docs(security): add owner response reviewer checklist

scripts/security/security-mirror-progress-guard.py

@@ -103,6 +103,7 @@ def validate(root: Path) -> None:
         "s4_13_owner_response_validation_evidence_routing_rules",
         "s4_13_owner_response_validation_display_sections",
         "s4_13_owner_response_validation_state_transition_rules",
+        "s4_13_owner_response_validation_reviewer_checklist",
     ]
     assert_equal(
         "progress_delta_ledger.delta_ids",
@@ -143,6 +144,11 @@ def validate(root: Path) -> None:
         owner_summary["owner_response_validation_state_transition_rule_count"],
         7,
     )
+    assert_equal(
+        "owner_rollup.owner_response_validation_reviewer_checklist_count",
+        owner_summary["owner_response_validation_reviewer_checklist_count"],
+        9,
+    )
     assert_false("owner_rollup.runtime_execution_authorized", owner_summary["runtime_execution_authorized"])
     assert_false("owner_rollup.repo_creation_authorized", owner_summary["repo_creation_authorized"])
     assert_false("owner_rollup.refs_sync_authorized", owner_summary["refs_sync_authorized"])

scripts/security/source-control-owner-response-guard.py

@@ -297,6 +297,18 @@ EXPECTED_ROLLUP_STATE_TRANSITION_RULES = [
     "transition-post-update-stays-waiting-runtime-gate",
 ]
 
+EXPECTED_ROLLUP_REVIEWER_CHECKLIST = [
+    "checklist-confirm-lane-and-template",
+    "checklist-confirm-required-owner-fields",
+    "checklist-confirm-redacted-evidence-refs",
+    "checklist-confirm-source-packet-preflight",
+    "checklist-confirm-cross-packet-consistency",
+    "checklist-confirm-no-sensitive-payload",
+    "checklist-confirm-no-execution-intent",
+    "checklist-confirm-read-only-update-scope",
+    "checklist-confirm-followup-runtime-gate-still-required",
+]
+
 
 def load_json(path: Path) -> dict[str, Any]:
     return json.loads(path.read_text(encoding="utf-8"))
@@ -349,6 +361,11 @@ def validate(root: Path) -> None:
         rollup_summary["owner_response_validation_state_transition_rule_count"],
         len(EXPECTED_ROLLUP_STATE_TRANSITION_RULES),
     )
+    assert_equal(
+        "rollup.owner_response_validation_reviewer_checklist_count",
+        rollup_summary["owner_response_validation_reviewer_checklist_count"],
+        len(EXPECTED_ROLLUP_REVIEWER_CHECKLIST),
+    )
     assert_true("rollup.quarantine_required", rollup_summary["quarantine_required"])
     assert_equal("rollup.primary_ready_count", rollup_summary["primary_ready_count"], 0)
 
@@ -774,6 +791,29 @@ def validate(root: Path) -> None:
                     item["execution_authorized"],
                 )
 
+    reviewer_checklist = rollup["owner_response_validation_reviewer_checklist"]
+    assert_equal(
+        "owner_response_validation_reviewer_checklist.ids",
+        [item["checklist_id"] for item in reviewer_checklist],
+        EXPECTED_ROLLUP_REVIEWER_CHECKLIST,
+    )
+    assert_equal(
+        "owner_response_validation_reviewer_checklist.display_order",
+        [item["display_order"] for item in reviewer_checklist],
+        list(range(1, len(EXPECTED_ROLLUP_REVIEWER_CHECKLIST) + 1)),
+    )
+    for item in reviewer_checklist:
+        assert_equal(
+            f"owner_response_validation_reviewer_checklist.{item['checklist_id']}.awooop_display_mode",
+            item["awooop_display_mode"],
+            "display_reviewer_checklist_only",
+        )
+        assert_false(
+            f"owner_response_validation_reviewer_checklist.{item['checklist_id']}.execution_authorized",
+            item["execution_authorized"],
+        )
+        assert_true(f"owner_response_validation_reviewer_checklist.{item['checklist_id']}.not_approval", item["not_approval"])
+
     first_lane = LANES[0]
     first_collection_item = collection_order_by_id[first_lane["lane_id"]]
     first_missing_lane = missing_lane_by_id[first_lane["lane_id"]]