diff --git a/machine-docs/BACKLOG-5.md b/machine-docs/BACKLOG-5.md
index 7d7b792..b3d025f 100644
--- a/machine-docs/BACKLOG-5.md
+++ b/machine-docs/BACKLOG-5.md
@@ -10,10 +10,10 @@ Single-writer: `## Build backlog` = Builder-only; `## Adversary findings` = Adve
 - [x] Create phase 5 state files (STATUS-5.md, BACKLOG-5.md, JOURNAL-5.md)
 - [x] Fix A5-2: Add commit status posting to bridge.py (pending on trigger, success/failure on finish)
 - [x] Fix A5-1: Add custom-html-tiny to bridge POLL_REPOS; redeploy bridge (cc-ci-bridge:3761c4221042)
-- [ ] V3: /recipe-upgrade custom-html-tiny end-to-end GREEN (!testme PASS; PR #2 open)
-- [ ] V7: mirror reconciliation (PR #1 closed as superseded ✓; now verify V7 fully via V3 run)
-- [ ] V1/V2: !testme trigger + testme-on-pr.sh reads verdict (proven via V3 run)
-- [ ] V4: 3-iteration regression loop (seed bad tag → RED → fix → GREEN ≤3 runs)
+- [x] V3: /recipe-upgrade custom-html-tiny end-to-end GREEN (!testme PASS; PR #2 open)
+- [x] V7: mirror reconciliation (PR #1 superseded, PR #4 merged-upstream, main force-synced)
+- [x] V1/V2: !testme trigger + testme-on-pr.sh reads verdict (GREEN on PR #2/#35; RED on PR #5/#34)
+- [x] V4: 3-iteration regression loop (seed bad tag → RED → fix → GREEN in 2 runs)
 - [ ] V5: stale-test DEFAULT = comment, no test edit
 - [ ] V6: --with-tests opens + verifies cc-ci test PR (verify-pr.sh run)
 - [ ] V8: /upgrade-all DEFAULT run (--dry-run list + small live run)
diff --git a/machine-docs/BUILDER-INBOX.md b/machine-docs/BUILDER-INBOX.md
deleted file mode 100644
index ce855aa..0000000
--- a/machine-docs/BUILDER-INBOX.md
+++ /dev/null
@@ -1,16 +0,0 @@
-+# Builder Inbox
-+
-+2026-05-31T19:41:12Z
-+
-+Please correct the V2 HOW line in `machine-docs/STATUS-5.md`.
-+
-+Current text uses:
-+`testme-on-pr.sh custom-html-tiny 2 POST=0`
-+
-+That is not poll-only. `POST=0` is an environment variable, so the correct form is:
-+`POST=0 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 2`
-+
-+I re-ran the current STATUS form and it posted comment `#13818` (`!testme`) and triggered build `#35`.
-+The script itself is fine when invoked correctly: with env-prefixed `POST=0`, it returned
-+`VERDICT=GREEN BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/35` and the PR
-+comment count stayed `4 -> 4`.
diff --git a/machine-docs/JOURNAL-5.md b/machine-docs/JOURNAL-5.md
index b8e061f..e94831a 100644
--- a/machine-docs/JOURNAL-5.md
+++ b/machine-docs/JOURNAL-5.md
@@ -69,3 +69,35 @@ V2 GREEN verified: POST=0 → VERDICT=GREEN BUILD=https://drone.ci.commoninterne
 V7 verified: mirror main = upstream main (435df8fc); PR#1 (serve-hidden-files) closed as superseded.
 
 Next: V4 (regression loop) — create bad-tag branch on custom-html-tiny, get RED, fix, get GREEN.
+
+## 2026-05-31 — Bootstrap/access checks + V4 regression loop complete
+
+Bootstrap probes from the builder clone:
+- `ssh cc-ci "hostname && whoami && nixos-version"` → `cc-ci` / `root` / `24.11.20250630.50ab793 (Vicuna)`
+- `set -a; . /srv/cc-ci/.testenv; set +a; curl -s https://$GITEA_URL/api/v1/version` → `{"version":"1.24.2"}`
+- `getent ahostsv4 probe-12345.ci.commoninternet.net` → `91.98.47.73` (STREAM/DGRAM/RAW)
+
+V4 red side:
+- `POST=0 MAX_WAIT=15 INTERVAL=5 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 5`
+  → `VERDICT=RED`
+  → `BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/34`
+- `curl -fsSL https://ci.commoninternet.net/runs/34/results.json` → install=`pass`, upgrade=`fail`, clean_teardown=`true`, no_secret_leak=`true`
+
+V4 fix on cc-ci host (same recipe PR branch):
+- `git -C /root/.abra/recipes/custom-html-tiny checkout -B v4-red-verify origin/v4-red-verify`
+- `git -C /root/.abra/recipes/custom-html-tiny checkout origin/upgrade-1.1.0+2.42.0 -- compose.yml compose.git-pull.yml`
+- `git -C /root/.abra/recipes/custom-html-tiny -c user.name='autonomic-bot' -c user.email='autonomic-bot@git.autonomic.zone' commit -m 'fix: resolve V4 regression for green re-test'`
+  → `[v4-red-verify 4bd8416] fix: resolve V4 regression for green re-test`
+- `git -C /root/.abra/recipes/custom-html-tiny push origin HEAD:v4-red-verify`
+  → updated PR #5 head `7e1491c..4bd8416`
+
+V4 green side:
+- `MAX_WAIT=300 INTERVAL=10 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 5`
+  → `VERDICT=GREEN`
+  → `BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/37`
+
+Adversary follow-up:
+- `REVIEW-5.md` follow-up (`review(5)` commit `e87782a`) closed A5-1 and A5-2 after a fresh cold re-test.
+- `BUILDER-INBOX.md` noted that `POST=0` must be env-prefixed in `STATUS-5.md`; corrected here and the inbox is being consumed now.
+
+Next: V5 default stale-test case, then V6 `--with-tests`.
diff --git a/machine-docs/STATUS-5.md b/machine-docs/STATUS-5.md
index dbbcaf5..fbb047e 100644
--- a/machine-docs/STATUS-5.md
+++ b/machine-docs/STATUS-5.md
@@ -6,7 +6,7 @@
 
 ## Current focus
 
-V4 next (regression loop); then V2 (known-RED), V5, V6, V8, V8a.
+V5 next (stale-test DEFAULT comment-only path); then V6, V8, V8a, V9 cleanup.
 
 ## Fixes applied (A5-1, A5-2, related)
 
@@ -30,41 +30,48 @@ instead of first-status URL (fixes wrong BUILD URL when multiple statuses exist)
 - Changes: compose.yml sws 2.38.0→2.42.0; compose.git-pull.yml alpine/git v2.36.3→v2.52.0; version 1.0.1+2.38.0→1.1.0+2.42.0
 - !testme posted → Drone build #29 triggered → SUCCESS (install PASS, upgrade PASS, backup N/A)
 - Commit status: `cc-ci/testme state=success target=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/29`
-- `testme-on-pr.sh custom-html-tiny 2 POST=0` → `VERDICT=GREEN BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/29`
+- `POST=0 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 2` → `VERDICT=GREEN BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/29`
 - PR comment updated by bridge with 🌻 result
 
-**V7 partial:** PR #1 (serve-hidden-files) auto-closed as superseded when PR #2 opened. Mirror
-main force-synced to upstream (435df8fc). Full V7 evidence complete via this run.
+## V7 — COMPLETE: mirror reconciliation
+
+- PR #1 (`serve-hidden-files`) auto-closed as superseded when PR #2 opened.
+- PR #4 (`already-in-upstream-v7`) auto-closed as merged-upstream.
+- Mirror `main` force-synced to upstream `main` (`435df8fc`).
 
 **V1/V2 partial evidence:**
 - V1: !testme on PR #2 triggered build #29 within 30s (bridge poll) ✓; result posted to PR ✓
 - V2 GREEN: POST=1 posted one !testme; POST=0 polled and returned VERDICT=GREEN BUILD=<drone-url> ✓
-- V2 RED: still needed (V4 will provide this)
+- V2 RED: poll-only on PR #5 returned VERDICT=RED BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/34 ✓
 
-## V4 — TODO (regression loop)
+## V4 — COMPLETE: 2-run regression loop (within the 3-run budget)
 
-Plan: create a regression branch on custom-html-tiny mirror with a bad image tag → open PR →
-POST=1 !testme → VERDICT=RED → push fix → POST=1 !testme → VERDICT=GREEN.
-This is within the 3-run budget and provides V2 RED evidence.
+**Regression PR:** `https://git.autonomic.zone/recipe-maintainers/custom-html-tiny/pulls/5`
+- First head sha `7e1491c6` (`v4-red-verify`): deliberate bad image tag `joseluisq/static-web-server:99.0.0-bad-tag`
+- `POST=0 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 5` → `VERDICT=RED BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/34`
+- Build #34 result: install PASS, upgrade FAIL, clean_teardown=true, no_secret_leak=true
+- Fix pushed on the same PR branch: head sha `4bd8416a`, restoring the known-good upgrade files from `upgrade-1.1.0+2.42.0`
+- Re-`!testme` on PR #5 → Drone build #37 → `VERDICT=GREEN BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/37`
+- PR remains open and unmerged; both RED and GREEN results are recorded on the PR
 
 ## Verification item status
 
 | Item | Status | Evidence |
 |---|---|---|
 | V1 — !testme trigger + result-back | PARTIAL | build #29 triggered in <30s; commit status + PR comment posted ✓ |
-| V2 — testme-on-pr.sh reads verdict | PARTIAL | GREEN ✓ (build #29); RED pending (V4) |
+| V2 — testme-on-pr.sh reads verdict | DONE | GREEN ✓ (build #29/#35); RED ✓ (build #34) |
 | V3 — /recipe-upgrade sandbox GREEN | DONE | custom-html-tiny PR#2; build #29 SUCCESS |
-| V4 — 3-iter regression loop | TODO | |
+| V4 — 3-iter regression loop | DONE | custom-html-tiny PR#5; build #34 RED, build #37 GREEN |
 | V5 — stale-test DEFAULT = comment | TODO | |
 | V6 — --with-tests opens+verifies cc-ci test PR | TODO | |
-| V7 — mirror reconciliation | DONE | PR#1 closed as superseded; main=upstream ✓ |
+| V7 — mirror reconciliation | DONE | PR#1 superseded, PR#4 merged-upstream, main=upstream ✓ |
 | V8 — /upgrade-all DEFAULT run | TODO | |
 | V8a — cc-ci-upgrader agent | TODO | |
 | V9 — cleanup | TODO | |
 
 ## Phase 5 gates
 
-(None claimed yet — V4 next.)
+(None claimed yet.)
 
 ## Blocked