diff --git a/cc-ci-plan/README.md b/cc-ci-plan/README.md
index 553d29d..527357d 100644
--- a/cc-ci-plan/README.md
+++ b/cc-ci-plan/README.md
@@ -15,8 +15,8 @@ autonomous Claude loops (a Builder and an adversarial Reviewer) running over day
 | File | Purpose |
 |---|---|
 | `plan.md` | The Phase-1 plan (build the CI server). Agents treat it as their single source of truth. |
-| `plan-phase1b-review-lint.md` | **Phase 1b** (bounded pass at the end of Phase 1): deterministic linting/formatting in CI + a white-box review checklist (real tests, DRY harness, idempotent Nix, no footguns/secrets). |
-| `plan-phase1c-full-reproducibility.md` | **Phase 1c**: make the VM fully reproducible from git (all secrets incl. the wildcard cert in sops, in a separate private `cc-ci-secrets` repo as a flake input; base stays well-parameterized) and do the **genuine throwaway-VM live rebuild** to close D8 honestly (the "infeasible by design" was overstated). |
+| `plan-phase1c-full-reproducibility.md` | **Phase 1c** (runs first): make the VM fully reproducible from git (all secrets incl. the wildcard cert in sops, in a separate private `cc-ci-secrets` repo as a flake input; base stays well-parameterized) and do the **genuine throwaway-VM live rebuild** to close D8 honestly (the "infeasible by design" was overstated). |
+| `plan-phase1b-review-lint.md` | **Phase 1b** (after 1c): deterministic linting/formatting in CI + a white-box review checklist (real tests, DRY harness, idempotent Nix, no footguns/secrets), ending in a full cold re-verification of all D1–D10 — now covering 1c's refactor. |
 | `plan-phase2-recipe-tests.md` | **Phase 2** (after Phase 1b): author comprehensive per-recipe tests — port every recipe-maintainer test + ≥2 recipe-specific tests per app. |
 | `plan-phase2b-test-performance.md` | **Phase 2b** (after Phase 2, before Phase 3): empirically measure where test time goes and reduce it (image cache, readiness tuning, dedup deploys, warm infra, concurrency) — no weakened tests. |
 | `plan-phase3-results-ux.md` | **Phase 3** (after Phase 2b): beautiful YunoHost-style results — per-run **level**, image-forward PR comment (badge + summary card + app screenshot), polished dashboard. |
diff --git a/cc-ci-plan/plan-phase1b-review-lint.md b/cc-ci-plan/plan-phase1b-review-lint.md
index 7838d5f..c582fba 100644
--- a/cc-ci-plan/plan-phase1b-review-lint.md
+++ b/cc-ci-plan/plan-phase1b-review-lint.md
@@ -1,10 +1,12 @@
 # cc-ci Phase 1b — Review & lint pass (Autonomous Build Plan)
 
-**Status:** QUEUED — a **bounded** pass that runs after Phase 1 (`plan.md`) reaches `## DONE`, and
-**before** Phase 2 (`plan-phase2-recipe-tests.md`).
+**Status:** QUEUED — a **bounded** pass that runs after Phase 1 **and Phase 1c**
+(`plan-phase1c-full-reproducibility.md`), and **before** Phase 2 (`plan-phase2-recipe-tests.md`). It
+runs *after* 1c on purpose: the review/lint + full D1–D10 re-verification then covers the final,
+refactored state (the `cc-ci-secrets` split, cert-in-sops, the genuine D8 live rebuild).
 **Transition:** **manual** (operator kicks it off).
-**Builds on:** the complete Phase-1 codebase (flake/modules, `runner/` + harness, the comment-bridge,
-dashboard, scripts, the first recipes' tests, docs).
+**Builds on:** the complete post-1c codebase (flake/modules, `runner/` + harness, the comment-bridge,
+dashboard, scripts, the first recipes' tests, the `cc-ci-secrets` split, docs).
 **Owner agents:** same Builder + Adversary loops (`plan.md` §6/§7). Here the Adversary also acts as
 **white-box reviewer** (reads the code, not just black-box behavior).
 **This file's path:** `/srv/cc-ci/cc-ci-plan/plan-phase1b-review-lint.md`
diff --git a/cc-ci-plan/plan-phase1c-full-reproducibility.md b/cc-ci-plan/plan-phase1c-full-reproducibility.md
index bca8e69..635cd9f 100644
--- a/cc-ci-plan/plan-phase1c-full-reproducibility.md
+++ b/cc-ci-plan/plan-phase1c-full-reproducibility.md
@@ -1,7 +1,8 @@
 # cc-ci Phase 1c — Full git reproducibility + genuine D8 live rebuild (Autonomous Build Plan)
 
-**Status:** QUEUED — runs after Phase 1 (`plan.md`); pairs with Phase 1b (review/lint). **Manual**
-transition. **Driven by the Builder + Adversary loops** (same protocol as `plan.md` §6/§6.1/§7) —
+**Status:** QUEUED — runs after Phase 1 (`plan.md`) and **before Phase 1b** (review/lint), so the
+review/lint pass covers this refactor and its final cold re-verification proves the genuine
+(post-1c) D8. **Manual** transition. **Driven by the Builder + Adversary loops** (same protocol as `plan.md` §6/§6.1/§7) —
 the orchestrator does NOT do this; the loops do, and the Adversary independently re-proves it cold.
 **This file's path:** `/srv/cc-ci/cc-ci-plan/plan-phase1c-full-reproducibility.md`