
        {
            Some(id) => id.to_string(),
            None => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail("Missing repo_id in ValidRepo");
            }
        };
@@ -1442,7 +1449,7 @@ impl PushAuthorizationTests {
        let npub = match valid_repo.pubkey.to_bech32() {
            Ok(n) => n,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to convert pubkey to bech32: {}", e));
            }
        };
@@ -1454,16 +1461,16 @@ impl PushAuthorizationTests {
            match get_default_branch_from_info_refs(relay_domain, &npub, &repo_id).await {
                Ok(branch) => branch,
                Err(e) => {
-                    return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                    return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                        .fail(format!("Failed to get default branch: {}", e));
                }
            };
        // Verify HEAD points to refs/heads/develop
        if default_branch == "refs/heads/develop" {
-            TestResult::new(test_name, "GRASP-01:git-http:38", desc).pass()
+            TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc).pass()
        } else {
-            TestResult::new(test_name, "GRASP-01:git-http:38", desc).fail(format!(
+            TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc).fail(format!(
                "Expected HEAD to point to 'refs/heads/develop' but got '{}'. \
                GRASP-01 requires: 'MUST set repository HEAD per repository state announcement \
                as soon as the git data related to that branch has been received.'",
@@ -1512,20 +1519,19 @@ impl PushAuthorizationTests {
        let _develop_state = match ctx.get_fixture(FixtureKind::HeadSetToDevelopBranch).await {
            Ok(e) => e,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc).fail(format!(
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc).fail(
-                    "Failed to create HeadSetToDevelopBranch fixture: {}",
+                    format!("Failed to create HeadSetToDevelopBranch fixture: {}", e),
-                    e
+                );
-                ));
            }
        };
        // ============================================================
        // Step 2: Extract repo_id and owner npub from ValidRepo (cached by fixture)
        // ============================================================
-        let valid_repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let valid_repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(e) => e,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to get ValidRepo fixture: {}", e));
            }
        };
@@ -1538,7 +1544,7 @@ impl PushAuthorizationTests {
        {
            Some(id) => id.to_string(),
            None => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail("Missing repo_id in ValidRepo");
            }
        };
@@ -1546,7 +1552,7 @@ impl PushAuthorizationTests {
        let npub = match valid_repo.pubkey.to_bech32() {
            Ok(n) => n,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to convert pubkey to bech32: {}", e));
            }
        };
@@ -1557,7 +1563,7 @@ impl PushAuthorizationTests {
        let clone_path = match clone_repo(relay_domain, &npub, &repo_id) {
            Ok(path) => path,
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to clone repo: {}", e));
            }
        };
@@ -1572,7 +1578,7 @@ impl PushAuthorizationTests {
        if let Err(e) = output {
            let _ = fs::remove_dir_all(&clone_path);
-            return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+            return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                .fail(format!("Failed to create develop1 branch: {}", e));
        }
@@ -1581,7 +1587,7 @@ impl PushAuthorizationTests {
            Ok(hash) => hash,
            Err(e) => {
                let _ = fs::remove_dir_all(&clone_path);
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to create commit: {}", e));
            }
        };
@@ -1610,7 +1616,7 @@ impl PushAuthorizationTests {
            Ok(e) => e,
            Err(e) => {
                let _ = fs::remove_dir_all(&clone_path);
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to build state event: {}", e));
            }
        };
@@ -1621,7 +1627,7 @@ impl PushAuthorizationTests {
            .await
        {
            let _ = fs::remove_dir_all(&clone_path);
-            return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+            return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                .fail(format!("Failed to send state event: {}", e));
        }
@@ -1634,11 +1640,11 @@ impl PushAuthorizationTests {
        match push_result {
            Ok(true) => { /* Push succeeded, continue to verify */ }
            Ok(false) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail("Push to refs/heads/develop1 was rejected");
            }
            Err(e) => {
-                return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                    .fail(format!("Failed to push develop1 branch: {}", e));
            }
        }
@@ -1651,16 +1657,16 @@ impl PushAuthorizationTests {
            match get_default_branch_from_info_refs(relay_domain, &npub, &repo_id).await {
                Ok(branch) => branch,
                Err(e) => {
-                    return TestResult::new(test_name, "GRASP-01:git-http:38", desc)
+                    return TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc)
                        .fail(format!("Failed to get default branch: {}", e));
                }
            };
        // Verify HEAD points to refs/heads/develop1
        if default_branch == "refs/heads/develop1" {
-            TestResult::new(test_name, "GRASP-01:git-http:38", desc).pass()
+            TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc).pass()
        } else {
-            TestResult::new(test_name, "GRASP-01:git-http:38", desc).fail(format!(
+            TestResult::new(test_name, SpecRef::GitSetHeadOnReceive, desc).fail(format!(
                "Expected HEAD to point to 'refs/heads/develop1' but got '{}'. \
                GRASP-01 requires: 'MUST set repository HEAD per repository state announcement \
                as soon as the git data related to that branch has been received.'",
@@ -1701,24 +1707,24 @@ mod tests {
            String::from_utf8_lossy(&output.stderr)
        );
-        // Configure git user - use PR Test Author identity
+        // Configure git user - use same identity as clone_repo in fixtures.rs
        let output = Command::new("git")
-            .args(["config", "user.email", "pr-test@example.com"])
+            .args(["config", "user.email", "test@grasp-audit.local"])
            .current_dir(path)
            .output()
            .expect("git config email failed");
        assert!(output.status.success(), "git config email failed");
        let output = Command::new("git")
-            .args(["config", "user.name", "PR Test Author"])
+            .args(["config", "user.name", "GRASP Audit Test"])
            .current_dir(path)
            .output()
            .expect("git config name failed");
        assert!(output.status.success(), "git config name failed");
-        // Create the deterministic file content
+        // Create the deterministic file content (must match CommitVariant::PRTestCommit exactly)
        let test_file = path.join("test.txt");
-        fs::write(&test_file, "PR test deterministic commit").expect("Failed to write test file");
+        fs::write(&test_file, "PR test deterministic commit\n").expect("Failed to write test file");
        // Add the file
        let output = Command::new("git")
diff --git a/grasp-audit/src/specs/grasp01/repository_creation.rs b/grasp-audit/src/specs/grasp01/repository_creation.rs
index 2eddb97..5730f1c 100644
--- a/grasp-audit/src/specs/grasp01/repository_creation.rs
+++ b/grasp-audit/src/specs/grasp01/repository_creation.rs
@@ -15,6 +15,7 @@
 //! cd grasp-audit && nix develop -c bash test-ngit-relay.sh --mode test
 //! ```
+use crate::specs::grasp01::SpecRef;
 use crate::{AuditClient, FixtureKind, TestContext, TestResult};
 use nostr_sdk::prelude::*;
@@ -50,12 +51,12 @@ impl RepositoryCreationTests {
        let ctx = TestContext::new(client);
        // Use TestContext to create and send repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:34",
+                    SpecRef::GitServeRepository,
                    "Bare repository must be created and accessible via Smart HTTP when announcement is accepted",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -76,7 +77,7 @@ impl RepositoryCreationTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:34",
+                    SpecRef::GitServeRepository,
                    "Bare repository must be created and accessible via Smart HTTP when announcement is accepted",
                )
                .fail("Repository announcement missing d tag")
@@ -88,7 +89,7 @@ impl RepositoryCreationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:34",
+                    SpecRef::GitServeRepository,
                    "Bare repository must be created and accessible via Smart HTTP when announcement is accepted",
                )
                .fail(format!("Failed to convert pubkey to npub: {}", e))
@@ -99,7 +100,7 @@ impl RepositoryCreationTests {
        if let Err(e) = check_repo_accessible_via_http(relay_domain, &npub, &repo_id).await {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:34",
+                SpecRef::GitServeRepository,
                "Bare repository must be created and accessible via Smart HTTP when announcement is accepted",
            )
            .fail(format!("Repository not accessible via HTTP: {}", e));
@@ -107,7 +108,7 @@ impl RepositoryCreationTests {
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:34",
+            SpecRef::GitServeRepository,
            "Bare repository must be created and accessible via Smart HTTP when announcement is accepted",
        )
        .pass()
@@ -130,12 +131,12 @@ impl RepositoryCreationTests {
        let ctx = TestContext::new(client);
        // Create a repository announcement
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:44",
+                    SpecRef::GitServeWebpage,
                    "Relay SHOULD serve a webpage for existing repositories",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -156,7 +157,7 @@ impl RepositoryCreationTests {
            None => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:44",
+                    SpecRef::GitServeWebpage,
                    "Relay SHOULD serve a webpage for existing repositories",
                )
                .fail("Repository announcement missing d tag")
@@ -168,7 +169,7 @@ impl RepositoryCreationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:44",
+                    SpecRef::GitServeWebpage,
                    "Relay SHOULD serve a webpage for existing repositories",
                )
                .fail(format!("Failed to convert pubkey to npub: {}", e))
@@ -179,7 +180,7 @@ impl RepositoryCreationTests {
        if let Err(e) = check_webpage_served(relay_domain, &npub, &repo_id).await {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:44",
+                SpecRef::GitServeWebpage,
                "Relay SHOULD serve a webpage for existing repositories",
            )
            .fail(format!("Webpage not served: {}", e));
@@ -187,7 +188,7 @@ impl RepositoryCreationTests {
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:44",
+            SpecRef::GitServeWebpage,
            "Relay SHOULD serve a webpage for existing repositories",
        )
        .pass()
@@ -209,12 +210,12 @@ impl RepositoryCreationTests {
        let ctx = TestContext::new(client);
-        let repo = match ctx.get_fixture(FixtureKind::ValidRepo).await {
+        let repo = match ctx.get_fixture(FixtureKind::ValidRepoSent).await {
            Ok(r) => r,
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:44",
+                    SpecRef::GitServeWebpage,
                    "Relay SHOULD return 404 for repositories it doesn't host",
                )
                .fail(format!("Failed to create repo fixture: {}", e))
@@ -226,7 +227,7 @@ impl RepositoryCreationTests {
            Err(e) => {
                return TestResult::new(
                    test_name,
-                    "GRASP-01:git-http:44",
+                    SpecRef::GitServeWebpage,
                    "Relay SHOULD return 404 for repositories it doesn't host",
                )
                .fail(format!("Failed to convert pubkey to npub: {}", e))
@@ -239,7 +240,7 @@ impl RepositoryCreationTests {
        if let Err(e) = check_404_for_nonexistent_repo(relay_domain, &npub, fake_repo_id).await {
            return TestResult::new(
                test_name,
-                "GRASP-01:git-http:44",
+                SpecRef::GitServeWebpage,
                "Relay SHOULD return 404 for repositories it doesn't host",
            )
            .fail(format!("Expected 404, got: {}", e));
@@ -247,7 +248,7 @@ impl RepositoryCreationTests {
        TestResult::new(
            test_name,
-            "GRASP-01:git-http:44",
+            SpecRef::GitServeWebpage,
            "Relay SHOULD return 404 for repositories it doesn't host",
        )
        .pass()
diff --git a/grasp-audit/src/specs/grasp01/spec_requirements.rs b/grasp-audit/src/specs/grasp01/spec_requirements.rs
index 71b2d69..6bc961c 100644
--- a/grasp-audit/src/specs/grasp01/spec_requirements.rs
+++ b/grasp-audit/src/specs/grasp01/spec_requirements.rs
@@ -6,9 +6,36 @@
 /// GRASP spec repository commit ID that this version is based on
 pub const GRASP_COMMIT_ID: &str = "1fdb8f7";
+/// Reference to a specific GRASP-01 specification requirement
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
+pub enum SpecRef {
+    NostrRelayNip01Compliant,
+    NostrRelayRejectMissingCloneRelays,
+    NostrRelayMayRejectOtherCriteria,
+    NostrRelayMustAcceptTaggedEvents,
+    NostrRelayMayRejectSpamCuration,
+    PurgatoryAcceptUntilGitData,
+    Nip11ServeDocument,
+    Nip11ListSupportedGrasps,
+    Nip11ListRepoAcceptanceCriteria,
+    Nip11ListCurationPolicy,
+    GitServeRepository,
+    GitAcceptPushesAlignState,
+    GitSetHeadOnReceive,
+    GitAcceptRefsNostrEventId,
+    GitIncludeAllowSha1InWant,
+    GitServeWebpage,
+    CorsAllowOrigin,
+    CorsAllowMethods,
+    CorsAllowHeaders,
+    CorsOptionsResponse,
+}
 /// A single specification requirement
 #[derive(Debug, Clone)]
 pub struct SpecRequirement {
+    /// Unique reference to this requirement
+    pub spec_ref: SpecRef,
    /// Line number in the spec document
    pub line: u32,
    /// Section name (e.g., "Nostr Relay", "Git Smart HTTP Service", "CORS Support")
@@ -37,121 +64,175 @@ impl std::fmt::Display for RequirementLevel {
    }
 }
+impl SpecRef {
+    /// Get the spec reference string in format "GRASP-01:section:line"
+    pub fn spec_ref_string(self) -> &'static str {
+        match self {
+            SpecRef::NostrRelayNip01Compliant => "GRASP-01:nostr-relay:7",
+            SpecRef::NostrRelayRejectMissingCloneRelays => "GRASP-01:nostr-relay:9",
+            SpecRef::NostrRelayMayRejectOtherCriteria => "GRASP-01:nostr-relay:11",
+            SpecRef::NostrRelayMustAcceptTaggedEvents => "GRASP-01:nostr-relay:13",
+            SpecRef::NostrRelayMayRejectSpamCuration => "GRASP-01:nostr-relay:18",
+            SpecRef::PurgatoryAcceptUntilGitData => "GRASP-01:purgatory:22",
+            SpecRef::Nip11ServeDocument => "GRASP-01:nip-11:26",
+            SpecRef::Nip11ListSupportedGrasps => "GRASP-01:nip-11:28",
+            SpecRef::Nip11ListRepoAcceptanceCriteria => "GRASP-01:nip-11:29",
+            SpecRef::Nip11ListCurationPolicy => "GRASP-01:nip-11:30",
+            SpecRef::GitServeRepository => "GRASP-01:git-http:34",
+            SpecRef::GitAcceptPushesAlignState => "GRASP-01:git-http:36",
+            SpecRef::GitSetHeadOnReceive => "GRASP-01:git-http:39",
+            SpecRef::GitAcceptRefsNostrEventId => "GRASP-01:git-http:45",
+            SpecRef::GitIncludeAllowSha1InWant => "GRASP-01:git-http:56",
+            SpecRef::GitServeWebpage => "GRASP-01:git-http:58",
+            SpecRef::CorsAllowOrigin => "GRASP-01:cors:64",
+            SpecRef::CorsAllowMethods => "GRASP-01:cors:65",
+            SpecRef::CorsAllowHeaders => "GRASP-01:cors:66",
+            SpecRef::CorsOptionsResponse => "GRASP-01:cors:67",
+        }
+    }
+}
 /// All GRASP-01 specification requirements
 pub const GRASP_01_REQUIREMENTS: &[SpecRequirement] = &[
    // Nostr Relay section
    SpecRequirement {
+        spec_ref: SpecRef::NostrRelayNip01Compliant,
        line: 7,
        section: "Nostr Relay",
        text: "MUST serve a NIP-01 compliant nostr relay at `/` that accepts git repository announcements and their corresponding repo state announcements.",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
+        spec_ref: SpecRef::NostrRelayRejectMissingCloneRelays,
        line: 9,
        section: "Nostr Relay",
        text: "MUST reject git repository announcements that do not list the service in both `clone` and `relays` tags unless implementing `GRASP-05`.",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
+        spec_ref: SpecRef::NostrRelayMayRejectOtherCriteria,
        line: 11,
        section: "Nostr Relay",
        text: "MAY reject git repository announcements based on other criteria such as pre-payment, quotas, WoT, whitelist, SPAM prevention, etc.",
        level: RequirementLevel::May,
    },
    SpecRequirement {
+        spec_ref: SpecRef::NostrRelayMustAcceptTaggedEvents,
        line: 13,
        section: "Nostr Relay",
        text: "MUST accept other events that tag, or are tagged by, either: 1. accepted git repository announcements; or 2. accepted issues or patches",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
+        spec_ref: SpecRef::NostrRelayMayRejectSpamCuration,
        line: 18,
        section: "Nostr Relay",
        text: "MAY reject or delete events for generic SPAM prevention reasons or curation eg. WoT, whitelist, user bans and banned topics.",
        level: RequirementLevel::May,
    },
    SpecRequirement {
+        spec_ref: SpecRef::PurgatoryAcceptUntilGitData,
+        line: 22,
+        section: "Purgatory",
+        text: "New repository announcements, repo state announcements, PRs and PR Updates SHOULD be accepted with message \"purgatory: won't be served until git data arrives\" and kept in purgatory (not served) until the related git data arrives and otherwise discarded after 30 minutes.",
+        level: RequirementLevel::Should,
+    },
+    SpecRequirement {
+        spec_ref: SpecRef::Nip11ServeDocument,
        line: 26,
-        section: "Nostr Relay",
+        section: "NIP-11",
        text: "MUST serve a NIP-11 document",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
+        spec_ref: SpecRef::Nip11ListSupportedGrasps,
        line: 28,
-        section: "Nostr Relay",
+        section: "NIP-11",
        text: "MUST list each supported GRASP under `supported_grasps` in format `GRASP-XX` eg `GRASP-01` as a string array",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
+        spec_ref: SpecRef::Nip11ListRepoAcceptanceCriteria,
        line: 29,
-        section: "Nostr Relay",
+        section: "NIP-11",
        text: "MUST list repository acceptance criteria under `repo_acceptance_criteria` as a human readable string",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
+        spec_ref: SpecRef::Nip11ListCurationPolicy,
        line: 30,
-        section: "Nostr Relay",
+        section: "NIP-11",
        text: "MUST list brief summary of curation policy under `curation` if events are curated beyond generic SPAM prevention; otherwise `curation` MUST be omitted",
        level: RequirementLevel::Must,
    },
    // Git Smart HTTP Service section
    SpecRequirement {
+        spec_ref: SpecRef::GitServeRepository,
        line: 34,
        section: "Git Smart HTTP Service",
-        text: "MUST serve a git repository via an unauthenticated git smart http service at `/<npub>/<identifier>.git` for each accepted git repository announcement.",
+        text: "MUST serve a git repository via an unauthenticated git smart http service at `/<npub>/<identifier>.git` for each git repository announcement the relay serves or has in purgatory.",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
+        spec_ref: SpecRef::GitAcceptPushesAlignState,
        line: 36,
        section: "Git Smart HTTP Service",
-        text: "MUST accept pushes via this service that match the latest repo state announcement on the relay, respecting the recursive maintainer set.",
+        text: "MUST accept pushes via this service that fully align the git repository state with a repo state announcement in purgatory that is authorised for this repository, respecting the recursive maintainer set.",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
-        line: 38,
+        spec_ref: SpecRef::GitSetHeadOnReceive,
+        line: 39,
        section: "Git Smart HTTP Service",
-        text: "MUST set repository HEAD per repo state announcement as soon as the git data related to that branch has been received.",
+        text: "As soon as the `receive-pack` is successful, the server MUST: 1. Release the event (and related repository announcement) from purgatory. 2. Align the repository HEAD with the repo state announcement. 3. Synchronize git state with other git repositories on the server for which this state event is authoritative.",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
-        line: 40,
+        spec_ref: SpecRef::GitAcceptRefsNostrEventId,
+        line: 45,
        section: "Git Smart HTTP Service",
-        text: "MUST accept pushes via this service to `refs/nostr/<event-id>` but SHOULD reject if event exists on relay listing a different tip and MAY reject based on criteria such as size, SPAM prevention, etc. SHOULD delete and MAY garbage collect these refs if no corresponding git PR event or git PR update event, with a `c` tag that matches the ref tip, is accepted by relay within 20 minutes.",
+        text: "MUST accept pushes via this service to `refs/nostr/<event-id>` but SHOULD reject if the event exists in purgatory listing a different tip, and MAY reject based on criteria such as size, SPAM prevention, etc.",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
-        line: 42,
+        spec_ref: SpecRef::GitIncludeAllowSha1InWant,
+        line: 56,
        section: "Git Smart HTTP Service",
        text: "MUST include `allow-reachable-sha1-in-want` and `allow-tip-sha1-in-want` in advertisement and serve available oids.",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
-        line: 44,
+        spec_ref: SpecRef::GitServeWebpage,
+        line: 58,
        section: "Git Smart HTTP Service",
        text: "SHOULD serve a webpage at the same endpoint linking to git nostr client(s) to browse the repository and a 404 page for repositories it doesn't host.",
        level: RequirementLevel::Should,
    },
    // CORS Support section
    SpecRequirement {
-        line: 50,
+        spec_ref: SpecRef::CorsAllowOrigin,
+        line: 64,
        section: "CORS Support",
        text: "Set `Access-Control-Allow-Origin: *` on ALL responses",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
-        line: 51,
+        spec_ref: SpecRef::CorsAllowMethods,
+        line: 65,
        section: "CORS Support",
        text: "Set `Access-Control-Allow-Methods: GET, POST` on ALL responses",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
-        line: 52,
+        spec_ref: SpecRef::CorsAllowHeaders,
+        line: 66,
        section: "CORS Support",
        text: "Set `Access-Control-Allow-Headers: Content-Type` on ALL responses",
        level: RequirementLevel::Must,
    },
    SpecRequirement {
-        line: 53,
+        spec_ref: SpecRef::CorsOptionsResponse,
+        line: 67,
        section: "CORS Support",
        text: "Respond to OPTIONS requests with 204 No Content",
        level: RequirementLevel::Must,
@@ -163,6 +244,13 @@ pub fn get_requirement(line: u32) -> Option<&'static SpecRequirement> {
    GRASP_01_REQUIREMENTS.iter().find(|r| r.line == line)
 }
+/// Get a requirement by its SpecRef
+pub fn get_requirement_by_ref(spec_ref: SpecRef) -> Option<&'static SpecRequirement> {
+    GRASP_01_REQUIREMENTS
+        .iter()
+        .find(|r| r.spec_ref == spec_ref)
+}
 /// Get all requirements for a section
 pub fn get_requirements_for_section(section: &str) -> Vec<&'static SpecRequirement> {
    GRASP_01_REQUIREMENTS
@@ -194,16 +282,38 @@ mod tests {
    }
    #[test]
+    fn test_get_requirement_by_ref() {
+        let req = get_requirement_by_ref(SpecRef::NostrRelayNip01Compliant)
+            .expect("SpecRef should exist");
+        assert_eq!(req.line, 7);
+        assert_eq!(req.spec_ref, SpecRef::NostrRelayNip01Compliant);
+    }
+    #[test]
    fn test_get_sections() {
        let sections = get_sections();
-        assert_eq!(sections.len(), 3);
+        assert_eq!(sections.len(), 5);
        assert_eq!(sections[0], "Nostr Relay");
-        assert_eq!(sections[1], "Git Smart HTTP Service");
+        assert_eq!(sections[1], "Purgatory");
-        assert_eq!(sections[2], "CORS Support");
+        assert_eq!(sections[2], "NIP-11");
+        assert_eq!(sections[3], "Git Smart HTTP Service");
+        assert_eq!(sections[4], "CORS Support");
    }
    #[test]
    fn test_requirement_count() {
-        assert_eq!(GRASP_01_REQUIREMENTS.len(), 19);
+        assert_eq!(GRASP_01_REQUIREMENTS.len(), 20);
+    }
+    #[test]
+    fn test_spec_ref_unique() {
+        let mut refs = std::collections::HashSet::new();
+        for req in GRASP_01_REQUIREMENTS {
+            assert!(
+                refs.insert(req.spec_ref),
+                "Duplicate SpecRef found: {:?}",
+                req.spec_ref
+            );
+        }
    }
 }
diff --git a/grasp-audit/src/specs/mod.rs b/grasp-audit/src/specs/mod.rs
index bf711fa..ceae684 100644
--- a/grasp-audit/src/specs/mod.rs
+++ b/grasp-audit/src/specs/mod.rs
@@ -7,5 +7,5 @@ pub mod grasp01;
 // Re-export all test structs from grasp01 module
 pub use grasp01::{
    CorsTests, EventAcceptancePolicyTests, GitCloneTests, GitFilterTests, Nip01SmokeTests,
-    Nip11DocumentTests, PushAuthorizationTests, RepositoryCreationTests,
+    Nip11DocumentTests, PurgatoryTests, PushAuthorizationTests, RepositoryCreationTests,
 };
diff --git a/src/git/authorization.rs b/src/git/authorization.rs
index 27107db..df780bb 100644
--- a/src/git/authorization.rs
+++ b/src/git/authorization.rs
@@ -287,6 +287,39 @@ pub async fn fetch_repository_data(
    })
 }
+/// Fetch repository data including announcements from purgatory
+///
+/// This combines database announcements with purgatory announcements,
+/// which is needed for authorization when the announcement hasn't been
+/// promoted yet (no git data has arrived).
+pub async fn fetch_repository_data_with_purgatory(
+    database: &SharedDatabase,
+    purgatory: &crate::purgatory::Purgatory,
+    identifier: &str,
+) -> Result<RepositoryData> {
+    // First, fetch from database
+    let mut repo_data = fetch_repository_data(database, identifier).await?;
+    // Then, add announcements from purgatory
+    let purgatory_announcements = purgatory.get_announcements_by_identifier(identifier);
+    let purgatory_count = purgatory_announcements.len();
+    for entry in purgatory_announcements {
+        if let Ok(announcement) = RepositoryAnnouncement::from_event(entry.event) {
+            repo_data.announcements.push(announcement);
+        }
+    }
+    debug!(
+        "Fetched repository data with purgatory: {} announcements ({} from purgatory), {} states",
+        repo_data.announcements.len(),
+        purgatory_count,
+        repo_data.states.len()
+    );
+    Ok(repo_data)
+}
 pub fn pubkey_authorised_for_repo_owners(
    pubkey: &PublicKey,
    db_repo_data: &RepositoryData,
@@ -539,8 +572,9 @@ pub async fn get_state_authorization_for_specific_owner_repo(
    use crate::git::list_refs;
    use crate::purgatory::RefUpdate;
-    // Fetch announcements only - we don't need database states
+    // Fetch announcements from database AND purgatory - needed for authorization
-    let repo_data = fetch_repository_data(database, identifier).await?;
+    // when the announcement hasn't been promoted yet (no git data has arrived)
+    let repo_data = fetch_repository_data_with_purgatory(database, purgatory, identifier).await?;
    if repo_data.announcements.is_empty() {
        return Ok(AuthorizationResult::denied(
@@ -649,6 +683,27 @@ pub async fn get_state_authorization_for_specific_owner_repo(
                        .unwrap_or_else(|_| latest_authorized.pubkey.to_hex())
                );
+                // Extend purgatory announcement expiry for the owner.
+                //
+                // Per design doc decision #4: git auth extending a state event's expiry
+                // also extends the announcement's expiry. The repo is actively receiving
+                // git data, so the announcement should not expire prematurely.
+                // This also revives soft-expired announcements (recreates bare repo).
+                if let Ok(owner_pk) = PublicKey::parse(owner_pubkey) {
+                    if purgatory.has_purgatory_announcement(&owner_pk, identifier) {
+                        purgatory.extend_announcement_expiry(
+                            &owner_pk,
+                            identifier,
+                            std::time::Duration::from_secs(1800),
+                        );
+                        debug!(
+                            identifier = %identifier,
+                            owner = %owner_pubkey,
+                            "Extended purgatory announcement expiry due to git push authorization"
+                        );
+                    }
+                }
                return Ok(AuthorizationResult {
                    authorized: true,
                    reason: "Authorized by state event in purgatory".to_string(),
diff --git a/src/git/handlers.rs b/src/git/handlers.rs
index 28cb47f..f43cbb6 100644
--- a/src/git/handlers.rs
+++ b/src/git/handlers.rs
@@ -17,8 +17,9 @@ use super::subprocess::GitSubprocess;
 use crate::git::authorization::{authorize_push, parse_pushed_refs};
 use crate::git::sync::process_newly_available_git_data;
-use crate::nostr::builder::SharedDatabase;
+use crate::nostr::builder::{Nip34WritePolicy, SharedDatabase};
 use crate::purgatory::Purgatory;
+use crate::sync::rejected_index::RejectedEventsIndex;
 /// Handle GET /info/refs?service=git-{upload,receive}-pack
 ///
@@ -258,6 +259,8 @@ pub async fn handle_receive_pack(
    purgatory: Arc<Purgatory>,
    git_data_path: &str,
    git_protocol: Option<&str>,
+    write_policy: Arc<Nip34WritePolicy>,
+    rejected_events_index: Arc<RejectedEventsIndex>,
 ) -> Result<Response<Full<Bytes>>, GitError> {
    debug!("Handling receive-pack for {:?}", repo_path);
@@ -397,6 +400,8 @@ pub async fn handle_receive_pack(
        Some(&relay),
        &purgatory,
        git_data_path_buf,
+        Some(&write_policy),
+        Some(&rejected_events_index),
    )
    .await
    {
diff --git a/src/git/sync.rs b/src/git/sync.rs
index b1a9b49..c24d16b 100644
--- a/src/git/sync.rs
+++ b/src/git/sync.rs
@@ -32,17 +32,20 @@
 use std::collections::{HashMap, HashSet};
 use std::path::Path;
 use std::process::Command;
+use std::sync::Arc;
 use tracing::{debug, info, warn};
 use nostr_sdk::Event;
 use crate::git::authorization::{
-    collect_authorized_maintainers, fetch_repository_data, RepositoryData,
+    collect_authorized_maintainers, fetch_repository_data, fetch_repository_data_with_purgatory,
+    RepositoryData,
 };
 use crate::git::{self, oid_exists};
-use crate::nostr::builder::SharedDatabase;
+use crate::nostr::builder::{Nip34WritePolicy, SharedDatabase};
 use crate::nostr::events::RepositoryState;
 use crate::purgatory::{can_apply_state, Purgatory};
+use crate::sync::rejected_index::RejectedEventsIndex;
 /// Result of processing newly available git data.
 ///
@@ -51,6 +54,8 @@ use crate::purgatory::{can_apply_state, Purgatory};
 /// or from purgatory sync fetching OIDs from remote servers).
 #[derive(Debug, Default, Clone)]
 pub struct ProcessResult {
+    /// Number of announcements released from purgatory
+    pub announcements_released: usize,
    /// Number of state events released from purgatory
    pub states_released: usize,
    /// Number of PR events released from purgatory
@@ -70,11 +75,12 @@ pub struct ProcessResult {
 impl ProcessResult {
    /// Check if any events were released
    pub fn released_any(&self) -> bool {
-        self.states_released > 0 || self.prs_released > 0
+        self.announcements_released > 0 || self.states_released > 0 || self.prs_released > 0
    }
    /// Merge another ProcessResult into this one
    pub fn merge(&mut self, other: ProcessResult) {
+        self.announcements_released += other.announcements_released;
        self.states_released += other.states_released;
        self.prs_released += other.prs_released;
        self.repos_synced += other.repos_synced;
@@ -815,6 +821,8 @@ pub async fn process_newly_available_git_data(
    local_relay: Option<&nostr_relay_builder::LocalRelay>,
    purgatory: &Purgatory,
    git_data_path: &Path,
+    write_policy: Option<&Nip34WritePolicy>,
+    rejected_events_index: Option<&Arc<RejectedEventsIndex>>,
 ) -> anyhow::Result<ProcessResult> {
    let mut result = ProcessResult::default();
@@ -836,6 +844,20 @@ pub async fn process_newly_available_git_data(
        "Processing newly available git data"
    );
+    // Process announcements from purgatory
+    let announcement_result = process_purgatory_announcements(
+        &identifier,
+        source_repo_path,
+        database,
+        local_relay,
+        purgatory,
+        git_data_path,
+        write_policy,
+        rejected_events_index,
+    )
+    .await;
+    result.merge(announcement_result);
    // Process state events from purgatory
    let state_result = process_purgatory_state_events(
        &identifier,
@@ -863,6 +885,7 @@ pub async fn process_newly_available_git_data(
    if result.released_any() {
        info!(
            identifier = %identifier,
+            announcements_released = result.announcements_released,
            states_released = result.states_released,
            prs_released = result.prs_released,
            repos_synced = result.repos_synced,
@@ -907,7 +930,10 @@ async fn process_purgatory_state_events(
    );
    // Fetch repository data once for all state events
-    let mut db_repo_data = match fetch_repository_data(database, identifier).await {
+    // IMPORTANT: Use fetch_repository_data_with_purgatory to include announcements
+    // that may still be in purgatory (not yet promoted). This ensures authorization
+    // works correctly even if the announcement promotion happens in the same batch.
+    let mut db_repo_data = match fetch_repository_data_with_purgatory(database, purgatory, identifier).await {
        Ok(data) => data,
        Err(e) => {
            warn!(
@@ -1151,6 +1177,9 @@ async fn process_purgatory_pr_events(
    );
    // Fetch repository data for syncing
+    // NOTE: Only fetch from database, NOT purgatory. PR events should only be
+    // released from purgatory when the announcement has been promoted (validated).
+    // This ensures we don't accept PR events for announcements that fail validation.
    let db_repo_data = match fetch_repository_data(database, identifier).await {
        Ok(data) => data,
        Err(e) => {
@@ -1250,6 +1279,195 @@ async fn process_purgatory_pr_events(
    result
 }
+/// Process announcements from purgatory that can now be promoted.
+///
+/// When git data arrives for a repository, any announcements in purgatory
+/// for that repository should be promoted to the database and served to clients.
+///
+/// When `write_policy` and `rejected_events_index` are provided (git push path),
+/// any maintainer announcements sitting in the hot cache are re-processed immediately
+/// after the owner announcement is promoted, so they don't wait for the next sync cycle.
+async fn process_purgatory_announcements(
+    identifier: &str,
+    source_repo_path: &Path,
+    database: &SharedDatabase,
+    local_relay: Option<&nostr_relay_builder::LocalRelay>,
+    purgatory: &Purgatory,
+    git_data_path: &Path,
+    write_policy: Option<&Nip34WritePolicy>,
+    rejected_events_index: Option<&Arc<RejectedEventsIndex>>,
+) -> ProcessResult {
+    let mut result = ProcessResult::default();
+    // Extract owner pubkey from the source repo path
+    let owner_pubkey = match extract_owner_from_repo_path(source_repo_path, git_data_path) {
+        Some(npub) => npub,
+        None => {
+            debug!(
+                identifier = %identifier,
+                "Could not extract owner from repo path"
+            );
+            return result;
+        }
+    };
+    // Parse the npub back to PublicKey
+    let owner = match nostr_sdk::PublicKey::parse(&owner_pubkey) {
+        Ok(pk) => pk,
+        Err(e) => {
+            warn!(
+                identifier = %identifier,
+                owner_pubkey = %owner_pubkey,
+                error = %e,
+                "Failed to parse owner pubkey"
+            );
+            result.errors.push(format!("Failed to parse owner pubkey: {}", e));
+            return result;
+        }
+    };
+    // Check if there's an announcement in purgatory for this owner and identifier
+    let announcement_event = purgatory.promote_announcement(&owner, identifier);
+    if let Some(event) = announcement_event {
+        // Save to database
+        match database.save_event(&event).await {
+            Ok(_) => {
+                info!(
+                    identifier = %identifier,
+                    event_id = %event.id,
+                    "Promoted announcement from purgatory to database"
+                );
+                // Notify WebSocket subscribers
+                if let Some(relay) = local_relay {
+                    if relay.notify_event(event.clone()) {
+                        debug!(
+                            identifier = %identifier,
+                            event_id = %event.id,
+                            "Broadcast announcement event to WebSocket listeners"
+                        );
+                    }
+                }
+                result.announcements_released += 1;
+                // Re-process any maintainer announcements sitting in the hot cache.
+                //
+                // When an owner announcement is promoted from purgatory via a git push,
+                // maintainer announcements that arrived earlier (via relay sync) may have
+                // been rejected and stored in the hot cache because the owner announcement
+                // didn't exist in the DB yet. Now that the owner announcement is saved,
+                // we must invalidate and re-process those cached events immediately.
+                //
+                // This only applies on the git push path (write_policy + rejected_events_index
+                // are Some). The purgatory sync path already handles this via
+                // SyncManager::process_event_static.
+                if let (Some(wp), Some(rei), Some(relay)) =
+                    (write_policy, rejected_events_index, local_relay)
+                {
+                    use crate::nostr::events::RepositoryAnnouncement;
+                    use nostr_relay_builder::prelude::{WritePolicy, WritePolicyResult};
+                    use std::net::{IpAddr, Ipv4Addr, SocketAddr};
+                    if let Ok(announcement) = RepositoryAnnouncement::from_event(event.clone()) {
+                        if !announcement.maintainers.is_empty() {
+                            debug!(
+                                identifier = %identifier,
+                                event_id = %event.id,
+                                maintainer_count = announcement.maintainers.len(),
+                                "Owner announcement promoted via git push, checking hot cache for rejected maintainer announcements"
+                            );
+                            for maintainer_hex in &announcement.maintainers {
+                                match nostr_sdk::PublicKey::from_hex(maintainer_hex) {
+                                    Ok(maintainer_pubkey) => {
+                                        let (removed, hot_events) = rei.invalidate_and_get(
+                                            &maintainer_pubkey,
+                                            &announcement.identifier,
+                                            Some(crate::sync::rejected_index::EventType::Announcement),
+                                        );
+                                        if removed > 0 {
+                                            info!(
+                                                maintainer = %maintainer_hex,
+                                                identifier = %announcement.identifier,
+                                                removed_from_cold_index = removed,
+                                                hot_cache_events = hot_events.len(),
+                                                "Invalidated rejected maintainer announcements after git push promotion"
+                                            );
+                                        }
+                                        // Re-process events from hot cache
+                                        let dummy_addr = SocketAddr::new(
+                                            IpAddr::V4(Ipv4Addr::LOCALHOST),
+                                            0,
+                                        );
+                                        for hot_event in hot_events {
+                                            info!(
+                                                event_id = %hot_event.id,
+                                                maintainer = %maintainer_hex,
+                                                identifier = %announcement.identifier,
+                                                "Re-processing maintainer announcement from hot cache after git push promotion"
+                                            );
+                                            match wp.admit_event(&hot_event, &dummy_addr).await {
+                                                WritePolicyResult::Accept => {
+                                                    match database.save_event(&hot_event).await {
+                                                        Ok(_) => {
+                                                            relay.notify_event(hot_event.clone());
+                                                            info!(
+                                                                event_id = %hot_event.id,
+                                                                "Maintainer announcement accepted and saved on re-processing"
+                                                            );
+                                                        }
+                                                        Err(e) => {
+                                                            warn!(
+                                                                event_id = %hot_event.id,
+                                                                error = %e,
+                                                                "Failed to save re-processed maintainer announcement"
+                                                            );
+                                                        }
+                                                    }
+                                                }
+                                                _ => {
+                                                    warn!(
+                                                        event_id = %hot_event.id,
+                                                        "Maintainer announcement still rejected on re-processing"
+                                                    );
+                                                }
+                                            }
+                                        }
+                                    }
+                                    Err(e) => {
+                                        warn!(
+                                            maintainer_hex = %maintainer_hex,
+                                            error = %e,
+                                            "Invalid maintainer public key in promoted announcement"
+                                        );
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+            Err(e) => {
+                warn!(
+                    identifier = %identifier,
+                    event_id = %event.id,
+                    error = %e,
+                    "Failed to save announcement to database"
+                );
+                result
+                    .errors
+                    .push(format!("Failed to save announcement: {}", e));
+            }
+        }
+    }
+    result
+}
 /// Extract owner pubkey from a repository path.
 ///
 /// Given a path like `{git_data_path}/{npub}/{identifier}.git`, extracts the npub.
@@ -1271,6 +1489,7 @@ mod tests {
    #[test]
    fn test_process_result_default() {
        let result = ProcessResult::default();
+        assert_eq!(result.announcements_released, 0);
        assert_eq!(result.states_released, 0);
        assert_eq!(result.prs_released, 0);
        assert_eq!(result.repos_synced, 0);
@@ -1282,6 +1501,10 @@ mod tests {
        let mut result = ProcessResult::default();
        assert!(!result.released_any());
+        result.announcements_released = 1;
+        assert!(result.released_any());
+        result.announcements_released = 0;
        result.states_released = 1;
        assert!(result.released_any());
@@ -1293,6 +1516,7 @@ mod tests {
    #[test]
    fn test_process_result_merge() {
        let mut result1 = ProcessResult {
+            announcements_released: 0,
            states_released: 1,
            prs_released: 2,
            repos_synced: 3,
@@ -1303,6 +1527,7 @@ mod tests {
        };
        let result2 = ProcessResult {
+            announcements_released: 5,
            states_released: 10,
            prs_released: 20,
            repos_synced: 30,
@@ -1314,6 +1539,7 @@ mod tests {
        result1.merge(result2);
+        assert_eq!(result1.announcements_released, 5);
        assert_eq!(result1.states_released, 11);
        assert_eq!(result1.prs_released, 22);
        assert_eq!(result1.repos_synced, 33);
diff --git a/src/http/mod.rs b/src/http/mod.rs
index edc28a3..76ffef3 100644
--- a/src/http/mod.rs
+++ b/src/http/mod.rs
@@ -26,8 +26,9 @@ use tokio::net::TcpListener;
 use crate::config::Config;
 use crate::git;
 use crate::metrics::Metrics;
-use crate::nostr::builder::SharedDatabase;
+use crate::nostr::builder::{Nip34WritePolicy, SharedDatabase};
 use crate::purgatory::Purgatory;
+use crate::sync::rejected_index::RejectedEventsIndex;
 /// CORS headers required by GRASP-01 specification (lines 40-47)
 const CORS_ALLOW_ORIGIN: &str = "*";
@@ -97,6 +98,10 @@ struct HttpService {
    metrics: Option<Arc<Metrics>>,
    /// Purgatory for event/git coordination
    purgatory: Arc<Purgatory>,
+    /// Write policy for re-processing hot-cache events after git push promotion
+    write_policy: Arc<Nip34WritePolicy>,
+    /// Rejected events index for hot-cache re-processing after git push promotion
+    rejected_events_index: Arc<RejectedEventsIndex>,
 }
 impl HttpService {
@@ -107,6 +112,8 @@ impl HttpService {
        database: SharedDatabase,
        metrics: Option<Arc<Metrics>>,
        purgatory: Arc<Purgatory>,
+        write_policy: Arc<Nip34WritePolicy>,
+        rejected_events_index: Arc<RejectedEventsIndex>,
    ) -> Self {
        Self {
            relay,
@@ -115,6 +122,8 @@ impl HttpService {
            database,
            metrics,
            purgatory,
+            write_policy,
+            rejected_events_index,
        }
    }
 }
@@ -132,6 +141,8 @@ impl Service<Request<Incoming>> for HttpService {
        let git_data_path = self.config.effective_git_data_path();
        let database = self.database.clone();
        let purgatory = self.purgatory.clone();
+        let write_policy = self.write_policy.clone();
+        let rejected_events_index = self.rejected_events_index.clone();
        // Handle OPTIONS preflight requests (CORS)
        // GRASP-01 spec line 47: Respond to OPTIONS with 204 No Content
@@ -293,6 +304,8 @@ impl Service<Request<Incoming>> for HttpService {
                            purgatory.clone(),
                            &git_data_path,
                            git_protocol.as_deref(),
+                            write_policy.clone(),
+                            rejected_events_index.clone(),
                        )
                        .await;
@@ -557,12 +570,17 @@ fn derive_accept_key(request_key: &[u8]) -> String {
 /// * `relay` - The LocalRelay for WebSocket connections
 /// * `database` - The database for direct queries (e.g., push authorization)
 /// * `metrics` - Optional metrics for Prometheus endpoint
+/// * `purgatory` - Purgatory for event/git coordination
+/// * `write_policy` - Write policy for re-processing hot-cache events after git push promotion
+/// * `rejected_events_index` - Rejected events index for hot-cache re-processing
 pub async fn run_server(
    config: Config,
    relay: LocalRelay,
    database: SharedDatabase,
    metrics: Option<Arc<Metrics>>,
    purgatory: Arc<Purgatory>,
+    write_policy: Arc<Nip34WritePolicy>,
+    rejected_events_index: Arc<RejectedEventsIndex>,
 ) -> anyhow::Result<()> {
    let bind_addr: SocketAddr = config.bind_address.parse()?;
@@ -582,6 +600,8 @@ pub async fn run_server(
            database.clone(),
            metrics.clone(),
            purgatory.clone(),
+            write_policy.clone(),
+            rejected_events_index.clone(),
        );
        tokio::spawn(async move {
diff --git a/src/main.rs b/src/main.rs
index dd2c903..bf3aefb 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -130,7 +130,9 @@ async fn main() -> Result<()> {
        }
        // Get a reference to the rejected events index for shutdown persistence
+        // and for the HTTP server's git push path (hot-cache re-processing)
        let shutdown_rejected_index = sync_manager.rejected_events_index();
+        let http_rejected_index = shutdown_rejected_index.clone();
        tokio::spawn(async move {
            sync_manager.run().await;
@@ -142,11 +144,11 @@ async fn main() -> Result<()> {
            let mut interval = tokio::time::interval(Duration::from_secs(60));
            loop {
                interval.tick().await;
-                let (state_removed, pr_removed) = cleanup_purgatory.cleanup();
+                let (announcement_removed, state_removed, pr_removed) = cleanup_purgatory.cleanup();
-                if state_removed > 0 || pr_removed > 0 {
+                if announcement_removed > 0 || state_removed > 0 || pr_removed > 0 {
                    info!(
-                        "Purgatory cleanup: removed {} state events, {} PR events",
+                        "Purgatory cleanup: removed {} announcements, {} state events, {} PR events",
-                        state_removed, pr_removed
+                        announcement_removed, state_removed, pr_removed
                    );
                }
            }
@@ -206,12 +208,15 @@ async fn main() -> Result<()> {
        // Start HTTP server with integrated relay and database
        info!("Starting HTTP server on {}", config.bind_address);
+        // Wrap write_policy in Arc for sharing between HTTP server connections
+        let http_write_policy = Arc::new(relay_with_db.write_policy.clone());
        // Run server until shutdown signal, then cleanup
        #[cfg(unix)]
        {
            use tokio::signal::unix::{signal, SignalKind};
            let mut sigterm = signal(SignalKind::terminate())?;
-            
            tokio::select! {
                result = http::run_server(
                    config,
@@ -219,6 +224,8 @@ async fn main() -> Result<()> {
                    relay_with_db.database,
                    metrics,
                    purgatory,
+                    http_write_policy,
+                    http_rejected_index,
                ) => {
                    result?
                }
@@ -230,7 +237,7 @@ async fn main() -> Result<()> {
                }
            }
        }
-        
        #[cfg(not(unix))]
        {
            tokio::select! {
@@ -240,6 +247,8 @@ async fn main() -> Result<()> {
                    relay_with_db.database,
                    metrics,
                    purgatory,
+                    http_write_policy,
+                    http_rejected_index,
                ) => {
                    result?
                }
diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index 713c129..7a05348 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -14,10 +14,11 @@ use nostr_relay_builder::prelude::*;
 use crate::config::{Config, DatabaseBackend};
 use crate::nostr::events::RepositoryAnnouncement;
 use crate::nostr::policy::{
-    AnnouncementPolicy, AnnouncementResult, PolicyContext, PrEventPolicy, ReferenceResult,
+    AnnouncementPolicy, AnnouncementResult, DeletionPolicy, PolicyContext, PrEventPolicy,
-    RelatedEventPolicy, StatePolicy, StateResult,
+    ReferenceResult, RelatedEventPolicy, StatePolicy, StateResult,
 };
 /// Type alias for the shared database used by the relay
 pub type SharedDatabase = Arc<dyn NostrDatabase>;
@@ -28,6 +29,7 @@ pub type SharedDatabase = Arc<dyn NostrDatabase>;
 /// - `StatePolicy` - State event validation + ref alignment
 /// - `PrEventPolicy` - PR/PR Update validation
 /// - `RelatedEventPolicy` - Forward/backward reference checking
+/// - `DeletionPolicy` - NIP-09 event deletion request handling
 ///
 /// Uses stateful database queries to check event relationships.
 #[derive(Clone)]
@@ -37,6 +39,7 @@ pub struct Nip34WritePolicy {
    state_policy: StatePolicy,
    pr_event_policy: PrEventPolicy,
    related_event_policy: RelatedEventPolicy,
+    deletion_policy: DeletionPolicy,
 }
 impl std::fmt::Debug for Nip34WritePolicy {
@@ -68,6 +71,7 @@ impl Nip34WritePolicy {
            state_policy: StatePolicy::new(ctx.clone()),
            pr_event_policy: PrEventPolicy::new(ctx.clone()),
            related_event_policy: RelatedEventPolicy::new(ctx.clone()),
+            deletion_policy: DeletionPolicy::new(ctx.clone()),
            ctx,
        }
    }
@@ -205,6 +209,30 @@ impl Nip34WritePolicy {
                    }
                }
            }
+            AnnouncementResult::AcceptPurgatory => {
+                // New announcement - add to purgatory
+                match self.announcement_policy.add_to_purgatory(event) {
+                    Ok(()) => {
+                        tracing::info!(
+                            "Accepted announcement to purgatory: {} (waiting for git data)",
+                            event_id_str
+                        );
+                        WritePolicyResult::Reject {
+                            status: true, // Client sees OK
+                            message: "purgatory: won't be served until git data arrives".into(),
+                        }
+                    }
+                    Err(e) => {
+                        tracing::warn!(
+                            "Failed to add announcement to purgatory {}: {}",
+                            event_id_str,
+                            e
+                        );
+                        WritePolicyResult::reject(e)
+                    }
+                }
+            }
            AnnouncementResult::AcceptMaintainer => {
                // Parse announcement to get details for logging
                match RepositoryAnnouncement::from_event(event.clone()) {
@@ -621,6 +649,7 @@ impl WritePolicy for Nip34WritePolicy {
                    );
                    WritePolicyResult::Accept
                }
+                Kind::EventDeletion => self.deletion_policy.handle(event).await,
                _ => self.handle_related_event(event, "Event").await,
            }
        })
diff --git a/src/nostr/policy/announcement.rs b/src/nostr/policy/announcement.rs
index 15a6e58..b366f0b 100644
--- a/src/nostr/policy/announcement.rs
+++ b/src/nostr/policy/announcement.rs
@@ -3,6 +3,8 @@
 /// Handles validation of NIP-34 repository announcements (kind 30617)
 /// according to GRASP-01 specification.
 use nostr_relay_builder::prelude::{Alphabet, Event, Filter, Kind, PublicKey, SingleLetterTag};
+use std::collections::HashSet;
+use std::time::Duration;
 use super::PolicyContext;
 use crate::config::Config;
@@ -11,12 +13,14 @@ use crate::nostr::events::{validate_announcement, RepositoryAnnouncement};
 /// Result of announcement policy evaluation
 #[derive(Debug, Clone, PartialEq)]
 pub enum AnnouncementResult {
-    /// Accept: Event lists our service (GRASP-01 compliant)
+    /// Accept: Event lists our service (GRASP-01 compliant) - replacement announcement
    Accept,
    /// Accept as maintainer: Event accepted via maintainer exception (multi-maintainer)
    AcceptMaintainer,
    /// Accept as archive: Event accepted via GRASP-05 archive whitelist (read-only)
    AcceptArchive,
+    /// Accept to purgatory: New announcement, waiting for git data
+    AcceptPurgatory,
    /// Reject: Event fails validation with reason
    Reject(String),
 }
@@ -35,10 +39,13 @@ impl AnnouncementPolicy {
    /// Validate a repository announcement event
    ///
-    /// Returns `Accept` if the announcement lists the service properly,
+    /// Returns:
-    /// `AcceptMaintainer` if accepted via maintainer exception,
+    /// - `Accept` if this is a replacement announcement (active announcement exists in DB or
-    /// `AcceptArchive` if accepted via GRASP-05 archive config,
+    ///   purgatory)
-    /// or `Reject` with reason.
+    /// - `AcceptPurgatory` if this is a new announcement (no active announcement exists)
+    /// - `AcceptMaintainer` if accepted via maintainer exception
+    /// - `AcceptArchive` if accepted via GRASP-05 archive config
+    /// - `Reject` with reason if validation fails
    pub async fn validate(&self, event: &Event) -> AnnouncementResult {
        // First, try validation (GRASP-01 + GRASP-05)
        let validation_result = validate_announcement(event, &self.config);
@@ -49,6 +56,23 @@ impl AnnouncementPolicy {
                // GRASP-01 Exception: Accept announcements from recursive maintainers
                match RepositoryAnnouncement::from_event(event.clone()) {
                    Ok(announcement) => {
+                        // If this pubkey+identifier has a purgatory entry AND the incoming
+                        // event is strictly newer, the owner is sending a replacement that
+                        // removes our service. Clear the purgatory entry and its bare repo.
+                        //
+                        // If the incoming event is older than the purgatory entry (e.g. a
+                        // relay replay of a superseded announcement), ignore it — the newer
+                        // purgatory entry takes precedence and must not be evicted.
+                        let should_evict = self
+                            .ctx
+                            .purgatory
+                            .find_announcement(&event.pubkey, &announcement.identifier)
+                            .is_some_and(|entry| event.created_at > entry.event.created_at);
+                        if should_evict {
+                            self.remove_purgatory_announcement(&event.pubkey, &announcement.identifier);
+                        }
                        match self
                            .is_maintainer_in_any_announcement(
                                &announcement.identifier,
@@ -67,11 +91,221 @@ impl AnnouncementPolicy {
                    Err(_) => AnnouncementResult::Reject(reason),
                }
            }
-            // Accept, AcceptArchive, or AcceptMaintainer - return as-is
+            AnnouncementResult::Accept | AnnouncementResult::AcceptArchive => {
+                // Parse announcement to check for existing active announcement
+                match RepositoryAnnouncement::from_event(event.clone()) {
+                    Ok(announcement) => {
+                        let in_db = match self
+                            .has_db_announcement(&event.pubkey, &announcement.identifier)
+                            .await
+                        {
+                            Ok(v) => v,
+                            Err(e) => {
+                                tracing::warn!(
+                                    error = %e,
+                                    "Failed to check for existing DB announcement - rejecting"
+                                );
+                                return AnnouncementResult::Reject(format!(
+                                    "Database error checking existing announcement: {}",
+                                    e
+                                ));
+                            }
+                        };
+                        if in_db {
+                            // Replacement announcement with DB entry - accept immediately
+                            tracing::debug!(
+                                identifier = %announcement.identifier,
+                                "Replacement announcement (DB) - accepting immediately"
+                            );
+                            return validation_result;
+                        }
+                        let in_purgatory = self
+                            .ctx
+                            .purgatory
+                            .has_purgatory_announcement(&event.pubkey, &announcement.identifier);
+                        if in_purgatory {
+                            // Replacement announcement with purgatory entry - replace it and
+                            // extend expiry so the new announcement gets a fresh 30-minute window.
+                            tracing::debug!(
+                                identifier = %announcement.identifier,
+                                "Replacement announcement (purgatory) - replacing purgatory entry"
+                            );
+                            self.replace_purgatory_announcement(event, &announcement);
+                            // Return Accept (not AcceptPurgatory) - this is a replacement, not new
+                            return validation_result;
+                        }
+                        // No existing announcement - route to purgatory
+                        tracing::debug!(
+                            identifier = %announcement.identifier,
+                            "New announcement - routing to purgatory"
+                        );
+                        AnnouncementResult::AcceptPurgatory
+                    }
+                    Err(e) => AnnouncementResult::Reject(format!(
+                        "Failed to parse announcement: {}",
+                        e
+                    )),
+                }
+            }
+            // AcceptPurgatory shouldn't come from validate_announcement, but handle it
            result => result,
        }
    }
+    /// Replace a purgatory announcement entry with a newer event.
+    ///
+    /// Called when a replacement announcement arrives for a (pubkey, identifier) pair
+    /// that is currently in purgatory. Updates the purgatory entry and extends the
+    /// expiry so the new announcement has a fresh waiting window.
+    fn replace_purgatory_announcement(
+        &self,
+        event: &Event,
+        announcement: &RepositoryAnnouncement,
+    ) {
+        let repo_path = self.ctx.git_data_path.join(announcement.repo_path());
+        let relays: HashSet<String> = announcement.relays.iter().cloned().collect();
+        // add_announcement uses the (owner, identifier) key so it overwrites the old entry
+        self.ctx.purgatory.add_announcement(
+            event.clone(),
+            announcement.identifier.clone(),
+            event.pubkey,
+            repo_path,
+            relays,
+        );
+        // Extend the announcement's expiry (reset to full 30 min window)
+        self.ctx.purgatory.extend_announcement_expiry(
+            &event.pubkey,
+            &announcement.identifier,
+            Duration::from_secs(1800),
+        );
+        // Also extend any state events waiting for this identifier
+        let state_entries = self.ctx.purgatory.find_state(&announcement.identifier);
+        if !state_entries.is_empty() {
+            let state_ids: Vec<_> = state_entries.iter().map(|e| e.event.id).collect();
+            self.ctx.purgatory.extend_expiry(
+                &announcement.identifier,
+                &state_ids,
+                Duration::from_secs(1800),
+            );
+        }
+    }
+    /// Remove a purgatory announcement and clean up associated resources.
+    ///
+    /// Called when a replacement announcement is rejected (owner removed our service).
+    /// Deletes the bare repository from disk and removes any state events waiting for
+    /// this identifier.
+    fn remove_purgatory_announcement(&self, pubkey: &PublicKey, identifier: &str) {
+        // Get the repo path before removing from purgatory
+        if let Some(entry) = self.ctx.purgatory.find_announcement(pubkey, identifier) {
+            // Delete the bare repository from disk
+            if entry.repo_path.exists() {
+                if let Err(e) = std::fs::remove_dir_all(&entry.repo_path) {
+                    tracing::warn!(
+                        path = %entry.repo_path.display(),
+                        error = %e,
+                        "Failed to delete bare repository during purgatory cleanup"
+                    );
+                } else {
+                    tracing::info!(
+                        path = %entry.repo_path.display(),
+                        "Deleted bare repository for rejected purgatory announcement"
+                    );
+                }
+            }
+        }
+        // Remove the announcement from purgatory
+        self.ctx.purgatory.remove_announcement(pubkey, identifier);
+        // Only remove state events if no other owner still has an announcement in purgatory
+        // for this identifier. State events are keyed by identifier alone, so blindly removing
+        // them would also discard state events legitimately belonging to a different owner's
+        // repository that happens to share the same identifier string.
+        let other_owners_remain = !self
+            .ctx
+            .purgatory
+            .get_announcements_by_identifier(identifier)
+            .is_empty();
+        if !other_owners_remain {
+            self.ctx.purgatory.remove_state(identifier);
+        }
+        tracing::info!(
+            identifier = %identifier,
+            other_owners_remain = %other_owners_remain,
+            "Cleared purgatory entry: owner removed our service from announcement"
+        );
+    }
+    /// Check if there's an announcement in the database for this (pubkey, identifier).
+    ///
+    /// Only checks the database (promoted announcements). For purgatory checks use
+    /// `purgatory.has_purgatory_announcement()` directly.
+    async fn has_db_announcement(
+        &self,
+        pubkey: &PublicKey,
+        identifier: &str,
+    ) -> Result<bool, String> {
+        let filter = Filter::new()
+            .kind(Kind::GitRepoAnnouncement)
+            .author(*pubkey)
+            .custom_tag(
+                SingleLetterTag::lowercase(Alphabet::D),
+                identifier.to_string(),
+            );
+        let events: Vec<Event> = match self.ctx.database.query(filter).await {
+            Ok(events) => events.into_iter().collect(),
+            Err(e) => return Err(format!("Database query failed: {}", e)),
+        };
+        Ok(!events.is_empty())
+    }
+    /// Add an announcement to purgatory
+    ///
+    /// Creates the bare repository and stores the announcement in purgatory
+    /// until git data arrives.
+    pub fn add_to_purgatory(&self, event: &Event) -> Result<(), String> {
+        let announcement = RepositoryAnnouncement::from_event(event.clone())
+            .map_err(|e| format!("Failed to parse announcement: {}", e))?;
+        // Create bare repository
+        self.ensure_bare_repository(&announcement)?;
+        // Build repo path
+        let repo_path = self.ctx.git_data_path.join(announcement.repo_path());
+        // Extract relays from announcement
+        let relays: HashSet<String> = announcement.relays.iter().cloned().collect();
+        // Add to purgatory
+        self.ctx.purgatory.add_announcement(
+            event.clone(),
+            announcement.identifier.clone(),
+            event.pubkey,
+            repo_path,
+            relays,
+        );
+        tracing::info!(
+            identifier = %announcement.identifier,
+            event_id = %event.id,
+            "Added announcement to purgatory"
+        );
+        Ok(())
+    }
    /// Create a bare git repository if it doesn't exist
    /// Path format: <git_data_path>/<npub>/<identifier>.git
    pub fn ensure_bare_repository(
@@ -117,6 +351,11 @@ impl AnnouncementPolicy {
    ///
    /// This enables accepting announcements from maintainers even when they don't list
    /// this GRASP server, for maintainer chain discovery and GRASP-02 sync.
+    ///
+    /// Checks both the database (promoted announcements) and purgatory (announcements
+    /// waiting for git data). This is necessary because a maintainer's announcement
+    /// (which lists the recursive maintainer) may still be in purgatory when the
+    /// recursive maintainer's announcement arrives.
    async fn is_maintainer_in_any_announcement(
        &self,
        identifier: &str,
@@ -128,12 +367,26 @@ impl AnnouncementPolicy {
            identifier.to_string(),
        );
-        let announcements: Vec<Event> = match self.ctx.database.query(filter).await {
+        let db_announcements: Vec<Event> = match self.ctx.database.query(filter).await {
            Ok(events) => events.into_iter().collect(),
            Err(e) => return Err(format!("Database query failed: {}", e)),
        };
-        if announcements.is_empty() {
+        // Also collect purgatory announcements for this identifier
+        let purgatory_announcements: Vec<Event> = self
+            .ctx
+            .purgatory
+            .get_announcements_by_identifier(identifier)
+            .into_iter()
+            .map(|entry| entry.event)
+            .collect();
+        let all_announcements: Vec<&Event> = db_announcements
+            .iter()
+            .chain(purgatory_announcements.iter())
+            .collect();
+        if all_announcements.is_empty() {
            // No existing announcements for this identifier - author cannot be a maintainer
            return Ok(false);
        }
@@ -141,14 +394,14 @@ impl AnnouncementPolicy {
        let author_hex = author.to_hex();
        // Check each announcement to see if author is listed as a maintainer
-        for event in &announcements {
+        for event in &all_announcements {
            // Check if author is the owner of this announcement
            if event.pubkey == *author {
                return Ok(true);
            }
            // Check if author is listed in the maintainers tag
-            if let Ok(announcement) = RepositoryAnnouncement::from_event(event.clone()) {
+            if let Ok(announcement) = RepositoryAnnouncement::from_event((*event).clone()) {
                if announcement.maintainers.contains(&author_hex) {
                    return Ok(true);
                }
diff --git a/src/nostr/policy/deletion.rs b/src/nostr/policy/deletion.rs
new file mode 100644
index 0000000..6457c90
--- /dev/null
+++ b/src/nostr/policy/deletion.rs
@@ -0,0 +1,498 @@
+/// Deletion Policy - NIP-09 event deletion request handling
+///
+/// Handles kind 5 (EventDeletion) events that request removal of purgatory entries
+/// for repository announcements (kind 30617) and state events (kind 30618).
+///
+/// ## NIP-09 Rules Enforced
+///
+/// - Only the event author can delete their own events (pubkey must match)
+/// - `e` tags reference specific event IDs to delete
+/// - `a` tags reference addressable events by coordinate (`<kind>:<pubkey>:<d-identifier>`)
+/// - When an `a` tag is used, all versions up to `created_at` of the deletion request
+///   are considered deleted
+///
+/// ## Purgatory Interaction
+///
+/// - Kind 30617 (announcement) in purgatory: entry removed, bare repo deleted from disk
+/// - Kind 30618 (state event) in purgatory: matching state event(s) removed by event ID
+///   or by (author, identifier) coordinate
+use nostr_relay_builder::prelude::{Event, WritePolicyResult};
+use super::PolicyContext;
+/// Policy for handling NIP-09 event deletion requests
+#[derive(Clone)]
+pub struct DeletionPolicy {
+    ctx: PolicyContext,
+}
+impl DeletionPolicy {
+    pub fn new(ctx: PolicyContext) -> Self {
+        Self { ctx }
+    }
+    /// Process a kind 5 (EventDeletion) event.
+    ///
+    /// Checks whether the deletion request targets any purgatory announcements
+    /// and removes them if so. The deletion event itself is always accepted
+    /// (relays should store deletion requests per NIP-09).
+    ///
+    /// Only the event author can delete their own events — this is enforced by
+    /// checking that the purgatory entry's owner matches `event.pubkey`.
+    pub async fn handle(&self, event: &Event) -> WritePolicyResult {
+        // Process purgatory removals synchronously (no async needed)
+        self.remove_purgatory_targets(event);
+        // Always accept the deletion event itself so it is stored and
+        // can prevent re-acceptance of the deleted event in the future.
+        WritePolicyResult::Accept
+    }
+    /// Remove any purgatory entries targeted by this deletion event.
+    ///
+    /// Handles both reference styles from NIP-09:
+    /// - `e` tags: event ID references — match against announcement or state event IDs
+    /// - `a` tags: addressable coordinate references — `30617:…` or `30618:…`
+    ///
+    /// Only removes entries where the purgatory entry's author matches the deletion
+    /// event's pubkey (enforces author-only deletion).
+    fn remove_purgatory_targets(&self, event: &Event) {
+        let author = &event.pubkey;
+        for tag in event.tags.iter() {
+            let tag_vec = tag.as_slice();
+            if tag_vec.len() < 2 {
+                continue;
+            }
+            match tag_vec[0].as_str() {
+                "e" => {
+                    // Event ID reference: find purgatory announcement with this event ID
+                    let target_id = &tag_vec[1];
+                    self.remove_by_event_id(author, target_id, event.created_at.as_secs());
+                }
+                "a" => {
+                    // Addressable coordinate reference: `<kind>:<pubkey>:<d-identifier>`
+                    let coord = &tag_vec[1];
+                    self.remove_by_coordinate(author, coord, event.created_at.as_secs());
+                }
+                _ => {}
+            }
+        }
+    }
+    /// Remove a purgatory entry (announcement, state event, or PR event) matched by event ID.
+    ///
+    /// Checks in order: announcements (30617), state events (30618), PR/PR-update events.
+    /// Only removes entries whose author matches `author`.
+    fn remove_by_event_id(
+        &self,
+        author: &nostr_relay_builder::prelude::PublicKey,
+        target_id_hex: &str,
+        _deletion_created_at: u64,
+    ) {
+        // --- Check PR events (kind 1617/1618) first — O(1) direct lookup ---
+        // PR purgatory is keyed by event ID hex, so this is the cheapest check.
+        // Only remove if the entry has an actual event (not a placeholder) and the
+        // event's author matches the deletion request author.
+        if let Some(entry) = self.ctx.purgatory.find_pr(target_id_hex) {
+            if let Some(ref event) = entry.event {
+                if event.pubkey == *author {
+                    tracing::info!(
+                        event_id = %target_id_hex,
+                        author = %author.to_hex(),
+                        "Deletion request: removing purgatory PR event by event ID"
+                    );
+                    self.ctx.purgatory.remove_pr(target_id_hex);
+                    return;
+                }
+            }
+            // Entry exists but is a placeholder or wrong author — don't remove
+            return;
+        }
+        // --- Check announcements (kind 30617) ---
+        // The DashMap doesn't expose a direct "find by event ID" method, so we use
+        // the announcements_for_sync snapshot to enumerate all (repo_id, _) pairs.
+        let all = self.ctx.purgatory.announcements_for_sync();
+        for (repo_id, _) in all {
+            // repo_id format: "30617:{pubkey_hex}:{identifier}"
+            let parts: Vec<&str> = repo_id.splitn(3, ':').collect();
+            if parts.len() != 3 {
+                continue;
+            }
+            let entry_pubkey_hex = parts[1];
+            let identifier = parts[2];
+            if entry_pubkey_hex != author.to_hex() {
+                continue;
+            }
+            if let Some(entry) = self.ctx.purgatory.find_announcement(author, identifier) {
+                if entry.event.id.to_hex() == target_id_hex {
+                    tracing::info!(
+                        event_id = %target_id_hex,
+                        identifier = %identifier,
+                        author = %author.to_hex(),
+                        "Deletion request: removing purgatory announcement by event ID"
+                    );
+                    self.evict_purgatory_entry(author, identifier);
+                    return; // event IDs are unique
+                }
+            }
+        }
+        // --- Check state events (kind 30618) ---
+        // State events are keyed by identifier; scan all identifiers for a match.
+        let state_identifiers = self.ctx.purgatory.get_all_identifiers();
+        for identifier in state_identifiers {
+            let entries = self.ctx.purgatory.find_state(&identifier);
+            for entry in entries {
+                if entry.author == *author && entry.event.id.to_hex() == target_id_hex {
+                    tracing::info!(
+                        event_id = %target_id_hex,
+                        identifier = %identifier,
+                        author = %author.to_hex(),
+                        "Deletion request: removing purgatory state event by event ID"
+                    );
+                    self.ctx.purgatory.remove_state_event(&identifier, &entry.event.id);
+                    return; // event IDs are unique
+                }
+            }
+        }
+    }
+    /// Remove a purgatory entry matched by addressable coordinate.
+    ///
+    /// The coordinate format is `<kind>:<pubkey>:<d-identifier>`.
+    /// Handles kind 30617 (announcements) and kind 30618 (state events).
+    ///
+    /// Per NIP-09, all versions up to `deletion_created_at` are considered deleted.
+    fn remove_by_coordinate(
+        &self,
+        author: &nostr_relay_builder::prelude::PublicKey,
+        coordinate: &str,
+        deletion_created_at: u64,
+    ) {
+        // Parse coordinate: `<kind>:<pubkey>:<d-identifier>`
+        let parts: Vec<&str> = coordinate.splitn(3, ':').collect();
+        if parts.len() != 3 {
+            return;
+        }
+        let kind_str = parts[0];
+        let coord_pubkey_hex = parts[1];
+        let identifier = parts[2];
+        // The coordinate pubkey must match the deletion event author
+        if coord_pubkey_hex != author.to_hex() {
+            tracing::debug!(
+                coord_pubkey = %coord_pubkey_hex,
+                deletion_author = %author.to_hex(),
+                "Ignoring deletion: coordinate pubkey does not match deletion author"
+            );
+            return;
+        }
+        match kind_str {
+            "30617" => {
+                // Announcement purgatory entry
+                if let Some(entry) = self.ctx.purgatory.find_announcement(author, identifier) {
+                    if entry.event.created_at.as_secs() <= deletion_created_at {
+                        tracing::info!(
+                            identifier = %identifier,
+                            author = %author.to_hex(),
+                            "Deletion request: removing purgatory announcement by coordinate"
+                        );
+                        self.evict_purgatory_entry(author, identifier);
+                    } else {
+                        tracing::debug!(
+                            identifier = %identifier,
+                            author = %author.to_hex(),
+                            "Ignoring deletion: purgatory announcement is newer than deletion request"
+                        );
+                    }
+                }
+            }
+            "30618" => {
+                // State event purgatory entries for this (author, identifier).
+                // Remove all entries authored by `author` with created_at ≤ deletion_created_at.
+                let entries = self.ctx.purgatory.find_state(identifier);
+                let mut removed = 0usize;
+                for entry in entries {
+                    if entry.author == *author
+                        && entry.event.created_at.as_secs() <= deletion_created_at
+                    {
+                        self.ctx.purgatory.remove_state_event(identifier, &entry.event.id);
+                        removed += 1;
+                    }
+                }
+                if removed > 0 {
+                    tracing::info!(
+                        identifier = %identifier,
+                        author = %author.to_hex(),
+                        removed = %removed,
+                        "Deletion request: removed purgatory state event(s) by coordinate"
+                    );
+                }
+            }
+            _ => {
+                // Other kinds not handled
+            }
+        }
+    }
+    /// Remove a purgatory announcement and delete its bare repository from disk.
+    fn evict_purgatory_entry(
+        &self,
+        author: &nostr_relay_builder::prelude::PublicKey,
+        identifier: &str,
+    ) {
+        // Get repo path before removing
+        if let Some(entry) = self.ctx.purgatory.find_announcement(author, identifier) {
+            if entry.repo_path.exists() {
+                if let Err(e) = std::fs::remove_dir_all(&entry.repo_path) {
+                    tracing::warn!(
+                        path = %entry.repo_path.display(),
+                        error = %e,
+                        "Failed to delete bare repository during deletion request processing"
+                    );
+                } else {
+                    tracing::info!(
+                        path = %entry.repo_path.display(),
+                        "Deleted bare repository for deletion-requested purgatory announcement"
+                    );
+                }
+            }
+        }
+        self.ctx.purgatory.remove_announcement(author, identifier);
+        // Remove state events for this identifier only if no other owner's
+        // announcement remains in purgatory (state events are keyed by identifier alone)
+        let other_owners_remain = !self
+            .ctx
+            .purgatory
+            .get_announcements_by_identifier(identifier)
+            .is_empty();
+        if !other_owners_remain {
+            self.ctx.purgatory.remove_state(identifier);
+        }
+    }
+}
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::nostr::policy::PolicyContext;
+    use crate::purgatory::Purgatory;
+    use nostr_relay_builder::prelude::*;
+    use std::collections::HashSet;
+    use std::path::PathBuf;
+    use std::sync::Arc;
+    fn make_context() -> PolicyContext {
+        let db = Arc::new(MemoryDatabase::with_opts(MemoryDatabaseOptions {
+            events: true,
+            max_events: None,
+        }));
+        let purgatory = Arc::new(Purgatory::new(PathBuf::new()));
+        let config = crate::config::Config::for_testing();
+        PolicyContext::new("test.example.com", db, PathBuf::new(), purgatory, config)
+    }
+    fn make_announcement_event(keys: &Keys, identifier: &str) -> Event {
+        EventBuilder::new(Kind::GitRepoAnnouncement, "")
+            .tags(vec![
+                Tag::identifier(identifier),
+                Tag::custom(TagKind::custom("clone"), vec!["https://example.com/repo.git"]),
+            ])
+            .sign_with_keys(keys)
+            .unwrap()
+    }
+    fn add_to_purgatory(ctx: &PolicyContext, event: &Event, identifier: &str) {
+        ctx.purgatory.add_announcement(
+            event.clone(),
+            identifier.to_string(),
+            event.pubkey,
+            PathBuf::new(),
+            HashSet::new(),
+        );
+    }
+    #[tokio::test]
+    async fn test_deletion_by_event_id_removes_purgatory_entry() {
+        let ctx = make_context();
+        let keys = Keys::generate();
+        let identifier = "my-repo";
+        let announcement = make_announcement_event(&keys, identifier);
+        add_to_purgatory(&ctx, &announcement, identifier);
+        assert!(ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier));
+        // Build kind 5 deletion event referencing the announcement by event ID
+        let deletion = EventBuilder::new(Kind::EventDeletion, "")
+            .tags(vec![
+                Tag::event(announcement.id),
+                Tag::custom(TagKind::custom("k"), vec!["30617"]),
+            ])
+            .sign_with_keys(&keys)
+            .unwrap();
+        let policy = DeletionPolicy::new(ctx.clone());
+        let result = policy.handle(&deletion).await;
+        assert!(matches!(result, WritePolicyResult::Accept));
+        assert!(
+            !ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier),
+            "Purgatory entry should have been removed"
+        );
+    }
+    #[tokio::test]
+    async fn test_deletion_by_coordinate_removes_purgatory_entry() {
+        let ctx = make_context();
+        let keys = Keys::generate();
+        let identifier = "my-repo";
+        let announcement = make_announcement_event(&keys, identifier);
+        add_to_purgatory(&ctx, &announcement, identifier);
+        assert!(ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier));
+        // Build kind 5 deletion event referencing the announcement by coordinate
+        let coord = format!("30617:{}:{}", keys.public_key().to_hex(), identifier);
+        let deletion = EventBuilder::new(Kind::EventDeletion, "")
+            .tags(vec![
+                Tag::custom(TagKind::custom("a"), vec![coord]),
+                Tag::custom(TagKind::custom("k"), vec!["30617"]),
+            ])
+            .sign_with_keys(&keys)
+            .unwrap();
+        let policy = DeletionPolicy::new(ctx.clone());
+        let result = policy.handle(&deletion).await;
+        assert!(matches!(result, WritePolicyResult::Accept));
+        assert!(
+            !ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier),
+            "Purgatory entry should have been removed"
+        );
+    }
+    #[tokio::test]
+    async fn test_deletion_by_wrong_author_does_not_remove() {
+        let ctx = make_context();
+        let owner_keys = Keys::generate();
+        let attacker_keys = Keys::generate();
+        let identifier = "my-repo";
+        let announcement = make_announcement_event(&owner_keys, identifier);
+        add_to_purgatory(&ctx, &announcement, identifier);
+        // Attacker tries to delete by event ID
+        let deletion = EventBuilder::new(Kind::EventDeletion, "")
+            .tags(vec![
+                Tag::event(announcement.id),
+                Tag::custom(TagKind::custom("k"), vec!["30617"]),
+            ])
+            .sign_with_keys(&attacker_keys)
+            .unwrap();
+        let policy = DeletionPolicy::new(ctx.clone());
+        let result = policy.handle(&deletion).await;
+        assert!(matches!(result, WritePolicyResult::Accept));
+        assert!(
+            ctx.purgatory.has_purgatory_announcement(&owner_keys.public_key(), identifier),
+            "Purgatory entry should NOT have been removed by wrong author"
+        );
+    }
+    #[tokio::test]
+    async fn test_deletion_by_coordinate_wrong_author_does_not_remove() {
+        let ctx = make_context();
+        let owner_keys = Keys::generate();
+        let attacker_keys = Keys::generate();
+        let identifier = "my-repo";
+        let announcement = make_announcement_event(&owner_keys, identifier);
+        add_to_purgatory(&ctx, &announcement, identifier);
+        // Attacker tries to delete by coordinate using owner's pubkey in coord
+        // but signs with their own key — coord pubkey != deletion author
+        let coord = format!("30617:{}:{}", owner_keys.public_key().to_hex(), identifier);
+        let deletion = EventBuilder::new(Kind::EventDeletion, "")
+            .tags(vec![
+                Tag::custom(TagKind::custom("a"), vec![coord]),
+                Tag::custom(TagKind::custom("k"), vec!["30617"]),
+            ])
+            .sign_with_keys(&attacker_keys)
+            .unwrap();
+        let policy = DeletionPolicy::new(ctx.clone());
+        let result = policy.handle(&deletion).await;
+        assert!(matches!(result, WritePolicyResult::Accept));
+        assert!(
+            ctx.purgatory.has_purgatory_announcement(&owner_keys.public_key(), identifier),
+            "Purgatory entry should NOT have been removed by wrong author"
+        );
+    }
+    #[tokio::test]
+    async fn test_deletion_of_nonexistent_entry_is_accepted() {
+        let ctx = make_context();
+        let keys = Keys::generate();
+        // No purgatory entry exists — deletion should still be accepted
+        let deletion = EventBuilder::new(Kind::EventDeletion, "")
+            .tags(vec![
+                Tag::custom(TagKind::custom("a"), vec![
+                    format!("30617:{}:nonexistent", keys.public_key().to_hex())
+                ]),
+            ])
+            .sign_with_keys(&keys)
+            .unwrap();
+        let policy = DeletionPolicy::new(ctx.clone());
+        let result = policy.handle(&deletion).await;
+        assert!(matches!(result, WritePolicyResult::Accept));
+    }
+    #[tokio::test]
+    async fn test_deletion_by_coordinate_respects_created_at() {
+        let ctx = make_context();
+        let keys = Keys::generate();
+        let identifier = "my-repo";
+        // Create announcement with a future timestamp
+        let future_ts = Timestamp::now().as_secs() + 3600; // 1 hour in the future
+        let announcement = EventBuilder::new(Kind::GitRepoAnnouncement, "")
+            .tags(vec![Tag::identifier(identifier)])
+            .custom_created_at(Timestamp::from(future_ts))
+            .sign_with_keys(&keys)
+            .unwrap();
+        add_to_purgatory(&ctx, &announcement, identifier);
+        // Deletion event with current timestamp (older than announcement)
+        let coord = format!("30617:{}:{}", keys.public_key().to_hex(), identifier);
+        let deletion = EventBuilder::new(Kind::EventDeletion, "")
+            .tags(vec![Tag::custom(TagKind::custom("a"), vec![coord])])
+            .sign_with_keys(&keys)
+            .unwrap();
+        let policy = DeletionPolicy::new(ctx.clone());
+        let result = policy.handle(&deletion).await;
+        assert!(matches!(result, WritePolicyResult::Accept));
+        assert!(
+            ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier),
+            "Purgatory entry should NOT be removed: entry is newer than deletion request"
+        );
+    }
+}
diff --git a/src/nostr/policy/mod.rs b/src/nostr/policy/mod.rs
index 1566b6c..f5b981a 100644
--- a/src/nostr/policy/mod.rs
+++ b/src/nostr/policy/mod.rs
@@ -6,11 +6,13 @@
 /// - `PrEventPolicy` - PR/PR Update validation
 /// - `RelatedEventPolicy` - Forward/backward reference checking
 mod announcement;
+mod deletion;
 mod pr_event;
 mod related;
 mod state;
 pub use announcement::{AnnouncementPolicy, AnnouncementResult};
+pub use deletion::DeletionPolicy;
 pub use pr_event::PrEventPolicy;
 pub use related::{ReferenceResult, RelatedEventPolicy};
 pub use state::{StatePolicy, StateResult};
diff --git a/src/nostr/policy/pr_event.rs b/src/nostr/policy/pr_event.rs
index 00e09c3..072e445 100644
--- a/src/nostr/policy/pr_event.rs
+++ b/src/nostr/policy/pr_event.rs
@@ -127,6 +127,10 @@ impl PrEventPolicy {
                .ok_or_else(|| anyhow::anyhow!("No identifier in PR event"))?;
            // Fetch repository data
+            // NOTE: Only fetch from database, NOT purgatory. Incoming PR events should
+            // only be accepted for announcements that have been promoted (validated).
+            // If the announcement is still in purgatory, the PR event should also go
+            // to purgatory and wait for the announcement to be promoted.
            let db_repo_data = fetch_repository_data(&self.ctx.database, &identifier).await?;
            // Extract owner pubkey from source repo path
@@ -203,6 +207,10 @@ impl PrEventPolicy {
        let identifier = parts[2];
        // 2. Fetch repo data
+        // NOTE: Only fetch from database, NOT purgatory. Incoming PR events should
+        // only be accepted for announcements that have been promoted (validated).
+        // If the announcement is still in purgatory, the PR event should also go
+        // to purgatory and wait for the announcement to be promoted.
        let db_repo_data = fetch_repository_data(&self.ctx.database, identifier).await?;
        // 3. Extract list of maintainers from "a 30617:<maintainer>:<identifier>" tags
diff --git a/src/nostr/policy/related.rs b/src/nostr/policy/related.rs
index 7ce87db..cfe04a7 100644
--- a/src/nostr/policy/related.rs
+++ b/src/nostr/policy/related.rs
@@ -139,6 +139,11 @@ impl RelatedEventPolicy {
                .push((addr, pubkey, identifier));
        }
+        // NOTE: Intentionally only checks the database (promoted announcements), not purgatory.
+        // Related events should only be accepted once the repository announcement has been
+        // validated (promoted via git data). Events referencing purgatory-only repositories
+        // are correctly rejected as orphans and can be re-submitted after promotion.
        // Query each kind group
        for (kind, refs) in by_kind {
            let authors: Vec<PublicKey> = refs.iter().map(|(_, pk, _)| *pk).collect();
diff --git a/src/nostr/policy/state.rs b/src/nostr/policy/state.rs
index 3411077..df743ae 100644
--- a/src/nostr/policy/state.rs
+++ b/src/nostr/policy/state.rs
@@ -1,3 +1,4 @@
+use std::collections::HashSet;
 use std::path::{Path, PathBuf};
 use anyhow::{Context, Result};
@@ -10,7 +11,7 @@ use nostr_relay_builder::prelude::Event;
 use super::PolicyContext;
 use crate::git;
-use crate::git::authorization::fetch_repository_data;
+use crate::git::authorization::fetch_repository_data_with_purgatory;
 use crate::nostr::events::{validate_state, RepositoryAnnouncement, RepositoryState};
 /// Result of state policy evaluation
@@ -76,7 +77,13 @@ impl StatePolicy {
        }
        // Get all repositories and state events from db with identifier
-        let db_repo_data = fetch_repository_data(&self.ctx.database, &state.identifier).await?;
+        // Include purgatory announcements for authorization
+        let db_repo_data = fetch_repository_data_with_purgatory(
+            &self.ctx.database,
+            &self.ctx.purgatory,
+            &state.identifier,
+        )
+        .await?;
        // CRITICAL: Check if author is authorized via maintainer set
        // State events MUST be rejected if author is not in maintainer set of any accepted announcement
@@ -139,6 +146,34 @@ impl StatePolicy {
            "State event author authorized via maintainer set"
        );
+        // Extend expiry for any purgatory announcements for this identifier.
+        //
+        // Per design doc decision #4: state event arrival extends the purgatory
+        // announcement's expiry (reset the 30-minute protocol timer). This prevents
+        // premature expiry during slow sync operations — the repo is actively receiving
+        // metadata so it should stay alive.
+        //
+        // We extend for all owners that authorized this state event, since the state
+        // event proves the repo is active regardless of which owner's announcement
+        // authorized it.
+        for owner_hex in &authorized_owners {
+            if let Ok(owner_pk) = nostr_sdk::PublicKey::from_hex(owner_hex) {
+                if self.ctx.purgatory.has_purgatory_announcement(&owner_pk, &state.identifier) {
+                    self.ctx.purgatory.extend_announcement_expiry(
+                        &owner_pk,
+                        &state.identifier,
+                        std::time::Duration::from_secs(1800),
+                    );
+                    tracing::debug!(
+                        event_id = %event.id,
+                        identifier = %state.identifier,
+                        owner = %owner_hex,
+                        "Extended purgatory announcement expiry due to state event arrival"
+                    );
+                }
+            }
+        }
        // Duplicate check in db
        if db_repo_data.states.iter().any(|e| e.event.id.eq(&event.id)) {
            tracing::debug!("processed state event duplicate (in db): {}", event.id);
@@ -186,6 +221,42 @@ impl StatePolicy {
                }
            }
+            // After copying OIDs to other owner repos, promote any purgatory announcements
+            // for those repos. This handles the case where two maintainers push to the same
+            // identifier on the same relay with identical commit hashes: the second maintainer's
+            // announcement sits in purgatory, and when their state event arrives the relay copies
+            // commits from the first maintainer's repo — but without this call the announcement
+            // would stay in purgatory indefinitely.
+            let local_relay = self.ctx.get_local_relay();
+            let empty_oids: HashSet<String> = HashSet::new();
+            for announcement in &db_repo_data.announcements {
+                let target_repo_path = self.ctx.git_data_path.join(announcement.repo_path());
+                if target_repo_path != repo_with_git_data {
+                    // OIDs were copied to this repo by process_state_with_git_data;
+                    // check if there's a purgatory announcement waiting for it.
+                    if let Err(e) = crate::git::sync::process_newly_available_git_data(
+                        &target_repo_path,
+                        &empty_oids,
+                        &self.ctx.database,
+                        local_relay.as_ref(),
+                        &self.ctx.purgatory,
+                        &self.ctx.git_data_path,
+                        None,
+                        None,
+                    )
+                    .await
+                    {
+                        tracing::warn!(
+                            identifier = %state.identifier,
+                            event_id = %event.id,
+                            repo_path = %target_repo_path.display(),
+                            error = %e,
+                            "Failed to process purgatory announcements for target repo after git sync copy"
+                        );
+                    }
+                }
+            }
            // Event will be saved and broadcast by relay builder
            Ok(WritePolicyResult::Accept)
        } else {
diff --git a/src/purgatory/mod.rs b/src/purgatory/mod.rs
index 2c278f6..bb6ff54 100644
--- a/src/purgatory/mod.rs
+++ b/src/purgatory/mod.rs
@@ -17,7 +17,7 @@ pub mod sync;
 mod types;
 pub use helpers::{can_apply_state, can_satisfy_state, diagnose_state_mismatch, extract_refs_from_state, get_unpushed_refs};
-pub use types::{EventSource, PrPurgatoryEntry, RefPair, RefUpdate, StatePurgatoryEntry};
+pub use types::{AnnouncementPurgatoryEntry, EventSource, PrPurgatoryEntry, RefPair, RefUpdate, StatePurgatoryEntry};
 use dashmap::DashMap;
 use nostr_sdk::prelude::*;
@@ -34,6 +34,13 @@ pub use sync::SyncQueueEntry;
 /// Default expiry duration for purgatory entries (30 minutes)
 const DEFAULT_EXPIRY: Duration = Duration::from_secs(1800);
+/// Extended expiry for soft-expired announcements (24 hours).
+///
+/// After the initial 30-minute expiry, the bare repo is deleted but the event is
+/// retained for this additional period. This allows revival if a state event arrives
+/// late (e.g. slow sync), without permanently blocking the repository.
+const SOFT_EXPIRY_EXTENDED: Duration = Duration::from_secs(86400);
 /// Default delay before syncing user-submitted events (3 minutes).
 /// This gives time for the git push to arrive after the nostr event.
 const DEFAULT_SYNC_DELAY: Duration = Duration::from_secs(180);
@@ -83,9 +90,35 @@ struct SerializablePrPurgatoryEntry {
    source: types::EventSource,
 }
+/// Serializable wrapper for `AnnouncementPurgatoryEntry` with time offsets.
+///
+/// Stores `Instant` fields as `Duration` offsets from the `saved_at` timestamp
+/// in `PurgatoryState`, allowing state to be persisted and restored across restarts.
+///
+/// Note: soft-expired entries (bare repo deleted) are NOT persisted — they have
+/// no git repo on disk and would be immediately cleaned up on restore anyway.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+struct SerializableAnnouncementPurgatoryEntry {
+    /// The nostr announcement event (kind 30617)
+    event: Event,
+    /// The repository identifier from the event's 'd' tag
+    identifier: String,
+    /// The owner pubkey (event author)
+    owner: PublicKey,
+    /// Path to the bare git repository (must exist on disk)
+    repo_path: PathBuf,
+    /// Relay URLs from the announcement (for sync registration)
+    relays: HashSet<String>,
+    /// Duration offset from saved_at for created_at
+    created_at_offset_secs: u64,
+    /// Duration offset from saved_at for expires_at
+    expires_at_offset_secs: u64,
+}
 /// Serializable purgatory state for disk persistence.
 ///
 /// Contains all purgatory data needed to restore state across restarts:
+/// - Announcement events (indexed by (owner, identifier)) — non-soft-expired only
 /// - State events (indexed by identifier)
 /// - PR events (indexed by event ID)
 /// - Expired events (to prevent re-sync loops)
@@ -97,6 +130,10 @@ struct PurgatoryState {
    version: u32,
    /// When this state was saved to disk
    saved_at: SystemTime,
+    /// Announcement events indexed by "owner_hex:identifier"
+    /// Only non-soft-expired entries are persisted (bare repo must exist).
+    #[serde(default)]
+    announcement_purgatory: HashMap<String, SerializableAnnouncementPurgatoryEntry>,
    /// State events indexed by repository identifier
    state_events: HashMap<String, Vec<SerializableStatePurgatoryEntry>>,
    /// PR events indexed by event ID (hex string)
@@ -107,7 +144,8 @@ struct PurgatoryState {
 /// Main purgatory structure holding events awaiting git data.
 ///
-/// Provides thread-safe concurrent access to two separate stores:
+/// Provides thread-safe concurrent access to three separate stores:
+/// - Announcements indexed by (pubkey, identifier)
 /// - State events indexed by repository identifier
 /// - PR events indexed by event ID
 ///
@@ -128,6 +166,10 @@ struct PurgatoryState {
 /// that we've already determined have no git data available.
 #[derive(Clone)]
 pub struct Purgatory {
+    /// Repository announcements (kind 30617) indexed by (owner pubkey, identifier).
+    /// Key: (PublicKey, String) where String is the repository identifier.
+    announcement_purgatory: Arc<DashMap<(PublicKey, String), AnnouncementPurgatoryEntry>>,
    /// State events (kind 30618) indexed by repository identifier.
    /// Multiple state events can wait for the same identifier (different maintainers).
    state_events: Arc<DashMap<String, Vec<StatePurgatoryEntry>>>,
@@ -152,6 +194,7 @@ impl Purgatory {
    /// Create a new empty purgatory.
    pub fn new(git_data_path: impl Into<PathBuf>) -> Self {
        Self {
+            announcement_purgatory: Arc::new(DashMap::new()),
            state_events: Arc::new(DashMap::new()),
            pr_events: Arc::new(DashMap::new()),
            sync_queue: Arc::new(DashMap::new()),
@@ -576,9 +619,245 @@ impl Purgatory {
        self.pr_events.remove(event_id);
    }
+    // =========================================================================
+    // Announcement Purgatory Methods
+    // =========================================================================
+    /// Add a repository announcement to purgatory.
+    ///
+    /// The announcement will be held until git data arrives, at which point
+    /// it will be promoted to the database and served to clients.
+    ///
+    /// # Arguments
+    /// * `event` - The announcement event (kind 30617)
+    /// * `identifier` - The repository identifier from the 'd' tag
+    /// * `owner` - The owner pubkey (event author)
+    /// * `repo_path` - Path to the bare git repository
+    /// * `relays` - Relay URLs from the announcement (for sync registration)
+    pub fn add_announcement(
+        &self,
+        event: Event,
+        identifier: String,
+        owner: PublicKey,
+        repo_path: PathBuf,
+        relays: HashSet<String>,
+    ) {
+        let now = Instant::now();
+        let entry = AnnouncementPurgatoryEntry {
+            event,
+            identifier: identifier.clone(),
+            owner,
+            repo_path,
+            relays,
+            created_at: now,
+            expires_at: now + DEFAULT_EXPIRY,
+            soft_expired: false,
+        };
+        let key = (owner, identifier);
+        self.announcement_purgatory.insert(key.clone(), entry);
+        tracing::debug!(
+            owner = %key.0,
+            identifier = %key.1,
+            "Added announcement to purgatory"
+        );
+    }
+    /// Find an announcement in purgatory by owner and identifier.
+    ///
+    /// # Arguments
+    /// * `owner` - The owner pubkey
+    /// * `identifier` - The repository identifier
+    ///
+    /// # Returns
+    /// The announcement entry if found, None otherwise
+    pub fn find_announcement(&self, owner: &PublicKey, identifier: &str) -> Option<AnnouncementPurgatoryEntry> {
+        let key = (*owner, identifier.to_string());
+        self.announcement_purgatory.get(&key).map(|entry| entry.clone())
+    }
+    /// Get all announcements in purgatory for a given identifier.
+    ///
+    /// This is used for authorization - state events and git pushes need to
+    /// check purgatory announcements for maintainer validation.
+    ///
+    /// # Arguments
+    /// * `identifier` - The repository identifier
+    ///
+    /// # Returns
+    /// Vector of announcement entries for this identifier
+    pub fn get_announcements_by_identifier(&self, identifier: &str) -> Vec<AnnouncementPurgatoryEntry> {
+        self.announcement_purgatory
+            .iter()
+            .filter(|entry| entry.key().1 == identifier)
+            .map(|entry| entry.value().clone())
+            .collect()
+    }
+    /// Remove an announcement from purgatory.
+    ///
+    /// # Arguments
+    /// * `owner` - The owner pubkey
+    /// * `identifier` - The repository identifier
+    pub fn remove_announcement(&self, owner: &PublicKey, identifier: &str) {
+        let key = (*owner, identifier.to_string());
+        self.announcement_purgatory.remove(&key);
+        tracing::debug!(
+            owner = %owner,
+            identifier = %identifier,
+            "Removed announcement from purgatory"
+        );
+    }
+    /// Promote an announcement from purgatory to active status.
+    ///
+    /// This is called when git data arrives. The announcement event is returned
+    /// so it can be saved to the database.
+    ///
+    /// # Arguments
+    /// * `owner` - The owner pubkey
+    /// * `identifier` - The repository identifier
+    ///
+    /// # Returns
+    /// The announcement event if found, None otherwise
+    pub fn promote_announcement(&self, owner: &PublicKey, identifier: &str) -> Option<Event> {
+        let key = (*owner, identifier.to_string());
+        self.announcement_purgatory.remove(&key).map(|(_, entry)| {
+            tracing::info!(
+                owner = %owner,
+                identifier = %identifier,
+                "Promoted announcement from purgatory to database"
+            );
+            entry.event
+        })
+    }
+    /// Check if there's an announcement in purgatory for the given owner and identifier.
+    ///
+    /// # Arguments
+    /// * `owner` - The owner pubkey
+    /// * `identifier` - The repository identifier
+    ///
+    /// # Returns
+    /// true if an announcement exists in purgatory, false otherwise
+    pub fn has_purgatory_announcement(&self, owner: &PublicKey, identifier: &str) -> bool {
+        let key = (*owner, identifier.to_string());
+        self.announcement_purgatory.contains_key(&key)
+    }
+    /// Extend the expiry for an announcement in purgatory.
+    ///
+    /// This is called when state events arrive for a purgatory announcement,
+    /// indicating the repository is actively receiving metadata.
+    ///
+    /// # Arguments
+    /// * `owner` - The owner pubkey
+    /// * `identifier` - The repository identifier
+    /// * `duration` - Minimum duration to guarantee from now
+    pub fn extend_announcement_expiry(&self, owner: &PublicKey, identifier: &str, duration: Duration) {
+        let key = (*owner, identifier.to_string());
+        // Collect revival info before taking a mutable borrow
+        let revival_info: Option<(PathBuf, bool)> = self
+            .announcement_purgatory
+            .get(&key)
+            .map(|entry| (entry.repo_path.clone(), entry.soft_expired));
+        if let Some(mut entry) = self.announcement_purgatory.get_mut(&key) {
+            let now = Instant::now();
+            let new_expiry = now + duration;
+            if entry.expires_at < new_expiry {
+                entry.expires_at = new_expiry;
+            }
+            // Always reset soft_expired when expiry is extended — the caller
+            // (state event or git auth) signals the repo is still active.
+            if entry.soft_expired {
+                entry.soft_expired = false;
+            }
+        }
+        // If the entry was soft-expired, recreate the bare repo outside the
+        // mutable borrow so we don't hold the DashMap lock during I/O.
+        if let Some((repo_path, was_soft_expired)) = revival_info {
+            if was_soft_expired {
+                if !repo_path.exists() {
+                    match std::fs::create_dir_all(&repo_path) {
+                        Ok(()) => {
+                            // Initialise as a bare git repository
+                            let status = std::process::Command::new("git")
+                                .args(["init", "--bare"])
+                                .arg(&repo_path)
+                                .status();
+                            match status {
+                                Ok(s) if s.success() => {
+                                    tracing::info!(
+                                        path = %repo_path.display(),
+                                        owner = %owner,
+                                        identifier = %identifier,
+                                        "Recreated bare repository for revived soft-expired announcement"
+                                    );
+                                }
+                                Ok(s) => {
+                                    tracing::warn!(
+                                        path = %repo_path.display(),
+                                        exit_code = ?s.code(),
+                                        "git init --bare failed when reviving soft-expired announcement"
+                                    );
+                                }
+                                Err(e) => {
+                                    tracing::warn!(
+                                        path = %repo_path.display(),
+                                        error = %e,
+                                        "Failed to run git init --bare when reviving soft-expired announcement"
+                                    );
+                                }
+                            }
+                        }
+                        Err(e) => {
+                            tracing::warn!(
+                                path = %repo_path.display(),
+                                error = %e,
+                                "Failed to create directory when reviving soft-expired announcement"
+                            );
+                        }
+                    }
+                }
+                tracing::info!(
+                    owner = %owner,
+                    identifier = %identifier,
+                    "Revived soft-expired announcement (bare repo recreated, expiry extended)"
+                );
+            }
+        }
+    }
+    /// Get count of announcements in purgatory.
+    pub fn announcement_count(&self) -> usize {
+        self.announcement_purgatory.len()
+    }
+    /// Collect (repo_id, relay_urls) for all announcements currently in purgatory.
+    ///
+    /// Returns a vec of `(repo_id, relay_urls)` where `repo_id` is the addressable
+    /// coordinate string `"30617:{pubkey_hex}:{identifier}"`. Used by the purgatory
+    /// announcement sync timer to register StateOnly entries in `repo_sync_index`.
+    pub fn announcements_for_sync(&self) -> Vec<(String, HashSet<String>)> {
+        self.announcement_purgatory
+            .iter()
+            .map(|entry| {
+                let (owner, identifier) = entry.key();
+                let repo_id = format!("30617:{}:{}", owner.to_hex(), identifier);
+                let relays = entry.value().relays.clone();
+                (repo_id, relays)
+            })
+            .collect()
+    }
    /// Get all event IDs currently stored in purgatory AND previously expired events.
    ///
    /// Returns a HashSet of all event IDs for:
+    /// - Announcements currently held in purgatory
    /// - State events currently held in purgatory
    /// - PR events currently held in purgatory
    /// - Events that previously expired from purgatory without finding git data
@@ -593,6 +872,11 @@ impl Purgatory {
    pub fn event_ids(&self) -> HashSet<EventId> {
        let mut ids = HashSet::new();
+        // Collect announcement event IDs
+        for entry in self.announcement_purgatory.iter() {
+            ids.insert(entry.value().event.id);
+        }
        // Collect state event IDs
        for entry in self.state_events.iter() {
            for state_entry in entry.value().iter() {
@@ -675,9 +959,86 @@ impl Purgatory {
    /// to support migration scripts and operational monitoring.
    ///
    /// # Returns
-    /// Tuple of (num_state_removed, num_pr_removed)
+    /// Tuple of (num_announcement_removed, num_state_removed, num_pr_removed)
-    pub fn cleanup(&self) -> (usize, usize) {
+    pub fn cleanup(&self) -> (usize, usize, usize) {
        let now = Instant::now();
+        // Process expired announcements with two-phase soft expiry:
+        //
+        // Phase 1 (initial expiry, !soft_expired): Delete bare repo, set soft_expired=true,
+        //   extend expiry by SOFT_EXPIRY_EXTENDED so the event is retained for revival.
+        // Phase 2 (extended expiry, soft_expired): Fully remove from purgatory.
+        //
+        // Collect entries that have passed their expires_at deadline.
+        let expired_announcements: Vec<(PublicKey, String, PathBuf, EventId, bool)> = self
+            .announcement_purgatory
+            .iter()
+            .filter(|entry| entry.value().expires_at <= now)
+            .map(|entry| {
+                let key = entry.key();
+                let v = entry.value();
+                (key.0.clone(), key.1.clone(), v.repo_path.clone(), v.event.id, v.soft_expired)
+            })
+            .collect();
+        let mut announcement_removed = 0;
+        for (owner, identifier, repo_path, event_id, already_soft_expired) in expired_announcements {
+            if already_soft_expired {
+                // Phase 2: fully remove
+                self.mark_expired(event_id);
+                self.announcement_purgatory.remove(&(owner.clone(), identifier.clone()));
+                announcement_removed += 1;
+                tracing::info!(
+                    owner = %owner,
+                    identifier = %identifier,
+                    "Announcement fully expired from purgatory (soft expiry period elapsed)"
+                );
+            } else {
+                // Phase 1: soft expiry — delete bare repo, retain event.
+                //
+                // Only transition to soft_expired if the directory is gone (or never
+                // existed). If removal fails we leave the entry untouched so the next
+                // cleanup cycle retries the deletion automatically.
+                let repo_gone = if repo_path.exists() {
+                    match std::fs::remove_dir_all(&repo_path) {
+                        Ok(()) => {
+                            tracing::info!(
+                                path = %repo_path.display(),
+                                owner = %owner,
+                                identifier = %identifier,
+                                "Deleted bare repository during soft expiry (event retained for revival)"
+                            );
+                            true
+                        }
+                        Err(e) => {
+                            tracing::warn!(
+                                path = %repo_path.display(),
+                                error = %e,
+                                "Failed to delete bare repository during soft expiry; will retry next cleanup cycle"
+                            );
+                            false
+                        }
+                    }
+                } else {
+                    // Already gone (e.g. deleted externally)
+                    true
+                };
+                if repo_gone {
+                    // Mark soft_expired and extend expiry
+                    if let Some(mut entry) = self.announcement_purgatory.get_mut(&(owner.clone(), identifier.clone())) {
+                        entry.soft_expired = true;
+                        entry.expires_at = now + SOFT_EXPIRY_EXTENDED;
+                    }
+                    tracing::debug!(
+                        owner = %owner,
+                        identifier = %identifier,
+                        "Announcement soft-expired: bare repo deleted, event retained for 24h"
+                    );
+                }
+            }
+        }
        let mut state_removed = 0;
        // Remove expired state events and mark them as expired
@@ -823,17 +1184,17 @@ impl Purgatory {
            self.pr_events.remove(&event_id_str);
        }
-        (state_removed, pr_removed)
+        (announcement_removed, state_removed, pr_removed)
    }
    /// Remove expired entries from purgatory (legacy method).
    ///
    /// # Returns
-    /// Total number of entries removed (state + PR events)
+    /// Total number of entries removed (announcement + state + PR events)
    #[deprecated(since = "0.1.0", note = "Use cleanup() instead for separate counts")]
    pub fn remove_expired(&self) -> usize {
-        let (state, pr) = self.cleanup();
+        let (announcement, state, pr) = self.cleanup();
-        state + pr
+        announcement + state + pr
    }
    /// Remove old expired event records.
@@ -867,11 +1228,12 @@ impl Purgatory {
    /// Get current count of entries in purgatory.
    ///
    /// # Returns
-    /// Tuple of (state_event_count, pr_event_count)
+    /// Tuple of (announcement_count, state_event_count, pr_event_count)
-    pub fn count(&self) -> (usize, usize) {
+    pub fn count(&self) -> (usize, usize, usize) {
+        let announcement_count = self.announcement_purgatory.len();
        let state_count: usize = self.state_events.iter().map(|e| e.value().len()).sum();
        let pr_count = self.pr_events.len();
-        (state_count, pr_count)
+        (announcement_count, state_count, pr_count)
    }
    /// Get count of expired events being tracked.
@@ -885,6 +1247,7 @@ impl Purgatory {
    /// Clear all entries from purgatory (for testing).
    #[cfg(test)]
    pub fn clear(&self) {
+        self.announcement_purgatory.clear();
        self.state_events.clear();
        self.pr_events.clear();
        self.sync_queue.clear();
@@ -949,6 +1312,34 @@ impl Purgatory {
        let saved_at = SystemTime::now();
        let now_instant = Instant::now();
+        // Convert announcement_purgatory to serializable format.
+        // Skip soft-expired entries: their bare repos have been deleted, so they
+        // cannot be meaningfully restored (the repo path no longer exists on disk).
+        let mut announcement_purgatory = HashMap::new();
+        for entry in self.announcement_purgatory.iter() {
+            let e = entry.value();
+            if e.soft_expired {
+                continue;
+            }
+            let created_offset =
+                persistence::instant_to_offset(e.created_at, saved_at, now_instant);
+            let expires_offset =
+                persistence::instant_to_offset(e.expires_at, saved_at, now_instant);
+            let key = format!("{}:{}", e.owner.to_hex(), e.identifier);
+            announcement_purgatory.insert(
+                key,
+                SerializableAnnouncementPurgatoryEntry {
+                    event: e.event.clone(),
+                    identifier: e.identifier.clone(),
+                    owner: e.owner,
+                    repo_path: e.repo_path.clone(),
+                    relays: e.relays.clone(),
+                    created_at_offset_secs: created_offset.as_secs(),
+                    expires_at_offset_secs: expires_offset.as_secs(),
+                },
+            );
+        }
        // Convert state_events to serializable format
        let mut state_events = HashMap::new();
        for entry in self.state_events.iter() {
@@ -1013,6 +1404,7 @@ impl Purgatory {
        let state = PurgatoryState {
            version: 1,
            saved_at,
+            announcement_purgatory,
            state_events,
            pr_events,
            expired_events,
@@ -1024,6 +1416,7 @@ impl Purgatory {
        tracing::info!(
            path = %path.display(),
+            announcements = state.announcement_purgatory.len(),
            state_events = state.state_events.len(),
            pr_events = state.pr_events.len(),
            expired_events = state.expired_events.len(),
@@ -1071,6 +1464,45 @@ impl Purgatory {
        let now_instant = Instant::now();
+        // Restore announcement_purgatory.
+        // Skip entries whose bare repo no longer exists on disk — this can happen
+        // if the repo was deleted externally between save and restore.
+        for (_key, e) in state.announcement_purgatory {
+            if !e.repo_path.exists() {
+                tracing::warn!(
+                    owner = %e.owner,
+                    identifier = %e.identifier,
+                    repo_path = %e.repo_path.display(),
+                    "Skipping announcement restore: bare repo no longer exists"
+                );
+                continue;
+            }
+            let created_at = persistence::offset_to_instant(
+                Duration::from_secs(e.created_at_offset_secs),
+                state.saved_at,
+                now_instant,
+            );
+            let expires_at = persistence::offset_to_instant(
+                Duration::from_secs(e.expires_at_offset_secs),
+                state.saved_at,
+                now_instant,
+            );
+            let key = (e.owner, e.identifier.clone());
+            self.announcement_purgatory.insert(
+                key,
+                AnnouncementPurgatoryEntry {
+                    event: e.event,
+                    identifier: e.identifier,
+                    owner: e.owner,
+                    repo_path: e.repo_path,
+                    relays: e.relays,
+                    created_at,
+                    expires_at,
+                    soft_expired: false,
+                },
+            );
+        }
        // Restore state_events
        for (identifier, entries) in state.state_events {
            let restored_entries: Vec<StatePurgatoryEntry> = entries
@@ -1140,6 +1572,7 @@ impl Purgatory {
        tracing::info!(
            path = %path.display(),
+            announcements = self.announcement_purgatory.len(),
            state_events = self.state_events.len(),
            pr_events = self.pr_events.len(),
            expired_events = self.expired_events.len(),
@@ -1162,7 +1595,8 @@ mod tests {
    #[test]
    fn test_purgatory_creation() {
        let purgatory = Purgatory::new(PathBuf::new());
-        let (state_count, pr_count) = purgatory.count();
+        let (announcement_count, state_count, pr_count) = purgatory.count();
+        assert_eq!(announcement_count, 0);
        assert_eq!(state_count, 0);
        assert_eq!(pr_count, 0);
    }
@@ -1190,7 +1624,8 @@ mod tests {
            false,
        );
-        let (state_count, pr_count) = purgatory.count();
+        let (announcement_count, state_count, pr_count) = purgatory.count();
+        assert_eq!(announcement_count, 0);
        assert_eq!(state_count, 1);
        assert_eq!(pr_count, 1);
    }
@@ -1407,7 +1842,7 @@ fn test_cleanup_removes_expired_entries() {
    purgatory.add_pr_placeholder("pr-456".to_string(), "commit-def".to_string());
    // Verify entries are there
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 1);
    assert_eq!(pr_count, 2);
@@ -1425,14 +1860,14 @@ fn test_cleanup_removes_expired_entries() {
    }
    // Run cleanup
-    let (state_removed, pr_removed) = purgatory.cleanup();
+    let (_, state_removed, pr_removed) = purgatory.cleanup();
    // Verify counts
    assert_eq!(state_removed, 1);
    assert_eq!(pr_removed, 2);
    // Verify entries are gone
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 0);
    assert_eq!(pr_count, 0);
 }
@@ -1464,14 +1899,14 @@ fn test_cleanup_preserves_non_expired_entries() {
    );
    // Run cleanup
-    let (state_removed, pr_removed) = purgatory.cleanup();
+    let (_, state_removed, pr_removed) = purgatory.cleanup();
    // Nothing should be removed
    assert_eq!(state_removed, 0);
    assert_eq!(pr_removed, 0);
    // Verify entries are still there
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 1);
    assert_eq!(pr_count, 1);
 }
@@ -1518,14 +1953,14 @@ fn test_cleanup_mixed_expired_and_fresh() {
    }
    // Run cleanup
-    let (state_removed, pr_removed) = purgatory.cleanup();
+    let (_, state_removed, pr_removed) = purgatory.cleanup();
    // One of each should be removed
    assert_eq!(state_removed, 1);
    assert_eq!(pr_removed, 1);
    // Verify remaining counts
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 1); // One state event remains
    assert_eq!(pr_count, 1); // One PR event remains
 }
@@ -1595,7 +2030,7 @@ fn test_expired_event_tracking() {
    }
    // Run cleanup
-    let (state_removed, pr_removed) = purgatory.cleanup();
+    let (_, state_removed, pr_removed) = purgatory.cleanup();
    assert_eq!(state_removed, 1);
    assert_eq!(pr_removed, 1);
@@ -1705,7 +2140,7 @@ fn test_expired_events_prevent_readdition() {
    }
    // Event should NOT be re-added
-    let (state_count, _) = purgatory.count();
+    let (_, state_count, _) = purgatory.count();
    assert_eq!(state_count, 0, "Event should not be re-added to purgatory");
 }
@@ -1724,7 +2159,7 @@ fn test_pr_placeholder_not_marked_expired() {
    }
    // Run cleanup
-    let (_, pr_removed) = purgatory.cleanup();
+    let (_, _, pr_removed) = purgatory.cleanup();
    assert_eq!(pr_removed, 1);
    // Expired count should be 0 (placeholders don't have event IDs to track)
@@ -1820,7 +2255,7 @@ async fn test_save_and_restore_state_events() {
    assert!(!state_file.exists());
    // Verify state events were restored
-    let (state_count, _) = purgatory2.count();
+    let (_, state_count, _) = purgatory2.count();
    assert_eq!(state_count, 2);
    let restored_entries = purgatory2.find_state("test-repo");
@@ -1877,7 +2312,7 @@ async fn test_save_and_restore_pr_events() {
    purgatory2.restore_from_disk(&state_file).unwrap();
    // Verify PR event was restored
-    let (_, pr_count) = purgatory2.count();
+    let (_, _, pr_count) = purgatory2.count();
    assert_eq!(pr_count, 1);
    let restored_entry = purgatory2.find_pr("pr-event-id").unwrap();
@@ -1906,7 +2341,7 @@ async fn test_save_and_restore_pr_placeholders() {
    purgatory2.restore_from_disk(&state_file).unwrap();
    // Verify placeholder was restored
-    let (_, pr_count) = purgatory2.count();
+    let (_, _, pr_count) = purgatory2.count();
    assert_eq!(pr_count, 1);
    let restored_entry = purgatory2.find_pr("placeholder-id").unwrap();
@@ -1984,7 +2419,7 @@ async fn test_save_and_restore_empty_purgatory() {
    purgatory2.restore_from_disk(&state_file).unwrap();
    // Verify purgatory is still empty
-    let (state_count, pr_count) = purgatory2.count();
+    let (_, state_count, pr_count) = purgatory2.count();
    assert_eq!(state_count, 0);
    assert_eq!(pr_count, 0);
    assert_eq!(purgatory2.expired_count(), 0);
@@ -2004,7 +2439,7 @@ async fn test_restore_missing_file() {
    assert!(result.is_err());
    // Purgatory should remain empty
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 0);
    assert_eq!(pr_count, 0);
 }
@@ -2026,7 +2461,7 @@ async fn test_restore_corrupted_json() {
    assert!(result.is_err());
    // Purgatory should remain empty
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 0);
    assert_eq!(pr_count, 0);
 }
@@ -2263,7 +2698,7 @@ async fn test_mixed_pr_events_and_placeholders() {
    purgatory2.restore_from_disk(&state_file).unwrap();
    // Verify both were restored correctly
-    let (_, pr_count) = purgatory2.count();
+    let (_, _, pr_count) = purgatory2.count();
    assert_eq!(pr_count, 2);
    // Verify PR event
@@ -2310,6 +2745,141 @@ async fn test_file_cleanup_after_successful_restore() {
 }
 #[tokio::test]
+async fn test_save_and_restore_announcement_events() {
+    use tempfile::tempdir;
+    let temp_dir = tempdir().unwrap();
+    let state_file = temp_dir.path().join("purgatory_state.json");
+    // Create a real bare repo directory so the restore path-existence check passes
+    let repo_dir = temp_dir.path().join("owner.git");
+    std::fs::create_dir_all(&repo_dir).unwrap();
+    let purgatory = Purgatory::new(PathBuf::new());
+    let keys = Keys::generate();
+    let ann_event = EventBuilder::text_note("announcement event")
+        .sign_with_keys(&keys)
+        .unwrap();
+    let ann_event_id = ann_event.id;
+    let mut relays = HashSet::new();
+    relays.insert("wss://relay.example.com".to_string());
+    purgatory.add_announcement(
+        ann_event.clone(),
+        "my-repo".to_string(),
+        keys.public_key(),
+        repo_dir.clone(),
+        relays.clone(),
+    );
+    // Save to disk
+    purgatory.save_to_disk(&state_file).unwrap();
+    assert!(state_file.exists());
+    // Create new purgatory and restore
+    let purgatory2 = Purgatory::new(PathBuf::new());
+    purgatory2.restore_from_disk(&state_file).unwrap();
+    // File should be deleted after restore
+    assert!(!state_file.exists());
+    // Verify announcement was restored
+    let (ann_count, _, _) = purgatory2.count();
+    assert_eq!(ann_count, 1);
+    let restored = purgatory2
+        .find_announcement(&keys.public_key(), "my-repo")
+        .unwrap();
+    assert_eq!(restored.event.id, ann_event_id);
+    assert_eq!(restored.identifier, "my-repo");
+    assert_eq!(restored.owner, keys.public_key());
+    assert_eq!(restored.repo_path, repo_dir);
+    assert_eq!(restored.relays, relays);
+    assert!(!restored.soft_expired);
+}
+#[tokio::test]
+async fn test_soft_expired_announcements_not_persisted() {
+    use tempfile::tempdir;
+    let temp_dir = tempdir().unwrap();
+    let state_file = temp_dir.path().join("purgatory_state.json");
+    let repo_dir = temp_dir.path().join("owner.git");
+    std::fs::create_dir_all(&repo_dir).unwrap();
+    let purgatory = Purgatory::new(PathBuf::new());
+    let keys = Keys::generate();
+    let ann_event = EventBuilder::text_note("announcement event")
+        .sign_with_keys(&keys)
+        .unwrap();
+    purgatory.add_announcement(
+        ann_event.clone(),
+        "my-repo".to_string(),
+        keys.public_key(),
+        repo_dir.clone(),
+        HashSet::new(),
+    );
+    // Manually mark as soft-expired (bare repo deleted)
+    let key = (keys.public_key(), "my-repo".to_string());
+    if let Some(mut entry) = purgatory.announcement_purgatory.get_mut(&key) {
+        entry.soft_expired = true;
+    }
+    // Save to disk — soft-expired entry should be excluded
+    purgatory.save_to_disk(&state_file).unwrap();
+    // Create new purgatory and restore
+    let purgatory2 = Purgatory::new(PathBuf::new());
+    purgatory2.restore_from_disk(&state_file).unwrap();
+    // Soft-expired announcement should NOT be restored
+    let (ann_count, _, _) = purgatory2.count();
+    assert_eq!(ann_count, 0);
+}
+#[tokio::test]
+async fn test_announcement_with_missing_repo_skipped_on_restore() {
+    use tempfile::tempdir;
+    let temp_dir = tempdir().unwrap();
+    let state_file = temp_dir.path().join("purgatory_state.json");
+    // Point to a repo path that does NOT exist
+    let missing_repo = temp_dir.path().join("nonexistent.git");
+    let purgatory = Purgatory::new(PathBuf::new());
+    let keys = Keys::generate();
+    let ann_event = EventBuilder::text_note("announcement event")
+        .sign_with_keys(&keys)
+        .unwrap();
+    purgatory.add_announcement(
+        ann_event.clone(),
+        "my-repo".to_string(),
+        keys.public_key(),
+        missing_repo.clone(),
+        HashSet::new(),
+    );
+    // Save to disk (repo path is serialized even though it doesn't exist)
+    purgatory.save_to_disk(&state_file).unwrap();
+    // Create new purgatory and restore — entry should be skipped
+    let purgatory2 = Purgatory::new(PathBuf::new());
+    purgatory2.restore_from_disk(&state_file).unwrap();
+    let (ann_count, _, _) = purgatory2.count();
+    assert_eq!(ann_count, 0);
+}
+#[tokio::test]
 async fn test_comprehensive_roundtrip() {
    use nostr_sdk::{Kind, Tag, TagKind};
    use tempfile::tempdir;
@@ -2317,10 +2887,27 @@ async fn test_comprehensive_roundtrip() {
    let temp_dir = tempdir().unwrap();
    let state_file = temp_dir.path().join("purgatory_state.json");
+    // Create a real bare repo directory for the announcement
+    let repo_dir = temp_dir.path().join("owner.git");
+    std::fs::create_dir_all(&repo_dir).unwrap();
    let purgatory = Purgatory::new(PathBuf::new());
    let keys1 = Keys::generate();
    let keys2 = Keys::generate();
+    // Add announcement
+    let ann_event = EventBuilder::text_note("announcement")
+        .sign_with_keys(&keys1)
+        .unwrap();
+    let ann_event_id = ann_event.id;
+    purgatory.add_announcement(
+        ann_event,
+        "repo1".to_string(),
+        keys1.public_key(),
+        repo_dir.clone(),
+        HashSet::new(),
+    );
    // Add multiple state events
    let state1 = EventBuilder::text_note("state 1")
        .sign_with_keys(&keys1)
@@ -2380,7 +2967,8 @@ async fn test_comprehensive_roundtrip() {
    purgatory.cleanup();
    // Verify initial state
-    let (state_count, pr_count) = purgatory.count();
+    let (ann_count, state_count, pr_count) = purgatory.count();
+    assert_eq!(ann_count, 1); // announcement
    assert_eq!(state_count, 2); // state1, state2 (expired_event was cleaned up)
    assert_eq!(pr_count, 2); // pr-1, pr-2
    assert_eq!(purgatory.expired_count(), 1); // expired_event
@@ -2393,11 +2981,18 @@ async fn test_comprehensive_roundtrip() {
    purgatory2.restore_from_disk(&state_file).unwrap();
    // Verify all data was restored correctly
-    let (state_count2, pr_count2) = purgatory2.count();
+    let (ann_count2, state_count2, pr_count2) = purgatory2.count();
+    assert_eq!(ann_count2, 1);
    assert_eq!(state_count2, 2);
    assert_eq!(pr_count2, 2);
    assert_eq!(purgatory2.expired_count(), 1);
+    // Verify announcement
+    let restored_ann = purgatory2
+        .find_announcement(&keys1.public_key(), "repo1")
+        .unwrap();
+    assert_eq!(restored_ann.event.id, ann_event_id);
    // Verify state events
    assert_eq!(purgatory2.find_state("repo1").len(), 1);
    assert_eq!(purgatory2.find_state("repo2").len(), 1);
diff --git a/src/purgatory/sync/context.rs b/src/purgatory/sync/context.rs
index 904f8af..8297515 100644
--- a/src/purgatory/sync/context.rs
+++ b/src/purgatory/sync/context.rs
@@ -75,7 +75,12 @@ pub trait SyncContext: Send + Sync {
    /// # Returns
    /// Set of clone URLs from PR events in purgatory for this identifier
    fn collect_pr_clone_urls(&self, identifier: &str) -> HashSet<String>;
-    /// Get repository data (announcements, clone URLs, etc.) from the database.
+    /// Get repository data (announcements, clone URLs, etc.) from the database and purgatory.
+    ///
+    /// Checks both the database (promoted announcements) and purgatory (announcements
+    /// awaiting git data). This is necessary to obtain clone URLs when an announcement
+    /// has not yet been promoted - without purgatory data, the sync loop would have no
+    /// URLs to fetch from and the announcement could never be promoted (circular deadlock).
    ///
    /// # Arguments
    /// * `identifier` - The repository identifier (d-tag value)
@@ -279,7 +284,16 @@ impl SyncContext for RealSyncContext {
    }
    async fn fetch_repository_data(&self, identifier: &str) -> Result<RepositoryData> {
-        crate::git::authorization::fetch_repository_data(&self.database, identifier).await
+        // Use the purgatory-aware variant so that clone URLs from announcements still
+        // in purgatory (not yet promoted) are available. Without this, the sync loop
+        // would find no URLs to fetch from and the announcement could never be promoted
+        // (circular deadlock: can't promote without git data, can't get git data without URLs).
+        crate::git::authorization::fetch_repository_data_with_purgatory(
+            &self.database,
+            &self.purgatory,
+            identifier,
+        )
+        .await
    }
    fn collect_needed_oids(&self, identifier: &str) -> HashSet<String> {
@@ -487,7 +501,9 @@ impl SyncContext for RealSyncContext {
        source_repo_path: &Path,
        new_oids: &HashSet<String>,
    ) -> Result<ProcessResult> {
-        // Delegate to the unified function from git::sync
+        // Delegate to the unified function from git::sync.
+        // Pass None for write_policy and rejected_events_index: the purgatory sync path
+        // already handles hot-cache re-processing via SyncManager::process_event_static.
        let result = crate::git::sync::process_newly_available_git_data(
            source_repo_path,
            new_oids,
@@ -495,6 +511,8 @@ impl SyncContext for RealSyncContext {
            self.local_relay.as_ref(),
            &self.purgatory,
            &self.git_data_path,
+            None,
+            None,
        )
        .await?;
diff --git a/src/purgatory/types.rs b/src/purgatory/types.rs
index e37a3e1..1af5c4e 100644
--- a/src/purgatory/types.rs
+++ b/src/purgatory/types.rs
@@ -6,6 +6,8 @@
 use nostr_sdk::prelude::*;
 use serde::{Deserialize, Serialize};
+use std::collections::HashSet;
+use std::path::PathBuf;
 use std::time::Instant;
 /// Source of an event entering purgatory.
@@ -143,3 +145,40 @@ pub struct PrPurgatoryEntry {
    #[serde(default)]
    pub source: EventSource,
 }
+/// Entry for a repository announcement (kind 30617) waiting in purgatory.
+///
+/// Announcements are held in purgatory until git data arrives, proving
+/// the repository has actual content. This prevents serving announcements
+/// for empty repositories.
+///
+/// Note: `Instant` fields cannot be serialized directly. Use the `persistence`
+/// module to convert to/from serializable wrapper types.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AnnouncementPurgatoryEntry {
+    /// The nostr announcement event (kind 30617)
+    pub event: Event,
+    /// The repository identifier from the event's 'd' tag
+    pub identifier: String,
+    /// The owner pubkey (event author)
+    pub owner: PublicKey,
+    /// Path to the bare git repository
+    pub repo_path: PathBuf,
+    /// Relay URLs from the announcement (for sync registration)
+    pub relays: HashSet<String>,
+    /// When this entry was added to purgatory
+    #[serde(skip, default = "instant_now")]
+    pub created_at: Instant,
+    /// Expiry deadline (30 min from creation, may be extended)
+    #[serde(skip, default = "instant_now")]
+    pub expires_at: Instant,
+    /// Whether the bare repo has been deleted (soft expiry)
+    pub soft_expired: bool,
+}
diff --git a/src/sync/algorithms.rs b/src/sync/algorithms.rs
index 39788bc..9899abc 100644
--- a/src/sync/algorithms.rs
+++ b/src/sync/algorithms.rs
@@ -25,8 +25,10 @@ use super::{ConnectionStatus, PendingBatch, RelayState};
 /// this repo need to sync from", it's "what repos does this relay need to sync".
 #[derive(Debug, Clone, Default)]
 pub struct RelaySyncNeeds {
-    /// Repos that need to be synced from this relay
+    /// Repos that need full L2+L3 sync from this relay
    pub repos: HashSet<String>,
+    /// Repos that only need state event sync (purgatory announcements)
+    pub state_only_repos: HashSet<String>,
    /// Root events that need to be tracked from this relay
    pub root_events: HashSet<EventId>,
 }
@@ -67,8 +69,15 @@ pub fn derive_relay_targets(
        for relay_url in &needs.relays {
            let entry = relay_targets.entry(relay_url.clone()).or_default();
-            entry.repos.insert(repo_id.clone());
+            match needs.sync_level {
-            entry.root_events.extend(needs.root_events.iter().cloned());
+                super::SyncLevel::Full => {
+                    entry.repos.insert(repo_id.clone());
+                    entry.root_events.extend(needs.root_events.iter().cloned());
+                }
+                super::SyncLevel::StateOnly => {
+                    entry.state_only_repos.insert(repo_id.clone());
+                }
+            }
        }
    }
@@ -96,7 +105,7 @@ pub fn compute_actions(
    pending: &HashMap<String, Vec<PendingBatch>>,
    confirmed: &HashMap<String, RelayState>,
 ) -> Vec<AddFilters> {
-    use crate::sync::filters::build_layer2_and_layer3_filters;
+    use crate::sync::filters::build_sync_level_aware_filters;
    let mut actions = Vec::new();
@@ -140,14 +149,22 @@ pub fn compute_actions(
            .map(|state| state.root_events.clone())
            .unwrap_or_default();
-        // Calculate what's NEW (not in pending, not in confirmed)
+        // Calculate what's NEW for full repos (not in pending, not in confirmed)
-        let new_repos: HashSet<String> = target_needs
+        let new_full_repos: HashSet<String> = target_needs
            .repos
            .difference(&pending_repos)
            .filter(|repo| !confirmed_repos.contains(*repo))
            .cloned()
            .collect();
+        // Calculate what's NEW for state-only repos
+        let new_state_only_repos: HashSet<String> = target_needs
+            .state_only_repos
+            .difference(&pending_repos)
+            .filter(|repo| !confirmed_repos.contains(*repo))
+            .cloned()
+            .collect();
        let new_events: HashSet<EventId> = target_needs
            .root_events
            .difference(&pending_events)
@@ -156,13 +173,23 @@ pub fn compute_actions(
            .collect();
        // If there's anything new, create an AddFilters action
-        if !new_repos.is_empty() || !new_events.is_empty() {
+        if !new_full_repos.is_empty() || !new_state_only_repos.is_empty() || !new_events.is_empty()
-            let filters = build_layer2_and_layer3_filters(&new_repos, &new_events, None);
+        {
+            let filters = build_sync_level_aware_filters(
+                &new_full_repos,
+                &new_state_only_repos,
+                &new_events,
+                None,
+            );
+            // Combine all repos into pending items (pending tracking doesn't need sync level)
+            let mut all_new_repos = new_full_repos;
+            all_new_repos.extend(new_state_only_repos);
            actions.push(AddFilters {
                relay_url: relay_url.clone(),
                items: PendingItems {
-                    repos: new_repos,
+                    repos: all_new_repos,
                    root_events: new_events,
                },
                filters,
@@ -204,6 +231,7 @@ mod tests {
            ModRepoSyncNeeds {
                relays,
                root_events,
+                sync_level: Default::default(),
            },
        );
@@ -229,6 +257,7 @@ mod tests {
                ModRepoSyncNeeds {
                    relays,
                    root_events: HashSet::new(),
+                    sync_level: Default::default(),
                },
            );
        }
@@ -252,6 +281,7 @@ mod tests {
            ModRepoSyncNeeds {
                relays,
                root_events: HashSet::new(),
+                sync_level: Default::default(),
            },
        );
@@ -285,6 +315,7 @@ mod tests {
            ModRepoSyncNeeds {
                relays: relays1,
                root_events: root_events1,
+                sync_level: Default::default(),
            },
        );
@@ -299,6 +330,7 @@ mod tests {
            ModRepoSyncNeeds {
                relays: relays2,
                root_events: root_events2,
+                sync_level: Default::default(),
            },
        );
@@ -332,6 +364,7 @@ mod tests {
            "wss://relay1.com".to_string(),
            RelaySyncNeeds {
                repos: vec!["repo1".to_string()].into_iter().collect(),
+                state_only_repos: HashSet::new(),
                root_events: HashSet::new(),
            },
        );
@@ -366,6 +399,7 @@ mod tests {
            "wss://relay1.com".to_string(),
            RelaySyncNeeds {
                repos: vec!["repo1".to_string()].into_iter().collect(),
+                state_only_repos: HashSet::new(),
                root_events: HashSet::new(),
            },
        );
@@ -389,6 +423,7 @@ mod tests {
            "wss://relay1.com".to_string(),
            RelaySyncNeeds {
                repos: vec!["repo1".to_string()].into_iter().collect(),
+                state_only_repos: HashSet::new(),
                root_events: HashSet::new(),
            },
        );
@@ -428,6 +463,7 @@ mod tests {
            "wss://relay1.com".to_string(),
            RelaySyncNeeds {
                repos: vec!["repo1".to_string()].into_iter().collect(),
+                state_only_repos: HashSet::new(),
                root_events: HashSet::new(),
            },
        );
@@ -465,6 +501,7 @@ mod tests {
            "wss://relay1.com".to_string(),
            RelaySyncNeeds {
                repos: vec!["repo1".to_string()].into_iter().collect(),
+                state_only_repos: HashSet::new(),
                root_events: HashSet::new(),
            },
        );
@@ -510,6 +547,7 @@ mod tests {
                ]
                .into_iter()
                .collect(),
+                state_only_repos: HashSet::new(),
                root_events: HashSet::new(),
            },
        );
@@ -572,6 +610,7 @@ mod tests {
            "wss://relay1.com".to_string(),
            RelaySyncNeeds {
                repos: HashSet::new(),
+                state_only_repos: HashSet::new(),
                root_events: vec![event_id].into_iter().collect(),
            },
        );
@@ -599,6 +638,7 @@ mod tests {
            "wss://new-relay.com".to_string(),
            RelaySyncNeeds {
                repos: vec!["repo1".to_string()].into_iter().collect(),
+                state_only_repos: HashSet::new(),
                root_events: HashSet::new(),
            },
        );
diff --git a/src/sync/filters.rs b/src/sync/filters.rs
index 3592489..1215e81 100644
--- a/src/sync/filters.rs
+++ b/src/sync/filters.rs
@@ -245,6 +245,37 @@ pub fn build_layer2_and_layer3_filters(
    filters
 }
+/// Builds filters respecting SyncLevel for each repo
+///
+/// StateOnly repos only get state event filters (kind 30618).
+/// Full repos get all L2/L3 filters (state + repo-tagging + root event).
+///
+/// # Arguments
+/// * `full_repos` - Repos needing full L2+L3 sync
+/// * `state_only_repos` - Repos needing only state event sync (purgatory)
+/// * `root_events` - Root event IDs (only used for Full repos)
+/// * `since` - Optional timestamp for incremental sync
+pub fn build_sync_level_aware_filters(
+    full_repos: &HashSet<String>,
+    state_only_repos: &HashSet<String>,
+    root_events: &HashSet<EventId>,
+    since: Option<Timestamp>,
+) -> Vec<Filter> {
+    let mut filters = Vec::new();
+    // All repos (both Full and StateOnly) need state event filters
+    let all_repos: HashSet<String> = full_repos.union(state_only_repos).cloned().collect();
+    filters.extend(state_event_filters_for_our_repos(&all_repos, since));
+    // Only Full repos get repo-tagging and root event filters
+    if !full_repos.is_empty() {
+        filters.extend(tagged_one_of_our_repo_event_filters(full_repos, since));
+    }
+    filters.extend(tagged_one_of_our_root_event_filters(root_events, since));
+    filters
+}
 #[cfg(test)]
 mod tests {
    use super::*;
diff --git a/src/sync/mod.rs b/src/sync/mod.rs
index d6634ff..cd62380 100644
--- a/src/sync/mod.rs
+++ b/src/sync/mod.rs
@@ -85,6 +85,19 @@ use rejected_index::RejectedEventsIndex;
 // Supporting Data Structures
 // =============================================================================
+/// Level of sync needed for a repository
+///
+/// Purgatory announcements only need state events synced (to validate git data).
+/// Promoted repos need full L2/L3 sync (patches, issues, PRs, etc.).
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Default)]
+pub enum SyncLevel {
+    /// Full L2 + L3 sync (promoted repos with git data)
+    #[default]
+    Full,
+    /// Only state events (kind 30618) - for purgatory announcements
+    StateOnly,
+}
 /// What repos and root events need to be synced
 #[derive(Debug, Clone, Default)]
 pub struct RepoSyncNeeds {
@@ -92,6 +105,8 @@ pub struct RepoSyncNeeds {
    pub relays: HashSet<String>,
    /// Root event IDs - 1617/1618/1621 - that reference this repo
    pub root_events: HashSet<EventId>,
+    /// Sync level - StateOnly for purgatory, Full for promoted repos
+    pub sync_level: SyncLevel,
 }
 /// Connection status for a relay
@@ -382,6 +397,40 @@ async fn run_daily_timer(
    }
 }
+/// Background task that periodically syncs purgatory announcements into repo_sync_index.
+///
+/// Runs every 5 seconds by default (200ms when `NGIT_TEST=1`).
+/// For each announcement currently in purgatory, ensures there is a `StateOnly` entry in
+/// `repo_sync_index`. New entries trigger `handle_new_sync_filters` which connects to the
+/// relay URLs listed in the announcement and subscribes to state events (kind 30618).
+///
+/// This is the sole registration path for purgatory announcements:
+/// - Sync-path announcements: registered here within one interval of arriving.
+/// - User-submitted purgatory announcements: the SelfSubscriber never sees them
+///   (they're rejected from DB), so this timer is the only registration path.
+async fn run_purgatory_announcement_sync(
+    sync_manager: Arc<Mutex<SyncManager>>,
+    mut shutdown_rx: broadcast::Receiver<()>,
+) {
+    let interval = if std::env::var("NGIT_TEST").as_deref() == Ok("1") {
+        Duration::from_millis(200)
+    } else {
+        Duration::from_secs(5)
+    };
+    loop {
+        tokio::select! {
+            _ = tokio::time::sleep(interval) => {
+                let mut manager = sync_manager.lock().await;
+                manager.sync_purgatory_announcements_to_index().await;
+            }
+            _ = shutdown_rx.recv() => {
+                tracing::debug!("Purgatory announcement sync timer received shutdown signal");
+                break;
+            }
+        }
+    }
+}
 // Combined Health and Metrics Checker
 /// Background task for cleaning up expired entries from the rejected events index
@@ -936,9 +985,29 @@ impl SyncManager {
                        // Create REQ+EOSE subscriptions using original semantic filters
                        // This queries by kind/author/tags instead of by ID, which may
-                        // succeed even when ID-based queries fail
+                        // succeed even when ID-based queries fail.
-                        let fallback_filters = filters::build_layer2_and_layer3_filters(
+                        // Split batch_repos by SyncLevel to avoid sending Layer 2 filters
-                            &batch_repos,
+                        // (#a/#A/#q) for StateOnly (purgatory) repos - those PRs would be
+                        // rejected as orphan and then silently dropped by nostr-sdk deduplication.
+                        let (full_repos, state_only_repos) = {
+                            let repo_index = self.repo_sync_index.read().await;
+                            let mut full = HashSet::new();
+                            let mut state_only = HashSet::new();
+                            for repo_ref in &batch_repos {
+                                match repo_index.get(repo_ref).map(|n| n.sync_level) {
+                                    Some(SyncLevel::StateOnly) => {
+                                        state_only.insert(repo_ref.clone());
+                                    }
+                                    _ => {
+                                        full.insert(repo_ref.clone());
+                                    }
+                                }
+                            }
+                            (full, state_only)
+                        };
+                        let fallback_filters = filters::build_sync_level_aware_filters(
+                            &full_repos,
+                            &state_only_repos,
                            &batch_root_events,
                            None,
                        );
@@ -1272,7 +1341,7 @@ impl SyncManager {
    /// to be batched and create Layer 2/3 filters before we mark sync complete.
    ///
    /// The 6-second delay is based on:
-    /// - Self-subscriber batch window: 5 seconds (configurable via NGIT_SYNC_BATCH_WINDOW_MS)
+    /// - Self-subscriber batch window: 5 seconds (200ms when `NGIT_TEST=1`)
    /// - Buffer for processing: 1 second
    ///
    /// Called after each batch is confirmed to detect completion.
@@ -1486,7 +1555,17 @@ impl SyncManager {
            run_rejected_index_cleanup(cleanup_manager, cleanup_shutdown).await;
        });
-        // 11. Main loop - handle actions from self-subscriber, disconnect, EOSE, and connect notifications
+        // 11. Spawn purgatory announcement sync timer (every 5s)
+        // Ensures purgatory announcements (including user-submitted ones that never
+        // touch the DB) are registered in repo_sync_index as StateOnly so that
+        // state event subscriptions are established on their listed relay URLs.
+        let purgatory_sync_manager = Arc::clone(&sync_manager);
+        let purgatory_sync_shutdown = shutdown_tx.subscribe();
+        tokio::spawn(async move {
+            run_purgatory_announcement_sync(purgatory_sync_manager, purgatory_sync_shutdown).await;
+        });
+        // 12. Main loop - handle actions from self-subscriber, disconnect, EOSE, and connect notifications
        loop {
            // Wait for an event without holding the lock
            tokio::select! {
@@ -1719,6 +1798,10 @@ impl SyncManager {
                        // For sync-triggered events that go to purgatory, trigger immediate sync
                        // (instead of the default 3-minute delay for user-submitted events)
+                        //
+                        // Note: announcement events (kind 30617) are registered in repo_sync_index
+                        // by the purgatory announcement sync timer (run_purgatory_announcement_sync)
+                        // rather than inline here.
                        if result == ProcessResult::Purgatory {
                            // State events (kind 30618) - extract identifier and trigger immediate sync
                            if event.kind.as_u16() == 30618 {
@@ -2303,6 +2386,80 @@ impl SyncManager {
        }
    }
+    /// Sync purgatory announcements into repo_sync_index as StateOnly entries.
+    ///
+    /// Called periodically by the purgatory announcement sync timer (every 5s).
+    /// For each announcement currently in purgatory, ensures a `StateOnly` entry
+    /// exists in `repo_sync_index`. New entries are then picked up by
+    /// `handle_new_sync_filters` which connects to listed relay URLs and subscribes
+    /// to state events for that repo.
+    ///
+    /// Idempotent: existing entries are not downgraded (a promoted Full entry stays Full).
+    async fn sync_purgatory_announcements_to_index(&mut self) {
+        use crate::sync::algorithms::{compute_actions, derive_relay_targets};
+        // Collect all purgatory announcements (snapshot - no async holds)
+        let announcements = self.purgatory.announcements_for_sync();
+        if announcements.is_empty() {
+            return;
+        }
+        // Register any new entries in repo_sync_index as StateOnly
+        let mut new_relay_urls: std::collections::HashSet<String> = std::collections::HashSet::new();
+        {
+            let mut index = self.repo_sync_index.write().await;
+            for (repo_id, relays) in &announcements {
+                let entry = index.entry(repo_id.clone()).or_insert_with(|| {
+                    tracing::debug!(
+                        repo_id = %repo_id,
+                        "Registering purgatory announcement in repo_sync_index as StateOnly"
+                    );
+                    RepoSyncNeeds {
+                        relays: std::collections::HashSet::new(),
+                        root_events: std::collections::HashSet::new(),
+                        sync_level: SyncLevel::StateOnly,
+                    }
+                });
+                // Don't downgrade an already-Full entry
+                // Add any new relay URLs
+                for relay in relays {
+                    if entry.relays.insert(relay.clone()) {
+                        new_relay_urls.insert(relay.clone());
+                    }
+                }
+            }
+        }
+        if new_relay_urls.is_empty() {
+            return;
+        }
+        // For any relay URLs that are new, compute and send AddFilters actions
+        let all_targets = {
+            let repo_index = self.repo_sync_index.read().await;
+            derive_relay_targets(&repo_index)
+        };
+        let actions = {
+            let pending_index = self.pending_sync_index.read().await;
+            let relay_index = self.relay_sync_index.read().await;
+            compute_actions(&all_targets, &pending_index, &relay_index)
+        };
+        for action in actions {
+            // Only act on relays that have new URLs (avoids redundant work)
+            if new_relay_urls.contains(&action.relay_url) {
+                tracing::info!(
+                    relay = %action.relay_url,
+                    repos = action.items.repos.len(),
+                    "Purgatory sync timer: connecting to new relay from purgatory announcement"
+                );
+                self.handle_new_sync_filters(action).await;
+            }
+        }
+    }
    /// Handle a relay disconnection
    ///
    /// This method is called when the event loop terminates and sends a disconnect notification.
diff --git a/src/sync/self_subscriber.rs b/src/sync/self_subscriber.rs
index 86e4583..4d69c9a 100644
--- a/src/sync/self_subscriber.rs
+++ b/src/sync/self_subscriber.rs
@@ -18,7 +18,7 @@ use tokio::sync::{broadcast, mpsc};
 use crate::nostr::builder::SharedDatabase;
-use super::{AddFilters, RepoSyncIndex, RepoSyncNeeds};
+use super::{AddFilters, RepoSyncIndex, RepoSyncNeeds, SyncLevel};
 // =============================================================================
 // LoopControl - Result of notification processing
@@ -60,6 +60,7 @@ impl PendingUpdates {
        let entry = self.repos.entry(repo_id).or_insert_with(|| RepoSyncNeeds {
            relays: HashSet::new(),
            root_events: HashSet::new(),
+            sync_level: SyncLevel::Full,
        });
        entry.relays.extend(relays);
        entry.root_events.extend(root_events);
@@ -132,14 +133,14 @@ impl SelfSubscriber {
    /// Get batch window from environment or use default
    ///
-    /// Reads `NGIT_SYNC_BATCH_WINDOW_MS` environment variable.
+    /// When `NGIT_TEST=1` is set, uses 200ms for faster test execution.
    /// Default: 5000ms (5 seconds)
    fn get_batch_window() -> Duration {
-        std::env::var("NGIT_SYNC_BATCH_WINDOW_MS")
+        if std::env::var("NGIT_TEST").as_deref() == Ok("1") {
-            .ok()
+            Duration::from_millis(200)
-            .and_then(|s| s.parse::<u64>().ok())
+        } else {
-            .map(Duration::from_millis)
+            Duration::from_millis(5000)
-            .unwrap_or(Duration::from_millis(5000))
+        }
    }
    /// Load existing events from database on startup
@@ -197,6 +198,7 @@ impl SelfSubscriber {
                    .or_insert_with(|| RepoSyncNeeds {
                        relays: HashSet::new(),
                        root_events: HashSet::new(),
+                        sync_level: SyncLevel::StateOnly,
                    });
                entry.relays.extend(needs.relays.clone());
            }
@@ -570,7 +572,12 @@ impl SelfSubscriber {
                .or_insert_with(|| RepoSyncNeeds {
                    relays: HashSet::new(),
                    root_events: HashSet::new(),
+                    sync_level: SyncLevel::Full,
                });
+            // Upgrade sync_level to Full - this handles the case where the entry
+            // already exists as StateOnly (purgatory announcement) and is now being
+            // promoted (git data arrived and the event was broadcast via notify_event).
+            entry.sync_level = SyncLevel::Full;
            entry.relays.extend(needs.relays);
            entry.root_events.extend(needs.root_events);
@@ -594,21 +601,26 @@ impl SelfSubscriber {
                continue;
            }
-            // Build filters for these repos
+            // Build filters for these repos (sync-level-aware)
-            let filters = crate::sync::filters::build_layer2_and_layer3_filters(
+            let filters = crate::sync::filters::build_sync_level_aware_filters(
                &needs.repos,
+                &needs.state_only_repos,
                &needs.root_events,
                None,
            );
            // Log before moving values
-            let repo_count = needs.repos.len();
+            let repo_count = needs.repos.len() + needs.state_only_repos.len();
            let event_count = needs.root_events.len();
+            // Combine all repos into pending items
+            let mut all_repos = needs.repos;
+            all_repos.extend(needs.state_only_repos);
            let action = AddFilters {
                relay_url: relay_url.clone(),
                items: crate::sync::PendingItems {
-                    repos: needs.repos,
+                    repos: all_repos,
                    root_events: needs.root_events,
                },
                filters,
diff --git a/tests/archive_grasp_services.rs b/tests/archive_grasp_services.rs
index a47fc55..9f13d2a 100644
--- a/tests/archive_grasp_services.rs
+++ b/tests/archive_grasp_services.rs
@@ -29,7 +29,11 @@
 mod common;
-use common::TestRelay;
+use common::{
+    check_ref_at_commit, create_repo_announcement, create_state_event,
+    create_test_repo_with_commit, push_to_relay, wait_for_event_served, wait_for_sync_connection,
+    CommitVariant, TestRelay,
+};
 use nostr_sdk::prelude::*;
 use std::path::PathBuf;
 use std::process::{Child, Command, Stdio};
@@ -376,3 +380,222 @@ async fn test_archive_multiple_grasp_services() {
    let _ = process.kill();
    let _ = process.wait();
 }
+/// Test that archive_read_only mode creates bare git repositories and syncs data
+/// via relay-to-relay sync (purgatory sync infrastructure).
+///
+/// Scenario:
+/// 1. Start source relay with full repository (announcement + state + git data)
+/// 2. Start archive relay with archive_all=true, archive_read_only=true, syncing from source
+/// 3. Archive relay syncs announcement and state events from source
+/// 4. State events trigger purgatory sync which fetches git data from source's clone URL
+/// 5. Verify bare repository is created and git data is synced
+/// 6. Verify git pushes are rejected (read-only mode)
+#[tokio::test]
+async fn test_archive_read_only_creates_bare_repo() {
+    // 1. Start source relay
+    let source_relay = TestRelay::start().await;
+    let keys = Keys::generate();
+    let identifier = "archive-test-repo";
+    // Pre-allocate archive relay port so we can include it in announcement
+    let archive_port = TestRelay::find_free_port();
+    let archive_domain = format!("127.0.0.1:{}", archive_port);
+    // 2. Create test repository locally with deterministic commit
+    let temp_dir = tempfile::tempdir().expect("Failed to create temp dir");
+    let commit_hash = create_test_repo_with_commit(temp_dir.path(), CommitVariant::StateTest)
+        .expect("Failed to create test repo");
+    let npub = keys.public_key().to_bech32().expect("Failed to get npub");
+    // 3. Create and send announcement listing BOTH relays
+    // This ensures the archive relay will accept the state event when it syncs
+    let announcement = create_repo_announcement(
+        &keys,
+        &[&source_relay.domain(), &archive_domain],
+        identifier,
+    );
+    let source_client = Client::new(keys.clone());
+    source_client
+        .add_relay(source_relay.url())
+        .await
+        .expect("Failed to add source relay");
+    source_client.connect().await;
+    // Wait for connection
+    tokio::time::sleep(Duration::from_millis(500)).await;
+    // Send announcement to source relay
+    source_client
+        .send_event(&announcement)
+        .await
+        .expect("Failed to send announcement to source");
+    tokio::time::sleep(Duration::from_millis(200)).await;
+    // 4. Create and send state event
+    let clone_urls = [
+        format!(
+            "http://{}/{}/{}.git",
+            source_relay.domain(),
+            npub,
+            identifier
+        ),
+        format!("http://{}/{}/{}.git", archive_domain, npub, identifier),
+    ];
+    let relay_urls = [
+        source_relay.url().to_string(),
+        format!("ws://{}", archive_domain),
+    ];
+    let state_event = create_state_event(
+        &keys,
+        identifier,
+        &[("main", &commit_hash)],
+        &[],
+        &[&clone_urls[0], &clone_urls[1]],
+        &[&relay_urls[0], &relay_urls[1]],
+    )
+    .expect("Failed to create state event");
+    let state_event_id = state_event.id;
+    // Send state event to source relay (goes to purgatory - no git data yet)
+    source_client
+        .send_event(&state_event)
+        .await
+        .expect("Failed to send state event to source");
+    tokio::time::sleep(Duration::from_millis(200)).await;
+    // 5. Push git data to source relay
+    // The state event in purgatory authorizes this push
+    push_to_relay(temp_dir.path(), &source_relay.domain(), &npub, identifier)
+        .expect("Push to source should succeed");
+    // After push, state event should be released from purgatory on source relay
+    wait_for_event_served(source_relay.url(), &state_event_id, Duration::from_secs(5))
+        .await
+        .expect("State event should be served on source relay after push");
+    // 6. Start archive relay with archive_all=true, archive_read_only=true, syncing from source
+    let archive_relay = TestRelay::start_with_archive_and_sync(
+        archive_port,
+        Some(source_relay.url().to_string()),
+        false, // negentropy enabled
+        true,  // archive_all
+        true,  // archive_read_only
+    )
+    .await;
+    // Wait for sync connection to establish
+    wait_for_sync_connection(archive_relay.url(), 1, Duration::from_secs(5))
+        .await
+        .expect("Sync connection should establish");
+    // 7. Wait for state event to be released on archive relay
+    // The sync should:
+    // a) Fetch the announcement and state event from source relay
+    // b) Accept announcement (creates bare repo structure) - via archive mode
+    // c) Put state event in purgatory (git data missing on archive relay)
+    // d) Fetch git data from source relay's clone URL
+    // e) Release the state event from purgatory
+    let found = wait_for_event_served(
+        archive_relay.url(),
+        &state_event_id,
+        Duration::from_secs(30), // Allow time for sync + git fetch
+    )
+    .await;
+    assert!(
+        found.is_ok(),
+        "State event should be served after sync fetches git data: {:?}",
+        found.err()
+    );
+    // 8. Verify bare repository was created
+    let repo_path = archive_relay
+        .git_data_path()
+        .join(format!("{}/{}.git", npub, identifier));
+    assert!(
+        repo_path.exists(),
+        "Bare repository should be created at {:?} for archive announcement",
+        repo_path
+    );
+    // 9. Verify it's a bare repository (check for config file with bare = true)
+    let config_path = repo_path.join("config");
+    assert!(
+        config_path.exists(),
+        "Git config should exist at {:?}",
+        config_path
+    );
+    let config_content = tokio::fs::read_to_string(&config_path)
+        .await
+        .expect("Should read git config");
+    assert!(
+        config_content.contains("bare = true"),
+        "Repository at {:?} should be bare (config should contain 'bare = true')",
+        repo_path
+    );
+    // 10. Verify refs are correct on archive relay
+    let ref_correct = check_ref_at_commit(
+        &archive_domain,
+        &npub,
+        identifier,
+        "refs/heads/main",
+        &commit_hash,
+    )
+    .await
+    .expect("Failed to check ref");
+    assert!(ref_correct, "main branch should point to correct commit");
+    // 11. Verify git pushes are rejected (read-only mode)
+    // Create a new commit in the source repo
+    tokio::fs::write(temp_dir.path().join("new_file.txt"), "new content")
+        .await
+        .expect("Failed to write new file");
+    let output = tokio::process::Command::new("git")
+        .args(["add", "."])
+        .current_dir(temp_dir.path())
+        .output()
+        .await
+        .expect("Failed to git add");
+    assert!(output.status.success());
+    let output = tokio::process::Command::new("git")
+        .args(["commit", "-m", "New commit for push test"])
+        .current_dir(temp_dir.path())
+        .output()
+        .await
+        .expect("Failed to git commit");
+    assert!(output.status.success());
+    // Try to push to archive relay (should fail in read-only mode)
+    let push_url = format!("http://{}/{}/{}.git", archive_domain, npub, identifier);
+    let output = tokio::process::Command::new("git")
+        .args(["push", &push_url, "main"])
+        .current_dir(temp_dir.path())
+        .output()
+        .await
+        .expect("Failed to run git push");
+    assert!(
+        !output.status.success(),
+        "Git push should be rejected in archive_read_only mode. stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+    // Cleanup
+    source_client.disconnect().await;
+    archive_relay.stop().await;
+    source_relay.stop().await;
+}
diff --git a/tests/archive_read_only.rs b/tests/archive_read_only.rs
deleted file mode 100644
index be6959b..0000000
--- a/tests/archive_read_only.rs
+++ /dev/null
@@ -1,368 +0,0 @@
-//! Archive Read-Only Mode Integration Tests
-//!
-//! Tests that verify archive_read_only mode behavior:
-//! - Bare git repositories are created for announcements
-//! - Git data is synced via relay-to-relay sync (purgatory sync)
-//! - Git pushes are rejected (read-only mode)
-//!
-//! # Test Strategy
-//!
-//! These tests verify the GRASP-05 archive mode with read_only flag:
-//! 1. Source relay has full repository (announcement + state events + git data)
-//! 2. Archive relay syncs from source relay (relay-to-relay sync)
-//! 3. State events trigger purgatory sync which fetches git data
-//! 4. Git data is validated against Nostr state events
-//! 5. Git pushes are rejected (read-only enforcement)
-//!
-//! # Security Model
-//!
-//! Archive mode uses the existing purgatory sync infrastructure to ensure:
-//! - Git data is validated against Nostr state events
-//! - "Naughty git servers" can't provide incorrect state
-//! - Same security guarantees as normal relay operation
-//!
-//! # Running Tests
-//!
-//! ```bash
-//! # Run all archive read-only tests
-//! cargo test --test archive_read_only
-//!
-//! # Run specific test
-//! cargo test --test archive_read_only test_archive_read_only_creates_bare_repo
-//!
-//! # With output for debugging
-//! cargo test --test archive_read_only -- --nocapture
-//! ```
-mod common;
-use common::{
-    check_ref_at_commit, create_repo_announcement, create_state_event,
-    create_test_repo_with_commit, push_to_relay, wait_for_event_served, wait_for_sync_connection,
-    CommitVariant, TestRelay,
-};
-use nostr_sdk::prelude::*;
-use std::time::Duration;
-/// Test that archive_read_only mode creates bare git repositories and syncs data
-/// via relay-to-relay sync (purgatory sync infrastructure).
-///
-/// Scenario:
-/// 1. Start source relay with full repository (announcement + state + git data)
-/// 2. Start archive relay with archive_all=true, archive_read_only=true, syncing from source
-/// 3. Archive relay syncs announcement and state events from source
-/// 4. State events trigger purgatory sync which fetches git data from source's clone URL
-/// 5. Verify bare repository is created and git data is synced
-/// 6. Verify git pushes are rejected (read-only mode)
-#[tokio::test]
-async fn test_archive_read_only_creates_bare_repo() {
-    // 1. Start source relay
-    let source_relay = TestRelay::start().await;
-    let keys = Keys::generate();
-    let identifier = "archive-test-repo";
-    // Pre-allocate archive relay port so we can include it in announcement
-    let archive_port = TestRelay::find_free_port();
-    let archive_domain = format!("127.0.0.1:{}", archive_port);
-    // 2. Create test repository locally with deterministic commit
-    let temp_dir = tempfile::tempdir().expect("Failed to create temp dir");
-    let commit_hash = create_test_repo_with_commit(temp_dir.path(), CommitVariant::StateTest)
-        .expect("Failed to create test repo");
-    let npub = keys.public_key().to_bech32().expect("Failed to get npub");
-    // 3. Create and send announcement listing BOTH relays
-    // This ensures the archive relay will accept the state event when it syncs
-    let announcement = create_repo_announcement(
-        &keys,
-        &[&source_relay.domain(), &archive_domain],
-        identifier,
-    );
-    let source_client = Client::new(keys.clone());
-    source_client
-        .add_relay(source_relay.url())
-        .await
-        .expect("Failed to add source relay");
-    source_client.connect().await;
-    // Wait for connection
-    tokio::time::sleep(Duration::from_millis(500)).await;
-    // Send announcement to source relay
-    source_client
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to source");
-    tokio::time::sleep(Duration::from_millis(200)).await;
-    // 4. Create and send state event
-    let clone_urls = [
-        format!(
-            "http://{}/{}/{}.git",
-            source_relay.domain(),
-            npub,
-            identifier
-        ),
-        format!("http://{}/{}/{}.git", archive_domain, npub, identifier),
-    ];
-    let relay_urls = [
-        source_relay.url().to_string(),
-        format!("ws://{}", archive_domain),
-    ];
-    let state_event = create_state_event(
-        &keys,
-        identifier,
-        &[("main", &commit_hash)],
-        &[],
-        &[&clone_urls[0], &clone_urls[1]],
-        &[&relay_urls[0], &relay_urls[1]],
-    )
-    .expect("Failed to create state event");
-    let state_event_id = state_event.id;
-    // Send state event to source relay (goes to purgatory - no git data yet)
-    source_client
-        .send_event(&state_event)
-        .await
-        .expect("Failed to send state event to source");
-    tokio::time::sleep(Duration::from_millis(200)).await;
-    // 5. Push git data to source relay
-    // The state event in purgatory authorizes this push
-    push_to_relay(temp_dir.path(), &source_relay.domain(), &npub, identifier)
-        .expect("Push to source should succeed");
-    // After push, state event should be released from purgatory on source relay
-    wait_for_event_served(source_relay.url(), &state_event_id, Duration::from_secs(5))
-        .await
-        .expect("State event should be served on source relay after push");
-    // 6. Start archive relay with archive_all=true, archive_read_only=true, syncing from source
-    let archive_relay = TestRelay::start_with_archive_and_sync(
-        archive_port,
-        Some(source_relay.url().to_string()),
-        false, // negentropy enabled
-        true,  // archive_all
-        true,  // archive_read_only
-    )
-    .await;
-    // Wait for sync connection to establish
-    wait_for_sync_connection(archive_relay.url(), 1, Duration::from_secs(5))
-        .await
-        .expect("Sync connection should establish");
-    // 7. Wait for state event to be released on archive relay
-    // The sync should:
-    // a) Fetch the announcement and state event from source relay
-    // b) Accept announcement (creates bare repo structure) - via archive mode
-    // c) Put state event in purgatory (git data missing on archive relay)
-    // d) Fetch git data from source relay's clone URL
-    // e) Release the state event from purgatory
-    let found = wait_for_event_served(
-        archive_relay.url(),
-        &state_event_id,
-        Duration::from_secs(30), // Allow time for sync + git fetch
-    )
-    .await;
-    assert!(
-        found.is_ok(),
-        "State event should be served after sync fetches git data: {:?}",
-        found.err()
-    );
-    // 8. Verify bare repository was created
-    let repo_path = archive_relay
-        .git_data_path()
-        .join(format!("{}/{}.git", npub, identifier));
-    assert!(
-        repo_path.exists(),
-        "Bare repository should be created at {:?} for archive announcement",
-        repo_path
-    );
-    // 9. Verify it's a bare repository (check for config file with bare = true)
-    let config_path = repo_path.join("config");
-    assert!(
-        config_path.exists(),
-        "Git config should exist at {:?}",
-        config_path
-    );
-    let config_content = tokio::fs::read_to_string(&config_path)
-        .await
-        .expect("Should read git config");
-    assert!(
-        config_content.contains("bare = true"),
-        "Repository at {:?} should be bare (config should contain 'bare = true')",
-        repo_path
-    );
-    // 10. Verify refs are correct on archive relay
-    let ref_correct = check_ref_at_commit(
-        &archive_domain,
-        &npub,
-        identifier,
-        "refs/heads/main",
-        &commit_hash,
-    )
-    .await
-    .expect("Failed to check ref");
-    assert!(ref_correct, "main branch should point to correct commit");
-    // 11. Verify git pushes are rejected (read-only mode)
-    // Create a new commit in the source repo
-    tokio::fs::write(temp_dir.path().join("new_file.txt"), "new content")
-        .await
-        .expect("Failed to write new file");
-    let output = tokio::process::Command::new("git")
-        .args(["add", "."])
-        .current_dir(temp_dir.path())
-        .output()
-        .await
-        .expect("Failed to git add");
-    assert!(output.status.success());
-    let output = tokio::process::Command::new("git")
-        .args(["commit", "-m", "New commit for push test"])
-        .current_dir(temp_dir.path())
-        .output()
-        .await
-        .expect("Failed to git commit");
-    assert!(output.status.success());
-    // Try to push to archive relay (should fail in read-only mode)
-    let push_url = format!("http://{}/{}/{}.git", archive_domain, npub, identifier);
-    let output = tokio::process::Command::new("git")
-        .args(["push", &push_url, "main"])
-        .current_dir(temp_dir.path())
-        .output()
-        .await
-        .expect("Failed to run git push");
-    assert!(
-        !output.status.success(),
-        "Git push should be rejected in archive_read_only mode. stderr: {}",
-        String::from_utf8_lossy(&output.stderr)
-    );
-    // Cleanup
-    source_client.disconnect().await;
-    archive_relay.stop().await;
-    source_relay.stop().await;
-}
-/// Test that archive mode without state events does NOT sync git data.
-///
-/// This verifies the security model: archive mode only syncs git data
-/// when there are state events to validate against.
-///
-/// Scenario:
-/// 1. Start source relay with announcement only (no state events)
-/// 2. Start archive relay syncing from source
-/// 3. Archive relay syncs announcement (creates bare repo)
-/// 4. Verify git data is NOT synced (no state events to trigger purgatory sync)
-#[tokio::test]
-async fn test_archive_without_state_events_does_not_sync_git() {
-    // 1. Start source relay
-    let source_relay = TestRelay::start().await;
-    let keys = Keys::generate();
-    let identifier = "archive-no-state-repo";
-    // Pre-allocate archive relay port
-    let archive_port = TestRelay::find_free_port();
-    let archive_domain = format!("127.0.0.1:{}", archive_port);
-    // 2. Create test repository locally
-    let temp_dir = tempfile::tempdir().expect("Failed to create temp dir");
-    let commit_hash = create_test_repo_with_commit(temp_dir.path(), CommitVariant::StateTest)
-        .expect("Failed to create test repo");
-    let npub = keys.public_key().to_bech32().expect("Failed to get npub");
-    // 3. Create and send announcement listing BOTH relays (but NO state event)
-    let announcement = create_repo_announcement(
-        &keys,
-        &[&source_relay.domain(), &archive_domain],
-        identifier,
-    );
-    let source_client = Client::new(keys.clone());
-    source_client
-        .add_relay(source_relay.url())
-        .await
-        .expect("Failed to add source relay");
-    source_client.connect().await;
-    tokio::time::sleep(Duration::from_millis(500)).await;
-    // Send announcement to source relay
-    source_client
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to source");
-    tokio::time::sleep(Duration::from_millis(200)).await;
-    // 4. Push git data to source relay (but no state event to authorize it)
-    // This push will fail because there's no state event in purgatory
-    // That's expected - we're testing that archive mode doesn't blindly fetch git data
-    // 5. Start archive relay
-    let archive_relay = TestRelay::start_with_archive_and_sync(
-        archive_port,
-        Some(source_relay.url().to_string()),
-        false,
-        true,
-        true,
-    )
-    .await;
-    // Wait for sync
-    wait_for_sync_connection(archive_relay.url(), 1, Duration::from_secs(5))
-        .await
-        .expect("Sync connection should establish");
-    // Give time for any potential git sync to happen
-    tokio::time::sleep(Duration::from_secs(3)).await;
-    // 6. Verify bare repository was created (announcement was accepted)
-    let repo_path = archive_relay
-        .git_data_path()
-        .join(format!("{}/{}.git", npub, identifier));
-    assert!(
-        repo_path.exists(),
-        "Bare repository should be created for archive announcement"
-    );
-    // 7. Verify git data was NOT synced (no state events to trigger purgatory sync)
-    // Check that the commit does NOT exist in the archive relay's repo
-    let output = tokio::process::Command::new("git")
-        .args(["cat-file", "-t", &commit_hash])
-        .current_dir(&repo_path)
-        .output()
-        .await;
-    let commit_exists = output.map(|o| o.status.success()).unwrap_or(false);
-    assert!(
-        !commit_exists,
-        "Git data should NOT be synced without state events (security: validates against Nostr state)"
-    );
-    // Cleanup
-    source_client.disconnect().await;
-    archive_relay.stop().await;
-    source_relay.stop().await;
-}
diff --git a/tests/common/purgatory_helpers.rs b/tests/common/purgatory_helpers.rs
index 1d06f22..cfcea1c 100644
--- a/tests/common/purgatory_helpers.rs
+++ b/tests/common/purgatory_helpers.rs
@@ -338,6 +338,44 @@ pub fn build_repo_coord(keys: &Keys, identifier: &str) -> String {
    format!("30617:{}:{}", keys.public_key().to_hex(), identifier)
 }
+/// Create a repository announcement event (kind 30617) for purgatory tests.
+///
+/// Creates a minimal but valid NIP-34 repository announcement with a `d` tag,
+/// optional `clone` URLs, and optional `relays` URLs.
+///
+/// # Arguments
+/// * `keys` - Keys for signing
+/// * `identifier` - Repository identifier (d-tag)
+/// * `clone_urls` - Clone URLs to include (may be empty)
+/// * `relay_urls` - Relay URLs to include (may be empty)
+///
+/// # Returns
+/// * `Ok(Event)` - Signed announcement event
+/// * `Err(String)` - If signing fails
+pub fn create_announcement_event(
+    keys: &Keys,
+    identifier: &str,
+    clone_urls: &[&str],
+    relay_urls: &[&str],
+) -> Result<Event, String> {
+    let mut tags = vec![Tag::identifier(identifier)];
+    if !clone_urls.is_empty() {
+        let urls: Vec<String> = clone_urls.iter().map(|s| s.to_string()).collect();
+        tags.push(Tag::custom(TagKind::custom("clone"), urls));
+    }
+    if !relay_urls.is_empty() {
+        let urls: Vec<String> = relay_urls.iter().map(|s| s.to_string()).collect();
+        tags.push(Tag::custom(TagKind::custom("relays"), urls));
+    }
+    EventBuilder::new(Kind::GitRepoAnnouncement, "")
+        .tags(tags)
+        .sign_with_keys(keys)
+        .map_err(|e| format!("Failed to sign announcement event: {}", e))
+}
 /// Wait for an event to be served by a relay (not in purgatory).
 ///
 /// Polls the relay until the event is queryable, indicating it has
diff --git a/tests/common/relay.rs b/tests/common/relay.rs
index 227849a..b1e96cf 100644
--- a/tests/common/relay.rs
+++ b/tests/common/relay.rs
@@ -204,7 +204,7 @@ impl TestRelay {
            .env("NGIT_GIT_DATA_PATH", git_data_dir.path())
            .env("NGIT_DATABASE_BACKEND", "memory") // Force in-memory database for isolation
            .env("NGIT_OWNER_NPUB", &test_npub)
-            .env("NGIT_SYNC_BATCH_WINDOW_MS", "200") // Fast batch window for tests (200ms instead of 5s default)
+            .env("NGIT_TEST", "1") // Enable test mode: fast timers (200ms batch window, 200ms purgatory sync)
            .env("NGIT_SYNC_STARTUP_DELAY_SECS", "0") // No startup delay for faster tests
            .env("NGIT_SYNC_STARTUP_JITTER_MS", "0") // No jitter for tests
            .env("NGIT_SYNC_DISCONNECT_CHECK_INTERVAL_SECS", "1") // Fast reconnect attempts for tests
@@ -213,8 +213,15 @@ impl TestRelay {
                "RUST_LOG",
                std::env::var("RUST_LOG").unwrap_or_else(|_| "info".to_string()),
            ) // Use RUST_LOG from environment or default to info
-            .stdout(Stdio::null()) // Suppress stdout for cleaner test output
+            .stdout(
-            .stderr(Stdio::null()); // Suppress stderr for cleaner test output
+                std::fs::OpenOptions::new()
+                    .create(true)
+                    .append(true)
+                    .open(format!("/tmp/relay-{}.log", port))
+                    .map(Stdio::from)
+                    .unwrap_or(Stdio::null()),
+            )
+            .stderr(Stdio::inherit()); // Inherit stderr for test output
        // Add bootstrap relay URL if provided
        if let Some(ref bootstrap_url) = bootstrap_relay_url {
diff --git a/tests/common/sync_helpers.rs b/tests/common/sync_helpers.rs
index 5fc2ad7..af51e78 100644
--- a/tests/common/sync_helpers.rs
+++ b/tests/common/sync_helpers.rs
@@ -507,41 +507,53 @@ fn check_sync_connections_in_metrics(metrics: &str, expected: usize) -> bool {
 /// assert!(found, "Expected event {} to sync to relay", event.id);
 /// ```
 pub async fn wait_for_event_on_relay(relay_url: &str, filter: Filter, timeout: Duration) -> bool {
-    // Create a temporary client for querying
+    let deadline = tokio::time::Instant::now() + timeout;
-    let temp_keys = Keys::generate();
+    let poll_interval = Duration::from_millis(200);
-    let client = Client::new(temp_keys);
-    // Try to connect
-    if client.add_relay(relay_url).await.is_err() {
-        return false;
-    }
-    client.connect().await;
+    loop {
+        // Create a fresh client for each poll attempt (avoids stale connection state)
+        let temp_keys = Keys::generate();
+        let client = Client::new(temp_keys);
-    // Wait for connection (brief timeout)
+        if client.add_relay(relay_url).await.is_err() {
-    let mut connected = false;
+            if tokio::time::Instant::now() >= deadline {
-    for _ in 0..10 {
+                return false;
-        tokio::time::sleep(Duration::from_millis(100)).await;
+            }
-        let relays = client.relays().await;
+            tokio::time::sleep(poll_interval).await;
-        if relays.values().any(|r| r.is_connected()) {
+            continue;
-            connected = true;
-            break;
        }
-    }
-    if !connected {
+        client.connect().await;
-        client.disconnect().await;
-        return false;
+        // Wait for connection
-    }
+        let mut connected = false;
+        for _ in 0..10 {
+            tokio::time::sleep(Duration::from_millis(100)).await;
+            let relays = client.relays().await;
+            if relays.values().any(|r| r.is_connected()) {
+                connected = true;
+                break;
+            }
+        }
-    // Fetch events with the provided timeout
+        if connected {
-    let result = client.fetch_events(filter, timeout).await;
+            // Use a short fetch window — if the event is there, EOSE comes back quickly
+            let fetch_timeout = Duration::from_millis(500);
+            let result = client.fetch_events(filter.clone(), fetch_timeout).await;
+            client.disconnect().await;
-    client.disconnect().await;
+            match result {
+                Ok(events) if !events.is_empty() => return true,
+                _ => {}
+            }
+        } else {
+            client.disconnect().await;
+        }
-    match result {
+        if tokio::time::Instant::now() >= deadline {
-        Ok(events) => !events.is_empty(),
+            return false;
-        Err(_) => false,
+        }
+        tokio::time::sleep(poll_interval).await;
    }
 }
@@ -774,6 +786,11 @@ impl MetricsTestHarness {
        self.source_relays[idx].domain()
    }
+    /// Get a reference to a source relay (for advanced test operations)
+    pub fn source_relay(&self, idx: usize) -> &TestRelay {
+        &self.source_relays[idx]
+    }
    /// Submit events to a specific source relay
    pub async fn submit_events(&self, source_idx: usize, events: &[Event]) -> Result<(), String> {
        let relay = &self.source_relays[source_idx];
@@ -1071,12 +1088,16 @@ pub struct SyncTestResult {
    pub syncing_relay: TestRelay,
    pub maintainer_keys: Keys,
    pub repo_coord: String,
+    // Keep SmartGitServer alive for the test duration
+    _git_server: Option<super::git_server::SmartGitServer>,
+    // Keep temp dir alive for the test duration
+    _git_temp_dir: Option<tempfile::TempDir>,
 }
 /// Helper to send an event to a relay
 ///
 /// Creates a temporary client, sends the event, and disconnects.
-async fn send_to_relay(relay: &TestRelay, event: &Event) -> Result<(), String> {
+pub async fn send_to_relay(relay: &TestRelay, event: &Event) -> Result<(), String> {
    let temp_keys = Keys::generate();
    let client = TestClient::new(relay.url(), temp_keys).await?;
    client.send_event(event).await?;
@@ -1084,6 +1105,270 @@ async fn send_to_relay(relay: &TestRelay, event: &Event) -> Result<(), String> {
    Ok(())
 }
+/// Helper to send an event to a relay by URL
+///
+/// Creates a temporary client, sends the event, and disconnects.
+pub async fn send_to_relay_url(relay_url: &str, event: &Event) -> Result<(), String> {
+    let temp_keys = Keys::generate();
+    let client = TestClient::new(relay_url, temp_keys).await?;
+    client.send_event(event).await?;
+    client.disconnect().await;
+    Ok(())
+}
+/// Push git repository data to a relay to release a purgatory-held announcement.
+///
+/// Creates a local git repo, sends a state event, and pushes to the relay.
+/// Use this when you need to build a custom announcement but still need the
+/// relay to accept it (i.e., release it from purgatory).
+///
+/// # Arguments
+/// * `relay` - The relay to push to
+/// * `keys` - Keys of the repository owner
+/// * `identifier` - Repository identifier
+/// * `domains` - All domains in the announcement (for state event URLs)
+///
+/// # Returns
+/// `tempfile::TempDir` - Keep alive for test duration
+pub async fn push_git_data_to_relay(
+    relay: &TestRelay,
+    keys: &Keys,
+    identifier: &str,
+    domains: &[&str],
+) -> tempfile::TempDir {
+    use super::purgatory_helpers::{
+        create_state_event, create_test_repo_with_commit, push_to_relay, CommitVariant,
+    };
+    let npub = keys
+        .public_key()
+        .to_bech32()
+        .expect("Failed to convert public key to npub");
+    // Create local git repo
+    let git_temp_dir = tempfile::tempdir().expect("Failed to create temp dir for git repo");
+    let commit_hash = create_test_repo_with_commit(git_temp_dir.path(), CommitVariant::StateTest)
+        .expect("Failed to create test git repo");
+    let clone_urls: Vec<String> = domains
+        .iter()
+        .map(|d| format!("http://{}/{}/{}.git", d, npub, identifier))
+        .collect();
+    let relay_urls: Vec<String> = domains.iter().map(|d| format!("ws://{}", d)).collect();
+    // Build and send state event with all domains' clone URLs
+    let state_event = create_state_event(
+        keys,
+        identifier,
+        &[("main", &commit_hash)],
+        &[],
+        &clone_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+        &relay_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+    )
+    .expect("Failed to create state event");
+    send_to_relay(relay, &state_event)
+        .await
+        .expect("Failed to send state event");
+    // Git push to relay → releases state event from purgatory, authorizes push
+    push_to_relay(git_temp_dir.path(), &relay.domain(), &npub, identifier)
+        .expect("Failed to push git data to relay");
+    // Brief wait for push processing
+    tokio::time::sleep(Duration::from_millis(500)).await;
+    git_temp_dir
+}
+/// Like `push_git_data_to_relay` but writes a unique marker file so each call
+/// produces a distinct commit hash.
+///
+/// Use this when multiple callers push to the same relay with the same identifier
+/// but different keys — identical commit hashes cause git to skip pack transfer,
+/// which can leave the announcement in purgatory.
+///
+/// # Arguments
+/// * `relay` - The relay to push to
+/// * `keys` - Keys of the repository owner
+/// * `identifier` - Repository identifier
+/// * `domains` - All domains in the announcement (for state event URLs)
+/// * `unique_seed` - A string written into a `.unique` file to differentiate commits
+///
+/// # Returns
+/// `tempfile::TempDir` - Keep alive for test duration
+pub async fn push_unique_git_data_to_relay(
+    relay: &TestRelay,
+    keys: &Keys,
+    identifier: &str,
+    domains: &[&str],
+    unique_seed: &str,
+) -> tempfile::TempDir {
+    use super::purgatory_helpers::{create_state_event, push_to_relay};
+    let npub = keys
+        .public_key()
+        .to_bech32()
+        .expect("Failed to convert public key to npub");
+    let git_temp_dir = tempfile::tempdir().expect("Failed to create temp dir for git repo");
+    let path = git_temp_dir.path();
+    fn git(path: &std::path::Path, args: &[&str]) {
+        let status = std::process::Command::new("git")
+            .args(args)
+            .current_dir(path)
+            .env("GIT_AUTHOR_NAME", "Test User")
+            .env("GIT_AUTHOR_EMAIL", "test@example.com")
+            .env("GIT_COMMITTER_NAME", "Test User")
+            .env("GIT_COMMITTER_EMAIL", "test@example.com")
+            .env("GIT_AUTHOR_DATE", "2024-01-01T00:00:00+00:00")
+            .env("GIT_COMMITTER_DATE", "2024-01-01T00:00:00+00:00")
+            .output()
+            .unwrap_or_else(|e| panic!("git {:?} failed to spawn: {}", args, e));
+        assert!(
+            status.status.success(),
+            "git {:?} failed: {}",
+            args,
+            String::from_utf8_lossy(&status.stderr)
+        );
+    }
+    git(path, &["init", "--initial-branch=main"]);
+    git(path, &["config", "user.email", "test@example.com"]);
+    git(path, &["config", "user.name", "Test User"]);
+    git(path, &["config", "commit.gpgsign", "false"]);
+    // Write a unique file so each maintainer gets a distinct commit hash
+    std::fs::write(path.join("state_test.txt"), "State test content for purgatory sync")
+        .expect("write state_test.txt");
+    std::fs::write(path.join(".unique"), unique_seed).expect("write .unique");
+    git(path, &["add", "."]);
+    git(path, &["commit", "-m", "State test commit"]);
+    let commit_hash = {
+        let out = std::process::Command::new("git")
+            .args(["rev-parse", "HEAD"])
+            .current_dir(path)
+            .output()
+            .expect("git rev-parse");
+        String::from_utf8_lossy(&out.stdout).trim().to_string()
+    };
+    let clone_urls: Vec<String> = domains
+        .iter()
+        .map(|d| format!("http://{}/{}/{}.git", d, npub, identifier))
+        .collect();
+    let relay_urls: Vec<String> = domains.iter().map(|d| format!("ws://{}", d)).collect();
+    let state_event = create_state_event(
+        keys,
+        identifier,
+        &[("main", &commit_hash)],
+        &[],
+        &clone_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+        &relay_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+    )
+    .expect("Failed to create state event");
+    send_to_relay(relay, &state_event)
+        .await
+        .expect("Failed to send state event");
+    push_to_relay(path, &relay.domain(), &npub, identifier)
+        .expect("Failed to push git data to relay");
+    tokio::time::sleep(Duration::from_millis(500)).await;
+    git_temp_dir
+}
+/// Set up a repository announcement on a relay with git data so it passes purgatory.
+///
+/// With the announcement purgatory feature, announcements (kind 30617) require git
+/// data before they are promoted to the relay's main DB. This helper:
+///
+/// 1. Creates a local git repo with a commit
+/// 2. Builds an announcement and state event (kind 30618) pointing to the relay
+/// 3. Sends both to the relay (they go to purgatory)
+/// 4. Git pushes to the relay → releases both from purgatory immediately
+/// 5. Returns the announcement event and temp dir (keep alive for test duration)
+///
+/// # Arguments
+/// * `relay` - The relay to set up the announcement on
+/// * `keys` - Keys to sign the announcement with (repo owner)
+/// * `domains` - All domains that should be listed in the announcement (including relay.domain())
+/// * `identifier` - Repository identifier (d-tag)
+///
+/// # Returns
+/// `(Event, tempfile::TempDir)` - The announcement event and temp dir.
+/// The temp dir MUST be kept alive for the duration of the test.
+pub async fn setup_announcement_on_relay(
+    relay: &TestRelay,
+    keys: &Keys,
+    domains: &[&str],
+    identifier: &str,
+) -> (Event, tempfile::TempDir) {
+    use super::purgatory_helpers::{
+        create_state_event, create_test_repo_with_commit, push_to_relay, CommitVariant,
+    };
+    let npub = keys
+        .public_key()
+        .to_bech32()
+        .expect("Failed to convert public key to npub");
+    // Create local git repo with a commit
+    let git_temp_dir = tempfile::tempdir().expect("Failed to create temp dir for git repo");
+    let commit_hash = create_test_repo_with_commit(git_temp_dir.path(), CommitVariant::StateTest)
+        .expect("Failed to create test git repo");
+    // Build clone URLs and relay URLs from domains
+    let clone_urls: Vec<String> = domains
+        .iter()
+        .map(|d| format!("http://{}/{}/{}.git", d, npub, identifier))
+        .collect();
+    let relay_urls: Vec<String> = domains.iter().map(|d| format!("ws://{}", d)).collect();
+    // Build announcement event (lists ALL domains for relay discovery)
+    let announcement = EventBuilder::new(Kind::GitRepoAnnouncement, "Repository state")
+        .tags(vec![
+            Tag::identifier(identifier),
+            Tag::custom(TagKind::custom("clone"), clone_urls.clone()),
+            Tag::custom(TagKind::custom("relays"), relay_urls.clone()),
+        ])
+        .sign_with_keys(keys)
+        .expect("Failed to sign repo announcement");
+    // Build state event with all domains' clone URLs
+    let state_event = create_state_event(
+        keys,
+        identifier,
+        &[("main", &commit_hash)],
+        &[],
+        &clone_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+        &relay_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+    )
+    .expect("Failed to create state event");
+    // Send announcement and state event to relay (both go to purgatory)
+    send_to_relay(relay, &announcement)
+        .await
+        .expect("Failed to send announcement");
+    send_to_relay(relay, &state_event)
+        .await
+        .expect("Failed to send state event");
+    // Git push to relay → releases both from purgatory
+    push_to_relay(git_temp_dir.path(), &relay.domain(), &npub, identifier)
+        .expect("Failed to push git data to relay");
+    // Brief wait for push processing
+    tokio::time::sleep(Duration::from_millis(500)).await;
+    (announcement, git_temp_dir)
+}
 /// Unified sync test helper that automatically determines sync mode.
 ///
 /// This function sets up a complete sync test environment by determining whether
@@ -1119,6 +1404,10 @@ async fn send_to_relay(relay: &TestRelay, event: &Event) -> Result<(), String> {
 /// // Assert comment synced to result.syncing_relay
 /// ```
 pub async fn run_sync_test(historic_events: &[Event], live_events: &[Event]) -> SyncTestResult {
+    use super::purgatory_helpers::{
+        create_state_event, create_test_repo_with_commit, push_to_relay, CommitVariant,
+    };
    // Validate usage - cannot provide events in both slices
    let historic_mode = !historic_events.is_empty();
    let live_mode = !live_events.is_empty();
@@ -1137,39 +1426,93 @@ pub async fn run_sync_test(historic_events: &[Event], live_events: &[Event]) ->
    // 2. Start source relay
    let source = TestRelay::start().await;
-    // 3. Create keys and announcement listing both relays
+    // 3. Create local git repo with a commit
+    let git_temp_dir = tempfile::tempdir().expect("Failed to create temp dir for git repo");
+    let commit_hash = create_test_repo_with_commit(git_temp_dir.path(), CommitVariant::StateTest)
+        .expect("Failed to create test git repo");
+    // 4. Create keys and build URLs
    let keys = Keys::generate();
-    let announcement =
+    let npub = keys
-        create_repo_announcement(&keys, &[&source.domain(), &syncing_domain], "test-repo");
+        .public_key()
+        .to_bech32()
+        .expect("Failed to convert public key to npub");
+    // Clone URLs: source relay HTTP endpoint is where git data lives
+    // The syncing relay's purgatory will fetch from source's clone URL
+    let clone_url_source = format!("http://{}/{}/{}.git", source.domain(), npub, "test-repo");
+    let clone_url_syncing = format!("http://{}/{}/{}.git", syncing_domain, npub, "test-repo");
-    // 4. Send announcement + historic events to source BEFORE syncing relay starts
+    let clone_urls = vec![clone_url_source.clone(), clone_url_syncing.clone()];
+    let relay_urls = vec![
+        format!("ws://{}", source.domain()),
+        format!("ws://{}", syncing_domain),
+    ];
+    let announcement = EventBuilder::new(Kind::GitRepoAnnouncement, "Repository state")
+        .tags(vec![
+            Tag::identifier("test-repo"),
+            Tag::custom(TagKind::custom("clone"), clone_urls.clone()),
+            Tag::custom(TagKind::custom("relays"), relay_urls.clone()),
+        ])
+        .sign_with_keys(&keys)
+        .expect("Failed to sign repo announcement");
+    // 5. Create state event referencing the commit
+    let state_event = create_state_event(
+        &keys,
+        "test-repo",
+        &[("main", &commit_hash)],
+        &[],
+        &clone_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+        &relay_urls.iter().map(|s| s.as_str()).collect::<Vec<_>>(),
+    )
+    .expect("Failed to create state event");
+    // 6. Send announcement + state event to source (both go to purgatory)
    send_to_relay(&source, &announcement)
        .await
        .expect("Failed to send announcement");
+    send_to_relay(&source, &state_event)
+        .await
+        .expect("Failed to send state event");
+    // 7. Git push to source relay → releases both announcement and state event from purgatory
+    push_to_relay(git_temp_dir.path(), &source.domain(), &npub, "test-repo")
+        .expect("Failed to push git data to source relay");
+    // 8. Wait for source relay to process the push and release events from purgatory
+    tokio::time::sleep(Duration::from_secs(2)).await;
+    // 9. Send historic events to source BEFORE syncing relay starts
    for event in historic_events {
        send_to_relay(&source, event)
            .await
            .expect("Failed to send historic event");
    }
-    // 5. Start syncing relay (connects to source)
+    // 10. Start syncing relay (connects to source)
    let syncing =
        TestRelay::start_on_port_with_options(syncing_port, Some(source.url().into()), false).await;
-    // 6. Wait for sync connection to establish
+    // 11. Wait for sync connection to establish
    let _ = wait_for_sync_connection(syncing.url(), 1, Duration::from_secs(5)).await;
-    // 7. Send live events AFTER connection established
+    // 12. Send live events AFTER connection established
    for event in live_events {
        send_to_relay(&source, event)
            .await
            .expect("Failed to send live event");
    }
-    // 8. Allow sync to complete
+    // 13. Allow sync + purgatory promotion to complete on the syncing relay.
-    tokio::time::sleep(Duration::from_millis(100)).await;
+    // The syncing relay receives the announcement (goes to purgatory) and state event.
+    // The purgatory sync loop (1s interval) fetches git data from source's clone URL
+    // (http://source-domain/npub/test-repo.git) and releases the announcement.
+    // We wait up to 8s to allow time for this.
+    tokio::time::sleep(Duration::from_secs(8)).await;
-    // 9. Compute repo coordinate before moving keys
+    // 14. Compute repo coordinate before moving keys
    let coordinate = repo_coord(&keys, "test-repo");
    SyncTestResult {
@@ -1177,6 +1520,8 @@ pub async fn run_sync_test(historic_events: &[Event], live_events: &[Event]) ->
        syncing_relay: syncing,
        maintainer_keys: keys,
        repo_coord: coordinate,
+        _git_server: None,
+        _git_temp_dir: Some(git_temp_dir),
    }
 }
diff --git a/tests/nip77_negentropy.rs b/tests/nip77_negentropy.rs
index fccfe67..29e62d8 100644
--- a/tests/nip77_negentropy.rs
+++ b/tests/nip77_negentropy.rs
@@ -35,56 +35,67 @@ use common::{sync_helpers::*, TestRelay};
 /// 3. Create a fresh client with empty local database
 /// 4. Call client.sync() to perform negentropy reconciliation
 /// 5. Verify reconciliation found the events on the relay
+///
+/// Uses kind 10317 (GitUserGraspList) events which are unconditionally accepted
+/// by the relay without requiring a promoted repository. This avoids the
+/// announcements-purgatory system which holds kind 30617 events until git data
+/// arrives, meaning announcement events are not stored in the DB and would not
+/// appear in negentropy sync results.
 #[tokio::test]
 async fn test_nip77_negentropy_sync_finds_events() {
    // 1. Start relay
    let relay = TestRelay::start().await;
    println!("Relay started at {}", relay.url());
-    // 2. Create keys and publish events
+    // 2. Create two distinct keypairs - each publishes a kind 10317 event.
-    let keys = Keys::generate();
+    //    Kind 10317 (GitUserGraspList) is unconditionally accepted and stored in
+    //    the relay DB, unlike kind 30617 announcements which go to purgatory.
-    // Create a repository announcement that will be accepted by the relay
+    let keys1 = Keys::generate();
-    let announcement = create_repo_announcement(&keys, &[&relay.domain()], "test-repo-nip77");
+    let keys2 = Keys::generate();
-    let event1_id = announcement.id;
+    // Build kind 10317 events (replaceable per pubkey, so two keys = two stored events)
+    let event1 = EventBuilder::new(Kind::GitUserGraspList, "")
+        .tags(vec![Tag::identifier("grasp-list-nip77-a")])
+        .sign_with_keys(&keys1)
+        .expect("Failed to sign event 1");
+    let event1_id = event1.id;
    println!(
        "Created event 1: {} (kind {})",
        event1_id,
-        announcement.kind.as_u16()
+        event1.kind.as_u16()
    );
-    // Create a second event (issue referencing the repo)
+    let event2 = EventBuilder::new(Kind::GitUserGraspList, "")
-    let repo_coord = format!(
+        .tags(vec![Tag::identifier("grasp-list-nip77-b")])
-        "{}:{}:{}",
+        .sign_with_keys(&keys2)
-        Kind::GitRepoAnnouncement.as_u16(),
+        .expect("Failed to sign event 2");
-        keys.public_key().to_hex(),
+    let event2_id = event2.id;
-        "test-repo-nip77"
-    );
-    let issue = build_layer2_issue_event(&keys, &repo_coord, "Test issue for NIP-77")
-        .expect("Failed to build issue event");
-    let event2_id = issue.id;
    println!(
        "Created event 2: {} (kind {})",
        event2_id,
-        issue.kind.as_u16()
+        event2.kind.as_u16()
    );
    // 3. Send events to relay using TestClient
-    let publish_client = TestClient::new(relay.url(), keys.clone())
+    let publish_client1 = TestClient::new(relay.url(), keys1.clone())
        .await
        .expect("Failed to connect to relay");
+    publish_client1
+        .send_event(&event1)
+        .await
+        .expect("Failed to send event 1");
+    publish_client1.disconnect().await;
-    publish_client
+    let publish_client2 = TestClient::new(relay.url(), keys2.clone())
-        .send_event(&announcement)
        .await
-        .expect("Failed to send announcement");
+        .expect("Failed to connect to relay");
-    publish_client
+    publish_client2
-        .send_event(&issue)
+        .send_event(&event2)
        .await
-        .expect("Failed to send issue");
+        .expect("Failed to send event 2");
-    println!("Events published to relay");
+    publish_client2.disconnect().await;
-    publish_client.disconnect().await;
+    println!("Events published to relay");
    // 4. Wait a moment for events to be stored
    tokio::time::sleep(Duration::from_millis(200)).await;
@@ -104,8 +115,8 @@ async fn test_nip77_negentropy_sync_finds_events() {
    // 6. Perform negentropy sync with filter matching our events
    let filter = Filter::new()
-        .author(keys.public_key())
+        .authors(vec![keys1.public_key(), keys2.public_key()])
-        .kinds(vec![Kind::GitRepoAnnouncement, Kind::GitIssue]);
+        .kind(Kind::GitUserGraspList);
    println!("Starting negentropy sync with filter: {:?}", filter);
diff --git a/tests/purgatory.rs b/tests/purgatory.rs
new file mode 100644
index 0000000..73f85ca
--- /dev/null
+++ b/tests/purgatory.rs
@@ -0,0 +1,89 @@
+//! Purgatory Integration Tests
+//!
+//! Tests ngit-grasp relay's implementation of GRASP-01 purgatory behavior.
+//! Uses grasp-audit library to avoid code duplication.
+//!
+//! # Test Strategy
+//!
+//! - Each test runs in complete isolation with its own fresh relay instance
+//! - Uses macro to eliminate boilerplate while maintaining test isolation
+//! - Calls individual test methods from grasp-audit for minimal duplication
+//! - Automatic cleanup via TestRelay fixture (removes container and temp dirs)
+//!
+//! # Running Tests
+//!
+//! ```bash
+//! # Run all purgatory tests
+//! cargo test --test purgatory
+//!
+//! # Run specific test
+//! cargo test --test purgatory test_state_event_not_served_before_git_data
+//!
+//! # With output
+//! cargo test --test purgatory -- --nocapture
+//! ```
+mod common;
+use common::TestRelay;
+use grasp_audit::specs::grasp01::PurgatoryTests;
+use grasp_audit::{AuditClient, AuditConfig};
+/// Macro to generate isolated integration tests for purgatory
+///
+/// Each test runs with its own fresh relay instance to ensure complete isolation.
+/// This eliminates issues with leftover repositories and ensures clean state.
+macro_rules! isolated_purgatory_test {
+    ($test_name:ident) => {
+        #[tokio::test]
+        async fn $test_name() {
+            let relay = TestRelay::start().await;
+            let config = AuditConfig::isolated();
+            let client = AuditClient::new(relay.url(), config)
+                .await
+                .expect("Failed to create audit client");
+            let result = PurgatoryTests::$test_name(&client).await;
+            relay.stop().await;
+            assert!(
+                result.passed,
+                "{} failed: {}",
+                stringify!($test_name),
+                result.error.as_deref().unwrap_or("unknown error")
+            );
+        }
+    };
+}
+// ============================================================
+// Announcement Purgatory Tests
+// ============================================================
+isolated_purgatory_test!(test_announcement_not_served_before_git_data);
+isolated_purgatory_test!(test_announcement_served_after_git_push);
+isolated_purgatory_test!(test_bare_repo_exists_for_purgatory_announcement);
+isolated_purgatory_test!(test_state_event_accepted_for_purgatory_announcement);
+// ============================================================
+// Deletion Event Tests (NIP-09)
+// ============================================================
+isolated_purgatory_test!(test_deletion_by_event_id_removes_purgatory_state_event);
+isolated_purgatory_test!(test_deletion_by_coordinate_removes_purgatory_state_event);
+// ============================================================
+// State Event Purgatory Tests (already implemented)
+// ============================================================
+isolated_purgatory_test!(test_state_event_not_served_before_git_data);
+isolated_purgatory_test!(test_state_event_served_after_git_push);
+// ============================================================
+// PR Purgatory Tests
+// ============================================================
+isolated_purgatory_test!(test_pr_event_accepted_into_purgatory_and_isnt_served);
+isolated_purgatory_test!(test_pr_event_in_purgatory_git_push_accepted);
+isolated_purgatory_test!(test_pr_event_served_after_git_push);
diff --git a/tests/purgatory_persistence.rs b/tests/purgatory_persistence.rs
index 4dc5e94..655b0d9 100644
--- a/tests/purgatory_persistence.rs
+++ b/tests/purgatory_persistence.rs
@@ -31,9 +31,11 @@
 mod common;
+use common::purgatory_helpers::create_announcement_event;
 use ngit_grasp::purgatory::Purgatory;
 use ngit_grasp::sync::rejected_index::{EventType, RejectedEventsIndex, RejectionReason};
 use nostr_sdk::prelude::*;
+use std::collections::HashSet;
 use std::time::Duration;
 /// Helper to create a test event
@@ -120,11 +122,31 @@ async fn test_full_purgatory_save_restore_cycle() {
    // Add a PR placeholder (git-data-first scenario)
    purgatory.add_pr_placeholder("placeholder-id".to_string(), "commit-xyz".to_string());
-    // Note: We can't directly test expired events without accessing private fields,
+    // Add an announcement to purgatory (requires a real directory for the repo path)
-    // so we'll focus on testing state and PR events persistence
+    let repo_dir = temp_dir.path().join("repo.git");
+    std::fs::create_dir_all(&repo_dir).unwrap();
+    let ann_keys = Keys::generate();
+    let ann_event = create_announcement_event(
+        &ann_keys,
+        "my-repo",
+        &["http://example.com/my-repo.git"],
+        &["wss://relay.example.com"],
+    )
+    .unwrap();
+    let ann_event_id = ann_event.id;
+    let mut ann_relays = HashSet::new();
+    ann_relays.insert("wss://relay.example.com".to_string());
+    purgatory.add_announcement(
+        ann_event,
+        "my-repo".to_string(),
+        ann_keys.public_key(),
+        repo_dir.clone(),
+        ann_relays,
+    );
    // Verify initial counts
-    let (state_count, pr_count) = purgatory.count();
+    let (announcement_count, state_count, pr_count) = purgatory.count();
+    assert_eq!(announcement_count, 1, "Should have 1 announcement");
    assert_eq!(state_count, 2, "Should have 2 state events");
    assert_eq!(
        pr_count, 3,
@@ -146,13 +168,23 @@ async fn test_full_purgatory_save_restore_cycle() {
    );
    // Verify all data was restored
-    let (state_count2, pr_count2) = purgatory2.count();
+    let (announcement_count2, state_count2, pr_count2) = purgatory2.count();
+    assert_eq!(announcement_count2, 1, "Should have 1 announcement after restore");
    assert_eq!(state_count2, 2, "Should have 2 state events after restore");
    assert_eq!(
        pr_count2, 3,
        "Should have 3 PR events after restore (2 events + 1 placeholder)"
    );
+    // Verify announcement was restored correctly
+    let restored_ann = purgatory2
+        .find_announcement(&ann_keys.public_key(), "my-repo")
+        .expect("Announcement should be restored");
+    assert_eq!(restored_ann.event.id, ann_event_id);
+    assert_eq!(restored_ann.identifier, "my-repo");
+    assert_eq!(restored_ann.repo_path, repo_dir);
+    assert!(!restored_ann.soft_expired);
    // Verify specific state events
    let repo1_states = purgatory2.find_state("repo1");
    assert_eq!(repo1_states.len(), 1);
@@ -284,7 +316,7 @@ async fn test_purgatory_downtime_adjustment() {
    purgatory2.restore_from_disk(&state_path).unwrap();
    // Verify event is still there (downtime was accounted for)
-    let (state_count, _) = purgatory2.count();
+    let (_, state_count, _) = purgatory2.count();
    assert_eq!(state_count, 1);
    let repo1_states = purgatory2.find_state("repo1");
@@ -410,7 +442,7 @@ async fn test_purgatory_restore_missing_file() {
    assert!(result.is_err(), "Should error on missing file");
    // Purgatory should still be usable (empty state)
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 0);
    assert_eq!(pr_count, 0);
@@ -419,7 +451,7 @@ async fn test_purgatory_restore_missing_file() {
    let event = create_test_event(&keys, "test").await;
    purgatory.add_state(event, "repo1".to_string(), keys.public_key(), false);
-    let (state_count, _) = purgatory.count();
+    let (_, state_count, _) = purgatory.count();
    assert_eq!(state_count, 1);
 }
@@ -470,7 +502,7 @@ async fn test_purgatory_restore_corrupted_file() {
    assert!(result.is_err(), "Should error on corrupted file");
    // Purgatory should still be usable
-    let (state_count, pr_count) = purgatory.count();
+    let (_, state_count, pr_count) = purgatory.count();
    assert_eq!(state_count, 0);
    assert_eq!(pr_count, 0);
 }
@@ -513,7 +545,7 @@ async fn test_empty_purgatory_save_restore() {
    purgatory2.restore_from_disk(&state_path).unwrap();
    // Verify empty state
-    let (state_count, pr_count) = purgatory2.count();
+    let (_, state_count, pr_count) = purgatory2.count();
    assert_eq!(state_count, 0);
    assert_eq!(pr_count, 0);
    assert_eq!(purgatory2.expired_count(), 0);
@@ -620,7 +652,7 @@ async fn test_purgatory_continues_working_after_restore() {
    );
    // Verify both old and new events work
-    let (state_count, _) = purgatory2.count();
+    let (_, state_count, _) = purgatory2.count();
    assert_eq!(state_count, 2);
    let repo1_states = purgatory2.find_state("repo1");
@@ -632,7 +664,7 @@ async fn test_purgatory_continues_working_after_restore() {
    assert_eq!(repo2_states[0].event.id, event2.id);
    // Verify cleanup still works
-    let (state_removed, pr_removed) = purgatory2.cleanup();
+    let (_, state_removed, pr_removed) = purgatory2.cleanup();
    // Nothing should be expired yet
    assert_eq!(state_removed, 0);
    assert_eq!(pr_removed, 0);
@@ -713,15 +745,15 @@ async fn test_purgatory_entries_expired_during_downtime() {
    purgatory2.restore_from_disk(&state_path).unwrap();
    // Event should be restored
-    let (state_count, _) = purgatory2.count();
+    let (_, state_count, _) = purgatory2.count();
    assert_eq!(state_count, 1);
    // Cleanup should work (even if nothing is expired yet)
-    let (state_removed, _) = purgatory2.cleanup();
+    let (_, state_removed, _) = purgatory2.cleanup();
    // Nothing expired yet since we didn't wait 30 minutes
    assert_eq!(state_removed, 0);
-    let (state_count, _) = purgatory2.count();
+    let (_, state_count, _) = purgatory2.count();
    assert_eq!(state_count, 1);
 }
@@ -775,3 +807,100 @@ async fn test_rejected_cache_entries_expired_during_downtime() {
    assert_eq!(index2.hot_cache_len(), 0);
    assert_eq!(index2.cold_index_len(), 1);
 }
+/// Test 18: Announcement events are saved and restored across restarts
+#[tokio::test]
+async fn test_announcement_save_restore_cycle() {
+    let temp_dir = tempfile::tempdir().unwrap();
+    let git_data_path = temp_dir.path().join("git");
+    let state_path = temp_dir.path().join("purgatory.json");
+    // Create a real bare repo directory (restore skips entries whose path is missing)
+    let repo_dir = temp_dir.path().join("owner.git");
+    std::fs::create_dir_all(&repo_dir).unwrap();
+    let purgatory = Purgatory::new(&git_data_path);
+    let keys = Keys::generate();
+    let ann_event = create_announcement_event(
+        &keys,
+        "my-repo",
+        &["http://example.com/my-repo.git"],
+        &["wss://relay.example.com"],
+    )
+    .unwrap();
+    let ann_event_id = ann_event.id;
+    let mut relays = HashSet::new();
+    relays.insert("wss://relay.example.com".to_string());
+    purgatory.add_announcement(
+        ann_event,
+        "my-repo".to_string(),
+        keys.public_key(),
+        repo_dir.clone(),
+        relays.clone(),
+    );
+    let (ann_count, _, _) = purgatory.count();
+    assert_eq!(ann_count, 1);
+    // Save to disk
+    purgatory.save_to_disk(&state_path).unwrap();
+    assert!(state_path.exists());
+    // Restore into a fresh purgatory
+    let purgatory2 = Purgatory::new(&git_data_path);
+    purgatory2.restore_from_disk(&state_path).unwrap();
+    assert!(!state_path.exists(), "State file should be deleted after restore");
+    let (ann_count2, _, _) = purgatory2.count();
+    assert_eq!(ann_count2, 1, "Announcement should be restored");
+    let restored = purgatory2
+        .find_announcement(&keys.public_key(), "my-repo")
+        .expect("Announcement should be findable after restore");
+    assert_eq!(restored.event.id, ann_event_id);
+    assert_eq!(restored.identifier, "my-repo");
+    assert_eq!(restored.owner, keys.public_key());
+    assert_eq!(restored.repo_path, repo_dir);
+    assert_eq!(restored.relays, relays);
+    assert!(!restored.soft_expired);
+}
+/// Test 19: Announcement with missing repo path is skipped on restore
+#[tokio::test]
+async fn test_announcement_missing_repo_skipped_on_restore() {
+    let temp_dir = tempfile::tempdir().unwrap();
+    let git_data_path = temp_dir.path().join("git");
+    let state_path = temp_dir.path().join("purgatory.json");
+    // Point to a path that does NOT exist on disk
+    let missing_repo = temp_dir.path().join("nonexistent.git");
+    let purgatory = Purgatory::new(&git_data_path);
+    let keys = Keys::generate();
+    let ann_event = create_announcement_event(&keys, "my-repo", &[], &[]).unwrap();
+    purgatory.add_announcement(
+        ann_event,
+        "my-repo".to_string(),
+        keys.public_key(),
+        missing_repo,
+        HashSet::new(),
+    );
+    purgatory.save_to_disk(&state_path).unwrap();
+    let purgatory2 = Purgatory::new(&git_data_path);
+    purgatory2.restore_from_disk(&state_path).unwrap();
+    let (ann_count, _, _) = purgatory2.count();
+    assert_eq!(
+        ann_count, 0,
+        "Announcement with missing repo path must be skipped"
+    );
+}
diff --git a/tests/purgatory_sync.rs b/tests/purgatory_sync.rs
index 72f3d81..eefd6bc 100644
--- a/tests/purgatory_sync.rs
+++ b/tests/purgatory_sync.rs
@@ -282,15 +282,20 @@ async fn test_state_event_syncs_from_remote() {
 /// Test that a PR event entering purgatory triggers remote commit fetch
 /// and is released once the commit is available.
 ///
-/// Scenario:
+/// Flow on source relay:
-/// 1. Start source relay with repository announcement
+/// 1. Send announcement → purgatory (StateOnly - no git data yet)
-/// 2. Create PR event (goes to purgatory - no git data yet)
+/// 2. Send state event → purgatory (refs point to non-existent commits)
-/// 3. Push commit to refs/nostr/<event-id> (authorized by PR event in purgatory)
+/// 3. Push git data → promotes announcement to Full + releases state event
-/// 4. PR event gets released from purgatory on source relay
+/// 4. Send PR event → purgatory (announcement now Full, so PR events accepted)
-/// 5. Start syncing relay
+/// 5. Push PR commit → releases PR event
-/// 6. Syncing relay syncs PR event (goes to purgatory - no local git data)
+///
-/// 7. Syncing relay fetches commit from source's clone URL
+/// Flow on syncing relay:
-/// 8. Verify PR event is released and refs/nostr/<event-id> created on syncing relay
+/// 6. Start syncing relay
+/// 7. Syncs announcement → purgatory (StateOnly)
+/// 8. Syncs state event → purgatory
+/// 9. Fetches git data → promotes announcement (Full) + releases state event
+/// 10. Syncs PR event → purgatory (announcement now Full)
+/// 11. Fetches PR commit → releases PR event
 #[tokio::test]
 async fn test_pr_event_syncs_from_remote() {
    // 1. Start source relay
@@ -313,8 +318,7 @@ async fn test_pr_event_syncs_from_remote() {
        .to_bech32()
        .expect("Failed to get npub");
-    // 3. Create and send announcement listing BOTH relays
+    // 3. Create announcement listing BOTH relays
-    // This ensures the syncing relay will accept the PR event when it syncs
    let announcement = create_repo_announcement(
        &owner_keys,
        &[&source_relay.domain(), &syncing_domain],
@@ -331,7 +335,7 @@ async fn test_pr_event_syncs_from_remote() {
    // Wait for connection
    tokio::time::sleep(Duration::from_millis(500)).await;
-    // Send announcement to source relay (creates bare repo)
+    // Step 1: Send announcement to source relay → purgatory (StateOnly)
    source_client
        .send_event(&announcement)
        .await
@@ -339,8 +343,52 @@ async fn test_pr_event_syncs_from_remote() {
    tokio::time::sleep(Duration::from_millis(200)).await;
-    // 4. Create and send PR event BEFORE pushing
+    // Step 2: Create and send state event → purgatory (no git data yet)
-    // The PR event goes to purgatory on source relay, which authorizes the push
+    let clone_urls = [
+        format!(
+            "http://{}/{}/{}.git",
+            source_relay.domain(),
+            npub,
+            identifier
+        ),
+        format!("http://{}/{}/{}.git", syncing_domain, npub, identifier),
+    ];
+    let relay_urls = [
+        source_relay.url().to_string(),
+        format!("ws://{}", syncing_domain),
+    ];
+    let state_event = create_state_event(
+        &owner_keys,
+        identifier,
+        &[("main", &commit_hash)],
+        &[],
+        &[&clone_urls[0], &clone_urls[1]],
+        &[&relay_urls[0], &relay_urls[1]],
+    )
+    .expect("Failed to create state event");
+    let state_event_id = state_event.id;
+    source_client
+        .send_event(&state_event)
+        .await
+        .expect("Failed to send state event to source");
+    tokio::time::sleep(Duration::from_millis(200)).await;
+    // Step 3: Push git data to source relay
+    // This promotes the announcement from StateOnly to Full AND releases state event
+    push_to_relay(temp_dir.path(), &source_relay.domain(), &npub, identifier)
+        .expect("Push to source should succeed");
+    // Wait for state event to be released from purgatory on source relay
+    wait_for_event_served(source_relay.url(), &state_event_id, Duration::from_secs(5))
+        .await
+        .expect("State event should be served on source relay after push");
+    // Step 4: Create and send PR event → purgatory
+    // NOW the announcement is promoted (Full), so PR events are accepted
    let repo_coord = build_repo_coord(&owner_keys, identifier);
    let pr_event = create_pr_event(
@@ -367,11 +415,10 @@ async fn test_pr_event_syncs_from_remote() {
        .await
        .expect("Failed to send PR event to source");
-    // Small delay to ensure PR event is processed into purgatory
    tokio::time::sleep(Duration::from_millis(200)).await;
-    // 5. Push commit to refs/nostr/<event-id> on source relay
+    // Step 5: Push PR commit to refs/nostr/<event-id> on source relay
-    // The PR event in purgatory authorizes this push
+    // This releases the PR event from purgatory
    let ref_name = format!("refs/nostr/{}", pr_event_id.to_hex());
    push_ref_to_relay(
        temp_dir.path(),
@@ -383,12 +430,12 @@ async fn test_pr_event_syncs_from_remote() {
    )
    .expect("Push to refs/nostr/<event-id> should succeed");
-    // After push, PR event should be released from purgatory on source relay
+    // Wait for PR event to be released from purgatory on source relay
    wait_for_event_served(source_relay.url(), &pr_event_id, Duration::from_secs(5))
        .await
        .expect("PR event should be served on source relay after push");
-    // 6. Start syncing relay (syncs from source)
+    // Step 6: Start syncing relay (syncs from source)
    let syncing_relay = TestRelay::start_on_port_with_options(
        syncing_port,
        Some(source_relay.url().to_string()),
@@ -401,14 +448,13 @@ async fn test_pr_event_syncs_from_remote() {
        .await
        .expect("Sync connection should establish");
-    // 7. Wait for PR event to be released on syncing relay
+    // Steps 7-11: Syncing relay syncs events
    // The sync should:
-    // a) Fetch the announcement and PR event from source relay
+    // a) Sync announcement → purgatory (StateOnly)
-    // b) Accept announcement (creates bare repo structure)
+    // b) Sync state event → purgatory
-    // c) Put PR event in purgatory (commit missing on syncing relay)
+    // c) Fetch git data → promotes announcement (Full) + releases state event
-    // d) Fetch commit from source relay's clone URL
+    // d) Sync PR event → purgatory (announcement now Full)
-    // e) Release the PR event from purgatory
+    // e) Fetch PR commit → releases PR event
-    // f) Create refs/nostr/<event-id> pointing to the commit
    let found = wait_for_event_served(
        syncing_relay.url(),
        &pr_event_id,
@@ -422,7 +468,7 @@ async fn test_pr_event_syncs_from_remote() {
        found.err()
    );
-    // 8. Verify refs/nostr/<event-id> was created on syncing relay
+    // Verify refs/nostr/<event-id> was created on syncing relay
    let ref_correct =
        check_ref_at_commit(&syncing_domain, &npub, identifier, &ref_name, &commit_hash)
            .await
@@ -443,14 +489,20 @@ async fn test_pr_event_syncs_from_remote() {
 /// Test that concurrent state and PR events for the same repository
 /// both sync correctly.
 ///
-/// Scenario:
+/// Flow on source relay:
-/// 1. Start source relay with repo containing two commits (main branch + PR commit)
+/// 1. Send announcement → purgatory (StateOnly - no git data yet)
-/// 2. Create and push both commits to source relay
+/// 2. Send state event → purgatory (refs point to non-existent commits)
-/// 3. Send both state event and PR event to source relay
+/// 3. Push git data → promotes announcement to Full + releases state event
-/// 4. Start syncing relay
+/// 4. THEN send PR event → purgatory (announcement now Full, so PR events accepted)
-/// 5. Wait for sync to fetch git data and release both events
+/// 5. Push PR commit → releases PR event
-/// 6. Verify both state event and PR event are served
+///
-/// 7. Verify refs are correct for both (main branch and refs/nostr/<event-id>)
+/// Flow on syncing relay:
+/// 6. Start syncing relay
+/// 7. Syncs announcement → purgatory (StateOnly)
+/// 8. Syncs state event → purgatory
+/// 9. Fetches git data → promotes announcement (Full) + releases state event
+/// 10. Syncs PR event → purgatory (announcement now Full)
+/// 11. Fetches PR commit → releases PR event
 #[tokio::test]
 async fn test_concurrent_state_and_pr_sync() {
    // 1. Start source relay
@@ -464,15 +516,13 @@ async fn test_concurrent_state_and_pr_sync() {
    let syncing_domain = format!("127.0.0.1:{}", syncing_port);
    // 2. Create test repository with two commits
-    // First commit establishes the repo, second commit is used for both state and PR events
+    // First commit establishes the repo (for state event), second commit is for PR
    let temp_dir = tempfile::tempdir().expect("Failed to create temp dir");
-    let _first_commit = create_test_repo_with_commit(temp_dir.path(), CommitVariant::StateTest)
+    let _state_commit = create_test_repo_with_commit(temp_dir.path(), CommitVariant::StateTest)
        .expect("Failed to create test repo");
-    // Add second commit - this becomes HEAD of main and is referenced by both events
+    // Add second commit - this is used for the PR event
-    // In a real scenario, the state event would reference the current branch state,
+    let pr_commit =
-    // and the PR would propose changes (which happen to be the same commit here for simplicity)
-    let head_commit =
        add_commit_to_repo(temp_dir.path(), CommitVariant::PrTest).expect("Failed to add commit");
    let npub = owner_keys
@@ -480,7 +530,7 @@ async fn test_concurrent_state_and_pr_sync() {
        .to_bech32()
        .expect("Failed to get npub");
-    // 3. Create and send announcement listing BOTH relays
+    // 3. Create announcement listing BOTH relays
    let announcement = create_repo_announcement(
        &owner_keys,
        &[&source_relay.domain(), &syncing_domain],
@@ -497,7 +547,7 @@ async fn test_concurrent_state_and_pr_sync() {
    // Wait for connection
    tokio::time::sleep(Duration::from_millis(500)).await;
-    // Send announcement to source relay (creates bare repo)
+    // Step 1: Send announcement to source relay → purgatory (StateOnly)
    source_client
        .send_event(&announcement)
        .await
@@ -505,8 +555,7 @@ async fn test_concurrent_state_and_pr_sync() {
    tokio::time::sleep(Duration::from_millis(200)).await;
-    // 4. Create state event referencing the HEAD commit (pr_commit)
+    // Step 2: Create and send state event → purgatory (no git data yet)
-    // After add_commit_to_repo, main points to pr_commit (which includes state_commit in history)
    let clone_urls = [
        format!(
            "http://{}/{}/{}.git",
@@ -521,11 +570,13 @@ async fn test_concurrent_state_and_pr_sync() {
        format!("ws://{}", syncing_domain),
    ];
-    // State event references main at head_commit (the current HEAD)
+    // State event references main at pr_commit (HEAD after add_commit_to_repo).
+    // push_to_relay uses `git push --all` which pushes main -> pr_commit (HEAD),
+    // so the state event must reference pr_commit for push validation to succeed.
    let state_event = create_state_event(
        &owner_keys,
        identifier,
-        &[("main", &head_commit)],
+        &[("main", &pr_commit)],
        &[],
        &[&clone_urls[0], &clone_urls[1]],
        &[&relay_urls[0], &relay_urls[1]],
@@ -534,20 +585,31 @@ async fn test_concurrent_state_and_pr_sync() {
    let state_event_id = state_event.id;
-    // Send state event to source relay (goes to purgatory - no git data yet)
    source_client
        .send_event(&state_event)
        .await
        .expect("Failed to send state event to source");
-    // 5. Create PR event referencing the same commit (head_commit)
+    tokio::time::sleep(Duration::from_millis(200)).await;
-    // This simulates a PR that proposes the changes in head_commit
+    // Step 3: Push git data to source relay
+    // This promotes the announcement from StateOnly to Full AND releases state event
+    push_to_relay(temp_dir.path(), &source_relay.domain(), &npub, identifier)
+        .expect("Push to source should succeed");
+    // Wait for state event to be released from purgatory on source relay
+    wait_for_event_served(source_relay.url(), &state_event_id, Duration::from_secs(5))
+        .await
+        .expect("State event should be served on source relay after push");
+    // Step 4: Create and send PR event → purgatory
+    // NOW the announcement is promoted (Full), so PR events are accepted
    let repo_coord = build_repo_coord(&owner_keys, identifier);
    let pr_event = create_pr_event(
        &pr_author_keys,
        &repo_coord,
-        &head_commit,
+        &pr_commit,
        "Test PR for concurrent sync",
    )
    .expect("Failed to create PR event");
@@ -570,33 +632,25 @@ async fn test_concurrent_state_and_pr_sync() {
    tokio::time::sleep(Duration::from_millis(200)).await;
-    // 6. Push git data to source relay
+    // Step 5: Push PR commit to refs/nostr/<event-id> on source relay
-    // Push all branches (main contains both commits due to linear history)
+    // This releases the PR event from purgatory
-    push_to_relay(temp_dir.path(), &source_relay.domain(), &npub, identifier)
-        .expect("Push to source should succeed");
-    // Also push the PR ref
    let pr_ref_name = format!("refs/nostr/{}", pr_event_id.to_hex());
    push_ref_to_relay(
        temp_dir.path(),
        &source_relay.domain(),
        &npub,
        identifier,
-        &head_commit,
+        &pr_commit,
        &pr_ref_name,
    )
    .expect("Push PR ref to source should succeed");
-    // After push, both events should be released from purgatory on source relay
+    // Wait for PR event to be released from purgatory on source relay
-    wait_for_event_served(source_relay.url(), &state_event_id, Duration::from_secs(5))
-        .await
-        .expect("State event should be served on source relay after push");
    wait_for_event_served(source_relay.url(), &pr_event_id, Duration::from_secs(5))
        .await
        .expect("PR event should be served on source relay after push");
-    // 7. Start syncing relay (syncs from source)
+    // Step 6: Start syncing relay (syncs from source)
    let syncing_relay = TestRelay::start_on_port_with_options(
        syncing_port,
        Some(source_relay.url().to_string()),
@@ -609,8 +663,13 @@ async fn test_concurrent_state_and_pr_sync() {
        .await
        .expect("Sync connection should establish");
-    // 8. Wait for BOTH events to be released on syncing relay
+    // Steps 7-11: Syncing relay syncs events
-    // The sync should fetch git data and release both events
+    // The sync should:
+    // a) Sync announcement → purgatory (StateOnly)
+    // b) Sync state event → purgatory
+    // c) Fetch git data → promotes announcement (Full) + releases state event
+    // d) Sync PR event → purgatory (announcement now Full)
+    // e) Fetch PR commit → releases PR event
    let state_found = wait_for_event_served(
        syncing_relay.url(),
        &state_event_id,
@@ -629,18 +688,18 @@ async fn test_concurrent_state_and_pr_sync() {
    assert!(
        pr_found.is_ok(),
-        "PR event should be served after sync fetches git data: {:?}",
+        "PR event should be served after sync fetches commit: {:?}",
        pr_found.err()
    );
-    // 9. Verify refs are correct on syncing relay
+    // Verify refs are correct on syncing relay
-    // Check main branch points to head_commit (the HEAD)
+    // Check main branch points to pr_commit (HEAD after both commits)
    let main_ref_correct = check_ref_at_commit(
        &syncing_domain,
        &npub,
        identifier,
        "refs/heads/main",
-        &head_commit,
+        &pr_commit, // After push, main points to pr_commit (HEAD)
    )
    .await
    .expect("Failed to check main ref");
@@ -648,24 +707,24 @@ async fn test_concurrent_state_and_pr_sync() {
    assert!(
        main_ref_correct,
        "main branch should point to HEAD commit ({})",
-        head_commit
+        pr_commit
    );
-    // Check refs/nostr/<event-id> points to the same commit
+    // Check refs/nostr/<event-id> points to pr_commit
    let pr_ref_correct = check_ref_at_commit(
        &syncing_domain,
        &npub,
        identifier,
        &pr_ref_name,
-        &head_commit,
+        &pr_commit,
    )
    .await
    .expect("Failed to check PR ref");
    assert!(
        pr_ref_correct,
-        "refs/nostr/<event-id> should point to commit ({})",
+        "refs/nostr/<event-id> should point to PR commit ({})",
-        head_commit
+        pr_commit
    );
    // Cleanup
@@ -921,162 +980,43 @@ async fn test_pr_event_clone_tag_sync_with_partial_oid_aggregation_from_multiple
        .expect("PR event should be served on mock_relay immediately");
    // ========================================================================
-    // Step 5: Start syncing_relay WITHOUT bootstrap and publish announcement directly
+    // Step 5: Start syncing_relay with source_grasp as bootstrap
    // ========================================================================
-    // Start syncing_relay with sync enabled but NO bootstrap relay
+    // Start syncing_relay with source_grasp as bootstrap relay.
-    // This tests relay discovery from announcement's `relays` tag
+    // Negentropy is disabled because MockRelay doesn't support NIP-77, and the
-    // Note: We disable negentropy because MockRelay doesn't support NIP-77,
+    // sync system doesn't properly fall back to REQ+EOSE when negentropy fails.
-    // and the sync system doesn't properly fall back to REQ+EOSE when negentropy fails.
+    //
+    // We do NOT publish the announcement directly to syncing_relay. Instead,
+    // syncing_relay discovers it via the bootstrap connection to source_grasp,
+    // which has the promoted announcement in its database.
    let syncing_relay = TestRelay::start_on_port_with_options(
        syncing_port,
-        None, // NO bootstrap - relay discovery via announcement tags
+        Some(source_grasp.url().to_string()), // Bootstrap from source_grasp
-        true, // Disable negentropy - MockRelay doesn't support NIP-77
+        true,                                  // Disable negentropy - MockRelay doesn't support NIP-77
    )
    .await;
-    // Publish announcement DIRECTLY to syncing_relay
-    // This triggers relay discovery from the announcement's `relays` tag
-    let syncing_client = Client::new(owner_keys.clone());
-    syncing_client
-        .add_relay(syncing_relay.url())
-        .await
-        .expect("Failed to add syncing_relay");
-    syncing_client.connect().await;
-    tokio::time::sleep(Duration::from_millis(500)).await;
-    syncing_client
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to syncing_relay");
-    tokio::time::sleep(Duration::from_millis(200)).await;
-    // Wait for relay discovery and sync connections to establish
-    // syncing_relay should discover source_grasp and mock_relay from announcement's relays tag
-    println!("=== Waiting for sync connections ===");
-    println!("syncing_relay URL: {}", syncing_relay.url());
-    println!("source_grasp URL: {}", source_grasp.url());
-    println!("mock_relay URL: {}", mock_relay.url());
-    println!("git_server URL: {}", git_server.url());
-    wait_for_sync_connection(syncing_relay.url(), 2, Duration::from_secs(10))
-        .await
-        .expect(
-            "Sync connections should establish to discovered relays (source_grasp + mock_relay)",
-        );
-    println!("Sync connections established!");
-    // Debug: Check metrics to see what relays are connected
-    let metrics_url = syncing_relay
-        .url()
-        .replace("ws://", "http://")
-        .replace("/", "")
-        + "/metrics";
-    println!("Checking metrics at: {}", metrics_url);
-    if let Ok(response) = reqwest::get(&metrics_url).await {
-        if let Ok(metrics) = response.text().await {
-            // Print sync-related metrics
-            for line in metrics.lines() {
-                if line.contains("sync") && !line.starts_with('#') {
-                    println!("  {}", line);
-                }
-            }
-        }
-    }
-    // Give some time for sync to happen
-    println!("Waiting 10s for events to sync...");
-    tokio::time::sleep(Duration::from_secs(10)).await;
-    // Check metrics again after waiting
-    println!("=== Checking metrics after sync wait ===");
-    if let Ok(response) = reqwest::get(&metrics_url).await {
-        if let Ok(metrics) = response.text().await {
-            for line in metrics.lines() {
-                if line.contains("sync") && !line.starts_with('#') {
-                    println!("  {}", line);
-                }
-            }
-        }
-    }
-    // Debug: Check if PR event is still on mock_relay
-    println!("=== Debug: Checking PR event on mock_relay ===");
-    let pr_on_mock =
-        wait_for_event_served(mock_relay.url(), &pr_event_id, Duration::from_secs(2)).await;
-    println!("PR event on mock_relay: {:?}", pr_on_mock.is_ok());
-    if let Ok(ref pr) = pr_on_mock {
-        println!("PR event tags:");
-        for tag in pr.tags.iter() {
-            println!("  {:?}", tag.as_slice());
-        }
-    }
-    // Debug: Check repo coordinate
-    let repo_coord = build_repo_coord(&owner_keys, identifier);
-    println!("Expected repo coordinate: {}", repo_coord);
-    // Debug: Test if mock_relay responds to tag-based filter (Layer 2 style)
-    println!("=== Debug: Testing mock_relay tag filter response ===");
-    let test_client = Client::new(Keys::generate());
-    test_client
-        .add_relay(mock_relay.url())
-        .await
-        .expect("Failed to add mock_relay");
-    test_client.connect().await;
-    tokio::time::sleep(Duration::from_millis(500)).await;
-    // Build a Layer 2 style filter (by 'a' tag)
-    let tag_filter =
-        Filter::new().custom_tag(SingleLetterTag::lowercase(Alphabet::A), repo_coord.as_str());
-    println!("Tag filter: {:?}", tag_filter);
-    let tag_results = test_client
-        .fetch_events(tag_filter, Duration::from_secs(5))
-        .await;
-    match tag_results {
-        Ok(events) => {
-            println!("Tag filter returned {} events", events.len());
-            for event in events.iter() {
-                println!("  Event ID: {}, Kind: {}", event.id, event.kind.as_u16());
-            }
-        }
-        Err(e) => {
-            println!("Tag filter query failed: {:?}", e);
-        }
-    }
-    test_client.disconnect().await;
    // The syncing relay will:
-    // 1. Receive announcement directly (creates bare repo)
+    // 1. Sync promoted announcement from source_grasp via bootstrap connection → purgatory (no local git data)
-    // 2. Discover source_grasp and mock_relay from announcement's `relays` tag
+    // 2. EOSE triggers StateOnly subscription → syncs state event from source_grasp → purgatory sync
-    // 3. Connect to discovered relays
+    // 3. Purgatory sync fetches commit_a from source_grasp clone URL → announcement + state promoted
-    // 4. Sync state event from source_grasp → purgatory (no commit_a locally)
+    // 4. SelfSubscriber sees promoted announcement → upgrades to Full → connects to mock_relay
-    // 5. Sync PR event from mock_relay → purgatory (no commit_b locally)
+    // 5. Syncs PR event from mock_relay → purgatory (no commit_b locally)
-    // 6. Purgatory sync triggers
+    // 6. Purgatory sync fetches commit_b from git_server via PR clone tag
-    // 7. Fetches commit_a from source_grasp clone URL (from announcement clone tag)
+    // 7. PR event promoted → served
-    // 8. Fetches commit_b from git_server (from PR event's clone tag)
-    // 9. Both events released when all OIDs available
    // ========================================================================
    // Step 6: Verify Results
    // ========================================================================
-    println!("=== Step 6: Verify Results ===");
-    println!("State event ID: {}", state_event_id);
-    println!("PR event ID: {}", pr_event_id);
-    println!("commit_a: {}", commit_a);
-    println!("commit_b: {}", commit_b);
    // Wait for state event to be served on syncing_relay
-    println!("Waiting for state event on syncing_relay...");
    let state_found = wait_for_event_served(
        syncing_relay.url(),
        &state_event_id,
        Duration::from_secs(30),
    )
    .await;
-    println!("State event result: {:?}", state_found);
    assert!(
        state_found.is_ok(),
        "State event should be served on syncing_relay: {:?}",
@@ -1084,10 +1024,8 @@ async fn test_pr_event_clone_tag_sync_with_partial_oid_aggregation_from_multiple
    );
    // Wait for PR event to be served on syncing_relay
-    println!("Waiting for PR event on syncing_relay...");
    let pr_found =
        wait_for_event_served(syncing_relay.url(), &pr_event_id, Duration::from_secs(30)).await;
-    println!("PR event result: {:?}", pr_found);
    assert!(
        pr_found.is_ok(),
        "PR event should be served on syncing_relay (fetched commit_b from git_server via PR clone tag): {:?}",
@@ -1128,7 +1066,6 @@ async fn test_pr_event_clone_tag_sync_with_partial_oid_aggregation_from_multiple
    source_client.disconnect().await;
    mock_client.disconnect().await;
    pr_client.disconnect().await;
-    syncing_client.disconnect().await;
    git_server.stop().await;
    mock_relay.stop().await;
    syncing_relay.stop().await;
diff --git a/tests/sync/discovery.rs b/tests/sync/discovery.rs
index 8ed80b5..d45a290 100644
--- a/tests/sync/discovery.rs
+++ b/tests/sync/discovery.rs
@@ -3,10 +3,6 @@
 //! Tests for relay discovery from announcement events.
 //! When a relay receives an announcement listing another relay,
 //! it should discover and connect to that relay to sync events.
-//!
-//! # Tests
-//! - Test 2: Direct Layer 3 discovery from Layer 2
-//! - Test 3: Recursive multi-hop Layer 3 discovery
 use std::time::Duration;
@@ -62,29 +58,26 @@ async fn test_discovers_layer3_via_layer2() {
    // 3. Create test keys
    let keys = Keys::generate();
-    // 4. Create a repository announcement that lists BOTH relays
+    // 4. Set up repository announcement on relay_a with git data
-    let announcement = create_repo_announcement(
+    // (purgatory requires git data before announcements are accepted)
-        &keys,
+    let repo_id = "test-repo-discovery";
-        &[&relay_a.domain(), &relay_b.domain()],
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        "test-repo-discovery",
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    );
-    let announcement_id = announcement.id;
+    let (announcement, _git_dir_a) =
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
+    let announcement_id = announcement.id;
    println!(
-        "Created announcement {} (kind {})",
+        "Announcement {} set up on relay_a with git data",
-        announcement_id,
+        announcement_id
-        announcement.kind.as_u16()
    );
-    for tag in announcement.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
-    }
    // 5. Build the repo coordinate for the 'a' tag in the patch
    let repo_coord = format!(
        "{}:{}:{}",
        Kind::GitRepoAnnouncement.as_u16(),
        keys.public_key().to_hex(),
-        "test-repo-discovery"
+        repo_id
    );
    // 6. Create a patch event (Layer 2) that references the announcement
@@ -97,22 +90,13 @@ async fn test_discovers_layer3_via_layer2() {
    let patch_id = patch.id;
    println!("Created patch {} (kind {})", patch_id, patch.kind.as_u16());
-    for tag in patch.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
-    }
-    // 7. Send announcement and patch to relay_a ONLY
+    // 7. Send patch to relay_a
    let client_a = TestClient::new(relay_a.url(), keys.clone())
        .await
        .expect("Failed to connect to relay_a");
    client_a
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_a
        .send_event(&patch)
        .await
        .expect("Failed to send patch to relay_a");
@@ -120,18 +104,10 @@ async fn test_discovers_layer3_via_layer2() {
    client_a.disconnect().await;
-    // 8. Send announcement to relay_b directly (triggers discovery of relay_a)
+    // 8. Set up announcement on relay_b (triggers discovery of relay_a)
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    let (_announcement_b, _git_dir_b) =
-        .await
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_b");
+    println!("Announcement set up on relay_b (should trigger discovery of relay_a)");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (should trigger discovery of relay_a)");
-    client_b.disconnect().await;
    // 9. Wait for relay_b to discover relay_a and sync the patch
    println!("Waiting 3s for relay_b to discover relay_a and sync patch...");
@@ -197,19 +173,20 @@ async fn test_relay_discovery_via_announcements_with_historic_sync() {
    // 3. Create test keys
    let keys = Keys::generate();
-    // 4. Create the event chain on relay_a:
+    // 4. Set up repository on relay_a with git data and a Layer 2 issue
-    // Layer 1: Repository announcement
+    // Layer 1: Set up announcement with git data
-    let announcement = create_repo_announcement(
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        &keys,
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-        &[&relay_a.domain(), &relay_b.domain()],
+    let repo_id = "test-repo-chain";
-        "test-repo-chain",
-    );
+    let (announcement, _git_dir_a) =
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
    let announcement_id = announcement.id;
-    println!("Created announcement {} (Layer 1)", announcement_id);
+    println!("Announcement {} set up on relay_a with git data (Layer 1)", announcement_id);
    // Build repo coordinate for Layer 2 reference
-    let repo_coord = repo_coord(&keys, "test-repo-chain");
+    let repo_coord = repo_coord(&keys, repo_id);
    // Layer 2: Issue referencing the repo
    let issue = build_layer2_issue_event(&keys, &repo_coord, "Test issue for chain discovery")
@@ -217,35 +194,23 @@ async fn test_relay_discovery_via_announcements_with_historic_sync() {
    let issue_id = issue.id;
    println!("Created issue {} (Layer 2)", issue_id);
-    // 5. Send all events to relay_a
+    // 5. Send issue to relay_a
    let client_a = TestClient::new(relay_a.url(), keys.clone())
        .await
        .expect("Failed to connect to relay_a");
    client_a
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement");
-    client_a
        .send_event(&issue)
        .await
        .expect("Failed to send issue");
-    println!("Events sent to relay_a");
+    println!("Issue sent to relay_a");
    client_a.disconnect().await;
-    // 6. Send only the announcement to relay_b (triggers discovery)
+    // 6. Set up announcement on relay_b (triggers discovery of relay_a)
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    let (_announcement_b, _git_dir_b) =
-        .await
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_b");
+    println!("Announcement set up on relay_b (should trigger discovery of relay_a)");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (should trigger discovery)");
-    client_b.disconnect().await;
    // 7. Wait for sync
    println!("Waiting 3s for Layer 2 sync...");
@@ -271,163 +236,3 @@ async fn test_relay_discovery_via_announcements_with_historic_sync() {
    );
 }
-/// Test 3: 3-relay recursive discovery - relay discovers third relay through bootstrap
-///
-/// Scenario:
-/// ```text
-///     relay_a (SUT)       relay_b (bootstrap)     relay_c (discovered)
-///         │                     │                       │
-///         │                     │ has announcement_x    │ has announcement_y
-///         │                     │ listing A+B+C         │ listing A+C
-///         │                     │                       │
-///         ├────connect──────────►                       │
-///         │◄───sync announcement_x───────────────────────
-///         │                                             │
-///         │    discovers relay_c from announcement_x    │
-///         │                                             │
-///         ├─────────────connect─────────────────────────►
-///         │◄────────────sync announcement_y─────────────┘
-/// ```
-///
-/// This tests that relay_a:
-/// 1. Connects to relay_b (configured as bootstrap)
-/// 2. Receives announcement_x which lists relay_c
-/// 3. Discovers and connects to relay_c
-/// 4. Syncs announcement_y from relay_c
-///
-#[tokio::test]
-async fn test_recursive_relay_discovery_via_announcements_with_historic_sync() {
-    // 1. Start all three relays
-    // relay_b - will be the bootstrap relay, has announcement_x
-    let relay_b = TestRelay::start().await;
-    println!(
-        "relay_b (bootstrap) started at {} (domain: {})",
-        relay_b.url(),
-        relay_b.domain()
-    );
-    // relay_c - will be discovered via announcement_x, has announcement_y
-    let relay_c = TestRelay::start().await;
-    println!(
-        "relay_c (to be discovered) started at {} (domain: {})",
-        relay_c.url(),
-        relay_c.domain()
-    );
-    // relay_a - SUT, starts with relay_b as bootstrap
-    let relay_a = TestRelay::start_with_sync(Some(relay_b.url().to_string())).await;
-    println!(
-        "relay_a (SUT) started at {} (domain: {})",
-        relay_a.url(),
-        relay_a.domain()
-    );
-    // 2. Create test keys (one for each announcement)
-    let keys_x = Keys::generate();
-    let keys_y = Keys::generate();
-    // 3. Create announcement_x on relay_b (lists all three relays: A+B+C)
-    let announcement_x = create_repo_announcement(
-        &keys_x,
-        &[&relay_a.domain(), &relay_b.domain(), &relay_c.domain()],
-        "repo-x-all-relays",
-    );
-    let announcement_x_id = announcement_x.id;
-    println!("Created announcement_x {} listing A+B+C", announcement_x_id);
-    for tag in announcement_x.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
-    }
-    // 4. Create announcement_y on relay_c (lists only A+C, NOT B)
-    let announcement_y = create_repo_announcement(
-        &keys_y,
-        &[&relay_a.domain(), &relay_c.domain()],
-        "repo-y-ac-only",
-    );
-    let announcement_y_id = announcement_y.id;
-    println!(
-        "Created announcement_y {} listing A+C only",
-        announcement_y_id
-    );
-    for tag in announcement_y.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
-    }
-    // 5. Send announcement_x to relay_b only
-    let client_b = TestClient::new(relay_b.url(), keys_x.clone())
-        .await
-        .expect("Failed to connect to relay_b");
-    client_b
-        .send_event(&announcement_x)
-        .await
-        .expect("Failed to send announcement_x to relay_b");
-    println!("announcement_x sent to relay_b");
-    client_b.disconnect().await;
-    // 6. Send announcement_y to relay_c only
-    let client_c = TestClient::new(relay_c.url(), keys_y.clone())
-        .await
-        .expect("Failed to connect to relay_c");
-    client_c
-        .send_event(&announcement_y)
-        .await
-        .expect("Failed to send announcement_y to relay_c");
-    println!("announcement_y sent to relay_c");
-    client_c.disconnect().await;
-    // 7. Wait for relay_a to:
-    //    - Sync from bootstrap relay_b (gets announcement_x)
-    //    - Discover relay_c from announcement_x's relays tag
-    //    - Connect to relay_c and sync announcement_y
-    println!("Waiting 5s for recursive relay discovery...");
-    tokio::time::sleep(Duration::from_secs(5)).await;
-    // 8. Verify announcement_x was synced to relay_a (from bootstrap relay_b)
-    let filter_x = Filter::new()
-        .kind(Kind::GitRepoAnnouncement)
-        .author(keys_x.public_key());
-    let announcement_x_synced =
-        wait_for_event_on_relay(relay_a.url(), filter_x, Duration::from_secs(5)).await;
-    println!(
-        "announcement_x {} synced to relay_a: {}",
-        announcement_x_id, announcement_x_synced
-    );
-    // 9. Verify announcement_y was synced to relay_a (from discovered relay_c)
-    let filter_y = Filter::new()
-        .kind(Kind::GitRepoAnnouncement)
-        .author(keys_y.public_key());
-    let announcement_y_synced =
-        wait_for_event_on_relay(relay_a.url(), filter_y, Duration::from_secs(5)).await;
-    println!(
-        "announcement_y {} synced to relay_a: {}",
-        announcement_y_id, announcement_y_synced
-    );
-    // 10. Cleanup
-    relay_a.stop().await;
-    relay_b.stop().await;
-    relay_c.stop().await;
-    // 11. Assertions
-    assert!(
-        announcement_x_synced,
-        "announcement_x {} should have synced from bootstrap relay_b to relay_a",
-        announcement_x_id
-    );
-    assert!(
-        announcement_y_synced,
-        "announcement_y {} should have synced from discovered relay_c to relay_a (recursive discovery)",
-        announcement_y_id
-    );
-}
diff --git a/tests/sync/historic_sync.rs b/tests/sync/historic_sync.rs
index aec2819..723b776 100644
--- a/tests/sync/historic_sync.rs
+++ b/tests/sync/historic_sync.rs
@@ -224,34 +224,24 @@ async fn test_history_sync_without_negentropy() {
    // Create keys
    let keys = Keys::generate();
-    // Create announcement listing BOTH relay domains
+    // Set up announcement on source with git data
-    // This event will exist on source BEFORE syncing relay ever connects
+    // (purgatory requires git data before announcements are accepted)
-    let announcement = create_repo_announcement(
+    let domains = vec![source.domain(), syncing_domain.clone()];
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
+    let (announcement, _git_dir) = setup_announcement_on_relay(
+        &source,
        &keys,
-        &[&source.domain(), &syncing_domain],
+        &domain_refs,
        "test-repo-history-no-negentropy",
-    );
+    )
+    .await;
    let announcement_id = announcement.id;
    println!(
-        "Created announcement {} (kind {})",
+        "Announcement {} set up on source with git data (event exists BEFORE syncing relay connects)",
-        announcement_id,
+        announcement_id
-        announcement.kind.as_u16()
    );
-    // Send announcement to source (event now exists BEFORE syncing relay connects)
-    let client = TestClient::new(source.url(), keys.clone())
-        .await
-        .expect("Failed to connect to source");
-    client
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to source");
-    println!("Announcement sent to source (event exists BEFORE syncing relay connects)");
-    client.disconnect().await;
    // Wait to ensure event is stored
    tokio::time::sleep(Duration::from_millis(500)).await;
diff --git a/tests/sync/live_sync.rs b/tests/sync/live_sync.rs
index 8ee3119..4289004 100644
--- a/tests/sync/live_sync.rs
+++ b/tests/sync/live_sync.rs
@@ -56,43 +56,24 @@ async fn test_live_sync_layer2_events() {
    // 3. Create test keys
    let keys = Keys::generate();
-    // 4. Create a repository announcement that lists BOTH relays
+    // 4. Create a repository announcement on both relays with git data
+    // (purgatory requires git data before announcements are accepted)
    let repo_id = "test-repo-live-l2";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    println!(
+    let (_announcement, _git_dir_a) =
-        "Created announcement {} (kind {})",
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        announcement.id,
+    println!("Announcement set up on relay_a with git data");
-        announcement.kind.as_u16()
-    );
-    // 5. Send announcement to relay_a
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
-        .await
-        .expect("Failed to connect to relay_a");
-    client_a
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    // 6. Send announcement to relay_b (triggers discovery of relay_a)
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
-        .await
-        .expect("Failed to connect to relay_b");
-    client_b
+    let (_announcement_b, _git_dir_b) =
-        .send_event(&announcement)
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .await
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
-    // 7. Wait for discovery to complete
+    // 5. Wait for discovery to complete
    tokio::time::sleep(Duration::from_secs(1)).await;
-    // 8. Create and send a Layer 2 issue event (using helper)
+    // 6. Create and send a Layer 2 issue event (using helper)
    let repo_coordinate = repo_coord(&keys, repo_id);
    let issue = build_layer2_issue_event(&keys, &repo_coordinate, "Test Issue for Live Sync")
        .expect("Failed to create issue event");
@@ -104,6 +85,10 @@ async fn test_live_sync_layer2_events() {
    }
    // Send issue to relay_a only
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
        .await
@@ -111,7 +96,6 @@ async fn test_live_sync_layer2_events() {
    println!("Issue sent to relay_a");
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 9. Wait and verify event syncs to relay_b
    let filter = Filter::new()
@@ -166,30 +150,19 @@ async fn test_live_sync_layer3_events() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
+    // (purgatory requires git data before announcements are accepted)
    let repo_id = "test-repo-live-l3";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_a");
+    println!("Announcement set up on relay_a with git data");
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    let (_announcement_b, _git_dir_b) =
-        .await
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_b");
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-    client_a
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -200,6 +173,10 @@ async fn test_live_sync_layer3_events() {
        .expect("Failed to create issue");
    let issue_id = issue.id;
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
        .await
@@ -243,7 +220,6 @@ async fn test_live_sync_layer3_events() {
    println!("Issue synced to relay_b: {}", issue_synced);
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 7. Wait and verify comment syncs to relay_b
    let comment_filter = Filter::new()
@@ -343,29 +319,17 @@ async fn test_live_sync_event_ordering() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
+    // (purgatory requires git data before announcements are accepted)
    let repo_id = "test-repo-ordering";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_a");
+    let (_announcement_b, _git_dir_b) =
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    println!("Announcements set up on both relays with git data");
-        .await
-        .expect("Failed to connect to relay_b");
-    client_a
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcements sent to both relays");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -375,6 +339,10 @@ async fn test_live_sync_event_ordering() {
    let mut issue_ids = Vec::new();
    let mut expected_order_timestamps = Vec::new();
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
+        .await
+        .expect("Failed to connect to relay_a");
    for i in 1..=3 {
        let issue = build_layer2_issue_event(
            &keys,
@@ -402,7 +370,6 @@ async fn test_live_sync_event_ordering() {
    }
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 5. Wait for all events to sync
    tokio::time::sleep(Duration::from_secs(3)).await;
diff --git a/tests/sync/maintainer_reprocessing.rs b/tests/sync/maintainer_reprocessing.rs
index df1bf78..ff1eb43 100644
--- a/tests/sync/maintainer_reprocessing.rs
+++ b/tests/sync/maintainer_reprocessing.rs
@@ -2,6 +2,25 @@
 //!
 //! Tests the two-tier rejected events index and immediate re-processing of
 //! maintainer announcements when owner announcements are accepted.
+//!
+//! ## Test design
+//!
+//! Announcements now require git data before they are released from purgatory and
+//! served to other relays.  The hot-cache re-processing path we want to exercise is:
+//!
+//!   relay_b syncs maintainer announcement from relay_a
+//!     → write policy rejects it (no owner announcement in DB yet)
+//!     → event stored in hot cache
+//!   owner git push to relay_b promotes owner announcement from purgatory
+//!     → our new code calls rejected_events_index.invalidate_and_get()
+//!     → maintainer announcement re-processed and accepted
+//!
+//! To guarantee the maintainer announcements arrive at relay_b *before* the owner
+//! git push, relay_b is started with relay_a as its bootstrap relay.  That way
+//! relay_b's SyncManager connects to relay_a immediately and syncs whatever is
+//! already in relay_a's DB.  We push the maintainer git data first (so the
+//! announcements are in relay_a's DB), wait briefly for the sync round-trip, then
+//! send the owner announcement + git push.
 use std::time::Duration;
@@ -9,66 +28,91 @@ use nostr_sdk::prelude::*;
 use crate::common::{sync_helpers::*, TestRelay};
-/// Test that maintainer announcements are re-processed immediately when owner announcement accepted
+/// Test that a maintainer announcement is re-processed immediately when the owner
+/// announcement is promoted from purgatory via a git push.
 ///
 /// Flow:
-/// 1. relay_a: Maintainer sends announcement (gets rejected - doesn't list relay_b)
+/// 1. relay_a: Maintainer sends announcement + git data → accepted into relay_a's DB
-/// 2. relay_b: Owner sends announcement (lists relay_a + maintainer)
+/// 2. relay_b (bootstrapped from relay_a): SyncManager syncs maintainer announcement
-/// 3. relay_b syncs from relay_a, maintainer announcement enters rejected index
+///    → rejected by write policy (no owner in DB) → stored in hot cache
-/// 4. relay_b processes owner announcement, invalidates and re-processes maintainer announcement
+/// 3. relay_b: Owner sends announcement → purgatory (no git data yet)
+/// 4. relay_b: Owner git push → owner announcement promoted from purgatory
+///    → hot-cache re-processing fires → maintainer announcement accepted
 /// 5. Both announcements should be in relay_b's database
-///
-/// Expected time: <5 seconds (vs 24 hours without hot cache)
 #[tokio::test]
 async fn test_maintainer_announcement_reprocessed_immediately() {
    // Start relay_a (where maintainer announcement will be sent)
    let relay_a = TestRelay::start().await;
    println!("relay_a started at {}", relay_a.url());
-    // Start relay_b with sync enabled (will sync from relay_a)
-    let relay_b = TestRelay::start_with_sync(None).await;
-    println!("relay_b started at {}", relay_b.url());
    // Create keys
    let owner_keys = Keys::generate();
    let maintainer_keys = Keys::generate();
    let identifier = "test-repo";
-    let start = std::time::Instant::now();
+    // Step 1: Send maintainer announcement to relay_a then push git data so it lands in
+    // relay_a's DB.  The announcement lists relay_a only (not relay_b), so relay_b's write
-    // Step 1: Send maintainer announcement to relay_a (will be rejected - doesn't list relay_b)
+    // policy will reject it when it arrives via sync.
-    let client_a = TestClient::new(relay_a.url(), maintainer_keys.clone())
+    let maintainer_npub = maintainer_keys
-        .await
+        .public_key()
-        .expect("Failed to connect to relay_a");
+        .to_bech32()
+        .expect("Failed to get npub");
    let maintainer_announcement =
        EventBuilder::new(Kind::GitRepoAnnouncement, "Maintainer's repository")
            .tags(vec![
                Tag::identifier(identifier),
                Tag::custom(
                    TagKind::custom("clone"),
-                    vec![format!("https://{}/{}.git", relay_a.domain(), identifier)],
+                    vec![format!(
+                        "http://{}/{}/{}.git",
+                        relay_a.domain(),
+                        maintainer_npub,
+                        identifier
+                    )],
+                ),
+                Tag::custom(
+                    TagKind::custom("relays"),
+                    vec![relay_a.url().to_string()],
                ),
-                Tag::custom(TagKind::custom("relays"), vec![relay_a.url().to_string()]),
            ])
            .sign_with_keys(&maintainer_keys)
            .unwrap();
+    send_to_relay(&relay_a, &maintainer_announcement).await.unwrap();
+    let _git_dir_maintainer =
+        push_git_data_to_relay(&relay_a, &maintainer_keys, identifier, &[&relay_a.domain()])
+            .await;
+    println!("✓ Maintainer announcement + git data pushed to relay_a");
+    // Step 2: Start relay_b with relay_a as bootstrap so its SyncManager connects immediately.
+    // relay_b's initial negentropy sync will pick up the maintainer announcement and reject it
+    // (no owner announcement in relay_b's DB yet), storing it in the hot cache.
+    let relay_b = TestRelay::start_with_sync(Some(relay_a.url().to_string())).await;
+    println!("relay_b started at {}", relay_b.url());
-    client_a.send_event(&maintainer_announcement).await.unwrap();
+    // Give relay_b's SyncManager time to complete the initial negentropy sync with relay_a.
-    println!("✓ Maintainer announcement sent to relay_a");
+    tokio::time::sleep(Duration::from_secs(3)).await;
+    println!("✓ relay_b synced from relay_a (maintainer announcement should be in hot cache)");
-    // Step 2: Send owner announcement to relay_b (lists relay_a + maintainer)
+    let start = std::time::Instant::now();
-    let client_b = TestClient::new(relay_b.url(), owner_keys.clone())
-        .await
+    // Step 3: Send owner announcement to relay_b → goes to purgatory (no git data yet).
-        .expect("Failed to connect to relay_b");
+    // The announcement lists relay_a + relay_b and names the maintainer.
+    let owner_npub = owner_keys
+        .public_key()
+        .to_bech32()
+        .expect("Failed to get npub");
    let owner_announcement = EventBuilder::new(Kind::GitRepoAnnouncement, "Owner's repository")
        .tags(vec![
            Tag::identifier(identifier),
            Tag::custom(
                TagKind::custom("clone"),
-                vec![format!("https://{}/{}.git", relay_b.domain(), identifier)],
+                vec![format!(
+                    "http://{}/{}/{}.git",
+                    relay_b.domain(),
+                    owner_npub,
+                    identifier
+                )],
            ),
            Tag::custom(
                TagKind::custom("relays"),
@@ -82,15 +126,22 @@ async fn test_maintainer_announcement_reprocessed_immediately() {
        .sign_with_keys(&owner_keys)
        .unwrap();
-    client_b.send_event(&owner_announcement).await.unwrap();
+    send_to_relay(&relay_b, &owner_announcement).await.unwrap();
-    println!("✓ Owner announcement sent to relay_b");
+    println!("✓ Owner announcement sent to relay_b (now in purgatory)");
-    // Step 3: Wait for sync and re-processing (relay_b discovers relay_a, syncs, re-processes)
+    // Step 4: Push owner git data to relay_b.
-    tokio::time::sleep(Duration::from_secs(3)).await;
+    // This promotes the owner announcement from purgatory, which triggers hot-cache
+    // re-processing of the maintainer announcement via our new code path.
+    let _git_dir_owner =
+        push_git_data_to_relay(&relay_b, &owner_keys, identifier, &[&relay_b.domain()]).await;
+    println!("✓ Owner git data pushed to relay_b (owner announcement promoted, hot cache re-processed)");
+    // Step 5: Wait briefly for async processing to complete.
+    tokio::time::sleep(Duration::from_secs(1)).await;
    let elapsed = start.elapsed();
-    // Step 4: Verify both announcements are in relay_b's database
+    // Step 6: Verify both announcements are in relay_b's database.
    let owner_filter = Filter::new()
        .kind(Kind::GitRepoAnnouncement)
        .author(owner_keys.public_key())
@@ -112,17 +163,14 @@ async fn test_maintainer_announcement_reprocessed_immediately() {
        "Maintainer announcement should be re-processed and accepted in relay_b"
    );
-    // Step 5: Verify it happened quickly (not 24 hours!)
    assert!(
-        elapsed.as_secs() < 10,
+        elapsed.as_secs() < 15,
-        "Re-processing should happen in <10 seconds, took {:?}",
+        "Re-processing should happen in <15 seconds, took {:?}",
        elapsed
    );
    println!("✅ Maintainer announcement re-processed in {:?}", elapsed);
-    client_a.disconnect().await;
-    client_b.disconnect().await;
    relay_a.stop().await;
    relay_b.stop().await;
 }
@@ -227,13 +275,16 @@ async fn test_maintainer_announcement_cold_index_prevents_refetch() {
    relay.stop().await;
 }
-/// Test multiple maintainers are all re-processed when owner announcement accepted
+/// Test that all maintainer announcements are re-processed when the owner announcement
+/// is promoted from purgatory via a git push.
 ///
 /// Flow:
-/// 1. relay_a: Three maintainers send announcements (get rejected - don't list relay_b)
+/// 1. relay_a: Three maintainers send announcements + git data → in relay_a's DB
-/// 2. relay_b: Owner sends announcement (lists relay_a + all three maintainers)
+/// 2. relay_b (bootstrapped from relay_a): SyncManager syncs all three maintainer
-/// 3. relay_b syncs from relay_a, all maintainer announcements enter rejected index
+///    announcements → all rejected (no owner in DB) → all in hot cache
-/// 4. relay_b processes owner announcement, invalidates and re-processes all maintainer announcements
+/// 3. relay_b: Owner sends announcement → purgatory
+/// 4. relay_b: Owner git push → owner promoted → hot-cache re-processing fires for
+///    all three maintainers
 /// 5. All four announcements should be in relay_b's database
 #[tokio::test]
 async fn test_multiple_maintainers_all_reprocessed() {
@@ -241,57 +292,113 @@ async fn test_multiple_maintainers_all_reprocessed() {
    let relay_a = TestRelay::start().await;
    println!("relay_a started at {}", relay_a.url());
-    // Start relay_b with sync enabled (will sync from relay_a)
-    let relay_b = TestRelay::start_with_sync(None).await;
-    println!("relay_b started at {}", relay_b.url());
    // Create keys
    let owner_keys = Keys::generate();
    let maintainer1_keys = Keys::generate();
    let maintainer2_keys = Keys::generate();
    let maintainer3_keys = Keys::generate();
-    let identifier = "multi-maintainer-repo";
+    // Use a unique identifier per test run to avoid cross-test interference when
+    // tests run in parallel (each test gets its own namespace on relay_a).
-    // Step 1: Send three maintainer announcements to relay_a
+    let identifier = &format!(
-    let client_a = TestClient::new(relay_a.url(), maintainer1_keys.clone())
+        "multi-maintainer-repo-{}",
-        .await
+        owner_keys.public_key().to_hex()[..8].to_string()
-        .expect("Failed to connect to relay_a");
+    );
+    // Step 1: Send each maintainer announcement to relay_a then push git data so all three
+    // land in relay_a's DB.  Each announcement lists relay_a only, so relay_b will reject
+    // them when syncing (no owner announcement in relay_b's DB yet).
+    let mut git_dirs = Vec::new();
    for (idx, maintainer_keys) in [&maintainer1_keys, &maintainer2_keys, &maintainer3_keys]
        .iter()
        .enumerate()
    {
+        let m_npub = maintainer_keys
+            .public_key()
+            .to_bech32()
+            .expect("Failed to get npub");
        let announcement = EventBuilder::new(
            Kind::GitRepoAnnouncement,
            format!("Maintainer {} repository", idx + 1),
        )
        .tags(vec![
-            Tag::identifier(identifier),
+            Tag::identifier(identifier.as_str()),
            Tag::custom(
                TagKind::custom("clone"),
-                vec![format!("https://{}/{}.git", relay_a.domain(), identifier)],
+                vec![format!(
+                    "http://{}/{}/{}.git",
+                    relay_a.domain(),
+                    m_npub,
+                    identifier
+                )],
            ),
            Tag::custom(TagKind::custom("relays"), vec![relay_a.url().to_string()]),
        ])
        .sign_with_keys(maintainer_keys)
        .unwrap();
+        send_to_relay(&relay_a, &announcement).await.unwrap();
+        // Use push_unique_git_data_to_relay so each maintainer gets a distinct commit
+        // hash.  Identical hashes cause git to skip pack transfer when the object
+        // already exists on the server, leaving the announcement in purgatory.
+        let git_dir = push_unique_git_data_to_relay(
+            &relay_a,
+            maintainer_keys,
+            identifier,
+            &[&relay_a.domain()],
+            &m_npub,
+        )
+        .await;
+        git_dirs.push(git_dir);
+    }
+    println!("✓ Three maintainer announcements + git data pushed to relay_a");
-        client_a.send_event(&announcement).await.unwrap();
+    // Confirm all three announcements are queryable on relay_a before starting relay_b.
+    // This eliminates the race between relay_a's DB writes and relay_b's initial negentropy sync.
+    for (name, keys) in [
+        ("maintainer1", &maintainer1_keys),
+        ("maintainer2", &maintainer2_keys),
+        ("maintainer3", &maintainer3_keys),
+    ] {
+        let filter = Filter::new()
+            .kind(Kind::GitRepoAnnouncement)
+            .author(keys.public_key())
+            .identifier(identifier);
+        let found =
+            wait_for_event_on_relay(relay_a.url(), filter, Duration::from_secs(10)).await;
+        assert!(found, "{} announcement should be in relay_a before starting relay_b", name);
    }
-    println!("✓ Three maintainer announcements sent to relay_a");
+    println!("✓ All three maintainer announcements confirmed in relay_a's DB");
-    // Step 2: Send owner announcement to relay_b (lists relay_a + all three maintainers)
+    // Step 2: Start relay_b with relay_a as bootstrap so its SyncManager connects immediately.
-    let client_b = TestClient::new(relay_b.url(), owner_keys.clone())
+    // Because all three maintainer announcements are confirmed in relay_a's DB, relay_b's
-        .await
+    // initial negentropy sync will pick them all up and reject them (no owner announcement
-        .expect("Failed to connect to relay_b");
+    // in relay_b's DB yet), storing them in the hot cache.
+    let relay_b = TestRelay::start_with_sync(Some(relay_a.url().to_string())).await;
+    println!("relay_b started at {}", relay_b.url());
+    // Give relay_b's SyncManager time to complete the initial negentropy sync with relay_a.
+    // The negentropy sync completes within ~200ms (NGIT_TEST=1 sets batch window to 200ms), but we
+    // allow extra time for slow CI environments.
+    tokio::time::sleep(Duration::from_secs(3)).await;
+    println!("✓ relay_b synced from relay_a (maintainer announcements should be in hot cache)");
+    // Step 3: Send owner announcement to relay_b → goes to purgatory.
+    let owner_npub = owner_keys
+        .public_key()
+        .to_bech32()
+        .expect("Failed to get npub");
    let owner_announcement = EventBuilder::new(Kind::GitRepoAnnouncement, "Owner's repository")
        .tags(vec![
            Tag::identifier(identifier),
            Tag::custom(
                TagKind::custom("clone"),
-                vec![format!("https://{}/{}.git", relay_b.domain(), identifier)],
+                vec![format!(
+                    "http://{}/{}/{}.git",
+                    relay_b.domain(),
+                    owner_npub,
+                    identifier
+                )],
            ),
            Tag::custom(
                TagKind::custom("relays"),
@@ -309,13 +416,20 @@ async fn test_multiple_maintainers_all_reprocessed() {
        .sign_with_keys(&owner_keys)
        .unwrap();
-    client_b.send_event(&owner_announcement).await.unwrap();
+    send_to_relay(&relay_b, &owner_announcement).await.unwrap();
-    println!("✓ Owner announcement sent to relay_b");
+    println!("✓ Owner announcement sent to relay_b (now in purgatory)");
-    // Step 3: Wait for sync and re-processing
+    // Step 4: Push owner git data to relay_b.
-    tokio::time::sleep(Duration::from_secs(3)).await;
+    // This promotes the owner announcement from purgatory and triggers hot-cache
+    // re-processing for all three maintainer announcements.
+    let _git_dir_owner =
+        push_git_data_to_relay(&relay_b, &owner_keys, identifier, &[&relay_b.domain()]).await;
+    println!("✓ Owner git data pushed to relay_b (hot-cache re-processing should fire)");
+    // Step 5: Wait briefly for async processing to complete.
+    tokio::time::sleep(Duration::from_secs(1)).await;
-    // Step 4: Verify all four announcements are in relay_b's database
+    // Step 6: Verify all four announcements are in relay_b's database.
    for (name, keys) in [
        ("owner", &owner_keys),
        ("maintainer1", &maintainer1_keys),
@@ -333,8 +447,6 @@ async fn test_multiple_maintainers_all_reprocessed() {
    println!("✅ All three maintainer announcements re-processed successfully");
-    client_a.disconnect().await;
-    client_b.disconnect().await;
    relay_a.stop().await;
    relay_b.stop().await;
 }
@@ -342,10 +454,10 @@ async fn test_multiple_maintainers_all_reprocessed() {
 /// Test that invalid maintainer public keys don't cause panics
 ///
 /// Flow:
-/// 1. Maintainer announcement arrives → Rejected
+/// 1. Maintainer announcement arrives → Rejected (doesn't list our relay)
-/// 2. Owner announcement arrives with INVALID maintainer hex → Should handle gracefully
+/// 2. Owner announcement + git push → accepted, with INVALID maintainer hex in maintainers tag
-/// 3. Owner announcement should still be accepted
+/// 3. Owner announcement should be accepted
-/// 4. Maintainer announcement should NOT be re-processed (invalid pubkey)
+/// 4. Maintainer announcement should NOT be re-processed (invalid pubkey can't be parsed)
 #[tokio::test]
 async fn test_invalid_maintainer_pubkey_handled_gracefully() {
    let relay = TestRelay::start().await;
@@ -382,13 +494,25 @@ async fn test_invalid_maintainer_pubkey_handled_gracefully() {
    let _ = client.send_event(&maintainer_announcement).await;
    tokio::time::sleep(Duration::from_millis(200)).await;
-    // Step 2: Send owner announcement with INVALID maintainer hex
+    // Step 2: Send owner announcement with INVALID maintainer hex, then push git data.
+    // The announcement goes to purgatory first; the git push promotes it.
+    // The invalid maintainer hex should be handled gracefully (no panic).
+    let owner_npub = owner_keys
+        .public_key()
+        .to_bech32()
+        .expect("Failed to get npub");
    let owner_announcement = EventBuilder::new(Kind::GitRepoAnnouncement, "Owner's repository")
        .tags(vec![
            Tag::identifier(identifier),
            Tag::custom(
                TagKind::custom("clone"),
-                vec![format!("https://{}/{}.git", relay.domain(), identifier)],
+                vec![format!(
+                    "http://{}/{}/{}.git",
+                    relay.domain(),
+                    owner_npub,
+                    identifier
+                )],
            ),
            Tag::custom(TagKind::custom("relays"), vec![relay.url().to_string()]),
            Tag::custom(
@@ -399,7 +523,9 @@ async fn test_invalid_maintainer_pubkey_handled_gracefully() {
        .sign_with_keys(&owner_keys)
        .unwrap();
-    client.send_event(&owner_announcement).await.unwrap();
+    send_to_relay(&relay, &owner_announcement).await.unwrap();
+    let _git_dir =
+        push_git_data_to_relay(&relay, &owner_keys, identifier, &[&relay.domain()]).await;
    tokio::time::sleep(Duration::from_millis(500)).await;
    // Step 3: Verify owner announcement accepted, maintainer not re-processed
diff --git a/tests/sync/metrics.rs b/tests/sync/metrics.rs
index e8c75c7..e973bbb 100644
--- a/tests/sync/metrics.rs
+++ b/tests/sync/metrics.rs
@@ -16,8 +16,8 @@ use nostr_sdk::prelude::*;
 use crate::common::{
    sync_helpers::{
-        create_repo_announcement, fetch_metrics, wait_for_sync_connection, MetricsTestHarness,
+        create_repo_announcement, fetch_metrics, setup_announcement_on_relay,
-        ParsedMetrics, TestClient,
+        wait_for_sync_connection, MetricsTestHarness, ParsedMetrics, TestClient,
    },
    TestRelay,
 };
@@ -224,16 +224,17 @@ async fn test_startup_sync_event_count() {
    // 3. Create test keys
    let keys = Keys::generate();
-    // 4. Create an announcement that lists BOTH relays (required for discovery)
+    // 4. Set up announcement on SOURCE relay with git data
-    let announcement = create_repo_announcement(
+    // (purgatory requires git data before announcements are accepted)
-        &keys,
+    let repo_id = "test-repo-metrics";
-        &[&source_relay.domain(), &syncing_relay.domain()],
+    let domains = vec![source_relay.domain(), syncing_relay.domain()];
-        "test-repo-metrics",
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    );
+    let (announcement, _git_dir_source) =
+        setup_announcement_on_relay(&source_relay, &keys, &domain_refs, repo_id).await;
    println!(
-        "Created announcement {} (kind {})",
+        "Announcement {} set up on source relay with git data",
-        announcement.id,
+        announcement.id
-        announcement.kind.as_u16()
    );
    // 5. Build the repo coordinate for the 'a' tag in the patches
@@ -241,7 +242,7 @@ async fn test_startup_sync_event_count() {
        "{}:{}:{}",
        Kind::GitRepoAnnouncement.as_u16(),
        keys.public_key().to_hex(),
-        "test-repo-metrics"
+        repo_id
    );
    // 6. Create 3 patch events (Layer 2) that reference the announcement
@@ -257,17 +258,11 @@ async fn test_startup_sync_event_count() {
        .collect();
    println!("Created {} patches", patches.len());
-    // 7. Send announcement + patches to SOURCE relay ONLY
+    // 7. Send patches to SOURCE relay
    let source_client = TestClient::new(source_relay.url(), keys.clone())
        .await
        .expect("Failed to connect to source relay");
-    source_client
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to source");
-    println!("Announcement sent to source relay");
    for patch in &patches {
        source_client
            .send_event(patch)
@@ -277,17 +272,10 @@ async fn test_startup_sync_event_count() {
    println!("Patches sent to source relay");
    source_client.disconnect().await;
-    // 8. Send announcement to SYNCING relay (triggers discovery of source relay)
+    // 8. Set up announcement on SYNCING relay (triggers discovery of source relay)
-    let syncing_client = TestClient::new(syncing_relay.url(), keys.clone())
+    let (_announcement_syncing, _git_dir_syncing) =
-        .await
+        setup_announcement_on_relay(&syncing_relay, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to syncing relay");
+    println!("Announcement set up on syncing relay (triggers discovery of source)");
-    syncing_client
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to syncing relay");
-    println!("Announcement sent to syncing relay (triggers discovery of source)");
-    syncing_client.disconnect().await;
    // 9. Wait for discovery + sync to complete
    println!("Waiting 5s for discovery and sync...");
@@ -404,18 +392,35 @@ async fn test_connection_failure_increments_counter() {
 /// Test that live sync events are counted in metrics.
 ///
 /// This test validates that events received via live subscription
-/// (after sync connection is established) are counted separately
+/// (after sync connection is established) are counted in metrics.
-/// from startup/bootstrap events.
+/// Uses Layer 2 patch events (not announcements) to avoid purgatory,
+/// since Layer 2 events are accepted directly to the DB.
 #[tokio::test]
 async fn test_live_sync_event_count() {
-    let mut harness = MetricsTestHarness::with_sources(1).await;
    // Pre-allocate syncing relay port to include in announcements
    let sync_port = TestRelay::find_free_port();
    let sync_domain = format!("127.0.0.1:{}", sync_port);
+    // Start source relay
+    let source_relay = TestRelay::start().await;
+    println!("Source relay started at {}", source_relay.url());
+    // Set up announcement on source relay BEFORE starting syncing relay
+    // This allows discovery when syncing relay connects
+    let keys = Keys::generate();
+    let repo_id = "live-metrics-repo";
+    let domains = vec![source_relay.domain(), sync_domain.clone()];
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
+    let (_announcement, _git_dir) =
+        setup_announcement_on_relay(&source_relay, &keys, &domain_refs, repo_id).await;
+    println!("Announcement set up on source relay with git data");
    // Start syncing relay with pre-allocated port
-    harness.start_syncing_relay_on_port(0, sync_port).await;
+    let syncing_relay =
+        TestRelay::start_on_port_with_options(sync_port, Some(source_relay.url().to_string()), false)
+            .await;
+    println!("Syncing relay started at {}", syncing_relay.url());
    // Wait for sync connection to be fully established with EOSE received
    // This ensures we're in "live" mode before submitting test events
@@ -424,33 +429,61 @@ async fn test_live_sync_event_count() {
        .await
        .expect("Sync connection should be established");
-    // Additional small delay to ensure EOSE has been processed
+    // Additional delay to ensure purgatory promotion completes on syncing relay
-    tokio::time::sleep(Duration::from_millis(500)).await;
+    tokio::time::sleep(Duration::from_secs(4)).await;
-    // Now add events - these should be "live" not "startup"
+    // Now add Layer 2 patch events (not announcements) - these are accepted immediately
-    // Include BOTH domains so events are accepted by both relays
+    // (Layer 2 events are accepted directly to DB, no purgatory)
-    let keys = Keys::generate();
+    let repo_coord_str = format!(
-    let events: Vec<_> = (0..2)
+        "{}:{}:{}",
-        .map(|i| {
+        Kind::GitRepoAnnouncement.as_u16(),
-            create_repo_announcement(
+        keys.public_key().to_hex(),
-                &keys,
+        repo_id
-                &[&harness.source_domain(0), &sync_domain],
+    );
-                &format!("live-{}", i),
-            )
+    let patch1 = create_event_referencing_repo(
-        })
+        &keys,
-        .collect();
+        &repo_coord_str,
-    harness.submit_events(0, &events).await.unwrap();
+        Kind::GitPatch.as_u16(),
+        "Live test patch 1",
+    );
+    let patch2 = create_event_referencing_repo(
+        &keys,
+        &repo_coord_str,
+        Kind::GitPatch.as_u16(),
+        "Live test patch 2",
+    );
+    // Send patches to source AFTER sync connection established (live mode)
+    let client = TestClient::new(source_relay.url(), keys.clone())
+        .await
+        .expect("Failed to connect to source");
+    client.send_event(&patch1).await.expect("Failed to send patch 1");
+    client.send_event(&patch2).await.expect("Failed to send patch 2");
+    client.disconnect().await;
+    println!("Two patches sent to source relay (live mode)");
    // Wait for live events to be processed and metrics updated
    tokio::time::sleep(Duration::from_secs(4)).await;
-    let metrics = harness.get_metrics().await.unwrap();
+    // Fetch metrics from syncing relay
+    let raw_metrics = fetch_metrics(&sync_url)
+        .await
+        .expect("Failed to fetch metrics");
+    let metrics = ParsedMetrics::parse(&raw_metrics);
    let synced_count = metrics.events_synced_total();
    println!("Events synced total: {:?}", synced_count);
-    assert_eq!(synced_count, Some(2), "Should have 2 synced events");
+    // Cleanup
+    syncing_relay.stop().await;
+    source_relay.stop().await;
-    harness.stop_all().await;
+    assert!(
+        synced_count.is_some() && synced_count.unwrap() >= 2,
+        "Should have synced at least 2 events, got {:?}",
+        synced_count
+    );
 }
 /// Test that relay connected status is tracked in metrics.
diff --git a/tests/sync/mod.rs b/tests/sync/mod.rs
index 400341f..70c6981 100644
--- a/tests/sync/mod.rs
+++ b/tests/sync/mod.rs
@@ -82,14 +82,12 @@
 //! **Example from `discovery.rs`:**
 //! ```rust
 //! #[tokio::test]
-//! async fn test_recursive_relay_discovery() {
+//! async fn test_discovers_layer3_via_layer2() {
 //!     // Multi-relay orchestration
-//!     let relay1 = TestRelay::start().await;
+//!     let relay_a = TestRelay::start().await;
-//!     let relay2 = TestRelay::start().await;
+//!     let relay_b = TestRelay::start_with_sync(None).await;
-//!     let relay3 = TestRelay::start().await;
 //!
-//!     // relay1 announces relay2, relay2 announces relay3
+//!     // relay_b receives announcement listing relay_a, discovers and syncs from it
-//!     // Verify relay1 discovers relay3 through chain
 //! }
 //! ```
 //!
diff --git a/tests/sync/tag_variations.rs b/tests/sync/tag_variations.rs
index 46b1203..021ad0e 100644
--- a/tests/sync/tag_variations.rs
+++ b/tests/sync/tag_variations.rs
@@ -55,30 +55,19 @@ async fn test_layer2_sync_with_lowercase_a_tag() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
+    // (purgatory requires git data before announcements are accepted)
    let repo_id = "test-repo-tag-8a";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_a");
+    println!("Announcement set up on relay_a with git data");
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
-        .await
-        .expect("Failed to connect to relay_b");
-    client_a
+    let (_announcement_b, _git_dir_b) =
-        .send_event(&announcement)
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .await
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -95,9 +84,10 @@ async fn test_layer2_sync_with_lowercase_a_tag() {
        issue_id,
        issue.kind.as_u16()
    );
-    for tag in issue.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
-    }
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
@@ -106,7 +96,6 @@ async fn test_layer2_sync_with_lowercase_a_tag() {
    println!("Issue sent to relay_a");
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 5. Wait and verify event syncs to relay_b
    let filter = Filter::new()
@@ -154,30 +143,18 @@ async fn test_layer2_sync_with_uppercase_a_tag() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
    let repo_id = "test-repo-tag-8b";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
-        .await
-        .expect("Failed to connect to relay_a");
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_b");
+    println!("Announcement set up on relay_a with git data");
-    client_a
+    let (_announcement_b, _git_dir_b) =
-        .send_event(&announcement)
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .await
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -197,9 +174,10 @@ async fn test_layer2_sync_with_uppercase_a_tag() {
        issue_id,
        issue.kind.as_u16()
    );
-    for tag in issue.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
-    }
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
@@ -208,7 +186,6 @@ async fn test_layer2_sync_with_uppercase_a_tag() {
    println!("Issue sent to relay_a");
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 5. Wait and verify event syncs to relay_b
    let filter = Filter::new()
@@ -255,30 +232,18 @@ async fn test_layer2_sync_with_q_tag() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
    let repo_id = "test-repo-tag-8c";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_a");
+    println!("Announcement set up on relay_a with git data");
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    let (_announcement_b, _git_dir_b) =
-        .await
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_b");
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-    client_a
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -294,9 +259,10 @@ async fn test_layer2_sync_with_q_tag() {
        issue_id,
        issue.kind.as_u16()
    );
-    for tag in issue.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
-    }
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
@@ -305,7 +271,6 @@ async fn test_layer2_sync_with_q_tag() {
    println!("Issue sent to relay_a");
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 5. Wait and verify event syncs to relay_b
    let filter = Filter::new()
@@ -362,30 +327,18 @@ async fn test_layer3_sync_with_lowercase_e_tag() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
    let repo_id = "test-repo-tag-9a";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_a");
+    println!("Announcement set up on relay_a with git data");
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
-        .await
-        .expect("Failed to connect to relay_b");
-    client_a
+    let (_announcement_b, _git_dir_b) =
-        .send_event(&announcement)
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .await
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -396,6 +349,10 @@ async fn test_layer3_sync_with_lowercase_e_tag() {
        .expect("Failed to create issue");
    let issue_id = issue.id;
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
        .await
@@ -410,11 +367,6 @@ async fn test_layer3_sync_with_lowercase_e_tag() {
    assert!(issue_synced, "Layer 2 issue should sync first");
    // Wait for Layer 3 subscriptions to be established
-    // After issue syncs, relay_b's SelfSubscriber needs time to:
-    // 1. Receive the synced issue via notify_event broadcast
-    // 2. Batch timer to tick (up to 200ms in tests)
-    // 3. Process batch and create Layer 3 filters
-    // 4. Subscribe to relay_a with Layer 3 filters
    tokio::time::sleep(Duration::from_millis(500)).await;
    // 6. Create and send Layer 3 reply with lowercase 'e' tag (kind 1)
@@ -427,9 +379,6 @@ async fn test_layer3_sync_with_lowercase_e_tag() {
        reply_id,
        reply.kind.as_u16()
    );
-    for tag in reply.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
-    }
    client_a
        .send_event(&reply)
@@ -438,7 +387,6 @@ async fn test_layer3_sync_with_lowercase_e_tag() {
    println!("Layer 3 reply {} sent to relay_a", reply_id);
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 7. Wait and verify reply syncs to relay_b
    let reply_filter = Filter::new()
@@ -486,30 +434,18 @@ async fn test_layer3_sync_with_uppercase_e_tag() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
    let repo_id = "test-repo-tag-9b";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
-        .await
-        .expect("Failed to connect to relay_a");
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_b");
+    println!("Announcement set up on relay_a with git data");
-    client_a
+    let (_announcement_b, _git_dir_b) =
-        .send_event(&announcement)
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .await
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -520,6 +456,10 @@ async fn test_layer3_sync_with_uppercase_e_tag() {
        .expect("Failed to create issue");
    let issue_id = issue.id;
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
        .await
@@ -534,11 +474,6 @@ async fn test_layer3_sync_with_uppercase_e_tag() {
    assert!(issue_synced, "Layer 2 issue should sync first");
    // Wait for Layer 3 subscriptions to be established
-    // After issue syncs, relay_b's SelfSubscriber needs time to:
-    // 1. Receive the synced issue via notify_event broadcast
-    // 2. Batch timer to tick (up to 200ms in tests)
-    // 3. Process batch and create Layer 3 filters
-    // 4. Subscribe to relay_a with Layer 3 filters
    tokio::time::sleep(Duration::from_millis(500)).await;
    // 6. Create and send Layer 3 comment with uppercase 'E' tag (kind 1111)
@@ -552,9 +487,6 @@ async fn test_layer3_sync_with_uppercase_e_tag() {
        comment_id,
        comment.kind.as_u16()
    );
-    for tag in comment.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
-    }
    client_a
        .send_event(&comment)
@@ -563,7 +495,6 @@ async fn test_layer3_sync_with_uppercase_e_tag() {
    println!("Layer 3 comment {} sent to relay_a", comment_id);
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 7. Wait and verify comment syncs to relay_b
    let comment_filter = Filter::new()
@@ -614,30 +545,18 @@ async fn test_layer3_sync_with_q_tag() {
    let keys = Keys::generate();
-    // 2. Create and send repository announcement to both relays
+    // 2. Create and send repository announcement to both relays with git data
    let repo_id = "test-repo-tag-9c";
-    let announcement =
+    let domains = vec![relay_a.domain(), relay_b.domain()];
-        create_repo_announcement(&keys, &[&relay_a.domain(), &relay_b.domain()], repo_id);
+    let domain_refs: Vec<&str> = domains.iter().map(|s| s.as_str()).collect();
-    let client_a = TestClient::new(relay_a.url(), keys.clone())
+    let (_announcement, _git_dir_a) =
-        .await
+        setup_announcement_on_relay(&relay_a, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_a");
+    println!("Announcement set up on relay_a with git data");
-    let client_b = TestClient::new(relay_b.url(), keys.clone())
+    let (_announcement_b, _git_dir_b) =
-        .await
+        setup_announcement_on_relay(&relay_b, &keys, &domain_refs, repo_id).await;
-        .expect("Failed to connect to relay_b");
+    println!("Announcement set up on relay_b with git data (triggers discovery)");
-    client_a
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_a");
-    println!("Announcement sent to relay_a");
-    client_b
-        .send_event(&announcement)
-        .await
-        .expect("Failed to send announcement to relay_b");
-    println!("Announcement sent to relay_b (triggers discovery)");
    // 3. Wait for discovery
    tokio::time::sleep(Duration::from_secs(1)).await;
@@ -648,6 +567,10 @@ async fn test_layer3_sync_with_q_tag() {
        .expect("Failed to create issue");
    let issue_id = issue.id;
+    let client_a = TestClient::new(relay_a.url(), keys.clone())
+        .await
+        .expect("Failed to connect to relay_a");
    client_a
        .send_event(&issue)
        .await
@@ -662,11 +585,6 @@ async fn test_layer3_sync_with_q_tag() {
    assert!(issue_synced, "Layer 2 issue should sync first");
    // Wait for Layer 3 subscriptions to be established
-    // After issue syncs, relay_b's SelfSubscriber needs time to:
-    // 1. Receive the synced issue via notify_event broadcast
-    // 2. Batch timer to tick (up to 200ms in tests)
-    // 3. Process batch and create Layer 3 filters
-    // 4. Subscribe to relay_a with Layer 3 filters
    tokio::time::sleep(Duration::from_millis(500)).await;
    // 6. Create and send Layer 3 quote with 'q' tag (kind 1)
@@ -679,9 +597,6 @@ async fn test_layer3_sync_with_q_tag() {
        quote_id,
        quote.kind.as_u16()
    );
-    for tag in quote.tags.iter() {
-        println!("  Tag: {:?}", tag.as_slice());
-    }
    client_a
        .send_event(&quote)
@@ -690,7 +605,6 @@ async fn test_layer3_sync_with_q_tag() {
    println!("Layer 3 quote {} sent to relay_a", quote_id);
    client_a.disconnect().await;
-    client_b.disconnect().await;
    // 7. Wait and verify quote syncs to relay_b
    let quote_filter = Filter::new()
author	DanConwayDev <DanConwayDev@protonmail.com>	2026-02-23 15:41:32 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-02-23 15:41:32 +0000
commit	c54ce061d6d278cce8362d5af085808ca60c239b (patch)
tree	ec967d6195d9f7ec4f061449596611afe3a0950f
parent	e0ad39a489b3398f8208713bf728db0cb11475b0 (diff)
parent	113928aa84894ea8f65c247d9987527e792b32a9 (diff)