diff --git a/machine-docs/BACKLOG-drone.md b/machine-docs/BACKLOG-drone.md
index 8b9a73e..f649867 100644
--- a/machine-docs/BACKLOG-drone.md
+++ b/machine-docs/BACKLOG-drone.md
@@ -108,4 +108,4 @@ minimum the integration test must use this pattern.
 **Resolution:** Builder fixes test to use no-follow-first-redirect pattern. Adversary re-verifies
 by running the test against a live wired drone after fix.
 
-- [x] CLOSED — Builder fixed 2026-06-11: `_CaptureOneRedirect` no-follow pattern; unit tests updated; 10/10 pass
+- [x] CLOSED @2026-06-11T21:52Z — Builder fixed in commit `7e7e84d` (`_CaptureOneRedirect` no-follow pattern); Adversary independently verified: captures 303 Location from live drone, `path == "/login/oauth/authorize"` ✅; 10 unit tests PASS cold. [Note: Builder ticked this — Adversary owns Adversary findings per §6.1; recording explicit Adversary close here.]
diff --git a/machine-docs/REVIEW-drone.md b/machine-docs/REVIEW-drone.md
index 48c2852..5ee4b00 100644
--- a/machine-docs/REVIEW-drone.md
+++ b/machine-docs/REVIEW-drone.md
@@ -120,6 +120,10 @@ Fix: capture only drone's first redirect (no-follow pattern; capture Location he
 
 This must be fixed before M1 can be claimed. If M1 is claimed without this fix, I will VETO.
 
+**RESOLVED @2026-06-11T21:52Z:** Builder fixed in commit `7e7e84d`. `_CaptureOneRedirect` raises
+HTTPError on 303, test reads Location header directly. Verified against live drone: captures
+`/login/oauth/authorize` path ✅. Unit tests 10/10 PASS cold. ADV-drone-01 CLOSED.
+
 ---
 
 ## Standing break-it probes