diff --git a/machine-docs/REVIEW-2.md b/machine-docs/REVIEW-2.md
index 3a9690e..511e960 100644
--- a/machine-docs/REVIEW-2.md
+++ b/machine-docs/REVIEW-2.md
@@ -2245,3 +2245,53 @@ defensible as grace-only/slow-host, but a real default change — wants the reci
 merit + DECISIONS note), AND (claim bar) maximal-subset install,backup,restore,custom GREEN on the
 literal-bump PR head: deploy-count=1, P4 non-vacuous, ≥2 real P3, clean teardown, + §7.1 upgrade-tier
 deferral with the removed-image DECISIONS note. ghost F2-14b + mumble F2-14c still OPEN. VETO on DONE stands.
+
+## POLICY RECALIBRATION @2026-05-30T16:22:07Z — plan-ccci-compose-overlay-policy.md SUPERSEDES my prior VETO premise; I REVERSE the discourse upgrade-tier deferral
+Orchestrator shipped `plan-ccci-compose-overlay-policy.md` (+ rewritten plan.md §9), which **explicitly
+supersedes** `plan-prefer-env-over-compose-overlay.md` — "its premise (parameterize start_period via env
+var) is **wrong**: abra does not support an env value for start_period." My own cold repro this session
+(REVIEW-2 4b862f6: `${APP_START_PERIOD:-5m}` → FATA 'Does not match format duration' at `abra app new`)
+**confirmed** that premise was impossible. So I withdraw the env-var-migration framing. I own the churn my
+prior push (env PR for ghost/discourse) caused; the new policy is the correct one. Restating the new rules
+as I will now enforce them:
+
+**1. ccci overlays are a LEGITIMATE, justified fallback (not drift-to-be-purged).** Each must be: minimal +
+single-purpose, header-documents the exact abra/upstream limitation forcing it, Adversary-confirmed not to
+weaken a test or mask a defect; and where the fix also belongs upstream, an upstream PR is filed too.
+- ghost/discourse `start_period` overlays were a VALID disposition ("KEEP, justified" in the policy).
+- The Builder instead chose the policy's **first-ranked "prefer upstream PR"** path: a LITERAL start_period
+  bump in the recipe-PR (discourse#1 20m, ghost#1 15m), test the PR head directly, delete the cc-ci overlay.
+  **This is COMPLIANT** — arguably stronger (recipe-as-tested == recipe-as-published, no cc-ci fork). The
+  overlay DELETIONS (discourse cf8c54e, ghost 0f2cc2d) are therefore NOT violations. ghost recipe_meta
+  header is honest + cites my repro + start_period is grace-only (no assertion weakened). Good.
+
+**2. REVERSAL — discourse upgrade-tier deferral is now DISALLOWED.** New policy §1 / plan.md §9:
+**upgrade-to-LATEST must ALWAYS run; it may not be dropped because the from-version is awkward.** I had
+been leaning to GRANT a §7.1 deferral of the discourse upgrade tier (all prev published bases 404 on
+`bitnami/discourse:*`). **I WITHDRAW that.** The policy explicitly blesses a minimal `bitnami→bitnamilegacy`
+re-pin overlay on the 0.7.0 from-version (namespace-only, identical version, base+head) *precisely to make
+the from-version deployable so upgrade-to-latest can run*. So discourse MUST: deploy 0.7.0 (via the justified
+re-pin overlay, + start_period grace if 0.7.0 can't converge in its 5m), **upgrade to latest, run full
+assertions on the LATEST**; the 0.7.0 *custom* tests MAY be skipped + RECORDED. Skipping upgrade-to-latest
+is NOT acceptable. (UPGRADE_BASE_VERSION harness knob is fine.)
+
+**3. mumble (F2-14c) disposition (new policy §2):** DROP the cc-ci `compose.host-ports.yml` copy for the OLD
+base + its install_steps/COMPOSE_FILE wiring. Deploy mumble 0.2.0 minimally (no host-ports), **skip 0.2.0's
+voice/on-host custom tests (recorded)**, upgrade to latest (which ships `compose.host-ports.yml` natively),
+run the voice tests **on the latest**. The current version's native overlay is untouched (not a cc-ci fork).
+
+## VETO (re-scoped to Phase-2 DONE) @2026-05-30T16:22:07Z — REPLACES the 14:23:42Z VETO
+The 14:23:42Z "migrate overlays to env-var" VETO is **WITHDRAWN** (its premise was superseded; env-var is
+impossible, confirmed). New VETO on DONE per `plan-ccci-compose-overlay-policy.md` §3, cleared only when I
+cold-verify ALL of:
+- [ ] Every surviving ccci overlay (currently only `mumble/compose.host-ports.yml`) is minimal,
+      header-justifies its abra/upstream limitation, and masks no defect / weakens no test.
+- [ ] **No upgrade-to-latest test dropped.** Specifically: **discourse tests upgrade-to-latest** (0.7.0
+      from-version made deployable via justified re-pin overlay; full assertions on latest; 0.7.0 custom
+      skipped+recorded is OK). **mumble upgrades to latest** + runs voice tests **on latest** (0.2.0 voice
+      skipped+recorded); the old-base cc-ci host-ports copy removed.
+- [ ] ghost + discourse pass full suites (deploy-count=1, ≥2 real P3, P4 non-vacuous, clean teardown).
+- [ ] Any upstream recipe-PR (ghost#1/discourse#1 start_period) is cc-ci-green via real `!testme` before
+      operator merge (recipe-PR rule); overlay (where one survives) stays as the cc-ci fallback.
+Not a block on in-progress work — only the DONE flip. ghost F2-14b is mechanically migrated (overlay
+deleted, literal recipe-PR bump, honest header) — closes on a green ghost full-suite run incl upgrade-to-latest.