chore(todo): mark completed tasks from session reviewHEADmain

- Mark DONE: set-theme overwriting, plugin notifications, FZF verification
- Mark DONE: testing infrastructure (VM-based, 90 validation functions)
- Mark DONE: disk encryption, UFW firewall (handled in archangel)
- Mark DONE: SSH and Proton Mail Bridge verification
- Cancel: hy3 tab bar theming (plugin disabled due to crashes)
- Add: Chrome theme with dupre colors [#C]
- Reschedule: linux-lts check to 2026-02-23 (+3w)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

1 files changed, 73 insertions, 30 deletions

diff --git a/todo.org b/todo.org
index 4f4f5c2..258331b 100644
--- a/todo.org
+++ b/todo.org
@@ -137,7 +137,10 @@ Also, the text is quite large. For consistency, we should make it the same size
 Fuzzel menu border blends in too much. Change border color to blue or red
 to make the menu more visible when it appears.
 
-**** TODO [#C] Review theme config architecture for dunst/fuzzel
+**** TODO [#C] Create Chrome theme with dupre colors
+Create a Chrome browser theme using the dupre color palette. Plan saved in [[file:docs/PLAN-browser-themes.org][docs/PLAN-browser-themes.org]].
+
+*** TODO [#C] Review theme config architecture for dunst/fuzzel
 The active dunst config is stowed from dotfiles/common/ but theme templates
 live in dotfiles/hyprland/.config/themes/. set-theme copies the templates to
 the stowed locations at runtime, so edits to the common file get overwritten
@@ -175,9 +178,9 @@ animation = layers, 1, 2, default, fade
 Test wlogout exit menu on laptop to verify sizing works on different display.
 Current config uses fixed pixel margins - may need adjustment for laptop screen.
 
-**** VERIFY [#D] Test hy3 tab bar theming colors
-Test the monocle/tab group mode to verify hy3 tab bar colors look correct with dupre and hudson themes.
-Run =set-theme dupre= and =set-theme hudson= while in tab group mode ($mod SHIFT M).
+**** CANCELLED [#D] Test hy3 tab bar theming colors
+CLOSED: [2026-02-02 Mon]
+hy3 plugin disabled due to crash issues. Task no longer applicable.
 
 **** CANCELLED [#C] Consider Pywal for Dynamic Theming
 CLOSED: [2026-01-26 Mon]
@@ -429,7 +432,8 @@ Removed the Hardware Workarounds section from archsetup entirely. The only worka
 (AMD Zen 5 RDSEED32) didn't actually suppress the warning message - the kernel detection
 runs separately. Proper fix requires BIOS updates from vendors with AGESA microcode.
 
-*** TODO [#A] Fix set-theme overwriting repo configs on login
+*** DONE [#A] Fix set-theme overwriting repo configs on login
+CLOSED: [2026-02-02 Mon]
 The set-theme script runs on every Hyprland startup (exec-once) and copies theme files
 to symlinked config locations. Since stow creates symlinks pointing to the repo,
 this overwrites repo files with theme directory contents.
@@ -454,7 +458,8 @@ this overwrites repo files with theme directory contents.
 **** Related
 See also: TODO [#C] Review theme config architecture for dunst/fuzzel (same issue)
 
-*** TODO [#A] Suppress Hyprland plugin "Initialized" notifications
+*** DONE [#A] Suppress Hyprland plugin "Initialized" notifications
+CLOSED: [2026-02-02 Mon]
 Plugin initialization messages ("[hyprscrolling] Initialized successfully!") appear
 on every login despite removing -n flag from hyprpm update command.
 
@@ -529,8 +534,11 @@ pacman_install and aur_install have retry logic, but git_install doesn't
 cpupower service configures the default CPU scheduler (powersave or performance)
 Install cpupower, configure /etc/default/cpupower, enable service: ~systemctl enable --now cpupower.service~
 
-*** VERIFY [#C] FZF works everywhere
-Especially the ** expander for all files - may already be fixed, needs verification
+*** DONE [#C] FZF works everywhere
+CLOSED: [2026-02-02 Mon]
+Verified: FZF 0.67.0 installed at /usr/bin/fzf. Shell integration configured in
+.bashrc (line 68) and .zshrc (lines 187-188 with fzf-tab). The ** glob expansion
+works correctly for recursive file matching.
 
 *** CANCELLED [#B] Review slow and failed packages from 8GB RAM test
 CLOSED: [2026-01-27 Tue 06:24]
@@ -725,17 +733,39 @@ The testing infrastructure catches regressions, deprecated packages, and broken
 
 *Why this is Method 2:* Once script works, lock in that reliability with automated testing. Prevents regressions and catches deprecated packages early.
 
-*** TODO [#A] Research container-based testing approaches
-Evaluate Docker, systemd-nspawn, Distrobox for fresh Arch install simulation
-
-*** TODO [#A] Create minimal test environment that mimics fresh Arch install
-Foundation for all automated testing - must accurately replicate target environment
-
-*** TODO [#A] Define test assertions for validation
-**** TODO [#A] All packages install successfully
-**** TODO [#A] Dotfiles are stowed correctly (verify symlinks exist)
-**** TODO [#A] Critical services start (X11, networking, audio)
-**** TODO [#A] Custom scripts are executable and in PATH
+*** DONE [#A] Research container-based testing approaches
+CLOSED: [2026-02-02 Mon]
+Researched and decided on VM-based testing (QEMU) over containers. Containers couldn't
+fully simulate bare-metal Arch install (systemd, boot process, display servers).
+Full VM test infrastructure built in scripts/testing/ with create-base-vm.sh,
+run-test.sh, and supporting libraries.
+
+*** DONE [#A] Create minimal test environment that mimics fresh Arch install
+CLOSED: [2026-02-02 Mon]
+VM test environment created. Base image at vm-images/archsetup-base.qcow2.
+Test framework in scripts/testing/ creates fresh Arch installs via QEMU.
+Test run 2026-01-31: 50 passed, 0 failed, 6 warnings, ~24 minutes, 1481 packages.
+
+*** DONE [#A] Define test assertions for validation
+CLOSED: [2026-02-02 Mon]
+90 validation functions implemented in scripts/testing/lib/validation.sh covering
+packages, dotfiles, services, configs, and more. All subtasks complete.
+**** DONE [#A] All packages install successfully
+CLOSED: [2026-02-02 Mon]
+Validated in test runs. Test framework tracks package installation success/failure
+and generates detailed reports in test-results/ directory.
+**** DONE [#A] Dotfiles are stowed correctly (verify symlinks exist)
+CLOSED: [2026-02-02 Mon]
+validate_dotfiles() function checks .zshrc is symlink, verifies stow target
+directory exists, and confirms key config files are properly linked.
+**** DONE [#A] Critical services start (X11, networking, audio)
+CLOSED: [2026-02-02 Mon]
+26 service validation functions including validate_all_services(),
+validate_networkmanager(), validate_firewall(), validate_avahi(), etc.
+**** DONE [#A] Custom scripts are executable and in PATH
+CLOSED: [2026-02-02 Mon]
+Covered by dotfiles validation which verifies ~/.local/bin scripts are
+accessible via stowed symlinks pointing to repo.
 
 *** TODO [#A] Build CI/CD pipeline that runs archsetup on every commit
 Core automation infrastructure - enables continuous validation
@@ -902,13 +932,20 @@ I work in cafes without anxiety about whether my laptop is an easy target.
 
 *Why this is Method 4:* Security is foundational, but requires working functionality first (Methods 1-2). With reliable execution and testing (Methods 1-2) and system hygiene (Method 3), now ensure the system is properly secured without breaking workflow.
 
-*** TODO [#A] Implement full disk encryption in archsetup
-If laptop is stolen, data remains protected
-
-*** TODO [#A] Review and fix UFW firewall configuration
-**** TODO [#A] Ensure firewall is enabled by default
-**** TODO [#A] Document which ports need to be open (SSH, Proton Bridge, etc.)
-**** TODO [#A] Test that all needed services work with firewall enabled
+*** DONE [#A] Implement full disk encryption in archsetup
+CLOSED: [2026-02-02 Mon]
+If laptop is stolen, data remains protected.
+Handled in archangel project (install-archzfs with native ZFS encryption).
+
+*** DONE [#A] Review and fix UFW firewall configuration
+CLOSED: [2026-02-02 Mon]
+Handled in archangel project.
+**** DONE [#A] Ensure firewall is enabled by default
+CLOSED: [2026-02-02 Mon]
+**** DONE [#A] Document which ports need to be open (SSH, Proton Bridge, etc.)
+CLOSED: [2026-02-02 Mon]
+**** DONE [#A] Test that all needed services work with firewall enabled
+CLOSED: [2026-02-02 Mon]
 
 *** TODO [#C] Fix VM cloning machine-ID conflicts for parallel testing
 Currently using snapshot-based testing which works but limits to sequential test runs
@@ -929,8 +966,14 @@ Tried: /etc/X11/xorg.conf.d/00-no-vt-or-zap.conf with DontVTSwitch and DontZap o
 Removed conflicting setxkbmap statements, gdm, and keyd configs - still didn't work
 
 *** TODO [#B] Test security + functionality together
-**** TODO [#B] Verify SSH to remote server works
-**** TODO [#B] Verify Proton Mail Bridge retrieves email
+**** DONE [#B] Verify SSH to remote server works
+CLOSED: [2026-02-02 Mon]
+Tested 2026-02-02: ssh cjennings.net returns "connected" successfully.
+SSH key authentication working, no password required.
+**** DONE [#B] Verify Proton Mail Bridge retrieves email
+CLOSED: [2026-02-02 Mon]
+Verified 2026-02-02: Proton Mail Bridge running, ports 1143 (IMAP) and 1025 (SMTP)
+listening on 127.0.0.1. mu4e email retrieval functional.
 **** TODO [#B] Verify no unexpected open ports or services
 
 *** TODO [#B] Security audit tooling
@@ -1314,8 +1357,8 @@ Should be ~cd "$build_dir" && sudo -u "$username"~ or similar
 *Resolution:* Fixed line 336 to use ~cd "$build_dir" && sudo -u "$username"~ pattern (same as line 341). Now properly changes directories before running git pull. Unblocks all AUR package installations.
 
 * ArchSetup Inbox
-** TODO Weekly topgrade until linux-lts 6.18+
-SCHEDULED: <2026-01-29 Thu +1w>
+** TODO Check linux-lts version until 6.18+
+SCHEDULED: <2026-02-23 Mon +3w>
 Run =topgrade= and check =pacman -Q linux-lts=. Once 6.18+, remove =/etc/modprobe.d/amdgpu.conf= and mark this DONE.
 Background: AMD Strix Halo VPE power gating bug causes system freeze. Workaround disables power gating. Fix is in kernel 6.15+.