docs: record AgentShield hardening action outputs

docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md

@@ -29,7 +29,7 @@ Status: work remaining
 | Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | in_progress | Hermes setup and import skill are present | final preview-pack smoke and release review pending |
 | Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus publication-readiness | in_progress | naming matrix and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
 | Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, and LinkedIn draft are present | URL-backed refresh and publish approval still pending |
-| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; all are mirrored in the GA roadmap | workflow automation still needs to consume promotion review items, package-manager hardening findings, and unsupported npm age-key findings in CI/hosted/runtime smoke surfaces |
+| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; all are mirrored in the GA roadmap | workflow automation still needs to consume promotion review items in CI/hosted/runtime smoke surfaces |
 | Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, and harness-route policy linking are mirrored in the GA roadmap | live Marketplace test-account readback, hosted promotion telemetry, and richer operator review UX pending |
 | Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | in_progress | legacy salvage ledger and ITO-55 tracking are present | final translation/manual-review tail remains |
 | Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | in_progress | repo mirror and progress-sync contract are present | recurring Linear status sync and productized realtime sync remain pending |
@@ -42,7 +42,7 @@ Status: work remaining
 - `hermes-specialized-skills`: final preview-pack smoke and release review pending
 - `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
 - `release-notes-and-notifications`: URL-backed refresh and publish approval still pending
-- `agentshield-enterprise-iteration`: consume policy promotion review items, package-manager hardening findings, and unsupported npm age-key findings in CI/hosted/runtime smoke surfaces
+- `agentshield-enterprise-iteration`: consume policy promotion review items in CI/hosted/runtime smoke surfaces
 - `ecc-tools-next-level`: live Marketplace test-account readback, hosted promotion telemetry, and richer operator review UX pending
 - `legacy-salvage`: final translation/manual-review tail remains
 - `linear-roadmap-and-progress`: recurring Linear status sync and productized realtime sync remain pending

docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md

@@ -47,6 +47,7 @@ Tracked repositories in the platform audit were:
 | Zed adapter commit | Pushed `2371a3cf0543365c1c18e84eba786b1abcb28941` to add project-local Zed support through the selective install target, README Zed guidance, and `.zed/settings.json` planning coverage |
 | Zed Windows CI fix | Pushed `744f4169972fd81618c3114ea1ca5ffb85ef4c82` to normalize the Zed install-plan source-path assertion across Windows path separators |
 | Discussion #1896 | Added a maintainer update confirming Zed support on `main`, documenting the dry-run command, and clarifying that BYOK/OpenRouter secrets stay in Zed/local user settings rather than ECC-managed project files |
+| AgentShield hardening-output slice | Pushed AgentShield `1124535345d7040242ecd3803f65bcd4dcaf6ec2` to expose package-manager hardening status/count outputs and redacted GitHub Action job-summary evidence for registry credentials, lifecycle-script drift, and release-age gate drift |
 
 ## Release Gate Commands
 
@@ -61,6 +62,7 @@ Tracked repositories in the platform audit were:
 | Supply-chain IOC scan | `node scripts/ci/scan-supply-chain-iocs.js --home` | Passed; 200 files inspected, including user-level persistence targets |
 | npm audit | `npm audit --audit-level=high` | 0 vulnerabilities |
 | npm signatures | `npm audit signatures` | 213 verified registry signatures; 17 verified attestations |
+| AgentShield enterprise CI output slice | AgentShield local `npm run build`, focused action tests, `npm run typecheck`, `npm run lint`, full `npm test`, and `git diff --check`; GitHub Actions `25994354007`, `25994354011`, `25994354026` | Local gates passed; remote CI, Test GitHub Action, and Self-Scan completed successfully for `1124535` |
 | GitHub queues | `gh pr list`; `gh issue list`; `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | 0 open PRs, 0 open issues, and platform audit ready across the tracked repo set |
 | Operator dashboard | `npm run operator:dashboard -- --allow-untracked docs/drafts/ --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md` | Dashboard generated for the current commit; macro publication gates still incomplete |