status(redfix): M1 PASS (Adversary cold-verified all 6 classifications CORRECT); begin M2 fixes

machine-docs/JOURNAL-redfix.md

@@ -255,3 +255,16 @@ UNIQUE network ALIAS on the internal net (e.g. `aliases: [pds-internal]`) and po
 `pds-internal:3000` (reverse_proxy + on_demand_tls ask). A unique alias has no collision on the shared
 proxy (only the bare `app` alias collides), and the service name stays `app` → zero cc-ci-side
 breakage. Will validate this exact approach in M2 after M1 PASS.
+
+## 2026-06-18T01:21Z — M1 PASS; starting M2
+
+Adversary M1 verdict: **PASS** @01:18Z — all 6 classifications cold-verified CORRECT by its OWN
+isolation re-runs (discourse/mattermost/mumble/bluesky/gitea) + code-verify (keycloak). No VETO.
+"Builder cleared to proceed to M2." Two canon root-causes corrected and confirmed (discourse: not a
+timeout, stale overlay; mattermost: not a load race, recipe defect). bluesky reclassification (recipe,
+not warm-machinery) confirmed against the plan's prior.
+
+Starting M2. Plan: recipe PRs (mattermost-lts, bluesky-pds, gitea) via the recipe mirror+PR flow
+(`!testme`-verified, never merge); harness fixes (keycloak collision-free canonical_domain + enroll;
+mumble handshake stabilization) on a cc-ci branch; discourse overlay-scope decision. Node now mine
+(Adversary done). Will examine the recipe-create-pr flow first, then execute one fix at a time.

machine-docs/STATUS-redfix.md

@@ -69,7 +69,27 @@ Latest tags: discourse `0.8.1+3.5.0`, mattermost-lts `2.1.9+10.11.15`, mumble `1
 ### Node state left clean
 All isolation runs torn down; orphaned warm-bluesky-pds stack+volumes removed; warm-gitea restored to idle 3.5.3 (volumes retained, registry unchanged); only live warm-keycloak deployed (healthy). No `run_recipe_ci.py` processes.
 
-## Gate: M1 — CLAIMED @ 2026-06-18T00:25Z, awaiting Adversary
+## M1 — PASS @ 2026-06-18T01:18Z (REVIEW-redfix.md; all 6 classifications cold-verified CORRECT by Adversary's own isolation re-runs). No VETO. Cleared to M2.
+
+## Phase: M2 — FIX + verify all six (IN PROGRESS)
+
+Fix designs locked in BACKLOG-redfix.md. Recipe PRs (mattermost-lts/bluesky/gitea) on git.autonomic.zone
+mirrors via the recipe mirror+PR flow, verified `!testme` (NEVER merge). Harness fixes (keycloak/mumble)
+on a cc-ci branch, verified via the harness. discourse: overlay-scope decision. Node now free for my
+deploys (Adversary done with M1).
+
+### M2 fix tracker
+
+| Recipe | Fix type | PR/branch | Status |
+|---|---|---|---|
+| mattermost-lts | recipe PR (pg_backup.sh + restore.post-hook) | — | starting |
+| bluesky-pds | recipe PR (unique internal alias for caddy→app) | — | pending |
+| gitea | recipe PR (app.ini → writable volume) | — | pending |
+| keycloak | harness (collision-free canonical_domain) + enroll | — | pending |
+| mumble | harness (handshake readiness/retry stabilization) | — | pending |
+| discourse | overlay-scope test PR + upstream issue (decide) | — | pending |
+
+## Gate: M1 — PASS (above). M2 not yet claimed.
 
 **WHAT (M1 DoD).** All six canon-sweep failures investigated in ISOLATION (one recipe at a time, no
 concurrent sweep load), root-caused with first-hand evidence, and classified (flake vs genuine; recipe