tests: record AFP metadata rights negative smoke success

Document the verified Linux smoke-suite result for the AFP Set File Information metadata rights gate.

The suite now uses the existing ncpfs trustee utilities to grant NOPASSUSER only read/file-scan rights on the smoke file, then verifies that FinderInfo, Invisible, and System metadata writes are rejected with completion 0x8c while the SUPERVISOR positive path remains green.

This records the intended WebSDK/NWAFP adapter semantics: AFP-specific xattrs remain the storage for FinderInfo and AFP-only metadata bits, but writes to those xattrs are still file metadata changes and must pass mars_nwe's NetWare Modify trustee policy instead of bypassing it.

Tests:

- afp_smoke_suite.sh --readonly-user NOPASSUSER --readonly-no-password --prepare-readonly-rights

- FinderInfo negative Set File Information -> 0x8c

- Invisible negative Set File Information -> 0x8c

- System negative Set File Information -> 0x8c

- final nwrevoke cleanup succeeds

- suite summary failures=0

TODO.md

@@ -447,6 +447,14 @@ AFP Set File Information metadata-rights convergence:
   the suite uses the existing ncpfs `nwgrant`/`nwrevoke` trustee utilities to
   grant only read/file-scan rights (`[RF]` by default) before the negative probe
   and revoke the explicit trustee assignment afterwards.
+- Runtime status: the negative smoke has been verified with `NOPASSUSER` as a
+  no-password test user.  The suite temporarily granted `[RF]` on
+  `SYS:PUBLIC/pmdflts.ini`, confirmed FinderInfo, Invisible, and System Set
+  File Information requests are rejected with completion `0x8c`, and then
+  successfully revoked the temporary trustee assignment.  The same run ended
+  with `failures=0`, preserved the final `TEXT/MARS` FinderInfo xattr, kept
+  `org.mars-nwe.afp.attributes` clear after the attribute cleanup probes, and
+  left the Modify timestamp at the expected smoke value.
 
 Endpoint order:
 

tests/linux/README.md

@@ -120,6 +120,35 @@ path, and Modify timestamp uses `nw_utime_node()`, so the smoke suite should
 continue to pass for SUPERVISOR while non-supervisor negative coverage can later
 exercise the same policy gate.
 
+A verified rights-negative smoke run with `--readonly-user NOPASSUSER`,
+`--readonly-no-password`, and `--prepare-readonly-rights` completed with
+`failures=0`.  The setup used `nwgrant -r '[RF]'` for the no-password test
+user so the file remained readable and searchable but lacked Modify rights.
+The suite then verified that AFP Set File Information rejects FinderInfo,
+Invisible, and System metadata writes with completion `0x8c` while the
+SUPERVISOR positive path still succeeds:
+
+```text
+AFP metadata Modify rights rejected: FinderInfo
+AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0020
+AFP metadata Modify rights rejected: Invisible
+AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0001
+AFP metadata Modify rights rejected: System
+AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0001
+```
+
+The server log for the same run showed the common policy gate for all three
+probes:
+
+```text
+AFP 2.0 Set File Information rejected: no Modify rights for AFP metadata path='SYS:PUBLIC/pmdflts.ini'
+```
+
+The final `nwrevoke` cleanup returned successfully, and the final xattr/stat
+checks remained intact.  An initial pre-cleanup `nwrevoke` may report that no
+explicit assignment existed yet; that is harmless as long as `nwgrant` and the
+final cleanup both succeed.
+
 A verified suite run after the FinderInfo payload-alignment fix completed with
 `failures=0` for `SYS:PUBLIC/pmdflts.ini`.  The report covered Entry ID by path,
 Entry ID from NetWare handle, Get File Information, Scan File Information,