# HushChat Fixture Import Checklist This checklist is for replacing the pending placeholders with real, non-sensitive SilentDragonXLite compatibility vectors. Do not commit passphrases, plaintext, memo contents from real wallets, private keys, wallet files, or arbitrary ciphertext dumps. Use only disposable test wallets and non-sensitive test messages. The checked-in ready files must contain only the schema fields required by the loader. Required categories: - `incoming_memo`: received encrypted Memo vector, expected `ClientRx` - `outgoing_memo`: outgoing-history encrypted Memo vector, expected `ServerTx` - `seed_public_key_projection`: vector proving the SDXL UTF-8-hex seed projection matches the recorded local public key - `corrupted_auth_failure`: structurally valid Memo vector reserved for future authentication-failure verification - `cont_exclusion`: contact request vector that remains excluded from encrypted Memo decrypt preparation Capture rules: - Use disposable SilentDragonXLite wallets only. - Use a fixed non-sensitive test phrase and record only its hash if a plaintext expectation is needed. - Do not store decrypted message text in fixture files. - Do not include private keys, viewing keys, spending keys, wallet seed phrases, or wallet database contents. - Keep the top-level `schema` value as `dragonx.hushchat.compat-fixture.v1`. - Change `status` from `pending` to `ready` only when the fixture has the full `fixture` object documented in the protocol spec. - Preserve one fixture file per required category. - For every ready non-`Cont` vector, the stored SDXL chat key string must project to the declared local public key using SDXL's first-32-UTF-8-bytes seed behavior. - The projection check records only byte lengths and match status; it must not write passphrases, plaintext, derived secret keys, memo contents, or ciphertext bytes. - A ready `corrupted_auth_failure` vector must be structurally valid through the same loader, verifier, and projection checks, then marked as requiring a future secretstream authentication failure. - The corrupted-auth marker is not a decrypt result and is not an authentication result. - Run the strict replacement dry-run report against a staged directory before copying any ready files over the checked-in pending placeholders. - The dry-run report must remain redacted; it may contain category names, basenames, status/error names, boolean flags, and counts only. - Add `capture-manifest.json` to the staged directory from `templates/capture-manifest.template.json` and validate it before strict replacement dry-run checks. - The capture manifest records provenance, handling flags, category filenames, and dry-run instructions only; it must not contain fixture objects or sensitive fields. Verification flow: ```sh ./build/bin/HushChatFixtureCheck --allow-pending tests/fixtures/hushchat ./build/bin/HushChatFixtureCheck --validate-capture-manifest /path/to/staged/hushchat-fixtures ./build/bin/HushChatFixtureCheck --replacement-dry-run /path/to/staged/hushchat-fixtures ./build/bin/HushChatFixtureCheck tests/fixtures/hushchat ``` The first command is for the current scaffold state and allows pending files. The manifest command validates only redacted staged-directory metadata. The dry-run command is strict, refuses `--allow-pending`, performs no file replacement, and must fail until the staged directory contains all five real ready vectors with no pending, malformed, mismatched, projection-failed, auth-not-ready, or Cont-not-excluded entries. The final command is the post-copy strict check on the checked-in fixture directory; it must report `future_auth_required=1` and `auth_structural_ready=1`. A ready import is acceptable only when the manifest command and both strict fixture commands exit successfully.