Hardening + transparency pass: block gaps, warn note, shadow render filter, RSS leaks, category-bans UI, mod dashboard, digest rollup, chain verifier, /games/atari8

Ten review items, three commits. Grouped for readability; each row links to where it lives.

1–3. Moderation housekeeping (commit 5d8479e)

• Block-enforcement gaps closed across DMs (MessageController::sendMessage now bidirectional), Follow (FollowController::toggle), Tip (TipController::store), and @-mention notifications. All four call through App\Models\Block::exists; the predicate stays consistent with /profile and startConversation.
• Moderator note required on AdminModerationController::warn, closing the last flow that skipped the discipline (suspend / ban / shadow-ban already required it).
• Actor IP stripped from Privilege-Use posts. The forum is visible to every signed-in member; publishing the IP of every mod/admin action leaked home/work addresses of volunteers. audit_log.ip_address still records the real IP (private) for forensics.

4, 9. Shadow-ban render filter + RSS leaks (commit 7391e77)

• Shadow-ban visibility enforced at thread render across all three scopes. Previously only users.is_shadow_banned hid posts from non-author non-mod viewers; now forum_bans.is_shadow and category_bans.is_shadow do the same. Both preload as user_id maps from one query each so the filter is O(1) per post.
• /rss/threads + /rss/forums/<slug> now respect forum visibility. The site-wide feed joins forums + forum_categories and restricts to visibility='public' AND min_role_view<=1; per-forum feeds 404 on non-public forums. Private-forum thread titles no longer leak to anonymous RSS readers.

5, 6, 7, 8, 10. Bundled feature pass (commit 091f0ef)

• /admin/category-bans — roll-up index of every category with active restrictions + per-category detail page with one-click Lift. Adding restrictions still happens from a forum mod-log (where the super-mod panels render); this is the top-down view.
• /mod/dashboard (role ≥ 3) — open escalations priority-sorted, my recent enforcement actions (30 days), my active restrictions UNION'd across site + forum + category scopes, open appeals (admin only), un-triaged reports. Read-only presentation, no schema change.
• Privilege-Use rollup. AuditLog::postToForum now splits actions into real-time (moderation / security / infraction / appeal / role / user-state changes / forum + category user restrictions) and routine (admin / config / branding / badge / cosmetic / platform / etc). Real-time keeps getting its own locked thread per event; routine appends to a daily priv-digest-YYYY-MM-DD thread so a site-wide branding refresh doesn't spawn 10 threads in 30 seconds.
• Audit-chain verifier on cron. bin/verify-audit-chain.php already existed (walks the HMAC chain, flags the first tampered row); added the crontab entry (weekly Sunday 02:30 UTC). Current chain: 1,494 hashed rows verified in 13ms, intact.
• /games/atari8 shelf infrastructure shipped. Added atari8 to PlatformGame::PLATFORMS with core_status: upstream_pending. Admins can upload titles and manage the catalog now; the shelf renders a banner explaining in-browser play lights up automatically when an atari800_libretro.wasm lands in public/assets/emulatorjs/cores/. Atari XL/XE hub FAQ #6 updated accordingly.