diff --git a/Session7.md b/Session7.md
new file mode 100644
index 0000000..e8f8453
--- /dev/null
+++ b/Session7.md
@@ -0,0 +1,112 @@
+# Session 7
+
+**Date:** 2026-04-07
+**Focus:** Phase 1 audit + gitea MCP credential overhaul
+**Duration estimate:** ~1 hour
+
+## What was done
+
+### Phase 1 audit (luminos)
+- Audited the open Phase 1 milestone. Two issues already closed (cache schema work);
+  one open issue #1 ("Add confidence fields to file and dir cache schemas") looked stale.
+- Verified `confidence` and `confidence_reason` are present in `luminos_lib/cache.py`
+  (validation at L129–134, `low_confidence_entries()` at L191). Schema instrumentation
+  is complete.
+- Closed #1 via REST `PATCH` (see MCP write notes below).
+- Phase 1 milestone now: **3 closed / 1 open** — only #54 remains, and it is real
+  pending work (the agent prompt never instructs the model to set `confidence`, so the
+  schema field is dormant in practice).
+
+### Gitea MCP credential overhaul
+The session opened with the gitea MCP authenticating as `mcp-service`, which had read
+access but not write access on `archeious/luminos`. Two failures triggered the rework:
+
+1. `mcp__gitea__issue_write method=comment` → `unknown method: comment` (the MCP
+   doesn't expose comment creation under that verb).
+2. `mcp__gitea__issue_write method=update` to close #1 → HTTP 403 (mcp-service has no
+   write permission on the repo).
+
+Sequence of changes after user direction:
+
+1. **Interim swap to `archeious` token** — replaced `GITEA_ACCESS_TOKEN` in the
+   user-scope MCP config (`~/.claude.json`) with `FORGEJO_API_TOKEN`. Verified by
+   restarting the session and calling `mcp__gitea__get_me`.
+2. **User clarified intent**: all MCP writes should be done under the dedicated
+   `claude-code` Forgejo user, not personal `archeious`.
+3. **Minted a `claude-code` token** — `claude-code` user already existed on Forgejo
+   but had no usable password. Used the `archeious` admin token to PATCH the user
+   with a generated password (via `/api/v1/admin/users/claude-code`), then basic-auth'd
+   as `claude-code` to mint a token via `/api/v1/users/claude-code/tokens` with scopes
+   `write:repository`, `write:issue`, `write:user`.
+4. **Granted repo permission** — added `claude-code` as a collaborator on
+   `archeious/luminos`. Initially with `write`, then bumped to `admin` because
+   write alone is insufficient to *delete* issues in Forgejo (only close).
+5. **Stored credentials** in `~/secrets`:
+   - Removed obsolete `FORGEJO_MCP_TOKEN` (mcp-service)
+   - Added `CLAUDE_CODE_FORGEJO_TOKEN` and `CLAUDE_CODE_FORGEJO_PASSWORD`
+6. **Updated user-scope MCP config** to launch the gitea MCP with the new token.
+7. **Updated `~/.claude/CLAUDE.md`** to reflect the new identity, the per-repo
+   collaborator caveat, and a note that `issue_write method=delete` is not exposed
+   by the MCP and requires REST fallback.
+8. **End-to-end verification** (after two session restarts):
+   - `mcp__gitea__get_me` → `claude-code` ✓
+   - MCP create: opened test issues #58, #59, #60, server recorded `user: claude-code` ✓
+   - REST delete: 204 + GET 404 ✓ (used twice; the MCP cannot delete)
+
+## Discoveries and observations
+
+- **Forgejo issue deletion requires admin repo permission**, not write. `claude-code`
+  has admin on luminos to make verification pass, but on other repos it'll only need
+  `write` if you don't care about deletes.
+- **The gitea MCP server has gaps in its tool surface.** Confirmed missing:
+  `issue_write method=delete`, `issue_write method=comment`. Both work via REST.
+- **Forgejo token endpoints (`/users/{username}/tokens`) require basic auth, not
+  bearer tokens.** Sudo-as-admin doesn't help. The only way to mint a token for
+  another user as admin is to set their password first, then basic-auth as them.
+- **`mcp-service` Forgejo user is now orphaned** — still exists but referenced
+  nowhere. Should be deleted from the Forgejo admin panel when convenient.
+
+## Decisions made and why
+
+- **Use `claude-code` instead of `archeious` for MCP writes** — keeps a clean audit
+  trail (commits/issues attributable to the bot identity) and limits blast radius if
+  the token is compromised. Personal admin token stays out of MCP config on disk.
+- **Admin permission on luminos, not site-wide** — narrowest privilege that satisfies
+  "must be able to delete issues for verification."
+- **Document the MCP delete gap rather than work around it** — patching the upstream
+  gitea MCP server to expose `delete` is out of scope; a one-line REST fallback is
+  cheaper and less brittle.
+- **Closed #1 directly after auditing**, didn't open a follow-up. The schema work is
+  done; #54 already tracks the prompt-side gap.
+
+## Raw thinking
+
+- Phase 1 milestone is technically still "open" because of #54. Worth deciding
+  whether #54 should land as part of a Phase 1 cleanup branch or get folded into
+  Phase 3 (investigation planning) where the prompts are getting reworked anyway.
+  My gut: fold into Phase 3, since touching prompts twice for the same area is wasted
+  motion.
+- The MCP delete gap is annoying but small. If we end up needing it often (cleanup
+  scripts, dedup, etc.) it might be worth opening an upstream issue against the
+  gitea MCP server. For now, REST fallback is fine.
+- The `mcp-service` orphan is a smell. If we ever forget about it and it gets reused
+  for something, we'll have two bot identities doing similar things. Better to delete
+  it explicitly.
+- The "MCP can't comment, can't delete" pattern suggests the gitea MCP was built for
+  the read+create happy path and writes beyond that are second-class. Worth keeping
+  in mind before betting heavily on MCP-only workflows.
+- Did **no actual Luminos code work** this session — pure infra. Phase 3 is still the
+  next real shipping target.
+
+## What's next
+
+Phase 3 (investigation planning) is the next shipping target. Concretely:
+
+1. **#54** — wire confidence-write into prompts. Cheap, unblocks the Phase 1
+   milestone. Could be folded into the Phase 3 prompt rework.
+2. **#57** — refactor `_run_dir_loop` before Phase 3 dynamic turn allocation lands.
+   Prerequisite cleanup.
+3. **#56** — dedupe `_TOOL_DISPATCH` / `_DIR_TOOLS` registration. Small, satisfying.
+4. **#55** — unit test coverage for ai.py pure helpers. Foundation for Phase 3
+   confidence.
+5. Then Phase 3 proper (#19–#29 cluster).
diff --git a/SessionRetrospectives.md b/SessionRetrospectives.md
index 2d956bf..283ba28 100644
--- a/SessionRetrospectives.md
+++ b/SessionRetrospectives.md
@@ -8,6 +8,7 @@
 | [Session 4](Session4) | 2026-04-06 | Phase 2 + 2.5 complete (#4–#7, #42, #44), classifier rebuild, context budget fix, 8 PRs merged |
 | [Session 5](Session5) | 2026-04-06 | Documentation deep dive: new Internals.md code tour, Architecture cache fix, Roadmap replaced with pointer, PLAN.md status snapshot (#53) |
 | [Session 6](Session6) | 2026-04-07 | Extracted shared workflow/branching/protocols from project CLAUDE.md to global `~/.claude/CLAUDE.md`; moved externalize.md and wrap-up.md to `~/.claude/protocols/` |
+| [Session 7](Session7) | 2026-04-07 | Phase 1 audit (#1 closed, only #54 remains); gitea MCP credential overhaul — dedicated `claude-code` Forgejo user with admin on luminos, write+delete verified |
 
 ---