diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json
index c625c073..5113f618 100644
--- a/apps/web/messages/en.json
+++ b/apps/web/messages/en.json
@@ -2443,6 +2443,59 @@
           "next": "active runtime gates=0; action buttons=false"
         }
       }
+    },
+    "hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets": {
+      "title": "Host Owner Decision Record Human Record Owner Review Candidate Packets",
+      "subtitle": "Human record owner review candidate packets only organize metadata a future human record owner may need to inspect. They do not start handoff, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
+      "packetLabel": "Review candidate packet",
+      "guardLabel": "Guardrail",
+      "items": {
+        "reviewCandidateIdentity": {
+          "title": "Review candidate identity packet",
+          "body": "Organizes candidate id, source readiness outcome, version, trace pointer, and source queue review link so a future human record owner can understand provenance.",
+          "guard": "review started=0; decision record created=false"
+        },
+        "reviewOwnerBoundary": {
+          "title": "Review owner boundary packet",
+          "body": "Organizes human record owner, backup owner, contact channel, and responsibility boundary without treating owner contact as accepted work or a decision.",
+          "guard": "owner decision received=0; handoff started=0"
+        },
+        "reviewDecisionSummary": {
+          "title": "Review decision summary packet",
+          "body": "Organizes candidate decision summary, risk acceptance boundary, and no-execution statement so the review candidate is not mistaken for a formal record.",
+          "guard": "review ready=0; record accepted=0"
+        },
+        "reviewScopeExpiry": {
+          "title": "Review scope and expiry packet",
+          "body": "Organizes host, network, service, exclusion, observation intent, and expiry so the review candidate scope remains readable.",
+          "guard": "scope review only; runtime gate opened=false"
+        },
+        "reviewScanLimits": {
+          "title": "Review scan limits packet",
+          "body": "Organizes observe-only, future active scan, and credentialed scan limits while keeping active scan behind separate approval.",
+          "guard": "scan authorized=false; action buttons=false"
+        },
+        "reviewCredentialBoundary": {
+          "title": "Review credential boundary packet",
+          "body": "Organizes credential owner, retention, masking, and forbidden collection as metadata only; plaintext, token value, and raw secret are not collected.",
+          "guard": "secret collection=false; raw payload=false"
+        },
+        "reviewMaintenanceRollback": {
+          "title": "Review maintenance and rollback packet",
+          "body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact without authorizing host change.",
+          "guard": "host change=false; Kali update=false"
+        },
+        "reviewValidationRuntimeGate": {
+          "title": "Review validation and runtime gate packet",
+          "body": "Organizes validation evidence pointer, post-check metrics, and separate runtime gate requirement without opening a gate from the candidate packet.",
+          "guard": "runtime gate opened=false; runtime execution=false"
+        },
+        "reviewNoExecutionAttestation": {
+          "title": "Review no-execution attestation packet",
+          "body": "Fixes not authorization, no execution, no approval, and no runtime gate statements so the review candidate is not mistaken for approval.",
+          "guard": "not_authorization=true; approval record=false"
+        }
+      }
     }
   },
   "tickets": {
diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json
index 1b02818b..0ee54fa5 100644
--- a/apps/web/messages/zh-TW.json
+++ b/apps/web/messages/zh-TW.json
@@ -2444,6 +2444,59 @@
           "next": "active runtime gates=0；action buttons=false"
         }
       }
+    },
+    "hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets": {
+      "title": "主機 Owner Decision Record Human Record Owner Review Candidate Packets",
+      "subtitle": "Human record owner review candidate packets 只整理未來人工 record owner 可能需要看的 metadata。它不開始 handoff、不標記 review ready、不收 owner decision、不建立 decision record、不建立 approval record、不開 runtime gate。",
+      "packetLabel": "Review candidate packet",
+      "guardLabel": "保護邊界",
+      "items": {
+        "reviewCandidateIdentity": {
+          "title": "Review candidate identity packet",
+          "body": "整理 candidate id、來源 readiness outcome、版本、trace pointer 與來源 queue review 連結，讓人工 record owner 未來能看懂來源。",
+          "guard": "review started=0；decision record created=false"
+        },
+        "reviewOwnerBoundary": {
+          "title": "Review owner boundary packet",
+          "body": "整理 human record owner、backup owner、聯絡窗口與責任邊界，但不把 owner contact 視為已接案或已決策。",
+          "guard": "owner decision received=0；handoff started=0"
+        },
+        "reviewDecisionSummary": {
+          "title": "Review decision summary packet",
+          "body": "整理候選決策摘要、風險接受邊界與 no-execution statement，避免人工 review 候選被誤讀成正式紀錄。",
+          "guard": "review ready=0；record accepted=0"
+        },
+        "reviewScopeExpiry": {
+          "title": "Review scope and expiry packet",
+          "body": "整理 host、network、service、exclusion、observation intent 與 expiry，讓 review candidate 的範圍維持可讀。",
+          "guard": "scope review only；runtime gate opened=false"
+        },
+        "reviewScanLimits": {
+          "title": "Review scan limits packet",
+          "body": "整理 observe-only、future active scan 與 credentialed scan limits，明確保留 active scan 仍需獨立批准。",
+          "guard": "scan authorized=false；action buttons=false"
+        },
+        "reviewCredentialBoundary": {
+          "title": "Review credential boundary packet",
+          "body": "整理 credential owner、retention、masking 與 forbidden collection，只允許 metadata，不收 plaintext、token value 或 raw secret。",
+          "guard": "secret collection=false；raw payload=false"
+        },
+        "reviewMaintenanceRollback": {
+          "title": "Review maintenance and rollback packet",
+          "body": "整理 maintenance window、constraints、rollback owner、recovery path 與人工聯絡點，但不代表可以變更主機。",
+          "guard": "host change=false；Kali update=false"
+        },
+        "reviewValidationRuntimeGate": {
+          "title": "Review validation and runtime gate packet",
+          "body": "整理 validation evidence pointer、post-check metrics 與獨立 runtime gate requirement，仍不能由 candidate packet 開 gate。",
+          "guard": "runtime gate opened=false；runtime execution=false"
+        },
+        "reviewNoExecutionAttestation": {
+          "title": "Review no-execution attestation packet",
+          "body": "固定 not authorization、no execution、no approval、no runtime gate statement，避免人工 review candidate 被誤解成批准。",
+          "guard": "not_authorization=true；approval record=false"
+        }
+      }
     }
   },
   "tickets": {
diff --git a/apps/web/src/app/[locale]/iwooos/page.tsx b/apps/web/src/app/[locale]/iwooos/page.tsx
index 0e1d3d9f..f5fd175a 100644
--- a/apps/web/src/app/[locale]/iwooos/page.tsx
+++ b/apps/web/src/app/[locale]/iwooos/page.tsx
@@ -264,6 +264,13 @@ type HostOwnerDecisionRecordHumanHandoffReadinessReviewOutcomeLane = {
   tone: 'steady' | 'warn' | 'locked'
 }
 
+type HostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePacket = {
+  key: string
+  packet: string
+  icon: typeof ShieldCheck
+  tone: 'steady' | 'warn' | 'locked'
+}
+
 const postureMetrics: PostureMetric[] = [
   { key: 'overall', value: '58%', tone: 'warn' },
   { key: 'framework', value: '80-85%', tone: 'steady' },
@@ -633,6 +640,18 @@ const hostOwnerDecisionRecordHumanHandoffReadinessReviewOutcomeLanes: HostOwnerD
   { key: 'runtimeGateStillRequired', lane: 'FHV9', icon: ShieldCheck, tone: 'locked' },
 ]
 
+const hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets: HostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePacket[] = [
+  { key: 'reviewCandidateIdentity', packet: 'FHR1', icon: FileText, tone: 'warn' },
+  { key: 'reviewOwnerBoundary', packet: 'FHR2', icon: Bell, tone: 'warn' },
+  { key: 'reviewDecisionSummary', packet: 'FHR3', icon: ClipboardCheck, tone: 'warn' },
+  { key: 'reviewScopeExpiry', packet: 'FHR4', icon: Radar, tone: 'warn' },
+  { key: 'reviewScanLimits', packet: 'FHR5', icon: Activity, tone: 'locked' },
+  { key: 'reviewCredentialBoundary', packet: 'FHR6', icon: Lock, tone: 'locked' },
+  { key: 'reviewMaintenanceRollback', packet: 'FHR7', icon: Clock3, tone: 'warn' },
+  { key: 'reviewValidationRuntimeGate', packet: 'FHR8', icon: ShieldCheck, tone: 'locked' },
+  { key: 'reviewNoExecutionAttestation', packet: 'FHR9', icon: ListChecks, tone: 'locked' },
+]
+
 const evidenceItems = [
   'iwooos-posture-projection.snapshot.json',
   'security-rollout-policy.snapshot.json',
@@ -1679,6 +1698,38 @@ function HostOwnerDecisionRecordHumanHandoffReadinessReviewOutcomeCard({
   )
 }
 
+function HostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePacketCard({
+  item,
+}: {
+  item: HostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePacket
+}) {
+  const t = useTranslations('iwooos.hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets')
+  const Icon = item.icon
+  return (
+    <div style={{ ...band, minHeight: 190, padding: 16 }}>
+      <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', gap: 12 }}>
+        <div style={{ display: 'flex', alignItems: 'center', gap: 9 }}>
+          <Icon size={18} color={toneColors[item.tone]} />
+          <span style={{ fontSize: 11, color: '#87867f' }}>{t('packetLabel')}</span>
+        </div>
+        <span style={{ fontSize: 11, color: '#9b978b' }}>{item.packet}</span>
+      </div>
+      <h2 style={{ fontSize: 14, margin: '12px 0 6px', color: '#141413' }}>
+        {t(`items.${item.key}.title` as never)}
+      </h2>
+      <p style={{ fontSize: 12, lineHeight: 1.55, color: '#6f6d66', margin: 0 }}>
+        {t(`items.${item.key}.body` as never)}
+      </p>
+      <div style={{ marginTop: 10, display: 'grid', gap: 5 }}>
+        <div style={{ fontSize: 11, color: '#87867f' }}>{t('guardLabel')}</div>
+        <div style={{ fontSize: 11, color: toneColors[item.tone], lineHeight: 1.45 }}>
+          {t(`items.${item.key}.guard` as never)}
+        </div>
+      </div>
+    </div>
+  )
+}
+
 export default function IwoooSPage({ params }: { params: { locale: string } }) {
   const t = useTranslations('iwooos')
 
@@ -2293,6 +2344,28 @@ export default function IwoooSPage({ params }: { params: { locale: string } }) {
           </div>
         </section>
 
+        <section style={{ marginBottom: 14 }}>
+          <div style={{ marginBottom: 14 }}>
+            <h2 style={{ fontSize: 16, margin: 0 }}>
+              {t('hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets.title')}
+            </h2>
+            <p style={{ fontSize: 12, color: '#6f6d66', margin: '6px 0 0', lineHeight: 1.55 }}>
+              {t('hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets.subtitle')}
+            </p>
+          </div>
+          <div
+            style={{
+              display: 'grid',
+              gridTemplateColumns: 'repeat(auto-fit, minmax(210px, 1fr))',
+              gap: 12,
+            }}
+          >
+            {hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets.map(item => (
+              <HostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePacketCard key={item.key} item={item} />
+            ))}
+          </div>
+        </section>
+
         <section
           style={{
             display: 'grid',
diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md
index 57c7755d..fbfca707 100644
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -1,3 +1,17 @@
+## 2026-05-20 | 資安供應鏈 S2.41：IwoooS Host Owner Decision Record Human Record Owner Review Candidate Packets
+
+**背景**：S2.40 已把 handoff readiness review 後的只讀 outcome lanes 顯示出來；本輪補上 ready for human record owner review candidate 後的只讀 candidate packets，避免使用者把 review candidate 誤讀成 review started、review ready、handoff started、owner decision received、正式 decision record 已建立或已批准。
+
+**完成**：
+- `/iwooos` 新增「主機 Owner Decision Record Human Record Owner Review Candidate Packets」，顯示 review candidate identity、owner boundary、decision summary、scope and expiry、scan limits、credential boundary、maintenance and rollback、validation and runtime gate、no-execution attestation 九個只讀候選資料包。
+- `iwooos_posture_projection_v1` schema / snapshot 新增 `host_owner_decision_record_human_record_owner_review_candidate_packets` 與 `host_owner_decision_record_human_record_owner_review_candidate_packet_count=9`，每個 packet 固定 `display_mode=owner_decision_record_human_record_owner_review_candidate_packet_only`、`human_record_owner_review_started_count=0`、`human_record_owner_review_ready_count=0`、`human_record_owner_handoff_review_passed_count=0`、`human_record_owner_handoff_started_count=0`、`human_record_owner_handoff_ready_count=0`、`formal_record_queue_review_passed_count=0`、`formal_record_queue_enqueued_count=0`、`decision_record_created=false`、`owner_decision_received_count=0`、`owner_decision_accepted_count=0`、`owner_approval_record_created=false`、`runtime_gate_opened=false`、`raw_payload_allowed=false`、`secret_value_collection_allowed=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
+- `security-mirror-progress-guard.py` 開始驗證九個 host owner decision record human record owner review candidate packets、順序、review candidate fields，以及 review started / ready、handoff review passed、handoff started / ready、queue enqueued、decision record、owner decision、approval record、runtime gate、raw payload、secret value、runtime / action button 仍全部鎖住。
+- `security_mirror_status_rollup_v1` micro progress ledger 新增 `s2_41_iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets`，headline progress 仍維持 58%。
+
+**仍禁止**：
+- host owner decision record human record owner review candidate packets 不代表 review started、review ready、handoff started、handoff ready、decision record created、owner decision received / accepted、approved、approval record created、runtime gate opened、raw payload ingestion、secret value collection、active scan、credentialed scan、Kali `/execute`、SSH 登入、主機變更、Kali 更新或 blocking control。
+- 真正人工 owner decision、正式決策紀錄、批准與後續 runtime gate 仍需脫敏 evidence、人工簽核與獨立 runtime gate。
+
 ## 2026-05-20 | 資安供應鏈 S2.40：IwoooS Host Owner Decision Record Human Handoff Readiness Review Outcome Lanes
 
 **背景**：S2.39 已把 handoff readiness packets 進人工 record owner 前的只讀 review checklist 顯示出來；本輪補上 checklist 後的只讀 outcome lanes，避免使用者把 review outcome 誤讀成 review passed、handoff started、handoff ready、已 enqueue、正式 decision record 已建立或已批准。
diff --git a/docs/schemas/iwooos_posture_projection_v1.schema.json b/docs/schemas/iwooos_posture_projection_v1.schema.json
index 1e35876d..5a12ec9f 100644
--- a/docs/schemas/iwooos_posture_projection_v1.schema.json
+++ b/docs/schemas/iwooos_posture_projection_v1.schema.json
@@ -47,6 +47,7 @@
     "host_owner_decision_record_human_handoff_readiness_packets",
     "host_owner_decision_record_human_handoff_readiness_review_checklist_items",
     "host_owner_decision_record_human_handoff_readiness_review_outcome_lanes",
+    "host_owner_decision_record_human_record_owner_review_candidate_packets",
     "frontend_surface_coverage_groups",
     "evidence_refs",
     "allowed_frontend_outputs",
@@ -133,6 +134,7 @@
         "host_owner_decision_record_human_handoff_readiness_packet_count",
         "host_owner_decision_record_human_handoff_readiness_review_checklist_item_count",
         "host_owner_decision_record_human_handoff_readiness_review_outcome_lane_count",
+        "host_owner_decision_record_human_record_owner_review_candidate_packet_count",
         "action_buttons_allowed"
       ],
       "properties": {
@@ -310,6 +312,10 @@
         "host_owner_decision_record_human_handoff_readiness_review_outcome_lane_count": {
           "type": "integer",
           "const": 9
+        },
+        "host_owner_decision_record_human_record_owner_review_candidate_packet_count": {
+          "type": "integer",
+          "const": 9
         }
       },
       "additionalProperties": false
@@ -3140,6 +3146,128 @@
         },
         "additionalProperties": false
       }
+    },
+    "host_owner_decision_record_human_record_owner_review_candidate_packets": {
+      "type": "array",
+      "minItems": 9,
+      "items": {
+        "type": "object",
+        "required": [
+          "packet_id",
+          "display_order",
+          "source_outcome_lane_id",
+          "review_candidate_field",
+          "blocker_policy",
+          "display_mode",
+          "human_record_owner_review_started_count",
+          "human_record_owner_review_ready_count",
+          "human_record_owner_handoff_review_passed_count",
+          "human_record_owner_handoff_started_count",
+          "human_record_owner_handoff_ready_count",
+          "formal_record_queue_review_passed_count",
+          "formal_record_queue_enqueued_count",
+          "decision_record_created",
+          "owner_decision_received_count",
+          "owner_decision_accepted_count",
+          "owner_approval_record_created",
+          "runtime_gate_opened",
+          "raw_payload_allowed",
+          "secret_value_collection_allowed",
+          "runtime_execution_authorized",
+          "action_buttons_allowed",
+          "not_authorization"
+        ],
+        "properties": {
+          "packet_id": {
+            "type": "string"
+          },
+          "display_order": {
+            "type": "integer",
+            "minimum": 1
+          },
+          "source_outcome_lane_id": {
+            "type": "string"
+          },
+          "review_candidate_field": {
+            "type": "string"
+          },
+          "blocker_policy": {
+            "type": "string"
+          },
+          "display_mode": {
+            "const": "owner_decision_record_human_record_owner_review_candidate_packet_only"
+          },
+          "human_record_owner_review_started_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "human_record_owner_review_ready_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "human_record_owner_handoff_review_passed_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "human_record_owner_handoff_started_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "human_record_owner_handoff_ready_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "formal_record_queue_review_passed_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "formal_record_queue_enqueued_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "decision_record_created": {
+            "type": "boolean",
+            "const": false
+          },
+          "owner_decision_received_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "owner_decision_accepted_count": {
+            "type": "integer",
+            "const": 0
+          },
+          "owner_approval_record_created": {
+            "type": "boolean",
+            "const": false
+          },
+          "runtime_gate_opened": {
+            "type": "boolean",
+            "const": false
+          },
+          "raw_payload_allowed": {
+            "type": "boolean",
+            "const": false
+          },
+          "secret_value_collection_allowed": {
+            "type": "boolean",
+            "const": false
+          },
+          "runtime_execution_authorized": {
+            "type": "boolean",
+            "const": false
+          },
+          "action_buttons_allowed": {
+            "type": "boolean",
+            "const": false
+          },
+          "not_authorization": {
+            "type": "boolean",
+            "const": true
+          }
+        },
+        "additionalProperties": false
+      }
     }
   },
   "additionalProperties": false
diff --git a/docs/security/IWOOOS-POSTURE-PROJECTION.md b/docs/security/IWOOOS-POSTURE-PROJECTION.md
index a6351a93..60bd3fe8 100644
--- a/docs/security/IWOOOS-POSTURE-PROJECTION.md
+++ b/docs/security/IWOOOS-POSTURE-PROJECTION.md
@@ -68,6 +68,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence：
 36. 8 個 host owner decision record human handoff readiness packets，顯示未來交給人工 record owner 前要準備的 metadata，但不開始 handoff、不標記 ready、不建立 decision record、不開 runtime gate。
 37. 8 個 host owner decision record human handoff readiness review checklist items，顯示 readiness packets 進人工 record owner 前仍需只讀核對的條件，但不標記 review passed、不開始 handoff、不建立 decision record、不開 runtime gate。
 38. 9 個 host owner decision record human handoff readiness review outcome lanes，顯示 readiness review 後的只讀結果分流與下一步，但不標記 review passed、不開始 handoff、不標記 handoff ready、不 enqueue、不建立 decision record、不開 runtime gate。
+39. 9 個 host owner decision record human record owner review candidate packets，顯示未來人工 record owner review candidate 需要看的 metadata，但不開始 review、不標記 ready、不收 owner decision、不建立 decision record、不開 runtime gate。
 
 ## 3.1 既有前端資安頁面整合
 
@@ -621,6 +622,26 @@ S2.40 將 handoff readiness review checklist 後的結果拆成九個只讀 outc
 
 這個 outcome board 不代表 handoff readiness review 已通過、handoff 已開始、handoff 已 ready、formal record queue review 已通過、正式紀錄已 enqueue、decision record 已建立、owner decision 已接受、資安批准已完成或 runtime gate 已開啟。它只讓 IwoooS 把 readiness review 後的補件、review candidate 與 runtime gate 分離狀態顯示清楚。
 
+## 3.32 Host Owner Decision Record Human Record Owner Review Candidate Packets
+
+S2.41 將 ready for human record owner review candidate 後的 metadata 拆成九個只讀 candidate packets。這一層只回答「未來人工 record owner review 候選畫面需要哪些資料包」，不開始 review、不標記 review ready、不開始 handoff、不收 owner decision、不建立 decision record、不建立 approval record、不開 runtime gate。
+
+| 順序 | Review candidate packet | 來源 outcome | 候選欄位 |
+|------|-------------------------|--------------|----------|
+| 1 | Review candidate identity packet | ready for human record owner review candidate | candidate id、source outcome、version、trace pointer、source queue review |
+| 2 | Review owner boundary packet | ready for human record owner review candidate | human record owner、backup owner、contact boundary、responsibility boundary |
+| 3 | Review decision summary packet | ready for human record owner review candidate | candidate decision summary、risk acceptance boundary、no-execution statement |
+| 4 | Review scope and expiry packet | ready for human record owner review candidate | host、network、service、exclusion、observation intent、expiry |
+| 5 | Review scan limits packet | ready for human record owner review candidate | observe-only、future active scan、credentialed scan limits |
+| 6 | Review credential boundary packet | ready for human record owner review candidate | metadata-only credential owner、retention、masking、forbidden collection |
+| 7 | Review maintenance and rollback packet | ready for human record owner review candidate | maintenance window、constraints、rollback owner、recovery path、human contact |
+| 8 | Review validation and runtime gate packet | ready for human record owner review candidate | validation evidence pointer、post-check metrics、separate runtime gate requirement |
+| 9 | Review no-execution attestation packet | ready for human record owner review candidate | not authorization、no execution、no approval、no runtime gate statement |
+
+每個 review candidate packet 都固定 `display_mode=owner_decision_record_human_record_owner_review_candidate_packet_only`、`human_record_owner_review_started_count=0`、`human_record_owner_review_ready_count=0`、`human_record_owner_handoff_review_passed_count=0`、`human_record_owner_handoff_started_count=0`、`human_record_owner_handoff_ready_count=0`、`formal_record_queue_review_passed_count=0`、`formal_record_queue_enqueued_count=0`、`decision_record_created=false`、`owner_decision_received_count=0`、`owner_decision_accepted_count=0`、`owner_approval_record_created=false`、`runtime_gate_opened=false`、`raw_payload_allowed=false`、`secret_value_collection_allowed=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
+
+這個 candidate packet board 不代表 human record owner review 已開始、review 已 ready、handoff 已開始、handoff 已 ready、owner decision 已收到或接受、decision record 已建立、資安批准已完成或 runtime gate 已開啟。它只讓 IwoooS 把未來人工 record owner 可能需要看的 metadata 顯示清楚。
+
 ## 4. 仍禁止
 
 IwoooS 不得提供下列輸出：
@@ -658,7 +679,8 @@ IwoooS 不得提供下列輸出：
 31. 把 owner decision record handoff readiness 當成 approval、開始 human record owner handoff、標記 handoff ready、由 readiness packet 建立 decision record，或從 handoff readiness 開 runtime gate。
 32. 把 owner decision record handoff readiness review 當成 approval、標記 handoff readiness review passed、開始 human record owner handoff、標記 handoff ready、由 readiness review 建立 decision record，或從 readiness review 開 runtime gate。
 33. 把 owner decision record handoff readiness review outcome 當成 approval、標記 handoff readiness review outcome passed、開始 human record owner handoff、標記 handoff ready、由 readiness review outcome 建立 decision record，或從 readiness review outcome 開 runtime gate。
-34. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
+34. 把 owner decision record human record owner review candidate packet 當成 approval、開始 human record owner review、標記 review ready、收 owner decision、由 candidate packet 建立 decision record，或從 candidate packet 開 runtime gate。
+35. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
 
 ## 5. 驗證
 
diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
index 268c05e9..911d1d3b 100644
--- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
+++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
@@ -35,7 +35,7 @@
 | Owner response validation | S4.13 已建立；四包 owner response 目前 received/accepted 皆為 0；4 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示；下一個建議收件為 S4.9 Gitea owner attestation；latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`，reviewer audit emitted 仍為 0，不代表 owner response 已收到或任何執行授權 |
 | Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanes；LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn；`owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` |
 | IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口；顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs；不新增執行按鈕 |
-| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`；S2.10 已把 10 個既有前端資安相關頁面納入 projection；S2.11 已補 4 個 coverage groups 與 5 個 conflict controls；S2.12 已補 6 個只讀 operator journey steps；S2.13 已補 7 個 owner evidence readiness items；S2.14 已補 3 個 host coverage items：Kali 112、開發主機 168、開發主機 111；S2.15 已補 6 個 host action gate items；S2.16 已補 7 個 host evidence readiness items；S2.17 已補 7 個 host evidence collection order steps；S2.18 已補 7 個 host evidence intake preflight checks；S2.19 已補 7 個 host evidence review outcome lanes；S2.20 已補 7 個 host evidence review handoff packets；S2.21 已補 7 個 host evidence reviewer checklist items；S2.22 已補 7 個 host evidence reviewer outcome lanes；S2.23 已補 7 個 host owner decision candidate packets；S2.24 已補 7 個 host owner decision review checklist items；S2.25 已補 7 個 host owner decision review outcome lanes；S2.26 已補 7 個 host owner decision record draft packets；S2.27 已補 7 個 host owner decision record draft review checklist items；S2.28 已補 7 個 host owner decision record draft review outcome lanes；S2.29 已補 7 個 host owner decision record write-up packets；S2.30 已補 7 個 host owner decision record write-up review checklist items；S2.31 已補 7 個 host owner decision record write-up review outcome lanes；S2.32 已補 7 個 host owner decision record formal candidate packets；S2.33 已補 7 個 host owner decision record formal candidate review checklist items；S2.34 已補 8 個 host owner decision record formal candidate review outcome lanes；S2.35 已補 8 個 host owner decision record formal record queue packets；S2.36 已補 8 個 host owner decision record formal record queue review checklist items；S2.37 已補 8 個 host owner decision record formal record queue review outcome lanes；S2.38 已補 8 個 host owner decision record human handoff readiness packets；S2.39 已補 8 個 host owner decision record human handoff readiness review checklist items；S2.40 已補 9 個 host owner decision record human handoff readiness review outcome lanes；仍不新增 action button |
+| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`；S2.10 已把 10 個既有前端資安相關頁面納入 projection；S2.11 已補 4 個 coverage groups 與 5 個 conflict controls；S2.12 已補 6 個只讀 operator journey steps；S2.13 已補 7 個 owner evidence readiness items；S2.14 已補 3 個 host coverage items：Kali 112、開發主機 168、開發主機 111；S2.15 已補 6 個 host action gate items；S2.16 已補 7 個 host evidence readiness items；S2.17 已補 7 個 host evidence collection order steps；S2.18 已補 7 個 host evidence intake preflight checks；S2.19 已補 7 個 host evidence review outcome lanes；S2.20 已補 7 個 host evidence review handoff packets；S2.21 已補 7 個 host evidence reviewer checklist items；S2.22 已補 7 個 host evidence reviewer outcome lanes；S2.23 已補 7 個 host owner decision candidate packets；S2.24 已補 7 個 host owner decision review checklist items；S2.25 已補 7 個 host owner decision review outcome lanes；S2.26 已補 7 個 host owner decision record draft packets；S2.27 已補 7 個 host owner decision record draft review checklist items；S2.28 已補 7 個 host owner decision record draft review outcome lanes；S2.29 已補 7 個 host owner decision record write-up packets；S2.30 已補 7 個 host owner decision record write-up review checklist items；S2.31 已補 7 個 host owner decision record write-up review outcome lanes；S2.32 已補 7 個 host owner decision record formal candidate packets；S2.33 已補 7 個 host owner decision record formal candidate review checklist items；S2.34 已補 8 個 host owner decision record formal candidate review outcome lanes；S2.35 已補 8 個 host owner decision record formal record queue packets；S2.36 已補 8 個 host owner decision record formal record queue review checklist items；S2.37 已補 8 個 host owner decision record formal record queue review outcome lanes；S2.38 已補 8 個 host owner decision record human handoff readiness packets；S2.39 已補 8 個 host owner decision record human handoff readiness review checklist items；S2.40 已補 9 個 host owner decision record human handoff readiness review outcome lanes；S2.41 已補 9 個 host owner decision record human record owner review candidate packets；仍不新增 action button |
 | Dry-run | `contract_defined_not_executed`；已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`，latest local validation 為 `repo_snapshot_guard_pass`，仍不代表 production ingestion |
 | Runtime actions | `false` |
 | Payload ingestion | `false` |
@@ -124,6 +124,7 @@
 | S2.38 IwoooS host owner decision record human handoff readiness packets | framework detail | 0 | 只顯示未來 human record owner handoff 前的八個 metadata readiness packets；handoff started、handoff ready、review passed、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
 | S2.39 IwoooS host owner decision record human handoff readiness review checklist | framework detail | 0 | 只顯示 handoff readiness packets 進人工 record owner 前的八個只讀核對項；review passed、handoff started、handoff ready、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
 | S2.40 IwoooS host owner decision record human handoff readiness review outcome lanes | framework detail | 0 | 只顯示 handoff readiness review 後的九個只讀結果分流；review passed、handoff started、handoff ready、queue enqueued、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
+| S2.41 IwoooS host owner decision record human record owner review candidate packets | framework detail | 0 | 只顯示未來 human record owner review candidate 需要看的九個只讀 metadata packets；review started、review ready、handoff started、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
 
 headline 進度要再往上，至少需要下列任一高層 gate 有實質 evidence：
 
diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
index 1707fbb5..f248b79b 100644
--- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
+++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
@@ -4,7 +4,7 @@
 |------|------|
 | 日期 | 2026-05-17 |
 | 狀態 | S0/S1 read-only evidence 建置中 |
-| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes |
+| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets |
 | 原則 | 低摩擦分階段；文件、schema、read-only evidence 優先；不做 runtime enforcement、不切 primary |
 
 ## 0. 本階段完成後整體進度
@@ -27,7 +27,7 @@ python3 scripts/security/security-mirror-progress-guard.py
 
 ### 0.2 Headline 58% 不代表停滯
 
-近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry，以及 S2.9-S2.40 IwoooS posture projection contract 都是有效進展，但它們是 framework detail，不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%，避免把只讀框架誤算成已落地執行。
+近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry，以及 S2.9-S2.41 IwoooS posture projection contract 都是有效進展，但它們是 framework detail，不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%，避免把只讀框架誤算成已落地執行。
 
 | 最近完成 | 目前狀態 | headline delta |
 |----------|----------|----------------|
@@ -100,6 +100,7 @@ python3 scripts/security/security-mirror-progress-guard.py
 | S2.38 IwoooS host owner decision record human handoff readiness packets | 已完成草案，將 handoff identity、owner boundary、decision summary、scope / expiry、scan limits、credential boundary、maintenance / rollback、runtime gate separation 顯示成八個只讀 readiness packets | 0 |
 | S2.39 IwoooS host owner decision record human handoff readiness review checklist | 已完成草案，將 identity trace、owner boundary、decision summary、scope / expiry、scan limits、credential boundary、maintenance / rollback、runtime gate separation 顯示成八個只讀 checklist items | 0 |
 | S2.40 IwoooS host owner decision record human handoff readiness review outcome lanes | 已完成草案，將 ready candidate、identity trace refresh、owner boundary clarification、decision summary clarification、scope / expiry refresh、scan limits ambiguous、credential boundary failed、maintenance / rollback incomplete、runtime gate required 顯示成九個只讀 outcome lanes | 0 |
+| S2.41 IwoooS host owner decision record human record owner review candidate packets | 已完成草案，將 candidate identity、owner boundary、decision summary、scope / expiry、scan limits、credential boundary、maintenance / rollback、validation / runtime gate、no-execution attestation 顯示成九個只讀 candidate packets | 0 |
 
 headline 要再往上，需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收，或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
 
@@ -159,6 +160,7 @@ headline 要再往上，需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
 | S2.38 IwoooS Host Owner Decision Record Human Handoff Readiness Packets | 完成草案 | `/iwooos` 新增主機 owner decision record human handoff readiness packets，顯示 handoff identity、owner boundary、decision summary、scope / expiry、scan limits、credential boundary、maintenance / rollback、runtime gate separation 八個準備包 | 使用者能理解 handoff readiness 仍不是 handoff started、handoff ready、review passed、enqueue 或正式紀錄；仍不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
 | S2.39 IwoooS Host Owner Decision Record Human Handoff Readiness Review Checklist | 完成草案 | `/iwooos` 新增主機 owner decision record human handoff readiness review checklist，顯示 identity trace readable、owner boundary readable、decision summary readable、scope / expiry current、scan limits not authorization、credential metadata-only、maintenance / rollback traceable、runtime gate separate 八個核對項 | 使用者能理解 handoff readiness review 仍不是 review passed、handoff started、handoff ready、enqueue 或正式紀錄；仍不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
 | S2.40 IwoooS Host Owner Decision Record Human Handoff Readiness Review Outcome Lanes | 完成草案 | `/iwooos` 新增主機 owner decision record human handoff readiness review outcome lanes，顯示 ready for human record owner review candidate、identity trace needs refresh、owner boundary needs clarification、decision summary needs clarification、scope / expiry need refresh、scan limits ambiguous、credential boundary failed、maintenance / rollback incomplete、runtime gate still required 九個分流 | 使用者能理解 handoff readiness review outcome 仍不是 review passed、handoff started、handoff ready、enqueue 或正式紀錄；仍不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
+| S2.41 IwoooS Host Owner Decision Record Human Record Owner Review Candidate Packets | 完成草案 | `/iwooos` 新增主機 owner decision record human record owner review candidate packets，顯示 candidate identity、owner boundary、decision summary、scope / expiry、scan limits、credential boundary、maintenance / rollback、validation / runtime gate、no-execution attestation 九個候選資料包 | 使用者能理解 human record owner review candidate packet 仍不是 review started、review ready、handoff、owner decision、正式紀錄或批准；仍不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
 | S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items：7 pending、1 block candidate、0 approved | 不得繞過人工批准；批准後仍需 follow-up runtime gate |
 | S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策，不可執行 gate item |
 | S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立；目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策，不可把決策當執行 |
diff --git a/docs/security/iwooos-posture-projection.snapshot.json b/docs/security/iwooos-posture-projection.snapshot.json
index b91b698b..42d9b6dc 100644
--- a/docs/security/iwooos-posture-projection.snapshot.json
+++ b/docs/security/iwooos-posture-projection.snapshot.json
@@ -66,7 +66,8 @@
     "host_owner_decision_record_formal_record_queue_review_outcome_lane_count": 8,
     "host_owner_decision_record_human_handoff_readiness_packet_count": 8,
     "host_owner_decision_record_human_handoff_readiness_review_checklist_item_count": 8,
-    "host_owner_decision_record_human_handoff_readiness_review_outcome_lane_count": 9
+    "host_owner_decision_record_human_handoff_readiness_review_outcome_lane_count": 9,
+    "host_owner_decision_record_human_record_owner_review_candidate_packet_count": 9
   },
   "progress": {
     "overall_percent": 58,
@@ -169,7 +170,8 @@
     "display_host_owner_decision_record_formal_record_queue_review_outcome_lanes",
     "display_host_owner_decision_record_human_handoff_readiness_packets",
     "display_host_owner_decision_record_human_handoff_readiness_review_checklist",
-    "display_host_owner_decision_record_human_handoff_readiness_review_outcome_lanes"
+    "display_host_owner_decision_record_human_handoff_readiness_review_outcome_lanes",
+    "display_host_owner_decision_record_human_record_owner_review_candidate_packets"
   ],
   "forbidden_frontend_outputs": [
     "add_scan_button",
@@ -291,7 +293,13 @@
     "mark_human_record_owner_handoff_readiness_review_outcome_passed",
     "start_human_record_owner_handoff_from_readiness_review_outcome",
     "create_host_owner_decision_record_from_handoff_readiness_review_outcome",
-    "open_runtime_gate_from_handoff_readiness_review_outcome"
+    "open_runtime_gate_from_handoff_readiness_review_outcome",
+    "treat_host_owner_decision_record_human_record_owner_review_candidate_packet_as_approval",
+    "start_human_record_owner_review_from_candidate_packet",
+    "mark_human_record_owner_review_ready_from_candidate_packet",
+    "collect_owner_decision_from_human_record_owner_review_candidate_packet",
+    "create_host_owner_decision_record_from_human_record_owner_review_candidate_packet",
+    "open_runtime_gate_from_human_record_owner_review_candidate_packet"
   ],
   "runtime_execution_authorized": false,
   "action_buttons_allowed": false,
@@ -4597,5 +4605,232 @@
       "action_buttons_allowed": false,
       "not_authorization": true
     }
+  ],
+  "host_owner_decision_record_human_record_owner_review_candidate_packets": [
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_identity_packet",
+      "display_order": 1,
+      "review_candidate_field": "candidate_identity_and_trace",
+      "blocker_policy": "missing_identity_blocks_review_start",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_owner_boundary_packet",
+      "display_order": 2,
+      "review_candidate_field": "human_record_owner_boundary",
+      "blocker_policy": "missing_owner_boundary_blocks_decision_collection",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_decision_summary_packet",
+      "display_order": 3,
+      "review_candidate_field": "decision_summary_and_no_execution_statement",
+      "blocker_policy": "unclear_summary_blocks_record_creation",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_scope_expiry_packet",
+      "display_order": 4,
+      "review_candidate_field": "approved_scope_and_expiry_window",
+      "blocker_policy": "stale_scope_blocks_review_ready",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_scan_limits_packet",
+      "display_order": 5,
+      "review_candidate_field": "observe_only_and_future_scan_limits",
+      "blocker_policy": "ambiguous_scan_limits_block_authorization",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_credential_boundary_packet",
+      "display_order": 6,
+      "review_candidate_field": "metadata_only_credential_boundary",
+      "blocker_policy": "plaintext_or_secret_value_blocks_review",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_maintenance_rollback_packet",
+      "display_order": 7,
+      "review_candidate_field": "maintenance_constraints_and_rollback_owner",
+      "blocker_policy": "missing_rollback_blocks_host_change",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_validation_runtime_gate_packet",
+      "display_order": 8,
+      "review_candidate_field": "validation_evidence_and_independent_runtime_gate",
+      "blocker_policy": "runtime_gate_must_remain_independent",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    },
+    {
+      "packet_id": "host_decision_record_human_record_owner_review_candidate_no_execution_attestation_packet",
+      "display_order": 9,
+      "review_candidate_field": "no_execution_no_approval_attestation",
+      "blocker_policy": "missing_attestation_blocks_authorization_claims",
+      "source_outcome_lane_id": "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+      "display_mode": "owner_decision_record_human_record_owner_review_candidate_packet_only",
+      "human_record_owner_review_started_count": 0,
+      "human_record_owner_review_ready_count": 0,
+      "human_record_owner_handoff_review_passed_count": 0,
+      "human_record_owner_handoff_started_count": 0,
+      "human_record_owner_handoff_ready_count": 0,
+      "formal_record_queue_review_passed_count": 0,
+      "formal_record_queue_enqueued_count": 0,
+      "decision_record_created": false,
+      "owner_decision_received_count": 0,
+      "owner_decision_accepted_count": 0,
+      "owner_approval_record_created": false,
+      "runtime_gate_opened": false,
+      "raw_payload_allowed": false,
+      "secret_value_collection_allowed": false,
+      "runtime_execution_authorized": false,
+      "action_buttons_allowed": false,
+      "not_authorization": true
+    }
   ]
 }
diff --git a/docs/security/security-mirror-status-rollup.snapshot.json b/docs/security/security-mirror-status-rollup.snapshot.json
index e7a85680..8524f513 100644
--- a/docs/security/security-mirror-status-rollup.snapshot.json
+++ b/docs/security/security-mirror-status-rollup.snapshot.json
@@ -960,6 +960,16 @@
       "runtime_delta": false,
       "execution_authorized": false,
       "not_authorization": true
+    },
+    {
+      "display_order": 70,
+      "delta_id": "s2_41_iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets",
+      "progress_axis": "framework_detail",
+      "headline_percent_delta": 0,
+      "framework_delta_visible": true,
+      "runtime_delta": false,
+      "execution_authorized": false,
+      "not_authorization": true
     }
   ],
   "next_safe_actions": [
@@ -1317,7 +1327,8 @@
     },
     "S2.38 只新增 IwoooS host owner decision record human handoff readiness packets；host_owner_decision_record_human_handoff_readiness_packet_count=8、human_record_owner_handoff_started_count=0、human_record_owner_handoff_ready_count=0、formal_record_queue_review_passed_count=0、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 handoff readiness 當 handoff started、handoff ready、review passed、enqueue、正式決策紀錄、接受、批准或 runtime gate。",
     "S2.39 只新增 IwoooS host owner decision record human handoff readiness review checklist；host_owner_decision_record_human_handoff_readiness_review_checklist_item_count=8、human_record_owner_handoff_review_passed_count=0、human_record_owner_handoff_started_count=0、human_record_owner_handoff_ready_count=0、formal_record_queue_review_passed_count=0、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 handoff readiness review 當 review passed、handoff started、handoff ready、enqueue、正式決策紀錄、接受、批准或 runtime gate。",
-    "S2.40 只新增 IwoooS host owner decision record human handoff readiness review outcome lanes；host_owner_decision_record_human_handoff_readiness_review_outcome_lane_count=9、human_record_owner_handoff_review_passed_count=0、human_record_owner_handoff_started_count=0、human_record_owner_handoff_ready_count=0、formal_record_queue_review_passed_count=0、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 handoff readiness review outcome 當 review passed、handoff started、handoff ready、enqueue、正式決策紀錄、接受、批准或 runtime gate。"
+    "S2.40 只新增 IwoooS host owner decision record human handoff readiness review outcome lanes；host_owner_decision_record_human_handoff_readiness_review_outcome_lane_count=9、human_record_owner_handoff_review_passed_count=0、human_record_owner_handoff_started_count=0、human_record_owner_handoff_ready_count=0、formal_record_queue_review_passed_count=0、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 handoff readiness review outcome 當 review passed、handoff started、handoff ready、enqueue、正式決策紀錄、接受、批准或 runtime gate。",
+    "S2.41 只新增 IwoooS host owner decision record human record owner review candidate packets；host_owner_decision_record_human_record_owner_review_candidate_packet_count=9、human_record_owner_review_started_count=0、human_record_owner_review_ready_count=0、human_record_owner_handoff_review_passed_count=0、human_record_owner_handoff_started_count=0、human_record_owner_handoff_ready_count=0、formal_record_queue_review_passed_count=0、formal_record_queue_enqueued_count=0、decision_record_created=false、owner_decision_received_count=0、owner_decision_accepted_count=0、owner_approval_record_created=false、runtime_gate_opened=false，不把 review candidate packet 當 review started、review ready、handoff、owner decision、正式 decision record、批准或 runtime gate。"
   ],
   "session_sync_notes": [
     "本 rollup 是跨 Session 的共同讀取入口，避免 AwoooP 主線與 Security Supply Chain Session 對進度與 gate 判讀不一致。",
diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py
index 943bc4ae..1f3e11fc 100755
--- a/scripts/security/security-mirror-progress-guard.py
+++ b/scripts/security/security-mirror-progress-guard.py
@@ -192,6 +192,7 @@ def validate(root: Path) -> None:
         "s2_38_iwooos_host_owner_decision_record_human_handoff_readiness_packets",
         "s2_39_iwooos_host_owner_decision_record_human_handoff_readiness_review_checklist",
         "s2_40_iwooos_host_owner_decision_record_human_handoff_readiness_review_outcome_lanes",
+        "s2_41_iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets",
     ]
     assert_equal(
         "progress_delta_ledger.delta_ids",
@@ -606,6 +607,17 @@ def validate(root: Path) -> None:
         "host_decision_record_handoff_readiness_review_maintenance_rollback_incomplete_outcome_lane",
         "host_decision_record_handoff_readiness_review_runtime_gate_required_outcome_lane",
     ]
+    expected_iwooos_host_owner_decision_record_human_record_owner_review_candidate_packet_ids = [
+        "host_decision_record_human_record_owner_review_candidate_identity_packet",
+        "host_decision_record_human_record_owner_review_candidate_owner_boundary_packet",
+        "host_decision_record_human_record_owner_review_candidate_decision_summary_packet",
+        "host_decision_record_human_record_owner_review_candidate_scope_expiry_packet",
+        "host_decision_record_human_record_owner_review_candidate_scan_limits_packet",
+        "host_decision_record_human_record_owner_review_candidate_credential_boundary_packet",
+        "host_decision_record_human_record_owner_review_candidate_maintenance_rollback_packet",
+        "host_decision_record_human_record_owner_review_candidate_validation_runtime_gate_packet",
+        "host_decision_record_human_record_owner_review_candidate_no_execution_attestation_packet",
+    ]
     assert_equal(
         "iwooos_projection.summary.frontend_surface_coverage_group_count",
         iwooos_projection["summary"]["frontend_surface_coverage_group_count"],
@@ -761,6 +773,11 @@ def validate(root: Path) -> None:
         iwooos_projection["summary"]["host_owner_decision_record_human_handoff_readiness_review_outcome_lane_count"],
         len(expected_iwooos_host_owner_decision_record_human_handoff_readiness_review_outcome_lane_ids),
     )
+    assert_equal(
+        "iwooos_projection.summary.host_owner_decision_record_human_record_owner_review_candidate_packet_count",
+        iwooos_projection["summary"]["host_owner_decision_record_human_record_owner_review_candidate_packet_count"],
+        len(expected_iwooos_host_owner_decision_record_human_record_owner_review_candidate_packet_ids),
+    )
     iwooos_progress = iwooos_projection["progress"]
     assert_equal("iwooos_projection.progress.overall_percent", iwooos_progress["overall_percent"], progress["overall_percent"])
     assert_equal(
@@ -3029,6 +3046,131 @@ def validate(root: Path) -> None:
             f"iwooos_projection.host_owner_decision_record_human_handoff_readiness_review_outcome_lanes.{item['lane_id']}.not_authorization",
             item["not_authorization"],
         )
+    iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets = iwooos_projection[
+        "host_owner_decision_record_human_record_owner_review_candidate_packets"
+    ]
+    assert_equal(
+        "iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.ids",
+        [item["packet_id"] for item in iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets],
+        expected_iwooos_host_owner_decision_record_human_record_owner_review_candidate_packet_ids,
+    )
+    assert_equal(
+        "iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.display_order",
+        [item["display_order"] for item in iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets],
+        list(
+            range(
+                1,
+                len(expected_iwooos_host_owner_decision_record_human_record_owner_review_candidate_packet_ids) + 1,
+            )
+        ),
+    )
+    expected_iwooos_host_owner_decision_record_human_record_owner_review_candidate_fields = [
+        "candidate_identity_and_trace",
+        "human_record_owner_boundary",
+        "decision_summary_and_no_execution_statement",
+        "approved_scope_and_expiry_window",
+        "observe_only_and_future_scan_limits",
+        "metadata_only_credential_boundary",
+        "maintenance_constraints_and_rollback_owner",
+        "validation_evidence_and_independent_runtime_gate",
+        "no_execution_no_approval_attestation",
+    ]
+    assert_equal(
+        "iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.review_candidate_fields",
+        [
+            item["review_candidate_field"]
+            for item in iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets
+        ],
+        expected_iwooos_host_owner_decision_record_human_record_owner_review_candidate_fields,
+    )
+    for item in iwooos_host_owner_decision_record_human_record_owner_review_candidate_packets:
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.source_outcome_lane_id",
+            item["source_outcome_lane_id"],
+            "host_decision_record_handoff_readiness_review_ready_for_human_record_owner_review_candidate_outcome_lane",
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.display_mode",
+            item["display_mode"],
+            "owner_decision_record_human_record_owner_review_candidate_packet_only",
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.human_record_owner_review_started_count",
+            item["human_record_owner_review_started_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.human_record_owner_review_ready_count",
+            item["human_record_owner_review_ready_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.human_record_owner_handoff_review_passed_count",
+            item["human_record_owner_handoff_review_passed_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.human_record_owner_handoff_started_count",
+            item["human_record_owner_handoff_started_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.human_record_owner_handoff_ready_count",
+            item["human_record_owner_handoff_ready_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.formal_record_queue_review_passed_count",
+            item["formal_record_queue_review_passed_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.formal_record_queue_enqueued_count",
+            item["formal_record_queue_enqueued_count"],
+            0,
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.decision_record_created",
+            item["decision_record_created"],
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.owner_decision_received_count",
+            item["owner_decision_received_count"],
+            0,
+        )
+        assert_equal(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.owner_decision_accepted_count",
+            item["owner_decision_accepted_count"],
+            0,
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.owner_approval_record_created",
+            item["owner_approval_record_created"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.runtime_gate_opened",
+            item["runtime_gate_opened"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.raw_payload_allowed",
+            item["raw_payload_allowed"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.secret_value_collection_allowed",
+            item["secret_value_collection_allowed"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.runtime_execution_authorized",
+            item["runtime_execution_authorized"],
+        )
+        assert_false(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.action_buttons_allowed",
+            item["action_buttons_allowed"],
+        )
+        assert_true(
+            f"iwooos_projection.host_owner_decision_record_human_record_owner_review_candidate_packets.{item['packet_id']}.not_authorization",
+            item["not_authorization"],
+        )
     assert_equal(
         "iwooos_projection.non_blocking_lane_ids",
         iwooos_projection["non_blocking_lane_ids"],
@@ -3078,6 +3220,7 @@ def validate(root: Path) -> None:
         "display_host_owner_decision_record_human_handoff_readiness_packets",
         "display_host_owner_decision_record_human_handoff_readiness_review_checklist",
         "display_host_owner_decision_record_human_handoff_readiness_review_outcome_lanes",
+        "display_host_owner_decision_record_human_record_owner_review_candidate_packets",
         "display_evidence_refs",
         "display_forbidden_actions",
     ]:
@@ -3198,6 +3341,12 @@ def validate(root: Path) -> None:
         "start_human_record_owner_handoff_from_readiness_review_outcome",
         "create_host_owner_decision_record_from_handoff_readiness_review_outcome",
         "open_runtime_gate_from_handoff_readiness_review_outcome",
+        "treat_host_owner_decision_record_human_record_owner_review_candidate_packet_as_approval",
+        "start_human_record_owner_review_from_candidate_packet",
+        "mark_human_record_owner_review_ready_from_candidate_packet",
+        "collect_owner_decision_from_human_record_owner_review_candidate_packet",
+        "create_host_owner_decision_record_from_human_record_owner_review_candidate_packet",
+        "open_runtime_gate_from_human_record_owner_review_candidate_packet",
         "apply_runtime_blocking_control",
         "switch_github_primary",
         "production_deploy",