ci: gate observability on release safety evidence

Add release-safety evidence coverage to observability readiness and refresh rc.1 publication gate docs.

docs/architecture/observability-readiness.md

@@ -35,6 +35,10 @@ operator needs.
 - Progress sync: `docs/architecture/progress-sync-contract.md` defines how
   GitHub, Linear, local handoffs, the repo roadmap, and `scripts/work-items.js`
   stay aligned during merge batches and release-gate reviews.
+- Release safety: `docs/releases/2.0.0-rc.1/publication-readiness.md`,
+  post-hardening evidence, supply-chain incident response, workflow-security
+  validation, npm pack checks, and release-surface tests must be present before
+  any public tag, package publish, plugin submission, or announcement action.
 
 ## Reference Pressure
 
@@ -71,6 +75,9 @@ later, but only after the local event model is useful enough to trust.
    relying on local work-item status for a tracked repository.
 7. Use ECC2 tool logs for risky operations, conflict analysis, and handoff
    review before increasing autonomy.
+8. Re-run the release-safety evidence checks before any public release action:
+   publication readiness, supply-chain incident response, workflow-security
+   validation, package surface, and release-surface tests.
 
 The end-state is practical: before asking ECC to run larger multi-agent loops,
 the operator can prove the system has live status, durable session traces,