From 0b8514ef8dbed41b94ecc233add2d0ec5155cd54 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Wed, 20 May 2026 10:02:22 +0800
Subject: [PATCH] feat(web): add IwoooS queue review checklist

---
 apps/web/messages/en.json                     |  48 +++++
 apps/web/messages/zh-TW.json                  |  48 +++++
 apps/web/src/app/[locale]/iwooos/page.tsx     |  70 +++++++
 docs/LOGBOOK.md                               |  14 ++
 .../iwooos_posture_projection_v1.schema.json  | 103 +++++++++++
 docs/security/IWOOOS-POSTURE-PROJECTION.md    |  23 ++-
 .../security/SECURITY-MIRROR-STATUS-ROLLUP.md |   3 +-
 .../SECURITY-SUPPLY-CHAIN-PROGRESS.md         |   6 +-
 .../iwooos-posture-projection.snapshot.json   | 175 +++++++++++++++++-
 ...ecurity-mirror-status-rollup.snapshot.json |  13 +-
 .../security-mirror-progress-guard.py         | 113 +++++++++++
 11 files changed, 608 insertions(+), 8 deletions(-)

diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json
index 9e78c36e..8bad2517 100644
--- a/apps/web/messages/en.json
+++ b/apps/web/messages/en.json
@@ -2198,6 +2198,54 @@
           "field": "not authorization; action buttons=false"
         }
       }
+    },
+    "hostOwnerDecisionRecordFormalRecordQueueReview": {
+      "title": "Host Owner Decision Record Formal Record Queue Review Checklist",
+      "subtitle": "The formal record queue review checklist only confirms whether queue packets are readable for a future human formal-record review. It does not mark review passed, enqueue, create decision records, create approval records, or open runtime gates.",
+      "checkLabel": "Queue review",
+      "guardLabel": "Guardrail",
+      "items": {
+        "queueIdentityTraceable": {
+          "title": "Queue identity traceable",
+          "body": "Confirms queue identity can trace candidate record, version, owner, review scope, and source without treating traceability as formal enqueue.",
+          "guard": "trace only; queue enqueued=0"
+        },
+        "queueDecisionSummaryReadable": {
+          "title": "Queue decision summary readable",
+          "body": "Confirms the decision summary and no-execution statement are readable without creating a formal decision record.",
+          "guard": "summary only; record created=false"
+        },
+        "queueScopeExpiryFresh": {
+          "title": "Queue scope and expiry fresh",
+          "body": "Confirms host, network, service, exclusion, observation intent, and expiry are not stale or outside the original scope.",
+          "guard": "scope check only; finalized=0"
+        },
+        "queueScanLimitsNotAuthorization": {
+          "title": "Queue scan limits not authorization",
+          "body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraints, not scan approval.",
+          "guard": "scan authorized=false"
+        },
+        "queueCredentialBoundaryMetadataOnly": {
+          "title": "Queue credential boundary metadata-only",
+          "body": "Confirms credential boundary keeps only metadata, owner, retention, and masking boundary without requesting sensitive material.",
+          "guard": "secret collection=false"
+        },
+        "queueMaintenanceRollbackLinked": {
+          "title": "Queue maintenance and rollback linked",
+          "body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact have pointers without allowing host package changes or tuning.",
+          "guard": "host change=false"
+        },
+        "queueValidationGateSeparate": {
+          "title": "Queue validation gate separate",
+          "body": "Confirms validation evidence, post-check metrics, and baseline pointer still route to a separate runtime gate.",
+          "guard": "active gates=0"
+        },
+        "queueNoExecutionAttestationPresent": {
+          "title": "Queue no-execution attestation present",
+          "body": "Confirms the no-execution, no-approval, and no-runtime-gate statement remains present so the checklist cannot become an action entry.",
+          "guard": "action buttons=false"
+        }
+      }
     }
   },
   "tickets": {
diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json
index 353649f4..cb591531 100644
--- a/apps/web/messages/zh-TW.json
+++ b/apps/web/messages/zh-TW.json
@@ -2199,6 +2199,54 @@
           "field": "not authorization；action buttons=false"
         }
       }
+    },
+    "hostOwnerDecisionRecordFormalRecordQueueReview": {
+      "title": "主機 Owner Decision Record Formal Record Queue Review Checklist",
+      "subtitle": "Formal record queue review checklist 只確認佇列資料包是否可供未來人工正式紀錄審查。不標記 review passed、不 enqueue、不建立 decision record、不建立 approval record、不開 runtime gate。",
+      "checkLabel": "Queue review",
+      "guardLabel": "保護邊界",
+      "items": {
+        "queueIdentityTraceable": {
+          "title": "Queue identity traceable",
+          "body": "確認 queue identity 能回溯 candidate record、版本、owner、review scope 與來源，不把可追蹤性當成正式入列。",
+          "guard": "trace only；queue enqueued=0"
+        },
+        "queueDecisionSummaryReadable": {
+          "title": "Queue decision summary readable",
+          "body": "確認 decision summary 與 no-execution statement 可讀，但不產生正式 decision record。",
+          "guard": "summary only；record created=false"
+        },
+        "queueScopeExpiryFresh": {
+          "title": "Queue scope and expiry fresh",
+          "body": "確認 host、network、service、exclusion、觀察目的與 expiry 沒有過期或超出原始 scope。",
+          "guard": "scope check only；finalized=0"
+        },
+        "queueScanLimitsNotAuthorization": {
+          "title": "Queue scan limits not authorization",
+          "body": "確認 observe-only、future active scan 與 credentialed scan limits 仍只是限制描述，不是掃描批准。",
+          "guard": "scan authorized=false"
+        },
+        "queueCredentialBoundaryMetadataOnly": {
+          "title": "Queue credential boundary metadata-only",
+          "body": "確認 credential boundary 只保留 metadata、owner、retention 與 masking 邊界，不要求敏感素材。",
+          "guard": "secret collection=false"
+        },
+        "queueMaintenanceRollbackLinked": {
+          "title": "Queue maintenance and rollback linked",
+          "body": "確認維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點都有 pointer，但不代表可以做主機套件變更或調校。",
+          "guard": "host change=false"
+        },
+        "queueValidationGateSeparate": {
+          "title": "Queue validation gate separate",
+          "body": "確認 validation evidence、post-check metrics 與 baseline pointer 仍導向獨立 runtime gate。",
+          "guard": "active gates=0"
+        },
+        "queueNoExecutionAttestationPresent": {
+          "title": "Queue no-execution attestation present",
+          "body": "確認 no-execution / no-approval / no-runtime-gate 聲明仍在，避免 checklist 被當成 action entry。",
+          "guard": "action buttons=false"
+        }
+      }
     }
   },
   "tickets": {
diff --git a/apps/web/src/app/[locale]/iwooos/page.tsx b/apps/web/src/app/[locale]/iwooos/page.tsx
index c9fb1565..9d14b51c 100644
--- a/apps/web/src/app/[locale]/iwooos/page.tsx
+++ b/apps/web/src/app/[locale]/iwooos/page.tsx
@@ -229,6 +229,13 @@ type HostOwnerDecisionRecordFormalRecordQueuePacket = {
   tone: 'steady' | 'warn' | 'locked'
 }
 
+type HostOwnerDecisionRecordFormalRecordQueueReviewItem = {
+  key: string
+  check: string
+  icon: typeof ShieldCheck
+  tone: 'steady' | 'warn' | 'locked'
+}
+
 const postureMetrics: PostureMetric[] = [
   { key: 'overall', value: '58%', tone: 'warn' },
   { key: 'framework', value: '80-85%', tone: 'steady' },
@@ -542,6 +549,17 @@ const hostOwnerDecisionRecordFormalRecordQueuePackets: HostOwnerDecisionRecordFo
   { key: 'queueNoExecutionAttestationPacket', packet: 'FQ8', icon: FileWarning, tone: 'locked' },
 ]
 
+const hostOwnerDecisionRecordFormalRecordQueueReviewItems: HostOwnerDecisionRecordFormalRecordQueueReviewItem[] = [
+  { key: 'queueIdentityTraceable', check: 'FQC1', icon: FileText, tone: 'warn' },
+  { key: 'queueDecisionSummaryReadable', check: 'FQC2', icon: ClipboardCheck, tone: 'warn' },
+  { key: 'queueScopeExpiryFresh', check: 'FQC3', icon: Radar, tone: 'warn' },
+  { key: 'queueScanLimitsNotAuthorization', check: 'FQC4', icon: Activity, tone: 'locked' },
+  { key: 'queueCredentialBoundaryMetadataOnly', check: 'FQC5', icon: Lock, tone: 'locked' },
+  { key: 'queueMaintenanceRollbackLinked', check: 'FQC6', icon: Clock3, tone: 'warn' },
+  { key: 'queueValidationGateSeparate', check: 'FQC7', icon: ShieldCheck, tone: 'locked' },
+  { key: 'queueNoExecutionAttestationPresent', check: 'FQC8', icon: FileWarning, tone: 'locked' },
+]
+
 const evidenceItems = [
   'iwooos-posture-projection.snapshot.json',
   'security-rollout-policy.snapshot.json',
@@ -1428,6 +1446,38 @@ function HostOwnerDecisionRecordFormalRecordQueueCard({
   )
 }
 
+function HostOwnerDecisionRecordFormalRecordQueueReviewCard({
+  item,
+}: {
+  item: HostOwnerDecisionRecordFormalRecordQueueReviewItem
+}) {
+  const t = useTranslations('iwooos.hostOwnerDecisionRecordFormalRecordQueueReview')
+  const Icon = item.icon
+  return (
+    <div style={{ ...band, minHeight: 190, padding: 16 }}>
+      <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', gap: 12 }}>
+        <div style={{ display: 'flex', alignItems: 'center', gap: 9 }}>
+          <Icon size={18} color={toneColors[item.tone]} />
+          <span style={{ fontSize: 11, color: '#87867f' }}>{t('checkLabel')}</span>
+        </div>
+        <span style={{ fontSize: 11, color: '#9b978b' }}>{item.check}</span>
+      </div>
+      <h2 style={{ fontSize: 14, margin: '12px 0 6px', color: '#141413' }}>
+        {t(`items.${item.key}.title` as never)}
+      </h2>
+      <p style={{ fontSize: 12, lineHeight: 1.55, color: '#6f6d66', margin: 0 }}>
+        {t(`items.${item.key}.body` as never)}
+      </p>
+      <div style={{ marginTop: 10, display: 'grid', gap: 5 }}>
+        <div style={{ fontSize: 11, color: '#87867f' }}>{t('guardLabel')}</div>
+        <div style={{ fontSize: 11, color: toneColors[item.tone], lineHeight: 1.45 }}>
+          {t(`items.${item.key}.guard` as never)}
+        </div>
+      </div>
+    </div>
+  )
+}
+
 export default function IwoooSPage({ params }: { params: { locale: string } }) {
   const t = useTranslations('iwooos')
 
@@ -1940,6 +1990,26 @@ export default function IwoooSPage({ params }: { params: { locale: string } }) {
           </div>
         </section>
 
+        <section style={{ marginBottom: 14 }}>
+          <div style={{ marginBottom: 14 }}>
+            <h2 style={{ fontSize: 16, margin: 0 }}>{t('hostOwnerDecisionRecordFormalRecordQueueReview.title')}</h2>
+            <p style={{ fontSize: 12, color: '#6f6d66', margin: '6px 0 0', lineHeight: 1.55 }}>
+              {t('hostOwnerDecisionRecordFormalRecordQueueReview.subtitle')}
+            </p>
+          </div>
+          <div
+            style={{
+              display: 'grid',
+              gridTemplateColumns: 'repeat(auto-fit, minmax(210px, 1fr))',
+              gap: 12,
+            }}
+          >
+            {hostOwnerDecisionRecordFormalRecordQueueReviewItems.map(item => (
+              <HostOwnerDecisionRecordFormalRecordQueueReviewCard key={item.key} item={item} />
+            ))}
+          </div>
+        </section>
+
         <section
           style={{
             display: 'grid',
diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md
index e274b21b..08c789b6 100644
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -1,3 +1,17 @@
+## 2026-05-20 | 資安供應鏈 S2.36：IwoooS Host Owner Decision Record Formal Record Queue Review Checklist
+
+**背景**：S2.35 已把 ready for human record queue 後的只讀資料包顯示出來；本輪補上 queue packets 後的只讀 review checklist，避免使用者把佇列資料包可讀誤解成 review passed、已 enqueue、正式 decision record 已建立或已批准。
+
+**完成**：
+- `/iwooos` 新增「主機 Owner Decision Record Formal Record Queue Review Checklist」，顯示 identity traceable、decision summary readable、scope and expiry fresh、scan limits not authorization、credential boundary metadata-only、maintenance and rollback linked、validation gate separate、no-execution attestation present 八個只讀核對項。
+- `iwooos_posture_projection_v1` schema / snapshot 新增 `host_owner_decision_record_formal_record_queue_review_checklist_items` 與 `host_owner_decision_record_formal_record_queue_review_checklist_item_count=8`，每個 item 固定 `display_mode=owner_decision_record_formal_record_queue_review_checklist_only`、`formal_record_queue_review_passed_count=0`、`formal_record_queue_enqueued_count=0`、`decision_record_created=false`、`owner_decision_received_count=0`、`owner_decision_accepted_count=0`、`owner_approval_record_created=false`、`runtime_gate_opened=false`、`raw_payload_allowed=false`、`secret_value_collection_allowed=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
+- `security-mirror-progress-guard.py` 開始驗證八個 host owner decision record formal record queue review checklist items、順序、來源 packet、review conditions，以及 review passed / queue enqueued / decision record / owner decision / approval record / runtime gate / raw payload / secret value / runtime / action button 仍全部鎖住。
+- `security_mirror_status_rollup_v1` micro progress ledger 新增 `s2_36_iwooos_host_owner_decision_record_formal_record_queue_review_checklist`，headline progress 仍維持 58%。
+
+**仍禁止**：
+- host owner decision record formal record queue review checklist 不代表 review passed、queue enqueued、decision record created、owner decision received / accepted、approved、approval record created、runtime gate opened、raw payload ingestion、secret value collection、active scan、credentialed scan、Kali `/execute`、SSH 登入、主機變更、Kali 更新或 blocking control。
+- 真正人工 owner decision、正式決策紀錄、批准與後續 runtime gate 仍需脫敏 evidence、人工簽核與獨立 runtime gate。
+
 ## 2026-05-20 | 資安供應鏈 S2.35：IwoooS Host Owner Decision Record Formal Record Queue Packets
 
 **背景**：S2.34 已把 formal candidate review 後的只讀 outcome lanes 顯示出來；本輪補上 ready for human record queue 後的只讀資料包，避免使用者把 queue packet 誤讀成已 enqueue、正式 decision record 已建立、已接受或已批准。
diff --git a/docs/schemas/iwooos_posture_projection_v1.schema.json b/docs/schemas/iwooos_posture_projection_v1.schema.json
index 00c4d964..becb4b94 100644
--- a/docs/schemas/iwooos_posture_projection_v1.schema.json
+++ b/docs/schemas/iwooos_posture_projection_v1.schema.json
@@ -42,6 +42,7 @@
     "host_owner_decision_record_formal_candidate_review_checklist_items",
     "host_owner_decision_record_formal_candidate_review_outcome_lanes",
     "host_owner_decision_record_formal_record_queue_packets",
+    "host_owner_decision_record_formal_record_queue_review_checklist_items",
     "frontend_surface_coverage_groups",
     "evidence_refs",
     "allowed_frontend_outputs",
@@ -123,6 +124,7 @@
         "host_owner_decision_record_formal_candidate_review_checklist_item_count",
         "host_owner_decision_record_formal_candidate_review_outcome_lane_count",
         "host_owner_decision_record_formal_record_queue_packet_count",
+        "host_owner_decision_record_formal_record_queue_review_checklist_item_count",
         "action_buttons_allowed"
       ],
       "properties": {
@@ -280,6 +282,10 @@
         "host_owner_decision_record_formal_record_queue_packet_count": {
           "type": "integer",
           "const": 8
+        },
+        "host_owner_decision_record_formal_record_queue_review_checklist_item_count": {
+          "type": "integer",
+          "const": 8
         }
       },
       "additionalProperties": false
@@ -2585,6 +2591,103 @@
         },
         "additionalProperties": false
       }
+    },
+    "host_owner_decision_record_formal_record_queue_review_checklist_items": {
+      "type": "array",
+      "minItems": 8,
+      "items": {
+        "type": "object",
+        "required": [
+          "item_id",
+          "display_order",
+          "source_packet_id",
+          "review_condition",
+          "guardrail",
+          "display_mode",
+          "formal_record_queue_review_passed_count",
+          "formal_record_queue_enqueued_count",
+          "decision_record_created",
+          "owner_decision_received_count",
+          "owner_decision_accepted_count",
+          "owner_approval_record_created",
+          "runtime_gate_opened",
+          "raw_payload_allowed",
+          "secret_value_collection_allowed",
+          "runtime_execution_authorized",
+          "action_buttons_allowed",
+          "not_authorization"
+        ],
+        "properties": {
+          "item_id": {
+            "type": "string"
+          },
+          "display_order": {
+            "type": "integer",
+            "minimum": 1
+          },
+          "source_packet_id": {
+            "type": "string"
+          },
+          "review_condition": {
+            "type": "string"
+          },
+          "guardrail": {
+            "type": "string"
+          },
+          "display_mode": {
+            "const": "owner_decision_record_formal_record_queue_review_checklist_only"
+          },
+          "formal_record_queue_review_passed_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "formal_record_queue_enqueued_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "decision_record_created": {
+            "type": "boolean",
+            "const": false
+          },
+          "owner_decision_received_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "owner_decision_accepted_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "owner_approval_record_created": {
+            "type": "boolean",
+            "const": false
+          },
+          "runtime_gate_opened": {
+            "type": "boolean",
+            "const": false
+          },
+          "raw_payload_allowed": {
+            "type": "boolean",
+            "const": false
+          },
+          "secret_value_collection_allowed": {
+            "type": "boolean",
+            "const": false
+          },
+          "runtime_execution_authorized": {
+            "type": "boolean",
+            "const": false
+          },
+          "action_buttons_allowed": {
+            "type": "boolean",
+            "const": false
+          },
+          "not_authorization": {
+            "type": "boolean",
+            "const": true
+          }
+        },
+        "additionalProperties": false
+      }
     }
   },
   "additionalProperties": false
diff --git a/docs/security/IWOOOS-POSTURE-PROJECTION.md b/docs/security/IWOOOS-POSTURE-PROJECTION.md
index d5950a4a..c7c6577f 100644
--- a/docs/security/IWOOOS-POSTURE-PROJECTION.md
+++ b/docs/security/IWOOOS-POSTURE-PROJECTION.md
@@ -63,6 +63,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence：
 31. 7 個 host owner decision record formal candidate review checklist items，顯示 formal candidate packets 進入後續人工紀錄前仍需只讀核對的條件。
 32. 8 個 host owner decision record formal candidate review outcome lanes，顯示 candidate review 後的只讀結果分流與下一步。
 33. 8 個 host owner decision record formal record queue packets，顯示人工正式紀錄佇列需要看的資料包，但不 enqueue、不建立 decision record、不開 runtime gate。
+34. 8 個 host owner decision record formal record queue review checklist items，顯示佇列資料包進人工正式紀錄審查前仍需只讀核對的條件。
 
 ## 3.1 既有前端資安頁面整合
 
@@ -520,6 +521,25 @@ S2.35 將 ready for human record queue 後的人工正式紀錄佇列資料拆
 
 這個 queue packet board 不代表正式紀錄佇列已 enqueue、decision record 已建立、owner decision 已接受、資安批准已完成或 runtime gate 已開啟。它只讓 IwoooS 把人工正式紀錄佇列需要看的資料包顯示出來，避免把佇列可讀性誤解成執行授權。
 
+## 3.27 Host Owner Decision Record Formal Record Queue Review Checklist
+
+S2.36 將 formal record queue packets 後的人工正式紀錄佇列核對拆成八個只讀 checklist items。這一層只回答「佇列資料包是否可供未來人工正式紀錄審查」，不標記 review passed、不 enqueue、不建立 decision record、不建立 approval record、不開 runtime gate。
+
+| 順序 | Queue review check | 來源 packet | 保護邊界 |
+|------|--------------------|-------------|----------|
+| 1 | Queue identity traceable | Queue identity packet | trace only；queue enqueued=0 |
+| 2 | Queue decision summary readable | Queue decision summary packet | summary only；record created=false |
+| 3 | Queue scope and expiry fresh | Queue scope and expiry packet | scope check only；finalized=0 |
+| 4 | Queue scan limits not authorization | Queue scan limits packet | scan authorized=false |
+| 5 | Queue credential boundary metadata-only | Queue credential boundary packet | secret collection=false |
+| 6 | Queue maintenance and rollback linked | Queue maintenance and rollback packet | host change=false |
+| 7 | Queue validation gate separate | Queue validation and runtime gate packet | active gates=0 |
+| 8 | Queue no-execution attestation present | Queue no-execution attestation packet | action buttons=false |
+
+每個 queue review check 都固定 `display_mode=owner_decision_record_formal_record_queue_review_checklist_only`、`formal_record_queue_review_passed_count=0`、`formal_record_queue_enqueued_count=0`、`decision_record_created=false`、`owner_decision_received_count=0`、`owner_decision_accepted_count=0`、`owner_approval_record_created=false`、`runtime_gate_opened=false`、`raw_payload_allowed=false`、`secret_value_collection_allowed=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
+
+這個 queue review checklist 不代表正式紀錄佇列核對已通過、正式紀錄已 enqueue、decision record 已建立、owner decision 已接受、資安批准已完成或 runtime gate 已開啟。它只讓 IwoooS 把佇列資料包進人工正式紀錄前的核對條件顯示出來，避免把 checklist 可見性誤解成執行授權。
+
 ## 4. 仍禁止
 
 IwoooS 不得提供下列輸出：
@@ -552,7 +572,8 @@ IwoooS 不得提供下列輸出：
 26. 把 owner decision record formal candidate review 當成 approval、標記 formal candidate review passed / finalized、從 formal candidate review 建立 decision record，或從 formal candidate review 開 runtime gate。
 27. 把 owner decision record formal candidate review outcome 當成 approval、標記 formal candidate review outcome passed / finalized、從 formal candidate review outcome 建立 decision record，或從 formal candidate review outcome 開 runtime gate。
 28. 把 owner decision record formal record queue packet 當成 approval、由前端 enqueue formal record queue、從 formal record queue packet 建立或接受 decision record，或從 formal record queue packet 開 runtime gate。
-29. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
+29. 把 owner decision record formal record queue review checklist 當成 approval、標記 queue review passed、由 queue review enqueue 或建立 decision record，或從 queue review 開 runtime gate。
+30. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
 
 ## 5. 驗證
 
diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
index faff2146..3b926e43 100644
--- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
+++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
@@ -35,7 +35,7 @@
 | Owner response validation | S4.13 已建立；四包 owner response 目前 received/accepted 皆為 0；4 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示；下一個建議收件為 S4.9 Gitea owner attestation；latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`，reviewer audit emitted 仍為 0，不代表 owner response 已收到或任何執行授權 |
 | Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanes；LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn；`owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` |
 | IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口；顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs；不新增執行按鈕 |
-| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`；S2.10 已把 10 個既有前端資安相關頁面納入 projection；S2.11 已補 4 個 coverage groups 與 5 個 conflict controls；S2.12 已補 6 個只讀 operator journey steps；S2.13 已補 7 個 owner evidence readiness items；S2.14 已補 3 個 host coverage items：Kali 112、開發主機 168、開發主機 111；S2.15 已補 6 個 host action gate items；S2.16 已補 7 個 host evidence readiness items；S2.17 已補 7 個 host evidence collection order steps；S2.18 已補 7 個 host evidence intake preflight checks；S2.19 已補 7 個 host evidence review outcome lanes；S2.20 已補 7 個 host evidence review handoff packets；S2.21 已補 7 個 host evidence reviewer checklist items；S2.22 已補 7 個 host evidence reviewer outcome lanes；S2.23 已補 7 個 host owner decision candidate packets；S2.24 已補 7 個 host owner decision review checklist items；S2.25 已補 7 個 host owner decision review outcome lanes；S2.26 已補 7 個 host owner decision record draft packets；S2.27 已補 7 個 host owner decision record draft review checklist items；S2.28 已補 7 個 host owner decision record draft review outcome lanes；S2.29 已補 7 個 host owner decision record write-up packets；S2.30 已補 7 個 host owner decision record write-up review checklist items；S2.31 已補 7 個 host owner decision record write-up review outcome lanes；S2.32 已補 7 個 host owner decision record formal candidate packets；S2.33 已補 7 個 host owner decision record formal candidate review checklist items；S2.34 已補 8 個 host owner decision record formal candidate review outcome lanes；S2.35 已補 8 個 host owner decision record formal record queue packets；仍不新增 action button |
+| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`；S2.10 已把 10 個既有前端資安相關頁面納入 projection；S2.11 已補 4 個 coverage groups 與 5 個 conflict controls；S2.12 已補 6 個只讀 operator journey steps；S2.13 已補 7 個 owner evidence readiness items；S2.14 已補 3 個 host coverage items：Kali 112、開發主機 168、開發主機 111；S2.15 已補 6 個 host action gate items；S2.16 已補 7 個 host evidence readiness items；S2.17 已補 7 個 host evidence collection order steps；S2.18 已補 7 個 host evidence intake preflight checks；S2.19 已補 7 個 host evidence review outcome lanes；S2.20 已補 7 個 host evidence review handoff packets；S2.21 已補 7 個 host evidence reviewer checklist items；S2.22 已補 7 個 host evidence reviewer outcome lanes；S2.23 已補 7 個 host owner decision candidate packets；S2.24 已補 7 個 host owner decision review checklist items；S2.25 已補 7 個 host owner decision review outcome lanes；S2.26 已補 7 個 host owner decision record draft packets；S2.27 已補 7 個 host owner decision record draft review checklist items；S2.28 已補 7 個 host owner decision record draft review outcome lanes；S2.29 已補 7 個 host owner decision record write-up packets；S2.30 已補 7 個 host owner decision record write-up review checklist items；S2.31 已補 7 個 host owner decision record write-up review outcome lanes；S2.32 已補 7 個 host owner decision record formal candidate packets；S2.33 已補 7 個 host owner decision record formal candidate review checklist items；S2.34 已補 8 個 host owner decision record formal candidate review outcome lanes；S2.35 已補 8 個 host owner decision record formal record queue packets；S2.36 已補 8 個 host owner decision record formal record queue review checklist items；仍不新增 action button |
 | Dry-run | `contract_defined_not_executed`；已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`，latest local validation 為 `repo_snapshot_guard_pass`，仍不代表 production ingestion |
 | Runtime actions | `false` |
 | Payload ingestion | `false` |
@@ -119,6 +119,7 @@
 | S2.33 IwoooS host owner decision record formal candidate review checklist | framework detail | 0 | 只顯示 formal candidate packets 後的七個只讀核對項；review passed、finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
 | S2.34 IwoooS host owner decision record formal candidate review outcome lanes | framework detail | 0 | 只顯示 formal candidate review 後的八個只讀結果分流；review passed、finalized count、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
 | S2.35 IwoooS host owner decision record formal record queue packets | framework detail | 0 | 只顯示 formal record queue 需要的八個只讀資料包；queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
+| S2.36 IwoooS host owner decision record formal record queue review checklist | framework detail | 0 | 只顯示 formal record queue packets 後的八個只讀核對項；review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
 
 headline 進度要再往上，至少需要下列任一高層 gate 有實質 evidence：
 
diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
index 25fff996..ec6d81de 100644
--- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
+++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
@@ -4,7 +4,7 @@
 |------|------|
 | 日期 | 2026-05-17 |
 | 狀態 | S0/S1 read-only evidence 建置中 |
-| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets |
+| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist |
 | 原則 | 低摩擦分階段；文件、schema、read-only evidence 優先；不做 runtime enforcement、不切 primary |
 
 ## 0. 本階段完成後整體進度
@@ -27,7 +27,7 @@ python3 scripts/security/security-mirror-progress-guard.py
 
 ### 0.2 Headline 58% 不代表停滯
 
-近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry，以及 S2.9-S2.35 IwoooS posture projection contract 都是有效進展，但它們是 framework detail，不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%，避免把只讀框架誤算成已落地執行。
+近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry，以及 S2.9-S2.36 IwoooS posture projection contract 都是有效進展，但它們是 framework detail，不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%，避免把只讀框架誤算成已落地執行。
 
 | 最近完成 | 目前狀態 | headline delta |
 |----------|----------|----------------|
@@ -95,6 +95,7 @@ python3 scripts/security/security-mirror-progress-guard.py
 | S2.33 IwoooS host owner decision record formal candidate review checklist | 已完成草案，將 record identity traceable、decision summary readable、scope / expiry consistent、scan limits not authorization、credential metadata-only、maintenance / rollback traceable 與 runtime gate closed 顯示成七個只讀候選核對項 | 0 |
 | S2.34 IwoooS host owner decision record formal candidate review outcome lanes | 已完成草案，將 ready for human record queue、identity needs trace、summary needs clarification、scope / expiry refresh、scan limits ambiguous、credential boundary failed、maintenance / rollback incomplete 與 runtime gate required 顯示成八個只讀結果分流 | 0 |
 | S2.35 IwoooS host owner decision record formal record queue packets | 已完成草案，將 queue identity、decision summary、scope / expiry、scan limits、credential boundary、maintenance / rollback、validation / runtime gate、no-execution attestation 顯示成八個只讀佇列資料包 | 0 |
+| S2.36 IwoooS host owner decision record formal record queue review checklist | 已完成草案，將 queue identity traceable、decision summary readable、scope / expiry fresh、scan limits not authorization、credential metadata-only、maintenance / rollback linked、validation gate separate、no-execution attestation present 顯示成八個只讀核對項 | 0 |
 
 headline 要再往上，需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收，或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
 
@@ -149,6 +150,7 @@ headline 要再往上，需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
 | S2.33 IwoooS Host Owner Decision Record Formal Candidate Review Checklist | 完成草案 | `/iwooos` 新增主機 owner decision record formal candidate review checklist，顯示 record identity traceable、decision summary readable、scope / expiry consistent、scan limits still not authorization、credential boundary still metadata-only、maintenance / rollback traceable、runtime gate still closed 七個核對項 | 使用者能理解 formal candidate review 仍不是通過、完成或批准；仍不標記 review passed、不標記 finalized、不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
 | S2.34 IwoooS Host Owner Decision Record Formal Candidate Review Outcome Lanes | 完成草案 | `/iwooos` 新增主機 owner decision record formal candidate review outcome lanes，顯示 ready for human record queue、record identity needs trace、decision summary needs clarification、scope / expiry need refresh、scan limits ambiguous、credential boundary failed、maintenance / rollback incomplete、runtime gate still required 八個分流 | 使用者能理解 formal candidate review outcome 仍不是通過、完成或批准；仍不標記 review passed、不標記 finalized、不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
 | S2.35 IwoooS Host Owner Decision Record Formal Record Queue Packets | 完成草案 | `/iwooos` 新增主機 owner decision record formal record queue packets，顯示 queue identity、decision summary、scope / expiry、scan limits、credential boundary、maintenance / rollback、validation / runtime gate、no-execution attestation 八個資料包 | 使用者能理解 formal record queue packet 仍不是 enqueue 或正式紀錄；仍不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
+| S2.36 IwoooS Host Owner Decision Record Formal Record Queue Review Checklist | 完成草案 | `/iwooos` 新增主機 owner decision record formal record queue review checklist，顯示 identity traceable、decision summary readable、scope / expiry fresh、scan limits not authorization、credential metadata-only、maintenance / rollback linked、validation gate separate、no-execution attestation present 八個核對項 | 使用者能理解 formal record queue review 仍不是 review passed、enqueue 或正式紀錄；仍不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
 | S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items：7 pending、1 block candidate、0 approved | 不得繞過人工批准；批准後仍需 follow-up runtime gate |
 | S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策，不可執行 gate item |
 | S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立；目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策，不可把決策當執行 |
diff --git a/docs/security/iwooos-posture-projection.snapshot.json b/docs/security/iwooos-posture-projection.snapshot.json
index 5700a074..dfa7870f 100644
--- a/docs/security/iwooos-posture-projection.snapshot.json
+++ b/docs/security/iwooos-posture-projection.snapshot.json
@@ -61,7 +61,8 @@
     "host_owner_decision_record_formal_candidate_packet_count": 7,
     "host_owner_decision_record_formal_candidate_review_checklist_item_count": 7,
     "host_owner_decision_record_formal_candidate_review_outcome_lane_count": 8,
-    "host_owner_decision_record_formal_record_queue_packet_count": 8
+    "host_owner_decision_record_formal_record_queue_packet_count": 8,
+    "host_owner_decision_record_formal_record_queue_review_checklist_item_count": 8
   },
   "progress": {
     "overall_percent": 58,
@@ -159,7 +160,8 @@
     "display_host_owner_decision_record_formal_candidate_packets",
     "display_host_owner_decision_record_formal_candidate_review_checklist",
     "display_host_owner_decision_record_formal_candidate_review_outcome_lanes",
-    "display_host_owner_decision_record_formal_record_queue_packets"
+    "display_host_owner_decision_record_formal_record_queue_packets",
+    "display_host_owner_decision_record_formal_record_queue_review_checklist"
   ],
   "forbidden_frontend_outputs": [
     "add_scan_button",
@@ -256,7 +258,12 @@
     "enqueue_host_owner_decision_record_formal_record_queue_from_frontend",
     "create_host_owner_decision_record_from_formal_record_queue_packet",
     "accept_host_owner_decision_record_from_formal_record_queue_packet",
-    "open_runtime_gate_from_owner_decision_record_formal_record_queue_packet"
+    "open_runtime_gate_from_owner_decision_record_formal_record_queue_packet",
+    "treat_host_owner_decision_record_formal_record_queue_review_as_approval",
+    "mark_host_owner_decision_record_formal_record_queue_review_passed",
+    "enqueue_host_owner_decision_record_from_formal_record_queue_review",
+    "create_host_owner_decision_record_from_formal_record_queue_review",
+    "open_runtime_gate_from_formal_record_queue_review"
   ],
   "runtime_execution_authorized": false,
   "action_buttons_allowed": false,
@@ -3665,5 +3672,167 @@
       "action_buttons_allowed": false,
       "not_authorization": true
     }
+  ],
+  "host_owner_decision_record_formal_record_queue_review_checklist_items": [
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_identity_traceable_check",
+      "display_order": 1,
+      "source_packet_id": "host_decision_record_formal_record_queue_identity_packet",
+      "review_condition": "identity_traceable_to_candidate_source",
+      "guardrail": "do_not_enqueue_without_human_record_owner",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_decision_summary_readable_check",
+      "display_order": 2,
+      "source_packet_id": "host_decision_record_formal_record_queue_decision_summary_packet",
+      "review_condition": "decision_summary_readable_without_approval_semantics",
+      "guardrail": "do_not_create_decision_record_from_summary",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_scope_expiry_fresh_check",
+      "display_order": 3,
+      "source_packet_id": "host_decision_record_formal_record_queue_scope_expiry_packet",
+      "review_condition": "scope_expiry_current_and_bounded",
+      "guardrail": "do_not_finalize_scope_from_queue_review",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_scan_limits_not_authorization_check",
+      "display_order": 4,
+      "source_packet_id": "host_decision_record_formal_record_queue_scan_limits_packet",
+      "review_condition": "scan_limits_not_authorization",
+      "guardrail": "do_not_authorize_active_or_credentialed_scan",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_credential_boundary_metadata_only_check",
+      "display_order": 5,
+      "source_packet_id": "host_decision_record_formal_record_queue_credential_boundary_packet",
+      "review_condition": "credential_boundary_metadata_only",
+      "guardrail": "do_not_collect_secret_values",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_maintenance_rollback_linked_check",
+      "display_order": 6,
+      "source_packet_id": "host_decision_record_formal_record_queue_maintenance_rollback_packet",
+      "review_condition": "maintenance_rollback_pointer_linked",
+      "guardrail": "do_not_execute_host_update_or_tuning",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_validation_runtime_gate_separate_check",
+      "display_order": 7,
+      "source_packet_id": "host_decision_record_formal_record_queue_validation_runtime_gate_packet",
+      "review_condition": "validation_runtime_gate_separate",
+      "guardrail": "do_not_open_runtime_gate_from_queue_review",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "item_id": "host_decision_record_formal_record_queue_review_no_execution_attestation_present_check",
+      "display_order": 8,
+      "source_packet_id": "host_decision_record_formal_record_queue_no_execution_attestation_packet",
+      "review_condition": "no_execution_attestation_present",
+      "guardrail": "do_not_create_action_button_or_approval",
+      "display_mode": "owner_decision_record_formal_record_queue_review_checklist_only",
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    }
   ]
 }
diff --git a/docs/security/security-mirror-status-rollup.snapshot.json b/docs/security/security-mirror-status-rollup.snapshot.json
index 9a740353..aabcea5b 100644
--- a/docs/security/security-mirror-status-rollup.snapshot.json
+++ b/docs/security/security-mirror-status-rollup.snapshot.json
@@ -910,6 +910,16 @@
       "runtime_delta": false,
       "execution_authorized": false,
       "not_authorization": true
+    },
+    {
+      "delta_id": "s2_36_iwooos_host_owner_decision_record_formal_record_queue_review_checklist",
+      "display_order": 65,
+      "progress_axis": "framework_detail",
+      "headline_percent_delta": 0,
+      "framework_delta_visible": true,
+      "runtime_delta": false,
+      "execution_authorized": false,
+      "not_authorization": true
     }
   ],
   "next_safe_actions": [
@@ -1294,7 +1304,8 @@
     "S2.32 只新增 IwoooS host owner decision record formal candidate packets；host_owner_decision_record_formal_candidate_packet_count=7、formal_record_candidate_finalized_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 formal candidate packet 當正式決策紀錄、完成、接受、批准或 runtime gate。",
     "S2.33 只新增 IwoooS host owner decision record formal candidate review checklist；host_owner_decision_record_formal_candidate_review_checklist_item_count=7、formal_record_candidate_review_passed_count=0、formal_record_candidate_finalized_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 formal candidate review 當正式決策紀錄、完成、接受、批准或 runtime gate。",
     "S2.34 只新增 IwoooS host owner decision record formal candidate review outcome lanes；host_owner_decision_record_formal_candidate_review_outcome_lane_count=8、formal_record_candidate_review_passed_count=0、formal_record_candidate_finalized_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 formal candidate review outcome 當正式決策紀錄、完成、接受、批准或 runtime gate。",
-    "S2.35 只新增 IwoooS host owner decision record formal record queue packets；host_owner_decision_record_formal_record_queue_packet_count=8、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 formal record queue packet 當 enqueue、正式決策紀錄、接受、批准或 runtime gate。"
+    "S2.35 只新增 IwoooS host owner decision record formal record queue packets；host_owner_decision_record_formal_record_queue_packet_count=8、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 formal record queue packet 當 enqueue、正式決策紀錄、接受、批准或 runtime gate。",
+    "S2.36 只新增 IwoooS host owner decision record formal record queue review checklist；host_owner_decision_record_formal_record_queue_review_checklist_item_count=8、formal_record_queue_review_passed_count=0、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 formal record queue review 當 review passed、enqueue、正式決策紀錄、接受、批准或 runtime gate。"
   ],
   "forbidden_actions": [
     "start_kali_scan",
diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py
index ebd6506c..6668680f 100755
--- a/scripts/security/security-mirror-progress-guard.py
+++ b/scripts/security/security-mirror-progress-guard.py
@@ -187,6 +187,7 @@ def validate(root: Path) -> None:
         "s2_33_iwooos_host_owner_decision_record_formal_candidate_review_checklist",
         "s2_34_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes",
         "s2_35_iwooos_host_owner_decision_record_formal_record_queue_packets",
+        "s2_36_iwooos_host_owner_decision_record_formal_record_queue_review_checklist",
     ]
     assert_equal(
         "progress_delta_ledger.delta_ids",
@@ -550,6 +551,16 @@ def validate(root: Path) -> None:
         "host_decision_record_formal_record_queue_validation_runtime_gate_packet",
         "host_decision_record_formal_record_queue_no_execution_attestation_packet",
     ]
+    expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids = [
+        "host_decision_record_formal_record_queue_review_identity_traceable_check",
+        "host_decision_record_formal_record_queue_review_decision_summary_readable_check",
+        "host_decision_record_formal_record_queue_review_scope_expiry_fresh_check",
+        "host_decision_record_formal_record_queue_review_scan_limits_not_authorization_check",
+        "host_decision_record_formal_record_queue_review_credential_boundary_metadata_only_check",
+        "host_decision_record_formal_record_queue_review_maintenance_rollback_linked_check",
+        "host_decision_record_formal_record_queue_review_validation_runtime_gate_separate_check",
+        "host_decision_record_formal_record_queue_review_no_execution_attestation_present_check",
+    ]
     assert_equal(
         "iwooos_projection.summary.frontend_surface_coverage_group_count",
         iwooos_projection["summary"]["frontend_surface_coverage_group_count"],
@@ -680,6 +691,11 @@ def validate(root: Path) -> None:
         iwooos_projection["summary"]["host_owner_decision_record_formal_record_queue_packet_count"],
         len(expected_iwooos_host_owner_decision_record_formal_record_queue_packet_ids),
     )
+    assert_equal(
+        "iwooos_projection.summary.host_owner_decision_record_formal_record_queue_review_checklist_item_count",
+        iwooos_projection["summary"]["host_owner_decision_record_formal_record_queue_review_checklist_item_count"],
+        len(expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids),
+    )
     iwooos_progress = iwooos_projection["progress"]
     assert_equal("iwooos_projection.progress.overall_percent", iwooos_progress["overall_percent"], progress["overall_percent"])
     assert_equal(
@@ -2454,6 +2470,97 @@ def validate(root: Path) -> None:
             f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.not_authorization",
             item["not_authorization"],
         )
+    iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items = iwooos_projection[
+        "host_owner_decision_record_formal_record_queue_review_checklist_items"
+    ]
+    assert_equal(
+        "iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.ids",
+        [item["item_id"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
+        expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids,
+    )
+    assert_equal(
+        "iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.display_order",
+        [item["display_order"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
+        list(range(1, len(expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids) + 1)),
+    )
+    assert_equal(
+        "iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.source_packet_ids",
+        [item["source_packet_id"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
+        expected_iwooos_host_owner_decision_record_formal_record_queue_packet_ids,
+    )
+    expected_iwooos_host_owner_decision_record_formal_record_queue_review_conditions = [
+        "identity_traceable_to_candidate_source",
+        "decision_summary_readable_without_approval_semantics",
+        "scope_expiry_current_and_bounded",
+        "scan_limits_not_authorization",
+        "credential_boundary_metadata_only",
+        "maintenance_rollback_pointer_linked",
+        "validation_runtime_gate_separate",
+        "no_execution_attestation_present",
+    ]
+    assert_equal(
+        "iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.review_conditions",
+        [item["review_condition"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
+        expected_iwooos_host_owner_decision_record_formal_record_queue_review_conditions,
+    )
+    for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items:
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.display_mode",
+            item["display_mode"],
+            "owner_decision_record_formal_record_queue_review_checklist_only",
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.formal_record_queue_review_passed_count",
+            item["formal_record_queue_review_passed_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.formal_record_queue_enqueued_count",
+            item["formal_record_queue_enqueued_count"],
+            0,
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.decision_record_created",
+            item["decision_record_created"],
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.owner_decision_received_count",
+            item["owner_decision_received_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.owner_decision_accepted_count",
+            item["owner_decision_accepted_count"],
+            0,
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.owner_approval_record_created",
+            item["owner_approval_record_created"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.runtime_gate_opened",
+            item["runtime_gate_opened"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.raw_payload_allowed",
+            item["raw_payload_allowed"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.secret_value_collection_allowed",
+            item["secret_value_collection_allowed"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.runtime_execution_authorized",
+            item["runtime_execution_authorized"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.action_buttons_allowed",
+            item["action_buttons_allowed"],
+        )
+        assert_true(
+            f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.not_authorization",
+            item["not_authorization"],
+        )
     assert_equal(
         "iwooos_projection.non_blocking_lane_ids",
         iwooos_projection["non_blocking_lane_ids"],
@@ -2498,6 +2605,7 @@ def validate(root: Path) -> None:
         "display_host_owner_decision_record_formal_candidate_review_checklist",
         "display_host_owner_decision_record_formal_candidate_review_outcome_lanes",
         "display_host_owner_decision_record_formal_record_queue_packets",
+        "display_host_owner_decision_record_formal_record_queue_review_checklist",
         "display_evidence_refs",
         "display_forbidden_actions",
     ]:
@@ -2593,6 +2701,11 @@ def validate(root: Path) -> None:
         "create_host_owner_decision_record_from_formal_record_queue_packet",
         "accept_host_owner_decision_record_from_formal_record_queue_packet",
         "open_runtime_gate_from_owner_decision_record_formal_record_queue_packet",
+        "treat_host_owner_decision_record_formal_record_queue_review_as_approval",
+        "mark_host_owner_decision_record_formal_record_queue_review_passed",
+        "enqueue_host_owner_decision_record_from_formal_record_queue_review",
+        "create_host_owner_decision_record_from_formal_record_queue_review",
+        "open_runtime_gate_from_formal_record_queue_review",
         "apply_runtime_blocking_control",
         "switch_github_primary",
         "production_deploy",