diff --git a/docs/superpowers/specs/2026-05-08-l4d2-script-overlays-design.md b/docs/superpowers/specs/2026-05-08-l4d2-script-overlays-design.md
index cd113fa..a5d4271 100644
--- a/docs/superpowers/specs/2026-05-08-l4d2-script-overlays-design.md
+++ b/docs/superpowers/specs/2026-05-08-l4d2-script-overlays-design.md
@@ -1,5 +1,14 @@
 # L4D2 Script Overlays Design
 
+> **Sandbox engine superseded by [`2026-05-08-l4d2-script-sandbox-v2-systemd.md`](2026-05-08-l4d2-script-sandbox-v2-systemd.md).**
+> The v1 design below specifies `bubblewrap` + `systemd-run --scope` as the
+> sandbox engine. The v2 design (approved 2026-05-08, same day) replaced that
+> with `systemd-run` in service-unit mode and dropped `bubblewrap` entirely.
+> The current implementation in `scripts/libexec/left4me-script-sandbox`
+> follows v2; this v1 design is preserved for archaeology. The rest of the
+> design (overlay-type unification, resource caps, helper auth model, etc.)
+> still applies — only the sandbox-engine choice changed.
+
 **Goal:** Add a single new overlay type, `script`, that lets users author arbitrary build recipes as bash and runs them inside a `bubblewrap` + `systemd-run --scope` sandbox. The new type subsumes the existing `l4d2center_maps` and `cedapug_maps` managed-globals overlay types, both of which are removed in the same change. After this work the overlay type list is exactly `workshop` (unchanged) and `script` (new).
 
 **Approval status:** User-approved design direction. Implementation proceeds in lockstep with the companion plan at `docs/superpowers/plans/2026-05-08-l4d2-script-overlays.md`.
diff --git a/docs/superpowers/specs/2026-05-15-janitorial-cleanup.md b/docs/superpowers/specs/2026-05-15-janitorial-cleanup.md
index f04d826..6ba1455 100644
--- a/docs/superpowers/specs/2026-05-15-janitorial-cleanup.md
+++ b/docs/superpowers/specs/2026-05-15-janitorial-cleanup.md
@@ -126,7 +126,16 @@ open decision. Three options listed there:
 **Action**: pick one as part of the broader deploy-dir-rethink
 work, or as an isolated decision now.
 
-### 6. `bubblewrap` references in spec docs
+### 6. `bubblewrap` references in spec docs [RESOLVED]
+
+**Resolution**: v1 design spec (`2026-05-08-l4d2-script-overlays-design.md`)
+got a top-of-file banner pointing at the v2 spec; body left as-is for
+archaeology. Stale docstring in `l4d2web/services/overlay_builders.py`
+corrected to "hardened systemd-run transient service." Stray "/bwrap"
+in a test comment cleaned up. Plan-doc references left in place
+(historical action snapshots).
+
+
 
 **What**: `docs/superpowers/specs/2026-05-08-l4d2-script-overlays-design.md`
 (if it still exists) describes the sandbox as using `bubblewrap`.
diff --git a/l4d2web/services/overlay_builders.py b/l4d2web/services/overlay_builders.py
index c73c903..7acda04 100644
--- a/l4d2web/services/overlay_builders.py
+++ b/l4d2web/services/overlay_builders.py
@@ -366,9 +366,9 @@ def run_sandboxed_script(
 
 class ScriptBuilder:
     """Run an arbitrary user-authored bash script against the overlay dir
-    inside a bubblewrap + systemd-run sandbox. The script sees the overlay
-    dir as RW `/overlay` and a curated host RO mount; everything else is
-    isolated. After exit, enforce a 20 GB cap on `du -sb /overlay`."""
+    inside a hardened systemd-run transient service. The script sees the
+    overlay dir as RW `/overlay` and a curated host RO mount; everything
+    else is isolated. After exit, enforce a 20 GB cap on `du -sb /overlay`."""
 
     def build(
         self,
diff --git a/scripts/tests/test_script_sandbox.py b/scripts/tests/test_script_sandbox.py
index bddb1f3..2bf2570 100644
--- a/scripts/tests/test_script_sandbox.py
+++ b/scripts/tests/test_script_sandbox.py
@@ -166,6 +166,6 @@ def test_script_sandbox_helper_dry_run_mode(tmp_path):
     # simulates `id -u l4d2-sandbox` resolving to a valid number.
     helper_text = SCRIPT_SANDBOX_HELPER.read_text()
     # We can't actually exec this without root + a real sandbox user; just
-    # verify the dry-run guard short-circuits before systemd-run / bwrap.
+    # verify the dry-run guard short-circuits before systemd-run runs.
     assert 'LEFT4ME_SCRIPT_SANDBOX_DRY_RUN' in helper_text
     assert 'exit 0' in helper_text