diff --git a/cc-ci-plan/REBOOTS.md b/cc-ci-plan/REBOOTS.md
index 6e3381f..33c4b67 100644
--- a/cc-ci-plan/REBOOTS.md
+++ b/cc-ci-plan/REBOOTS.md
@@ -13,3 +13,4 @@ lines below to see how often it's happening.
 - 2026-05-28 (~20:02 BST) — reboot (backfilled from memory; uptime showed 5 min at 20:07). Loops
   manually relaunched at phase 2; this is what prompted adding `cc-ci-loops.service` +
   auto-logging. Auto-logging is live from the next reboot onward.
+- 2026-05-30 17:03:05 BST — reboot detected; loops auto-started by systemd (resuming phase index 6). boot_id=f565f752-0463-42db-b787-9e0db35a5e3f
diff --git a/cc-ci-plan/plan-orchestrator-migration.md b/cc-ci-plan/plan-orchestrator-migration.md
index 0989ea4..e6a4b36 100644
--- a/cc-ci-plan/plan-orchestrator-migration.md
+++ b/cc-ci-plan/plan-orchestrator-migration.md
@@ -11,12 +11,22 @@ relocating this orchestrator session there too.
 into a non-event. It also consolidates the orchestrator next to the infra it manages.
 
 **Status:** IN PROGRESS (operator go-ahead 2026-05-30 — the Pi is OOM-thrashing/slow).
-**Phase A under way:** VM `cc-ci-orchestrator` (**2 GB / 2 vCPU / 30 GB**, `incus-base-vm`) CREATED via
-the Incus API + started 2026-05-30; cloud-init → `nixos-rebuild boot` → reboot → tailnet join in
-progress. Remaining Phase-A items: (i) add the orchestrator's `cc-ci-root` pubkey via `incus exec`
-(create-time cloud-init only authorized the 2 TF-default keys), (ii) confirm tailnet + ssh, (iii)
-write the reproducible Terraform project `projects/cc-ci-orchestrator/` for the record (created via
-API this time — note the drift). Then Phase B (the `cc-ci-orchestrator` NixOS-config git repo).
+
+**Phase A ✅ COMPLETE (2026-05-30):** VM `cc-ci-orchestrator` (**2 GB / 2 vCPU / 30 GB**,
+`incus-base-vm`, NixOS 24.11) created via the Incus API + booted; **on the tailnet at
+`100.116.55.106`**; **ssh works** (`ssh cc-ci-orchestrator` through the :1055 proxy — `cc-ci-root`
+pubkey added via `incus exec`). Reproducible Terraform record at
+`incus-terraform-nix-vm-creator/projects/cc-ci-orchestrator/` (note: this instance was API-created, so
+TF drift — see PROVENANCE.txt).
+- **TS-key finding:** the VM-creator's `.test.env` reusable key is **REVOKED** ("API key does not
+  exist"). The **`/srv/cc-ci/.testenv` `TS_AUTH_KEY` is valid** — used it to join, and persisted it into
+  the VM's `/etc/ts-auth-key`. So the plan's "operator provides a fresh TS key" item is **resolved** (no
+  new key needed); housekeeping: revoke/rotate the dead key in `.test.env`.
+- **Sizing watch:** 2 GB ≈ 1.7 GiB usable; fine idle (284 MiB) but tight for 3 concurrent claude
+  sessions (Pi OOM lesson). Phase B will declare a **swapfile**; bump to 4 GB pre-cutover if needed.
+
+**Next — Phase B:** the `cc-ci-orchestrator` NixOS-config git repo (SOCKS proxy + loop-supervisor boot
+service + claude CLI + sops secrets). Then C (stage workspace), claude auth (operator), D/E (cutover).
 
 ---