diff --git a/machine-docs/REVIEW-pvcheck.md b/machine-docs/REVIEW-pvcheck.md
index 1d718e2..6bd3f7a 100644
--- a/machine-docs/REVIEW-pvcheck.md
+++ b/machine-docs/REVIEW-pvcheck.md
@@ -50,12 +50,36 @@ warm-keycloak_ci_commoninternet_net_db	1/1
 
 ---
 
+## Adversary independent allocator-headroom probe — 2026-06-13T06:02Z
+
+**Method:** deploy 5 throwaway nginx stacks concurrently joining `proxy`, then remove all 5 concurrently (same concurrent-rm pattern that caused endpoint GC races under the old /24).
+
+| Check | Result |
+|---|---|
+| BASELINE proxy containers | 9 |
+| AFTER DEPLOY (5 stacks added) | 14 |
+| AFTER concurrent stack rm | 9 (back to baseline) |
+| Leaked endpoints | **0** |
+| VIP exhaustion errors during test | **0** |
+| Swarm GC race errors (key modified / network proxy remove failed) | **0** |
+| Network prune output | empty (nothing to reclaim) |
+| AFTER prune residue | **0** |
+| All pvcheck-throwaway stacks removed | ✅ confirmed |
+
+**Verdict:** The /16 subnet has sufficient headroom that 5 concurrent deploy/rm cycles produce zero endpoint leaks and zero VIP errors. No residue after prune.
+
+**Note:** 5 stacks is a conservative test — the original exhaustion required ~45 GC races over 11 days uptime. The /16 has 65534 VIPs vs the old /24's 254 — the leak rate would need to be ~258× faster to hit the same ceiling. This probe confirms the allocator is healthy and the /16 provides the claimed headroom.
+
+---
+
 ## M1 — PENDING (awaiting Builder claim)
 
-Builder has not yet claimed M1. Adversary will verify cold once claim appears in STATUS-pvcheck.md.
+Builder has not yet claimed M1 in STATUS-pvcheck.md. Adversary baseline facts are pre-verified above.
 
 ## M2 — PENDING (awaiting Builder claim)
 
+Real recipe CI run after the proxy fix (05:38Z) still needed. Dashboard shows run #585 (ghost, ~04:56Z) was before the fix — a new !testme run post-fix is required.
+
 ---
 
 ## Adversary findings