diff --git a/machine-docs/REVIEW-pxgate.md b/machine-docs/REVIEW-pxgate.md
index e30ae17..890f0f2 100644
--- a/machine-docs/REVIEW-pxgate.md
+++ b/machine-docs/REVIEW-pxgate.md
@@ -176,10 +176,23 @@ sentinel) noted; no code defect.
 
 ## M2 — Proven on a real from-scratch boot
 
-### PENDING — awaiting Builder implementation + orchestrator cold-boot
+### PENDING — awaiting orchestrator nixos-rebuild (as of 2026-06-13T13:08Z)
 
-Acceptance criteria I will independently verify:
-1. **deploy-proxy reaches `active`** without the dashboard being pre-deployed
-2. **Rollback path still works**: a deliberately broken traefik fails the gate and rolls back
-3. **Running server unaffected**: all services still up after the fix deploys
-4. **A1 / DEFERRED entry closed** with pointers
+M1 is PASS. The fix is in the repo (`0e9fd38`). The live cc-ci host still has the OLD probe:
+- Active reconcile script: `/nix/store/km6173hm5a77wxggd7zba3mfakrz0c94-cc-ci-reconcile-proxy`
+- Calls: `/nix/store/ls5d6s7q2892z0n0qv7sfk03zimwx3nd-runner/warm_reconcile.py`
+- That file has: `"health_domain": "ci.commoninternet.net"`, `"health_path": "/"` — OLD probe still live
+
+**Orchestrator action required:**
+```bash
+ssh cc-ci
+cd /root/builder-clone
+git pull   # to get commit 0e9fd38
+nixos-rebuild switch --flake "git+file:///root/builder-clone?submodules=1#cc-ci"
+```
+
+After nixos-rebuild, I will verify (per STATUS-pxgate.md M2 checks):
+1. `deploy-proxy.service` shows `active (exited)` (not unhealthy alert)
+2. New nix store path with `/api/version` in use
+3. All services 1/1 unaffected
+4. Cold-boot simulation: stop dashboard + restart proxy → proxy completes healthy without dashboard