diff --git a/machine-docs/ADVERSARY-INBOX-drone.md b/machine-docs/ADVERSARY-INBOX-drone.md
new file mode 100644
index 0000000..47f37be
--- /dev/null
+++ b/machine-docs/ADVERSARY-INBOX-drone.md
@@ -0,0 +1,88 @@
+# ADVERSARY-INBOX — phase drone
+
+**To:** Adversary agent  
+**From:** Builder agent  
+**Date:** 2026-06-11T22:25Z  
+**Re:** M2 PASS verdict request — CI build #506
+
+---
+
+## Request
+
+Builder claims M2. Please perform a fresh independent verification of the M2 CI run (build #506)
+and issue a PASS or FAIL verdict in REVIEW-drone.md.
+
+## Evidence
+
+**Build:** #506 on `drone.ci.commoninternet.net/recipe-maintainers/cc-ci/506`  
+**Trigger:** !testme comment (ID 14374) on PR #1 of recipe-maintainers/drone (bridge event: custom)  
+**PR branch:** `testme-1.9.0-cc-ci` @ `049438e1cb47`  
+**Timestamp:** 2026-06-11T22:21Z–22:23Z
+
+**Results summary:**
+
+```
+recipe=drone  ref=049438e1cb47  pr=1  event=custom
+deploy-count = 2 (expect 2)
+  deps deployed: ['gitea']
+  install : pass     test_serving
+  upgrade : pass     test_upgrade_reconverges (1.8.0+2.25.0 → 1.9.0+2.26.0)
+  backup  : skip     intentional (not backup-capable, PARITY.md)
+  restore : skip     intentional
+  custom  : pass     test_login_redirects_to_gitea_dep
+  lint    : pass
+level=5
+clean_teardown=true
+no_secret_leak=true
+```
+
+**Results JSON:** `ssh cc-ci "cat /var/lib/cc-ci-runs/506/results.json"`
+
+**Screenshot:** `machine-docs/screenshots/drone-m2-build506.png`
+
+**Mirror PRs:**
+- `https://git.autonomic.zone/recipe-maintainers/drone/pulls/1`
+- `https://git.autonomic.zone/recipe-maintainers/gitea/pulls/1`
+
+## M2 DoD checklist (Builder self-assessment)
+
+- [x] CI run triggered via !testme on recipe mirror PR (not manual harness run)
+- [x] Build event=custom (bridge-triggered, not push)
+- [x] level=5 — all mandatory tiers pass
+- [x] deploy-count 2/2 — DG4.1 satisfied
+- [x] custom tier: `test_login_redirects_to_gitea_dep` PASS — SCM test verified against dep gitea (not production), correct client_id
+- [x] Dep gitea torn down cleanly after run (`clean_teardown=true`)
+- [x] No secrets in logs (`no_secret_leak=true`)
+- [x] Screenshot captured: `/var/lib/cc-ci-runs/506/screenshot.png`
+- [x] bridge.nix committed with `recipe-maintainers/drone` in POLL_REPOS (`4f8943d`)
+
+## Verification commands
+
+```bash
+# Read results.json from build #506:
+ssh cc-ci "cat /var/lib/cc-ci-runs/506/results.json"
+
+# Confirm event=custom (bridge-triggered):
+DRONE_TOKEN=$(cat /run/secrets/bridge_drone_token)
+curl -s -H "Authorization: Bearer $DRONE_TOKEN" \
+  'https://drone.ci.commoninternet.net/api/repos/recipe-maintainers/cc-ci/builds/506' \
+  | grep -o '"event":"[^"]*"'
+# Expected: "event":"custom"
+
+# Check bridge.nix includes drone:
+grep 'drone' /srv/cc-ci-orch/cc-ci/nix/modules/bridge.nix
+# Expected: recipe-maintainers/drone in POLL_REPOS
+
+# Confirm mirror PR #1 exists:
+# https://git.autonomic.zone/recipe-maintainers/drone/pulls/1
+```
+
+## DEFERRED note
+
+The build-creation gap (time between !testme comment and custom build start) was narrowed in this
+run. The original DEFERRED item tracked the theoretical gap where bridge could miss a comment.
+Adversary is asked to assess whether this item can be closed or should remain open.
+
+---
+
+_Builder agent: autonomic-bot / Claude (Builder loop)_
diff --git a/machine-docs/BACKLOG-drone.md b/machine-docs/BACKLOG-drone.md
index 72fab18..fe5d381 100644
--- a/machine-docs/BACKLOG-drone.md
+++ b/machine-docs/BACKLOG-drone.md
@@ -21,18 +21,18 @@ _(Builder's section — Adversary read-only)_
 - [x] Create `tests/drone/PARITY.md`
 - [x] Write unit tests for new harness surface (10/10 pass)
 - [x] Harness run 5 GREEN — deploy-count 2/2 (DG4.1 PASS), level=5, install+upgrade+custom PASS
-- [ ] Claim M1 (Adversary to verify ADV-drone-02 fix + M1 evidence)
+- [x] Claim M1 — Adversary PASS @2026-06-11T22:22Z (commit `3de5925`)
 
 ### M2 tasks (after M1 PASS)
 
-- [ ] Mirror drone + gitea on git.autonomic.zone (for !testme CI path)
-- [ ] Open !testme PR for drone recipe
-- [ ] CI run via !testme on drone PR — full lifecycle green
-- [ ] Screenshot real + visually verified
-- [ ] Level recorded
-- [ ] DEFERRED updated (build-creation gap narrowed + signed off)
-- [ ] Operator summary written
-- [ ] Claim M2
+- [x] Mirror drone + gitea on git.autonomic.zone (for !testme CI path)
+- [x] Open !testme PR for drone recipe — PR #1 `testme-1.9.0-cc-ci` @ recipe-maintainers/drone
+- [x] CI run via !testme on drone PR — build #506, event=custom, level=5, all tiers PASS
+- [x] Screenshot real + visually verified — `machine-docs/screenshots/drone-m2-build506.png`
+- [x] Level recorded — level=5
+- [ ] DEFERRED updated (build-creation gap narrowed + signed off by Adversary)
+- [x] Operator summary written — see STATUS-drone.md ## M2 CLAIMED
+- [ ] Claim M2 (Adversary to verify CI build #506 + M2 evidence)
 
 ---
 
diff --git a/machine-docs/STATUS-drone.md b/machine-docs/STATUS-drone.md
index b875c8f..f554ab5 100644
--- a/machine-docs/STATUS-drone.md
+++ b/machine-docs/STATUS-drone.md
@@ -6,6 +6,39 @@
 
 ---
 
+## M2 CLAIMED
+
+**Evidence:** CI build #506, 2026-06-11T22:21Z — event: custom (!testme on PR #1, recipe-maintainers/drone)
+
+```
+recipe=drone ref=049438e1cb47 pr=1
+deploy-count = 2 (expect 2)     # DG4.1 PASS
+  deps deployed: ['gitea']
+  install : pass                 # test_serving PASSED
+  upgrade : pass                 # test_upgrade_reconverges PASSED (1.8.0+2.25.0 → 1.9.0+2.26.0)
+  backup  : skip                 # intentional: not backup-capable
+  restore : skip                 # intentional: not backup-capable
+  custom  : pass                 # test_login_redirects_to_gitea_dep PASSED
+  lint    : pass
+level=5, clean_teardown=true, no_secret_leak=true
+```
+
+Gitea dep provisioned at `gite-4c9694.ci.commoninternet.net`:
+- Admin user `ci_admin` created
+- OAuth2 app created (client_id=`d144083e-5ba5-4d1e-aed2-5e8f8331923a`)
+- SCM wired via `install_steps.sh`; test confirmed redirect to dep (not production gitea)
+- Dep torn down cleanly post-run
+
+Screenshot: `machine-docs/screenshots/drone-m2-build506.png`  
+Build URL: `https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/506`  
+Results: `/var/lib/cc-ci-runs/506/results.json` (level=5)
+
+Mirror PRs:
+- `git.autonomic.zone/recipe-maintainers/drone/pulls/1` — `testme-1.9.0-cc-ci` branch
+- `git.autonomic.zone/recipe-maintainers/gitea/pulls/1` — dependency mirror in place
+
+---
+
 ## M1 CLAIMED
 
 **Evidence:** Harness run 5, 2026-06-11T22:18Z on cc-ci host (`/root/drone-test-clone` @ `0aa46db`)
@@ -34,7 +67,8 @@ Results: `/var/lib/cc-ci-runs/manual/results.json`
 
 **P0 prerequisite:** VERIFIED — `/etc/timezone` exists (content `UTC`) on cc-ci host.
 
-**Gate M1:** CLAIMED — awaiting Adversary fresh verification
+**Gate M1:** PASS — Adversary PASS @2026-06-11T22:22Z (commit `3de5925`)  
+**Gate M2:** CLAIMED — awaiting Adversary fresh verification of CI build #506
 
 ---
 
diff --git a/machine-docs/screenshots/drone-m2-build506.png b/machine-docs/screenshots/drone-m2-build506.png
new file mode 100644
index 0000000..397fb3b
Binary files /dev/null and b/machine-docs/screenshots/drone-m2-build506.png differ