diff --git a/TODO.md b/TODO.md
index 09e65bb..d239750 100644
--- a/TODO.md
+++ b/TODO.md
@@ -447,6 +447,14 @@ AFP Set File Information metadata-rights convergence:
   the suite uses the existing ncpfs `nwgrant`/`nwrevoke` trustee utilities to
   grant only read/file-scan rights (`[RF]` by default) before the negative probe
   and revoke the explicit trustee assignment afterwards.
+- Runtime status: the negative smoke has been verified with `NOPASSUSER` as a
+  no-password test user.  The suite temporarily granted `[RF]` on
+  `SYS:PUBLIC/pmdflts.ini`, confirmed FinderInfo, Invisible, and System Set
+  File Information requests are rejected with completion `0x8c`, and then
+  successfully revoked the temporary trustee assignment.  The same run ended
+  with `failures=0`, preserved the final `TEXT/MARS` FinderInfo xattr, kept
+  `org.mars-nwe.afp.attributes` clear after the attribute cleanup probes, and
+  left the Modify timestamp at the expected smoke value.
 
 Endpoint order:
 
diff --git a/tests/linux/README.md b/tests/linux/README.md
index 9fc20f6..96cab19 100644
--- a/tests/linux/README.md
+++ b/tests/linux/README.md
@@ -120,6 +120,35 @@ path, and Modify timestamp uses `nw_utime_node()`, so the smoke suite should
 continue to pass for SUPERVISOR while non-supervisor negative coverage can later
 exercise the same policy gate.
 
+A verified rights-negative smoke run with `--readonly-user NOPASSUSER`,
+`--readonly-no-password`, and `--prepare-readonly-rights` completed with
+`failures=0`.  The setup used `nwgrant -r '[RF]'` for the no-password test
+user so the file remained readable and searchable but lacked Modify rights.
+The suite then verified that AFP Set File Information rejects FinderInfo,
+Invisible, and System metadata writes with completion `0x8c` while the
+SUPERVISOR positive path still succeeds:
+
+```text
+AFP metadata Modify rights rejected: FinderInfo
+AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0020
+AFP metadata Modify rights rejected: Invisible
+AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0001
+AFP metadata Modify rights rejected: System
+AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0001
+```
+
+The server log for the same run showed the common policy gate for all three
+probes:
+
+```text
+AFP 2.0 Set File Information rejected: no Modify rights for AFP metadata path='SYS:PUBLIC/pmdflts.ini'
+```
+
+The final `nwrevoke` cleanup returned successfully, and the final xattr/stat
+checks remained intact.  An initial pre-cleanup `nwrevoke` may report that no
+explicit assignment existed yet; that is harmless as long as `nwgrant` and the
+final cleanup both succeed.
+
 A verified suite run after the FinderInfo payload-alignment fix completed with
 `failures=0` for `SYS:PUBLIC/pmdflts.ini`.  The report covered Entry ID by path,
 Entry ID from NetWare handle, Get File Information, Scan File Information,