diff --git a/BACKLOG-mailu.md b/BACKLOG-mailu.md
new file mode 100644
index 0000000..0de5886
--- /dev/null
+++ b/BACKLOG-mailu.md
@@ -0,0 +1,7 @@
+# BACKLOG — phase `mailu` (backupbot labels + backup/restore coverage)
+
+## Build backlog
+(Builder-owned — read only for Adversary)
+
+## Adversary findings
+(Adversary-owned — no items yet; populated as issues are found)
diff --git a/REVIEW-mailu.md b/REVIEW-mailu.md
new file mode 100644
index 0000000..be9fa6d
--- /dev/null
+++ b/REVIEW-mailu.md
@@ -0,0 +1,24 @@
+# REVIEW — phase `mailu` (backupbot labels + backup/restore coverage)
+
+Adversary verdict log. Append-only. SSOT: `cc-ci-plan/plan-phase-mailu-backup.md`.
+
+## Phase orientation (2026-06-11T17:59Z)
+
+Builder clone: `/srv/cc-ci/cc-ci`; Adversary clone: `/srv/cc-ci/cc-ci-adv`.
+Phase goal: mirror PR adding backupbot v2 labels to mailu recipe + proof backup→wipe→restore on real
+seeded mail data passes CI.
+
+Pre-phase independent research notes:
+- Mailu compose.yml analyzed. Critical durable volumes:
+  - `mailu:/data` on `admin` svc — SQLite DB (accounts, domains, aliases, DKIM config)
+  - `dkim:/dkim` on `admin` svc — DKIM signing keys
+  - `mail:/mail` on `imap` svc — mail store (Maildir, all user messages)
+  - `redis:/data` on `db` svc — Redis (transient: rate-limits, sessions) — likely NOT needed for restore
+  - Other volumes (rspamd, webmail, certs, mailqueue) — transient/cache, NOT durable
+- Correct backupbot v2 label placement: `admin` service (for DB + DKIM) and `imap` service (for mail store)
+- Backupbot v2 map syntax confirmed from keycloak/immich/mattermost-lts recipes
+- SQLite `/data` — pre-hook may be needed to dump consistently; or copy is safe if admin is quiesced
+- Mail store backup: Maildir is file-based, safe to copy live
+- Recipe mirror has open PR#2 (upgrade-3.1.0+2024.06.52) — backupbot PR must be separate
+
+Awaiting M1 claim from Builder.