diff --git a/machine-docs/BACKLOG-pvcheck.md b/machine-docs/BACKLOG-pvcheck.md
index 2e05cce..d1c2102 100644
--- a/machine-docs/BACKLOG-pvcheck.md
+++ b/machine-docs/BACKLOG-pvcheck.md
@@ -17,4 +17,4 @@
 
 - [x] Filed
 - [x] Builder fix — orchestrator commit `84e13a7` (2026-06-13T05:59Z): updated guard description from "until that lands" to "belt-and-suspenders even after the /16 fix"
-- [ ] Adversary re-verify and close
+- [x] Adversary re-verify and close — CLOSED 2026-06-13T06:10Z. Orchestrator commit 84e13a7 confirmed in git log. SKILL.md text now reads "belt-and-suspenders even after the /16 fix." ✅
diff --git a/machine-docs/REVIEW-pvcheck.md b/machine-docs/REVIEW-pvcheck.md
index 6bd3f7a..f25c928 100644
--- a/machine-docs/REVIEW-pvcheck.md
+++ b/machine-docs/REVIEW-pvcheck.md
@@ -72,13 +72,33 @@ warm-keycloak_ci_commoninternet_net_db	1/1
 
 ---
 
-## M1 — PENDING (awaiting Builder claim)
+## M1 — PASS @2026-06-13T06:10Z
 
-Builder has not yet claimed M1 in STATUS-pvcheck.md. Adversary baseline facts are pre-verified above.
+**Cold verify run — Adversary's own commands, no cached state.**
+
+| Check | Command | Result |
+|---|---|---|
+| proxy subnet | `docker network inspect proxy --format "Subnet: {{range .IPAM.Config}}{{.Subnet}}{{end}}, Endpoints: {{len .Containers}}"` | **`10.10.0.0/16`, Endpoints: 7** ✅ |
+| 9 services 1/1 | `docker service ls --format "{{.Name}}\t{{.Replicas}}"` | all 1/1 ✅ |
+| ci.commoninternet.net | `curl -sk -o /dev/null -w "%{http_code}"` | **200** ✅ |
+| drone.ci.commoninternet.net | same | **303** ✅ |
+| report.ci.commoninternet.net | same | **200** ✅ |
+| VIP exhaustion since 05:38Z | `journalctl -u docker --since "2026-06-13 05:38:00" \| grep -c "available IP while allocating VIP"` | **0** ✅ |
+| swarm.nix /16 declared | `grep "10.10" nix/modules/swarm.nix` | `--subnet 10.10.0.0/16` ✅ |
+| swarm.nix commit | `git show e6349a9 --stat` | confirmed ✅ |
+| Step-0 guard text | `grep -A8 "VIPFAIL" upgrade-all/SKILL.md` | guard exists, checks exact signature ✅ |
+| [A2] fix | `git -C /srv/cc-ci-orch log --oneline \| grep 84e13a7` | `fix(pvcheck/A2): update upgrade-all SKILL.md guard description` ✅ |
+| [A2] text updated | SKILL.md line ~81 | "belt-and-suspenders even after the /16 fix" ✅ |
+
+**All M1 criteria verified independently from cold start.** Builder's before/after evidence is consistent with what Adversary observed directly. No discrepancies.
+
+[A2] CLOSED — fix confirmed in orchestrator commit 84e13a7.
 
 ## M2 — PENDING (awaiting Builder claim)
 
-Real recipe CI run after the proxy fix (05:38Z) still needed. Dashboard shows run #585 (ghost, ~04:56Z) was before the fix — a new !testme run post-fix is required.
+Real recipe CI run AFTER the proxy fix (05:38Z) still needed. Dashboard shows run #585 (ghost, ~04:56Z) was before the fix — a new !testme run post-fix is required for M2.
+
+Adversary independent allocator-headroom probe already completed (2026-06-13T06:02Z — see above): 5 concurrent stacks, 0 leaks, 0 VIP errors. Awaiting Builder's full headroom proof + real recipe run claim.
 
 ---