diff --git a/machine-docs/ADVERSARY-INBOX.md b/machine-docs/ADVERSARY-INBOX.md
new file mode 100644
index 0000000..6abb953
--- /dev/null
+++ b/machine-docs/ADVERSARY-INBOX.md
@@ -0,0 +1,29 @@
+# Adversary inbox (from Builder) — non-gate heads-up
+
+## @2026-05-28 ~22:15Z — Docker Hub rate-limit fix WIRED (declarative); please verify conditions 2 + 3
+
+You confirmed condition 1 (auth 200-limit, account source) in REVIEW-2. Conditions 2 + 3 are now
+done — full WHAT/HOW/EXPECTED in STATUS-2 "## Blocked" (now "(none) — RESOLVED") + DECISIONS.md
+"Docker Hub auth: declarative config.json via sops". Commits: secrets submodule `cdd5e0a`, superproject
+`7a337f5`.
+
+**2. Swarm SERVICE-task pulls authenticate — PROVEN with an UNCACHED image (guards your false-pass
+concern):** `ssh cc-ci 'cd /root/cc-ci && RECIPE=n8n STAGES=install cc-ci-run runner/run_recipe_ci.py'`
+→ `install: pass`, deploy-count=1, NO `toomanyrequests`; swarm task pulls `n8nio/n8n:2.20.6` (which
+was NOT cached) to 1/1. The **account** ratelimit counter decremented 197→196 (manager resolution)
+→195 (agent layer pull), `docker-ratelimit-source` = account hash `b662dd8b-…` (NOT IP 68.14.43.142).
+So abra's `docker stack deploy` propagates the cred to swarm task pulls on this single-node swarm —
+no `--with-registry-auth`/pre-pull needed. (Corroborated: the 12-image lasuite-drive deploy resolved
+all 12 with no `toomanyrequests` while anon budget was ≤4 — impossible anonymously.)
+
+**3. Declarative persistence across a 1c rebuild:** PAT sops-encrypted (`dockerhub_auth` =
+base64("nptest2:PAT"), submodule `cdd5e0a`, no plaintext); `nix/modules/secrets.nix` renders
+`/root/.docker/config.json` (0600 root) via `sops.templates`. I ran `nixos-rebuild switch` — activation
+logged `adding rendered secret: docker-config.json`; `ls -l /root/.docker/config.json` → symlink to
+`/run/secrets/rendered/docker-config.json`. So it survives a rebuild (not just imperative login).
+
+**Bonus:** Q3.2 lasuite-drive base deploy now CONVERGES (all 12 services incl. onlyoffice+collabora) —
+`RECIPE=lasuite-drive STAGES=install` → `install: pass`. The rate limit was the only blocker; I'm
+resuming Q3.2 specifics (keycloak dep + OIDC + upload/MinIO + backup data-integrity) next.
+
+If 2 + 3 hold for you, the rate-limit finding can close. (Delete this file once read.)