From f0159765555abf4f9411776ea39757a4dd274e62 Mon Sep 17 00:00:00 2001
From: Andre Levesque <0sniffs_scaled@icloud.com>
Date: Thu, 4 Jun 2026 17:20:34 -0400
Subject: [PATCH] docs: mark Travis CI (already gone) and Actions restrictions
 complete

---
 docs/org-audit-2026-06-04.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/docs/org-audit-2026-06-04.md b/docs/org-audit-2026-06-04.md
index 0e00256..37723f0 100644
--- a/docs/org-audit-2026-06-04.md
+++ b/docs/org-audit-2026-06-04.md
@@ -24,8 +24,7 @@
 
 ## High
 
-- [ ] **2. Revoke Travis CI GitHub App** — Settings → GitHub Apps → Travis CI → Revoke
-  - _Zero repos use it. No breakage risk. Do before Saturday._
+- [x] **2. Revoke Travis CI GitHub App** — already gone from installations (2026-06-04)
 
 - [ ] **3. Scope Slack app permissions** — Must be done via UI
   - _Currently: `repository_selection: all` with `contents: write` + `workflows: write`_
@@ -33,9 +32,8 @@
   - _Change to "Only select repositories" — run `/github subscriptions` in Slack to see what's active_
   - _Table for Saturday (needs coordination)_
 
-- [ ] **4. Restrict GitHub Actions to trusted sources** — Settings → Actions → General
-  - _Target: GitHub-owned + Marketplace-verified + `peaceiris/*`, `ruby/*`_
-  - _Can do before Saturday — no breakage_
+- [x] **4. Restrict GitHub Actions to trusted sources** — done 2026-06-04
+  - _`allowed_actions: selected` — GitHub-owned ✅, Marketplace-verified ✅, `peaceiris/*`, `ruby/*`_
 
 - ⏳ **5. Enable secret scanning + push protection org-wide** — Settings → Code security and analysis → "Enable all"
   - _Announce in Slack first (#general), then enable after notice period_