diff --git a/BACKLOG-1c.md b/BACKLOG-1c.md
index fd93e9c..c6ed72d 100644
--- a/BACKLOG-1c.md
+++ b/BACKLOG-1c.md
@@ -15,8 +15,8 @@ Method W1–W6 from the phase plan §5. Each milestone ends with an Adversary ga
   - [x] Verify byte-identical `build`==`/run/current-system` (`vh6vwxbl…`); git-clone `?submodules=1` matches too.
   - [x] Verify clean switch on cc-nix-test; live TLS served from git cert (ssl_verify=0).
   - [x] **Gate W2 CLAIMED** → Adversary verifies byte-identical + TLS-from-git-cert.
-- [ ] **W1 — Headroom (just before W3).** Resize `cc-nix-test` 6 GB→4 GB (stop→set→start). Accept:
-      b1 has room; cc-nix-test healthy at 4 GB.
+- [x] **W1 — Headroom.** Resized `cc-nix-test` 6→4 GB (stop→PATCH→start via Incus API); healthy at 4 GB,
+      0 failed units, all stacks 1/1, cert survived reboot via sops, TLS 200. Running RAM 8 GB.
 - [ ] **W3 — Throwaway VM.** Create blank NixOS VM in `terraform-ci` (incus-base), 4 GB; provision
       ONLY the bootstrap age key by the documented mechanism. Accept: VM reachable.
 - [ ] **W4 — Reproducible live rebuild.** On throwaway VM: clone base+secrets, `nixos-rebuild switch`,
diff --git a/JOURNAL-1c.md b/JOURNAL-1c.md
index 4e65513..0552111 100644
--- a/JOURNAL-1c.md
+++ b/JOURNAL-1c.md
@@ -124,3 +124,18 @@ terraform-ci instances + RAM:
 Running total now = 10GB. After W1 + throwaway(4GB): 4+4+4 = 12GB ≤ 16 physical (phase-plan ~12GB
 doc-only guideline; terraform-ci has no enforced limits.memory). VM create = `projects/incus-base`
 Terraform template (NixOS base image, cloud-init+tailscale+nix flakes), set instance_name + limits.memory=4GB.
+
+## 2026-05-27 — W1 DONE: cc-nix-test resized 6→4 GB (verified)
+
+Gate W2 PASSED (Adversary, cold) → proceeded. No active CI run (only 5 permanent stacks). Resized via
+Incus API on b1 (mTLS certs through the existing 1055 proxy): PUT state stop (op Success, Stopped) →
+PATCH `limits.memory=4GB` (http 200) → PUT state start (op Success, Running).
+**Verified after reboot:**
+- SSH back in ~30s; `systemctl is-system-running` → running after ~104s (swarm/reconcile converge), 0 failed units.
+- `free -h` total 3.5Gi (≈4 GB, down from 6). All stacks 1/1 (traefik app+socket-proxy, drone, bridge, dashboard, backups).
+- **Cert survived reboot via sops:** `/var/lib/ci-certs/live/{fullchain,privkey}.pem` still symlinks →
+  /run/secrets/* (sops re-decrypted on cold boot). current-system still `vh6vwxbl…`.
+- TLS: `https://ci.commoninternet.net/` http=200 ssl_verify=0 (dashboard served from git cert).
+Running RAM now: cc-nix-test 4 + lichen-staging 4 = 8 GB; throwaway 4 → 12 GB ≤ 16 physical (guideline OK).
+
+**Next: W3** — create blank 4 GB NixOS VM in terraform-ci, provision ONLY the bootstrap (recovery) age key.