3 files changed, 285 insertions, 80 deletions

diff --git a/grasp-audit/src/bin/grasp-audit.rs b/grasp-audit/src/bin/grasp-audit.rs
index b3fa0db..d192f04 100644
--- a/grasp-audit/src/bin/grasp-audit.rs
+++ b/grasp-audit/src/bin/grasp-audit.rs
@@ -144,51 +144,56 @@ async fn main() -> Result<()> {
                     println!("Running all tests...\n");
                     let mut all_results = AuditResult::new("All GRASP-01 Tests");
 
-                    // Repository creation tests
+                    // NIP-01 smoke tests (stateless - no shared fixture dependencies)
+                    println!("  → NIP-01 smoke tests...");
+                    let nip01_results = specs::Nip01SmokeTests::run_all(&client).await;
+                    all_results.merge(nip01_results);
+
+                    // NIP-11 document tests (stateless)
+                    println!("  → NIP-11 document tests...");
+                    let nip11_results = specs::Nip11DocumentTests::run_all(&client).await;
+                    all_results.merge(nip11_results);
+
+                    // CORS tests (stateless HTTP checks)
+                    println!("  → CORS tests...");
+                    let cors_results = specs::CorsTests::run_all(&client, &relay_domain).await;
+                    all_results.merge(cors_results);
+
+                    // Repository creation tests (uses ValidRepoSent only - no state events)
                     println!("  → Repository creation tests...");
                     let repo_results = specs::RepositoryCreationTests::run_all(&client, &relay_domain).await;
                     all_results.merge(repo_results);
 
-                    // Git clone tests
+                    // Git clone tests (uses ValidRepoSent only - no state events)
                     println!("  → Git clone tests...");
                     let clone_results = specs::GitCloneTests::run_all(&client, &relay_domain).await;
                     all_results.merge(clone_results);
 
-                    // Git filter capability tests
+                    // Git filter capability tests (uses ValidRepoSent only - no state events)
                     println!("  → Git filter capability tests...");
                     let filter_results = specs::GitFilterTests::run_all(&client, &relay_domain).await;
                     all_results.merge(filter_results);
 
-                    // Push authorization tests
-                    println!("  → Push authorization tests...");
-                    let push_results = specs::PushAuthorizationTests::run_all(&client, &relay_domain).await;
-                    all_results.merge(push_results);
-
-                    // Event acceptance policy tests
+                    // Event acceptance policy tests (uses ValidRepoServed - no extra state events)
                     println!("  → Event acceptance policy tests...");
                     let event_results = specs::EventAcceptancePolicyTests::run_all(&client).await;
                     all_results.merge(event_results);
 
-                    // NIP-01 smoke tests
-                    println!("  → NIP-01 smoke tests...");
-                    let nip01_results = specs::Nip01SmokeTests::run_all(&client).await;
-                    all_results.merge(nip01_results);
-
-                    // NIP-11 document tests
-                    println!("  → NIP-11 document tests...");
-                    let nip11_results = specs::Nip11DocumentTests::run_all(&client).await;
-                    all_results.merge(nip11_results);
-
-                    // CORS tests
-                    println!("  → CORS tests...");
-                    let cors_results = specs::CorsTests::run_all(&client, &relay_domain).await;
-                    all_results.merge(cors_results);
-
-                    // Purgatory tests
+                    // Purgatory tests MUST run before push-auth.
+                    // Push-auth sends new replaceable state events (kind 30618) for the same
+                    // repo_id as OwnerStateDataPushed (e.g. test_head_set_after_git_push_with_required_oids
+                    // sends a develop1 state event that displaces the original). If purgatory ran
+                    // after push-auth, is_event_on_relay(original_id) would return false because
+                    // the original state event has been replaced on the relay.
                     println!("  → Purgatory tests...");
                     let purgatory_results = specs::PurgatoryTests::run_all(&client).await;
                     all_results.merge(purgatory_results);
 
+                    // Push authorization tests (mutates shared state - must run last among git specs)
+                    println!("  → Push authorization tests...");
+                    let push_results = specs::PushAuthorizationTests::run_all(&client, &relay_domain).await;
+                    all_results.merge(push_results);
+
                     println!();
                     all_results
                 }
diff --git a/grasp-audit/src/fixtures.rs b/grasp-audit/src/fixtures.rs
index 45d3094..0a9bf65 100644
--- a/grasp-audit/src/fixtures.rs
+++ b/grasp-audit/src/fixtures.rs
@@ -287,6 +287,36 @@ pub enum FixtureKind {
     /// - Returns: the served PR event
     PREvent2Served,
 
+    /// Independent repo announcement, used exclusively by purgatory tests.
+    ///
+    /// Creates its own fresh repo announcement (unique repo_id) that is NOT shared with
+    /// the main ValidRepoSent chain. The shared ValidRepoSent may already be promoted
+    /// (served) by the time purgatory tests run if earlier specs triggered OwnerStateDataPushed.
+    /// This fixture is never promoted by any other test, so the announcement stays in purgatory.
+    ///
+    /// - No dependencies
+    /// - Sends its own announcement to the relay
+    /// - Returns the repo announcement event (kind 30617)
+    PurgatoryValidRepoSent,
+
+    /// Independent owner state data pushed, used exclusively by purgatory tests.
+    ///
+    /// This fixture creates its own completely independent repo (fresh UUID, own announcement,
+    /// own state event, own git push) that is NOT shared with the main OwnerStateDataPushed
+    /// chain. It exists so that purgatory tests which mutate relay state (sending replacement
+    /// announcements, new state events pointing to non-existent commits, etc.) do not corrupt
+    /// the shared repo that push-authorization tests depend on.
+    ///
+    /// Stages (self-contained, no external dependencies):
+    /// 1. Creates a fresh repo announcement with a unique repo_id
+    /// 2. Creates and sends an owner state event (purgatory)
+    /// 3. Pushes git data (DETERMINISTIC_COMMIT_HASH) to release from purgatory
+    /// 4. Verifies state event is served
+    ///
+    /// - No dependencies (creates its own ValidRepoSent + OwnerStateDataPushed internally)
+    /// - Returns the owner state event (kind 30618) after git data is pushed
+    PurgatoryOwnerStateDataPushed,
+
     /// Owner's state event with git data successfully pushed (full 4-stage fixture)
     ///
     /// This fixture represents the complete flow for testing state push authorization:
@@ -372,6 +402,12 @@ impl FixtureKind {
             Self::PREvent2GitDataPushed => vec![Self::PREvent2Sent],
             Self::PREvent2Served => vec![Self::PREvent2GitDataPushed],
 
+            // PurgatoryValidRepoSent has no dependencies — creates its own fresh repo
+            Self::PurgatoryValidRepoSent => vec![],
+
+            // PurgatoryOwnerStateDataPushed depends on PurgatoryValidRepoSent
+            Self::PurgatoryOwnerStateDataPushed => vec![Self::PurgatoryValidRepoSent],
+
             // OwnerStateDataPushed depends on OwnerRepoStateSent (git push + purgatory release)
             Self::OwnerStateDataPushed => vec![Self::OwnerRepoStateSent],
 
@@ -416,6 +452,10 @@ impl FixtureKind {
             Self::PREvent2Served => true,
             // HeadSetToDevelopBranch sends its state event internally
             Self::HeadSetToDevelopBranch => true,
+            // PurgatoryValidRepoSent sends its own announcement internally
+            Self::PurgatoryValidRepoSent => true,
+            // PurgatoryOwnerStateDataPushed sends its own state event and git push internally
+            Self::PurgatoryOwnerStateDataPushed => true,
             // ValidRepoServed doesn't send anything itself, just returns cached event
             Self::ValidRepoServed => true,
             // OwnerRepoStateSent sends its state event and notes purgatory internally
@@ -926,6 +966,9 @@ impl<'a> TestContext<'a> {
             FixtureKind::PREvent2GitDataPushed => self.build_pr_event_2_git_data_pushed().await,
             FixtureKind::PREvent2Served => self.build_pr_event_2_served().await,
 
+            FixtureKind::PurgatoryValidRepoSent => self.build_purgatory_valid_repo_sent().await,
+            FixtureKind::PurgatoryOwnerStateDataPushed => self.build_purgatory_owner_state_data_pushed().await,
+
             FixtureKind::OwnerStateDataPushed => self.build_owner_state_data_pushed().await,
 
             FixtureKind::MaintainerStateDataPushed => {
@@ -1000,6 +1043,166 @@ impl<'a> TestContext<'a> {
             .ok_or_else(|| anyhow::anyhow!("Missing d tag in repo announcement"))
     }
 
+    /// Build PurgatoryValidRepoSent fixture: independent repo announcement for purgatory tests.
+    ///
+    /// Creates a fresh repo announcement with a unique repo_id, sends it to the relay,
+    /// and returns it. Never promoted by any other test so the announcement stays in purgatory.
+    async fn build_purgatory_valid_repo_sent(&self) -> Result<Event> {
+        use nostr_sdk::prelude::*;
+
+        let repo_id = format!(
+            "fixture-PurgatoryValidRepoSent-{}",
+            &uuid::Uuid::new_v4().to_string()[..8]
+        );
+
+        let relay_domain = self.get_relay_domain().await?;
+        let relay_url = format!("ws://{}", relay_domain);
+        let http_url = format!("http://{}", relay_domain);
+
+        let npub = self
+            .client
+            .public_key()
+            .to_bech32()
+            .map_err(|e| anyhow::anyhow!("Failed to convert pubkey to bech32: {}", e))?;
+
+        let announcement = self
+            .client
+            .event_builder(Kind::GitRepoAnnouncement, "")
+            .tag(Tag::identifier(&repo_id))
+            .tag(Tag::custom(TagKind::custom("name"), vec![repo_id.clone()]))
+            .tag(Tag::custom(
+                TagKind::custom("clone"),
+                vec![format!("{}/{}/{}.git", http_url, npub, repo_id)],
+            ))
+            .tag(Tag::custom(TagKind::custom("relays"), vec![relay_url]))
+            .build(self.client.keys())
+            .map_err(|e| anyhow::anyhow!("Failed to build repo announcement: {}", e))?;
+
+        self.client.send_event(announcement.clone()).await?;
+
+        Ok(announcement)
+    }
+
+    /// Build PurgatoryOwnerStateDataPushed fixture: a self-contained independent repo for purgatory tests.
+    ///
+    /// Creates its own fresh repo announcement (unique repo_id), state event, and git push
+    /// without touching the shared OwnerStateDataPushed chain. This ensures that purgatory
+    /// tests which mutate relay state (replacement announcements, new state events, deletions)
+    /// do not corrupt the repo that push-authorization tests depend on.
+    async fn build_purgatory_owner_state_data_pushed(&self) -> Result<Event> {
+        use nostr_sdk::prelude::*;
+
+        // ============================================================
+        // Step 1: Get the cached PurgatoryValidRepoSent announcement
+        // (ensured as a dependency before this is called)
+        // ============================================================
+        let announcement = self.get_cached_dependency(FixtureKind::PurgatoryValidRepoSent)?;
+        let repo_id = self.extract_repo_id(&announcement)?;
+
+        let relay_domain = self.get_relay_domain().await?;
+
+        let npub = self
+            .client
+            .public_key()
+            .to_bech32()
+            .map_err(|e| anyhow::anyhow!("Failed to convert pubkey to bech32: {}", e))?;
+
+        // ============================================================
+        // Step 2: Create and send owner state event (enters purgatory)
+        // ============================================================
+        let base_time = Timestamp::now().as_secs();
+        let older_timestamp = Timestamp::from(base_time - 10);
+
+        let state_event = self
+            .client
+            .event_builder(Kind::RepoState, "")
+            .tag(Tag::identifier(&repo_id))
+            .tag(Tag::custom(
+                TagKind::custom("refs/heads/main"),
+                vec![DETERMINISTIC_COMMIT_HASH.to_string()],
+            ))
+            .tag(Tag::custom(
+                TagKind::custom("HEAD"),
+                vec!["ref: refs/heads/main".to_string()],
+            ))
+            .custom_time(older_timestamp)
+            .build(self.client.keys())
+            .map_err(|e| anyhow::anyhow!("Failed to build state event: {}", e))?;
+
+        self.client
+            .send_event_and_note_purgatory(state_event.clone())
+            .await?;
+
+        // ============================================================
+        // Step 3: Clone repo, create deterministic commit, push
+        // ============================================================
+        let clone_path = clone_repo(&relay_domain, &npub, &repo_id)
+            .map_err(|e| anyhow::anyhow!("Failed to clone repo: {}", e))?;
+
+        let cleanup = |path: &PathBuf| {
+            let _ = fs::remove_dir_all(path);
+        };
+
+        let commit_hash = match create_deterministic_commit(&clone_path, "Initial commit") {
+            Ok(h) => h,
+            Err(e) => {
+                cleanup(&clone_path);
+                return Err(anyhow::anyhow!("Failed to create deterministic commit: {}", e));
+            }
+        };
+
+        if commit_hash != DETERMINISTIC_COMMIT_HASH {
+            cleanup(&clone_path);
+            return Err(anyhow::anyhow!(
+                "Commit hash mismatch: got {}, expected {}",
+                commit_hash,
+                DETERMINISTIC_COMMIT_HASH
+            ));
+        }
+
+        let branch_out = Command::new("git")
+            .args(["branch", "main"])
+            .current_dir(&clone_path)
+            .output();
+        if let Ok(o) = &branch_out {
+            if !o.status.success() {
+                // branch may already exist (detached HEAD clone) — ignore
+            }
+        }
+
+        let _ = Command::new("git")
+            .args(["checkout", "main"])
+            .current_dir(&clone_path)
+            .output();
+
+        let push_result = try_push(&clone_path);
+        cleanup(&clone_path);
+
+        match push_result {
+            Ok(true) => {}
+            Ok(false) => {
+                return Err(anyhow::anyhow!(
+                    "PurgatoryOwnerStateDataPushed git push rejected (state event points to {})",
+                    DETERMINISTIC_COMMIT_HASH
+                ));
+            }
+            Err(e) => return Err(anyhow::anyhow!("PurgatoryOwnerStateDataPushed push error: {}", e)),
+        }
+
+        // ============================================================
+        // Step 4: Verify state event released from purgatory
+        // ============================================================
+        tokio::time::sleep(Duration::from_millis(200)).await;
+
+        if !self.client.is_event_on_relay(state_event.id).await? {
+            return Err(anyhow::anyhow!(
+                "PurgatoryOwnerStateDataPushed state event not released from purgatory"
+            ));
+        }
+
+        Ok(state_event)
+    }
+
     /// Build OwnerStateDataPushed fixture: git push + purgatory release for owner's state event
     ///
     /// `OwnerRepoStateSent` is ensured as a dependency before this is called — the state event
diff --git a/grasp-audit/src/specs/grasp01/purgatory.rs b/grasp-audit/src/specs/grasp01/purgatory.rs
index 29eabad..0686da8 100644
--- a/grasp-audit/src/specs/grasp01/purgatory.rs
+++ b/grasp-audit/src/specs/grasp01/purgatory.rs
@@ -46,7 +46,11 @@ impl PurgatoryTests {
         results.add(Self::test_announcement_not_served_before_git_data(client).await);
         results.add(Self::test_announcement_served_after_git_push(client).await);
         results.add(Self::test_bare_repo_exists_for_purgatory_announcement(client).await);
+
+        // State event purgatory tests
         results.add(Self::test_state_event_accepted_for_purgatory_announcement(client).await);
+        results.add(Self::test_state_event_not_served_before_git_data(client).await);
+        results.add(Self::test_state_event_served_after_git_push(client).await);
 
         // Deletion event tests (NIP-09)
         results.add(Self::test_deletion_by_event_id_removes_purgatory_state_event(client).await);
@@ -54,10 +58,6 @@ impl PurgatoryTests {
             Self::test_deletion_by_coordinate_removes_purgatory_state_event(client).await,
         );
 
-        // State event purgatory tests (already implemented)
-        results.add(Self::test_state_event_not_served_before_git_data(client).await);
-        results.add(Self::test_state_event_served_after_git_push(client).await);
-
         // PR purgatory tests
         results.add(Self::test_pr_event_accepted_into_purgatory_and_isnt_served(client).await);
         results.add(Self::test_pr_event_in_purgatory_git_push_accepted(client).await);
@@ -92,9 +92,12 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Create a fresh repo announcement (not the served variant)
+            // Use the purgatory-specific fixture which creates its own independent repo.
+            // The shared ValidRepoSent may already be promoted (served) by the time this
+            // test runs if earlier specs triggered OwnerStateDataPushed. PurgatoryValidRepoSent
+            // is never promoted by any other test so the announcement stays in purgatory.
             let repo = ctx
-                .get_fixture(FixtureKind::ValidRepoSent)
+                .get_fixture(FixtureKind::PurgatoryValidRepoSent)
                 .await
                 .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
 
@@ -106,7 +109,7 @@ impl PurgatoryTests {
                 .ok_or("Missing d tag in repo announcement")?
                 .to_string();
 
-            // Query for the announcement - should NOT be served
+            // Query for the announcement - should NOT be served (purgatory)
             let filter = Filter::new()
                 .kind(Kind::GitRepoAnnouncement)
                 .author(client.public_key())
@@ -153,13 +156,13 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // OwnerStateDataPushed fixture handles the full lifecycle:
+            // PurgatoryOwnerStateDataPushed fixture handles the full lifecycle:
             // 1. Creates repo announcement (purgatory)
             // 2. Creates state event (purgatory)
             // 3. Pushes git data
             // 4. Verifies events are served
             let state_event = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
                 .map_err(|e| format!("Failed to complete full lifecycle: {}", e))?;
 
@@ -190,18 +193,16 @@ impl PurgatoryTests {
                 ));
             }
 
-            // Verify state event is served
-            let state_filter = Filter::new()
-                .kind(Kind::RepoState)
-                .author(client.public_key())
-                .identifier(&repo_id);
-
-            let state_events = client
-                .query(state_filter)
+            // Verify state event is served by querying its specific event ID.
+            // We intentionally query by ID rather than kind+author+identifier because
+            // other tests (e.g. push-auth) may have sent a newer replaceable state event
+            // for the same repo_id, which would displace this one in an identifier query.
+            let served = client
+                .is_event_on_relay(state_event.id)
                 .await
-                .map_err(|e| format!("Failed to query state events: {}", e))?;
+                .map_err(|e| format!("Failed to query state event: {}", e))?;
 
-            if !state_events.iter().any(|e| e.id == state_event.id) {
+            if !served {
                 return Err(format!(
                     "State event not served after git push. Event ID: {}",
                     state_event.id
@@ -234,9 +235,9 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Get a repo announcement (in purgatory, no git data yet)
+            // Get the purgatory-specific repo announcement (never promoted by other tests)
             let repo = ctx
-                .get_fixture(FixtureKind::ValidRepoSent)
+                .get_fixture(FixtureKind::PurgatoryValidRepoSent)
                 .await
                 .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
 
@@ -314,9 +315,9 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Get a repo announcement (in purgatory)
+            // Get the purgatory-specific repo announcement (never promoted by other tests)
             let repo = ctx
-                .get_fixture(FixtureKind::ValidRepoSent)
+                .get_fixture(FixtureKind::PurgatoryValidRepoSent)
                 .await
                 .map_err(|e| format!("Failed to create repo announcement: {}", e))?;
 
@@ -407,11 +408,13 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Get a repo with git data already pushed
+            // Use the isolated purgatory repo so this test's new state event
+            // does not displace the shared OwnerStateDataPushed state event
+            // that push-authorization tests depend on.
             let existing_state = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
-                .map_err(|e| format!("Failed to get existing repo: {}", e))?;
+                .map_err(|e| format!("Failed to get purgatory test repo: {}", e))?;
 
             let repo_id = existing_state
                 .tags
@@ -461,7 +464,7 @@ impl PurgatoryTests {
     /// Spec: GRASP-01 Line 22
     /// "...kept in purgatory (not served) until the related git data arrives"
     ///
-    /// This test verifies the full lifecycle using OwnerStateDataPushed fixture:
+    /// This test verifies the full lifecycle using PurgatoryOwnerStateDataPushed fixture:
     /// 1. State event is sent (enters purgatory)
     /// 2. Git data is pushed matching the state event
     /// 3. State event is now served
@@ -474,32 +477,22 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // OwnerStateDataPushed handles the full lifecycle
+            // PurgatoryOwnerStateDataPushed handles the full lifecycle
             let state_event = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
                 .map_err(|e| format!("Failed to complete full lifecycle: {}", e))?;
 
-            // Verify state event is now served
-            let repo_id = state_event
-                .tags
-                .iter()
-                .find(|t| t.kind() == TagKind::d())
-                .and_then(|t| t.content())
-                .ok_or("Missing d tag in state event")?
-                .to_string();
-
-            let filter = Filter::new()
-                .kind(Kind::RepoState)
-                .author(client.public_key())
-                .identifier(&repo_id);
-
-            let events = client
-                .query(filter)
+            // Verify state event is served by querying its specific event ID.
+            // We intentionally query by ID rather than kind+author+identifier because
+            // other tests (e.g. push-auth) may have sent a newer replaceable state event
+            // for the same repo_id, which would displace this one in an identifier query.
+            let served = client
+                .is_event_on_relay(state_event.id)
                 .await
-                .map_err(|e| format!("Failed to query state events: {}", e))?;
+                .map_err(|e| format!("Failed to query state event: {}", e))?;
 
-            if !events.iter().any(|e| e.id == state_event.id) {
+            if !served {
                 return Err(format!(
                     "State event not served after git push. Event ID: {}",
                     state_event.id
@@ -665,7 +658,7 @@ impl PurgatoryTests {
     /// each referencing an event the author is requesting to be deleted."
     ///
     /// This test verifies:
-    /// 1. Get a promoted repo (OwnerStateDataPushed) so git pushes are possible
+    /// 1. Get a promoted repo (PurgatoryOwnerStateDataPushed) so git pushes are possible
     /// 2. Clone the repo and create a unique commit (not yet pushed)
     /// 3. Submit a state event pointing to that unique commit (enters purgatory)
     /// 4. Send a kind 5 deletion event referencing the state event by event ID
@@ -681,11 +674,12 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Stage 1: get a promoted repo with git data already on the relay
+            // Stage 1: get the isolated purgatory repo (independent from the shared
+            // OwnerStateDataPushed chain that push-authorization tests depend on)
             let existing_state = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
-                .map_err(|e| format!("Failed to get promoted repo: {}", e))?;
+                .map_err(|e| format!("Failed to get purgatory test repo: {}", e))?;
 
             let repo_id = existing_state
                 .tags
@@ -788,7 +782,7 @@ impl PurgatoryTests {
     /// event up to the `created_at` timestamp of the deletion request event."
     ///
     /// This test verifies:
-    /// 1. Get a promoted repo (OwnerStateDataPushed) so git pushes are possible
+    /// 1. Get a promoted repo (PurgatoryOwnerStateDataPushed) so git pushes are possible
     /// 2. Generate a fresh keypair for a new maintainer
     /// 3. Send a replacement owner announcement adding the new maintainer (goes to DB)
     /// 4. Send a state event signed by the new maintainer pointing to a unique commit
@@ -807,11 +801,14 @@ impl PurgatoryTests {
         .run(|| async {
             let ctx = TestContext::new(client);
 
-            // Stage 1: get a promoted repo with git data already on the relay
+            // Stage 1: get the isolated purgatory repo (independent from the shared
+            // OwnerStateDataPushed chain that push-authorization tests depend on).
+            // This test sends a replacement announcement (kind 30617) for the repo which
+            // would corrupt the shared repo's maintainer set if we used OwnerStateDataPushed.
             let existing_state = ctx
-                .get_fixture(FixtureKind::OwnerStateDataPushed)
+                .get_fixture(FixtureKind::PurgatoryOwnerStateDataPushed)
                 .await
-                .map_err(|e| format!("Failed to get promoted repo: {}", e))?;
+                .map_err(|e| format!("Failed to get purgatory test repo: {}", e))?;
 
             let repo_id = existing_state
                 .tags