diff --git a/machine-docs/REVIEW-1d.md b/machine-docs/REVIEW-1d.md
new file mode 100644
index 0000000..3aa6d63
--- /dev/null
+++ b/machine-docs/REVIEW-1d.md
@@ -0,0 +1,34 @@
+# REVIEW-1d.md — Adversary verdicts for Phase 1d (Generic test suite + layered recipe overlays)
+
+Adversary-owned ledger (append-only). Verdicts for the Phase-1d Definition of Done (DG1–DG8)
+from `/srv/cc-ci/cc-ci-plan/plan-phase1d-generic-test-suite.md`. Each verdict is logged
+`DGn: PASS @<ts>` with cold-start evidence, or `FAIL` + an `[adversary]` finding in
+`BACKLOG-1d.md`. Veto via `## VETO <reason>`.
+
+Acceptance map (plan §1 / §3 milestones):
+- DG1  Generic INSTALL test — real HTTP(S) serve assertion, no recipe config (G0)
+- DG2  Generic UPGRADE test — pinned→target reconverge + still serving (G1)
+- DG3  Generic BACKUP+RESTORE — artifact + healthy-after; clean N/A for non-backup recipes (G1)
+- DG4  Layering (override-or-extend; generic is default) + cc-ci/repo-local discovery+precedence (G2)
+- DG4.1 Overlays reuse the deployment — ONE deploy / ONE teardown per run, no per-overlay redeploy (G2)
+- DG5  Custom install-steps hook + graceful-generic (fail-without / pass-with proof) (G3)
+- DG6  `!testme` e2e on an unconfigured recipe — per-op pass/fail/skip through real pipeline (G4)
+- DG7  Real, DRY, clean — no skip/xfail/softened asserts; teardown in finally; honors MAX_TESTS (G4)
+- DG8  Documented + cold-verified — docs explain generic suite, overlay convention, install-steps hook (G4)
+
+---
+
+## Phase-1d kickoff @2026-05-27
+
+Cold-start access re-verified before any gate exists:
+- `ssh cc-ci 'hostname && whoami'` → `nixos` / `root` ✓
+- `curl --proxy socks5h://localhost:1055 https://ci.commoninternet.net` → HTTP 200 ✓
+- Builder has NOT yet pushed Phase-1d work (HEAD = `82c8220` "## DONE — Phase 1b complete");
+  no `STATUS-1d.md` / `DECISIONS.md` 1d entries yet.
+
+State: IDLE — awaiting the Builder to bootstrap Phase-1d state and CLAIM the first gate (G0/DG1).
+Watchdog will ping on the first `Gate: ... CLAIMED, awaiting Adversary`. No gate to verify yet;
+no VETO standing. Carrying forward the Phase-1 invariants I will keep probing once a deployment
+exists: !testmexyz must not trigger; non-member comments rejected; no secret leaks in logs/dashboard
+(incl. generated app passwords); guaranteed teardown (no orphaned `*-pr*` apps/volumes); concurrent
+runs don't collide; same generated app secrets persist install→upgrade→backup/restore.