diff --git a/README.md b/README.md
index 67c295c8..00b4a9db 100644
--- a/README.md
+++ b/README.md
@@ -213,7 +213,7 @@ V1 ships 17 core features across CLI and Desktop GUI per [ADR-015: V1 Feature Sc
 
 ## Build Order
 
-Implementation follows the tiered dependency graph defined in [`docs/architecture/cross-plan-dependencies.md`](docs/architecture/cross-plan-dependencies.md). V1 spans 27 implementation plans; Plan-017 Workflow Authoring remains in `review` while the other V1 plans are approved.
+Implementation follows the tiered dependency graph defined in [`docs/architecture/cross-plan-dependencies.md`](docs/architecture/cross-plan-dependencies.md). V1 spans 27 implementation plans; Plan-001 Shared Session Core is `completed`, Plan-007 Local IPC and Daemon Control and Plan-017 Workflow Authoring are in `review` (Plan-007 reopened by its Tier-4 readiness audit), and the rest are `approved`.
 
 ```
 Tier 1  ► Plan-001  Shared Session Core
@@ -256,8 +256,8 @@ Each tier's prerequisites are the prior tier's completion. See [`docs/architectu
 
 Current documentation corpus:
 
-- **27 V1 implementation plans** with step-by-step build instructions; 26 are `approved` and Plan-017 is in `review`
-- **26 approved specifications** covering every feature and cross-cutting concern, plus Spec-027 (Self-Host Secure Defaults) currently in `draft`
+- **27 V1 implementation plans** with step-by-step build instructions; 24 are `approved`, Plan-001 is `completed`, and Plan-007 + Plan-017 are in `review`
+- **27 approved specifications** covering every feature and cross-cutting concern
 - **12 domain models** (run state machine, intervention model, participant model, workflow model, etc.)
 - **16 architecture documents** (schemas, contracts, security, deployment, dependencies)
 - **11 operations runbooks** (CLI commands, SLOs, on-call routing, self-host secure defaults)
diff --git a/docs/architecture/cross-plan-dependencies.md b/docs/architecture/cross-plan-dependencies.md
index 00456205..2ba2d2a0 100644
--- a/docs/architecture/cross-plan-dependencies.md
+++ b/docs/architecture/cross-plan-dependencies.md
@@ -313,7 +313,8 @@ graph TB
   NS13b[NS-13b: Spec-027 draft → approved]:::completed
   NS22[NS-22: sibling-doc staleness sweep<br/>0001-initial sql→ts + session.ts line cite]:::completed
   NS15[NS-15: Tier 3 plan-readiness audit<br/>(NS-16..NS-21 sequential)]:::completed
-  NS16[NS-16..NS-21: Tiers 4-9 audits<br/>1 PR per tier, sequential]:::ready
+  NS16[NS-16: Tier 4 plan-readiness audit<br/>(NS-17..NS-21 sequential)]:::completed
+  NS17[NS-17: Tier 5 plan-readiness audit<br/>(NS-18..NS-21 sequential)]:::ready
   NS14[NS-14: Tier 2 plan-readiness audit<br/>Plan-002 alone]:::completed
   NS24[NS-24: Plan-002 Phase 1<br/>invite + membership contracts + migration]:::completed
   NS25[NS-25: Plan-002 Phase 2<br/>invite + membership services + PASETO v4.local consumer]:::completed
@@ -329,6 +330,7 @@ graph TB
   %% BLOCKED
   NS09[NS-09: Plan-024 Phase 4 CI + signing]:::blocked
   NS10[NS-10: Plan-024 Phase 5 measurement]:::blocked
+  NS18[NS-18..NS-21: Tiers 6-9 audits<br/>1 PR per tier, sequential]:::blocked
 
   %% COMPLETED
   NS12[NS-12: Plan-001 Phase 5 split + dep alignment]:::completed
@@ -362,6 +364,8 @@ graph TB
   %% Audit chain
   NS14 --> NS15
   NS15 --> NS16
+  NS16 --> NS17
+  NS17 --> NS18
 
   classDef ready fill:#9f9,stroke:#0a0,color:#000
   classDef blocked fill:#fcc,stroke:#a00,color:#000
@@ -371,7 +375,7 @@ graph TB
 
 ### Recommended first wave
 
-With NS-01 + NS-02 + NS-04 + NS-05 completed 2026-05-11 (NS-01 via PR #42 — Plan-024 Phase 1 Rust scaffold; NS-02 via PR #38 — Plan-001 Phase 5 Lane A T5.1 + T5.5 + T5.6; NS-04 via PR #45 + PR #48 — `PtyHost` contract interface + `spawn-cwd-translator.ts` daemon-layer wrapper; NS-05 via PR #51 — `NodePtyHost` + `PtyHostSelector` Phase 2 closeout), NS-07 completed 2026-05-12 (via PR #56 — Plan-024 Phase 3 `RustSidecarPtyHost` + Rust sidecar substrate + I-024-3/I-024-5/I-024-6 verification), NS-03 completed 2026-05-18 (via PR #70 — Plan-023-partial Tier 1 Electron + React skeleton + electron-vite v5 toolchain + Vitest launch smoke), NS-06 completed 2026-05-19 (via PR #77 — Plan-001 Phase 5 Lane C T5.2 renderer session-bootstrap component on top of the Plan-023-partial preload bridge), NS-08 completed 2026-05-20 (via PR #83 — Plan-001 Phase 5 Lane D T5.3 `apps/desktop/src/main/sidecar-lifecycle.ts` will-quit drain orchestration on top of the polymorphic `PtyHost.shutdown()` extension to both `NodePtyHost` + `RustSidecarPtyHost`; verifies I5 = CP-001-1 + I-024-4), and NS-14 completed 2026-05-20 (via this PR — Plan-002 Tier 2 plan-readiness audit; 12 critical / 23 major / 19 minor / 4 nit findings discharged via in-PR amendments + BL-119/120/121 escalations; per CP-002-1..CP-002-5 cross-plan obligations newly declared), the ready set is now NS-11, NS-13a, NS-15, NS-22 (4 items). NS-14's completion drops it from the ready set and promotes NS-15 (Tier 3 plan-readiness audit) from `blocked` → `ready` per the audit-chain edge `NS-14 → NS-15` (the §6 audit chain remains strictly serialized: NS-15 → NS-16 → … → NS-21 per runbook §85-87, so NS-16..NS-21 stay blocked behind NS-15). NS-08's completion (2026-05-20) closed the last open T5.x lane — **Plan-001 Phase 5 is fully shipped (T5.1–T5.6 complete)** and Plan-001 has no remaining Phase 5 code-lane on the §6 axis. NS-09 stays blocked on BL-108 procurement evidence; NS-10 stays blocked on NS-09 alone (BL-106 was archived 2026-05-13 and its dependency on NS-10 was removed — see [BL-106 archive entry](../archive/backlog-archive.md#bl-106-c-5--c-16--plan-024-calendar-window-decoupling-from-completed-status); the substrate-promotion 2-week monitoring window now lives at [ADR-019 §Substrate Promotion Window](../decisions/019-windows-v1-tier-and-pty-sidecar.md#substrate-promotion-window), NOT as a Plan-024 completion gate). The set shares no code paths or governance files — re-derived from each entry's `Files:` / `target_paths` after NS-14's drop-out + NS-15's promotion (NS-11 targets `packages/runtime-daemon/src/bootstrap/secure-defaults-events.ts`; NS-13a targets the audit runbook + spec template; NS-15 targets the next-tier plan-set under `docs/plans/` (Tier 3 plans per §5); NS-22 targets sibling-doc `0001-initial.sql` + `session.ts:388` cite occurrences in Plan-001 / Plan-022 / ADR-022 / Plan-008 — disjoint file-sets). Suggested parallel dispatch: **NS-13a + NS-15 + NS-11 + NS-22** as concurrent governance / audit / cleanup lanes — no code-lane remained on §6 as of 2026-05-20 until NS-09 unblocks via BL-108 procurement evidence (superseded 2026-05-21 by PR #92 — see addendum below). The previous serialization of NS-22 behind NS-12 (resolved 2026-05-03) is dissolved — NS-22 targets distinct content (`0001-initial.sql` filename + `session.ts:388` cite occurrences in Plan-001 / Plan-022 / ADR-022 / Plan-008) from NS-12's edit scope (Plan-001 §Preconditions + §Phase 5 Precondition); NS-22 dispatches cleanly against the post-NS-12 HEAD without rebase churn. The NS-04 → NS-05 → NS-07 cascade is now fully completed on the Plan-024 critical path — NS-04 completion (PR #48 housekeeping) unblocked NS-05; NS-05 completion (PR #51) unblocked NS-07; NS-07 completion (PR #56) leaves no NS-XX gate on NS-09 + NS-10. The remaining Plan-024 gates (NS-09 Phase 4 CI + signing, NS-10 Phase 5 measurement) are procurement-bound (BL-108), not code-lane-bound — Plan-024 cannot resume on the §6 axis until BL-108 closes. The 2-week substrate-promotion monitoring window historically tracked via BL-106 was archived 2026-05-13 and now lives at [ADR-019 §Substrate Promotion Window](../decisions/019-windows-v1-tier-and-pty-sidecar.md#substrate-promotion-window) — it is a substrate-promotion gate (env-var rollback authority retirement), NOT a Plan-024 completion gate. **2026-05-21 amendment (PR #92):** Plan-025 Tier 1 Partial shipped `packages/crypto-paseto/` v4.public + v4.local primitives, satisfying CP-002-4 and unblocking Plan-002 Phase 2's invite-token issuance prerequisite. Combined with NS-14's 2026-05-20 audit closure, this opens NS-24 (Plan-002 Phase 1) as a net-new code-lane on the §6 axis — invalidating the "no code-lane remains" claim above. New ready set adds NS-24 (NS-25 + NS-26 remain blocked behind NS-24 → NS-25 sequencing per `docs/plans/002-invite-membership-and-presence.md:203,230`). Suggested next dispatch: **NS-24 + NS-13b + NS-15** as concurrent code / governance / audit lanes. NS-13a closes in this PR per its `:::completed` class flip; NS-13b auto-promotes from `:::blocked` → `:::ready` per the `NS-13a → NS-13b` edge, mirroring how NS-15 was promoted in NS-14's completion PR (see NS-15's §Status line below). **2026-05-23 amendment (PR #102):** NS-24 (Plan-002 Phase 1) closes — T1.1–T1.6 contracts + `0002-session-invites` migration shipped to `develop` as commit `347d62b`; C1–C5 + anti-leakage tests green; in-PR cross-plan amendments documented in [Plan-002 §Phase 1 §Cross-Plan Amendments](../plans/002-invite-membership-and-presence.md#cross-plan-amendments) (the `brandedUuidIdSchema` helper at `packages/contracts/src/internal/branded.ts` consumed by `packages/contracts/src/session.ts`, and the per-version-loop `applyMigrations()` rewire at `packages/control-plane/src/sessions/migration-runner.ts`). NS-24's completion promotes NS-25 (Plan-002 Phase 2 — invite/membership services) from `:::blocked` → `:::ready` per the `NS-24 → NS-25` edge — both upstream conditions are now satisfied (NS-24 Phase 1 + PR #92 `packages/crypto-paseto/` substrate). NS-26 remains blocked behind NS-25 per the `NS-25 → NS-26` edge. New ready set: **NS-25 + NS-13b + NS-15** as concurrent code / governance / audit lanes (NS-11 + NS-13a + NS-22 + NS-24 all completed; NS-09 + NS-10 + NS-26 + NS-16..NS-21 remain blocked). **2026-05-24 amendment (PR #105):** NS-25 (Plan-002 Phase 2 — control-plane invite + membership services) closes — T2.1–T2.5 shipped `invite-service.ts` (PASETO v4.local issuance, first real consumer of `packages/crypto-paseto/`) + `membership-service.ts` (I-002-1/I-002-2) + lock-ordering (I-002-4) + no-presence-table migration regression (I-002-3); P1–P10 green (143-test control-plane suite); STATE-ONLY per ADR-017 (no audit emission — deferred to Plan-006 Tier 4 per CP-002-6). NS-25's completion promotes NS-26 (Plan-002 Phase 3 — presence heartbeat + ChannelList projection) from `:::blocked` → `:::ready` per the `NS-25 → NS-26` edge — both upstream conditions are now satisfied (NS-24 Phase 1 + NS-25 Phase 2). New ready set: **NS-26 + NS-13b + NS-15** as concurrent code / governance / audit lanes (NS-24 + NS-25 now completed; NS-09 + NS-10 + NS-16..NS-21 remain blocked). **2026-05-25 amendment (PR #108):** NS-26 (Plan-002 Phase 3 — presence heartbeat + ChannelList projection) closes — T3.1–T3.4 shipped the presence-register service (in-memory Yjs Awareness ingestion + Postgres LISTEN/NOTIFY fan-out + reconnect-grace timer), the `presence.*` JSON-RPC handlers (durable `session_events` rows), the `ChannelList` read-only projection (`deriveMainChannelId`-keyed bootstrap `main` channel), and in-PR the hoisted `SubscribeAckResponse` generic + `presence.subscribe` wire contract on the Plan-007 streaming substrate; verifies I-002-3 (presence ephemeral, never persisted) + I-007-7 (streaming subscribe-init ack); Pr1–Pr4 + I3 green, P10 re-verified. NS-26 is a §6 DAG sink — no §6 entry lists `Upstream: NS-26` (Plan-018's `Upstream: Plan-002 (presence infrastructure)` dep at §3 has no §6 NS node — Plan-018 is Tier 6, not yet on the DAG), so NS-26's completion promotes nothing from `blocked` → `ready`. The ready set shrinks from **{NS-26, NS-13b, NS-15}** to **{NS-13b, NS-15}** (NS-26 drops out on completion; NS-13b + NS-15 are unaffected — their upstreams NS-13a + NS-14 are unrelated to NS-26). The completed set gains NS-26 (NS-24 + NS-25 + NS-26 = all three on-DAG Plan-002 phases now shipped; Phase 4 is NS-unlisted, structurally deferred to Tier 6 per CP-002-3/BL-120). The blocked set **{NS-09, NS-10, NS-16..NS-21}** is unchanged. Suggested next dispatch: **NS-13b + NS-15** as concurrent governance / audit lanes — no code-lane remains on the §6 axis until NS-09 unblocks via BL-108 procurement evidence. **2026-05-25 amendment (this PR — NS-13b):** NS-13b (Spec-027 `draft` → `approved`) closes — Spec-027's status flips to `approved` per the [runbook §Spec-Status Promotion Gate](../operations/plan-implementation-readiness-audit-runbook.md#spec-status-promotion-gate), clearing the corpus's only `draft` spec and restoring the doc-first-before-coding invariant that Plan-007 PR #16 (merged 2026-04-29, shipping `secure-defaults.ts` + `secure-defaults-events.ts` implementing Spec-027 rows 4 + 10) had inverted (the same-window Plan-007 Phase 2/3 PRs #17/#19 shipped Spec-007 wire substrate + `session.*` namespaces — #17 imported the SecureDefaults module, #19 cited no Spec-027 row; neither is a Spec-027 doc-first violation). The 4-criterion gate cleared: (1) all 6 `Depends On` specs (Spec-007/020/021/022/025/026) are `approved` and all 3 ADRs (ADR-010/012/020) are `accepted`; (2) the spec's 5 Open Questions are plan-owned deferrals (Plan-007 §7a polling cadence, Plan-020 §9 `/metrics` auth scheme, Plan-025 short-lived-LE-profile + OAuth-on-PG18, BL-063+Plan-001 backup plug-in), none gating a Required-Behavior row; (3) doc-first post-hoc affirmation — the now-`approved` body remains authoritative for the rows PR #16 shipped; (4) all current Plan-007→Spec-027 cross-references re-validated against the post-promotion body (row cites 2/3/4/7a/7b/8/10, anchor cites §Required Behavior + §Fallback Behavior, and the three line-specific cites Spec-027:81/:138/:146 all resolve — the status flip is a same-line word change preserving every line number below it). NS-13b is a §6 governance sink (no `Upstream: NS-13b` edge), so its closure promotes nothing; the ready set shrinks from **{NS-13b, NS-15}** to **{NS-15}**, and the blocked set **{NS-09, NS-10, NS-16..NS-21}** is unchanged. (The §6 DAG's omission of Plan-002 Phase 5 / Phase 6 as NS-nodes — Phase 5 is a ready Tier 2 code-lane whose precondition was met by PR #108 — is a tracking gap corrected in the NS-15 audit PR, not here, per the 2026-05-25 prioritization decision.) **2026-05-26 amendment (this PR — NS-15):** NS-15 (Tier 3 plan-readiness audit of Plan-003) closes — Plan-003's five `#### Tasks` blocks (29 tasks) authored, the runtime-node table-CREATE-ownership self-misattribution (header + Phase 1) corrected to Plan-003-owned, and the cross-cutting contract fills ratified in this PR: `clientVersion: EventEnvelopeVersion` on `RuntimeNodeAttachRequest` + a `client_version` column on `runtime_node_attachments`; a derived `readOnly` boolean on `RuntimeNodeAttachResponse` (orthogonal to `NodeState`); and the `runtimenode.*` method namespace — per the [api-payload-contracts.md §Tier 3 Runtime-Node Method-Name Registry](contracts/api-payload-contracts.md) and [shared-postgres-schema.md](schemas/shared-postgres-schema.md). The Spec-003 heartbeat degraded→offline threshold is dispositioned to a separate Spec-003 PR (distinct governance lifecycle — it re-discharges the Spec-Status Promotion Gate), and the no-automated-renderer-test major is tracked as [BL-131](../backlog.md) (V1.1, criterion-gated on the Plan-023 renderer test harness). NS-15's closure promotes NS-16 (Tier 4 audit, next in the strictly-serialized chain) from `blocked` → `ready` per the `NS-15 → NS-16` edge; NS-17..NS-21 remain `blocked` behind it. **Plan-002 Phase-5/6 tracking correction (discharges the NS-13b forward-reference above):** Plan-002's two remaining Tier-2 code-lanes are now on the DAG as NS-28 (Phase 5 — `membershipClient.ts` client SDK; `ready`, with PR #117 in flight as of 2026-05-26) and NS-29 (Phase 6 — `session-members` renderer subtree; `blocked` behind NS-28), with edges `NS-26 → NS-28 → NS-29` (Phase 4 stays NS-unlisted, structurally deferred to Tier 6 per CP-002-3 / BL-120). The ready set moves from **{NS-15}** to **{NS-16, NS-28}**; the blocked set becomes **{NS-09, NS-10, NS-17..NS-21, NS-29}**; the completed set gains NS-15. No §6 code-lane besides NS-28 (in flight via PR #117) is dispatchable until NS-09 unblocks via BL-108 procurement evidence. **2026-05-26 amendment (PR #117 — NS-28):** NS-28 (Plan-002 Phase 5 — `membershipClient.ts` client SDK) closes — shipped to `develop` as commit `dff6523`: the dual-factory `MembershipClient` surface (`createDaemonMembershipClient`, the Option A daemon-as-gateway path per ADR-008 over a single JSON-RPC transport; `createControlPlaneMembershipClient`, the Tier-5 forward-compat scaffold throwing `NotImplementedAtTier2Error`) plus the I1–I3 integration tests and the T5.0a/T5.0b contracts-hoist consolidating the invite/membership response schemas into `packages/contracts`. NS-28's completion promotes NS-29 (Phase 6 — `session-members` renderer subtree) from `blocked` → `ready` per the `NS-28 → NS-29` edge — both preconditions now satisfied (NS-28 Phase 5 SDK merged + the Plan-023 Tier 1 Partial `apps/desktop/src/renderer/` substrate already in place). The ready set moves from **{NS-16, NS-28}** to **{NS-16, NS-29}** (NS-28 drops out on completion; NS-29 enters); the blocked set drops NS-29 to **{NS-09, NS-10, NS-17..NS-21}**; the completed set gains NS-28. NS-29 (Phase 6 renderer) is now the dispatchable §6 code-lane — superseding the NS-15 sub-block's "no §6 code-lane besides NS-28 is dispatchable" framing, which PR #117's merge closed out; NS-09 + NS-10 remain blocked on BL-108 procurement evidence, and Plan-002 Phase 4 stays NS-unlisted (structurally deferred to Tier 6 per CP-002-3 / BL-120). **2026-05-27 amendment (PR #120 — NS-29):** NS-29 (Plan-002 Phase 6 — `session-members` renderer subtree) closes — shipped to `develop` as squash commit `9db79b4`: the desktop renderer session-members surface under `apps/desktop/src/renderer/src/session-members/` (an `invite-accept-view.tsx` + a `participant-roster.tsx` with presence indicators, both a thin projection over the `window.sidekicks` preload bridge — generic `daemon.call` / `daemon.subscribe` (via `createTier1Bridge`) hitting the same `invite.*` / `presence.*` daemon handlers the Phase 5 `membershipClient.ts` SDK wraps, consuming the Phase-5-hoisted invite/membership contract schemas in `@ai-sidekicks/contracts` rather than importing the SDK client — wired into `session-bootstrap/SessionBootstrap.tsx`) plus component tests and an import-restriction assertion enforcing CP-002-5 (the subtree never bypasses the bridge to reach `packages/runtime-daemon/` or `packages/control-plane/` state directly). Three cross-surface contracts were pinned in Spec-023 during review as forward obligations: (1) the `Spec-023 §Deep-Link Invite Flow` deep-link contract; (2) the `Spec-023 §Preload Bridge Contract` per-subscription request params (deferred to Plan-007/008); (3) the `Spec-023 §Deep-Link Invite Flow` non-consuming invite-metadata path (deferred to Spec-002/Plan-002) — their detail is recorded in Plan-002 §Phase 6 Notes. NS-29 is a §6 DAG sink — a repo-wide grep for `Upstream: NS-29` on this file returns zero matches, so NS-29's completion promotes nothing from `blocked` → `ready`. The ready set moves from **{NS-16, NS-29}** to **{NS-16}** (NS-29 drops out on completion; NS-16 is unaffected — its upstream is the audit chain, unrelated to NS-29); the blocked set **{NS-09, NS-10, NS-17..NS-21}** is unchanged; the completed set gains NS-29 — with it, all five on-DAG Plan-002 phases (NS-24 + NS-25 + NS-26 + NS-28 + NS-29) now read `completed`, so Plan-002 is fully shipped on the §6 axis (Phase 4 stays NS-unlisted, structurally deferred to Tier 6 per CP-002-3 / BL-120). NS-29 was the last Plan-002 Tier-2 code-lane; no §6 code-lane remains dispatchable until NS-09 unblocks via BL-108 procurement evidence.
+With NS-01 + NS-02 + NS-04 + NS-05 completed 2026-05-11 (NS-01 via PR #42 — Plan-024 Phase 1 Rust scaffold; NS-02 via PR #38 — Plan-001 Phase 5 Lane A T5.1 + T5.5 + T5.6; NS-04 via PR #45 + PR #48 — `PtyHost` contract interface + `spawn-cwd-translator.ts` daemon-layer wrapper; NS-05 via PR #51 — `NodePtyHost` + `PtyHostSelector` Phase 2 closeout), NS-07 completed 2026-05-12 (via PR #56 — Plan-024 Phase 3 `RustSidecarPtyHost` + Rust sidecar substrate + I-024-3/I-024-5/I-024-6 verification), NS-03 completed 2026-05-18 (via PR #70 — Plan-023-partial Tier 1 Electron + React skeleton + electron-vite v5 toolchain + Vitest launch smoke), NS-06 completed 2026-05-19 (via PR #77 — Plan-001 Phase 5 Lane C T5.2 renderer session-bootstrap component on top of the Plan-023-partial preload bridge), NS-08 completed 2026-05-20 (via PR #83 — Plan-001 Phase 5 Lane D T5.3 `apps/desktop/src/main/sidecar-lifecycle.ts` will-quit drain orchestration on top of the polymorphic `PtyHost.shutdown()` extension to both `NodePtyHost` + `RustSidecarPtyHost`; verifies I5 = CP-001-1 + I-024-4), and NS-14 completed 2026-05-20 (via this PR — Plan-002 Tier 2 plan-readiness audit; 12 critical / 23 major / 19 minor / 4 nit findings discharged via in-PR amendments + BL-119/120/121 escalations; per CP-002-1..CP-002-5 cross-plan obligations newly declared), the ready set is now NS-11, NS-13a, NS-15, NS-22 (4 items). NS-14's completion drops it from the ready set and promotes NS-15 (Tier 3 plan-readiness audit) from `blocked` → `ready` per the audit-chain edge `NS-14 → NS-15` (the §6 audit chain remains strictly serialized: NS-15 → NS-16 → … → NS-21 per runbook §85-87, so NS-16..NS-21 stay blocked behind NS-15). NS-08's completion (2026-05-20) closed the last open T5.x lane — **Plan-001 Phase 5 is fully shipped (T5.1–T5.6 complete)** and Plan-001 has no remaining Phase 5 code-lane on the §6 axis. NS-09 stays blocked on BL-108 procurement evidence; NS-10 stays blocked on NS-09 alone (BL-106 was archived 2026-05-13 and its dependency on NS-10 was removed — see [BL-106 archive entry](../archive/backlog-archive.md#bl-106-c-5--c-16--plan-024-calendar-window-decoupling-from-completed-status); the substrate-promotion 2-week monitoring window now lives at [ADR-019 §Substrate Promotion Window](../decisions/019-windows-v1-tier-and-pty-sidecar.md#substrate-promotion-window), NOT as a Plan-024 completion gate). The set shares no code paths or governance files — re-derived from each entry's `Files:` / `target_paths` after NS-14's drop-out + NS-15's promotion (NS-11 targets `packages/runtime-daemon/src/bootstrap/secure-defaults-events.ts`; NS-13a targets the audit runbook + spec template; NS-15 targets the next-tier plan-set under `docs/plans/` (Tier 3 plans per §5); NS-22 targets sibling-doc `0001-initial.sql` + `session.ts:388` cite occurrences in Plan-001 / Plan-022 / ADR-022 / Plan-008 — disjoint file-sets). Suggested parallel dispatch: **NS-13a + NS-15 + NS-11 + NS-22** as concurrent governance / audit / cleanup lanes — no code-lane remained on §6 as of 2026-05-20 until NS-09 unblocks via BL-108 procurement evidence (superseded 2026-05-21 by PR #92 — see addendum below). The previous serialization of NS-22 behind NS-12 (resolved 2026-05-03) is dissolved — NS-22 targets distinct content (`0001-initial.sql` filename + `session.ts:388` cite occurrences in Plan-001 / Plan-022 / ADR-022 / Plan-008) from NS-12's edit scope (Plan-001 §Preconditions + §Phase 5 Precondition); NS-22 dispatches cleanly against the post-NS-12 HEAD without rebase churn. The NS-04 → NS-05 → NS-07 cascade is now fully completed on the Plan-024 critical path — NS-04 completion (PR #48 housekeeping) unblocked NS-05; NS-05 completion (PR #51) unblocked NS-07; NS-07 completion (PR #56) leaves no NS-XX gate on NS-09 + NS-10. The remaining Plan-024 gates (NS-09 Phase 4 CI + signing, NS-10 Phase 5 measurement) are procurement-bound (BL-108), not code-lane-bound — Plan-024 cannot resume on the §6 axis until BL-108 closes. The 2-week substrate-promotion monitoring window historically tracked via BL-106 was archived 2026-05-13 and now lives at [ADR-019 §Substrate Promotion Window](../decisions/019-windows-v1-tier-and-pty-sidecar.md#substrate-promotion-window) — it is a substrate-promotion gate (env-var rollback authority retirement), NOT a Plan-024 completion gate. **2026-05-21 amendment (PR #92):** Plan-025 Tier 1 Partial shipped `packages/crypto-paseto/` v4.public + v4.local primitives, satisfying CP-002-4 and unblocking Plan-002 Phase 2's invite-token issuance prerequisite. Combined with NS-14's 2026-05-20 audit closure, this opens NS-24 (Plan-002 Phase 1) as a net-new code-lane on the §6 axis — invalidating the "no code-lane remains" claim above. New ready set adds NS-24 (NS-25 + NS-26 remain blocked behind NS-24 → NS-25 sequencing per `docs/plans/002-invite-membership-and-presence.md:203,230`). Suggested next dispatch: **NS-24 + NS-13b + NS-15** as concurrent code / governance / audit lanes. NS-13a closes in this PR per its `:::completed` class flip; NS-13b auto-promotes from `:::blocked` → `:::ready` per the `NS-13a → NS-13b` edge, mirroring how NS-15 was promoted in NS-14's completion PR (see NS-15's §Status line below). **2026-05-23 amendment (PR #102):** NS-24 (Plan-002 Phase 1) closes — T1.1–T1.6 contracts + `0002-session-invites` migration shipped to `develop` as commit `347d62b`; C1–C5 + anti-leakage tests green; in-PR cross-plan amendments documented in [Plan-002 §Phase 1 §Cross-Plan Amendments](../plans/002-invite-membership-and-presence.md#cross-plan-amendments) (the `brandedUuidIdSchema` helper at `packages/contracts/src/internal/branded.ts` consumed by `packages/contracts/src/session.ts`, and the per-version-loop `applyMigrations()` rewire at `packages/control-plane/src/sessions/migration-runner.ts`). NS-24's completion promotes NS-25 (Plan-002 Phase 2 — invite/membership services) from `:::blocked` → `:::ready` per the `NS-24 → NS-25` edge — both upstream conditions are now satisfied (NS-24 Phase 1 + PR #92 `packages/crypto-paseto/` substrate). NS-26 remains blocked behind NS-25 per the `NS-25 → NS-26` edge. New ready set: **NS-25 + NS-13b + NS-15** as concurrent code / governance / audit lanes (NS-11 + NS-13a + NS-22 + NS-24 all completed; NS-09 + NS-10 + NS-26 + NS-16..NS-21 remain blocked). **2026-05-24 amendment (PR #105):** NS-25 (Plan-002 Phase 2 — control-plane invite + membership services) closes — T2.1–T2.5 shipped `invite-service.ts` (PASETO v4.local issuance, first real consumer of `packages/crypto-paseto/`) + `membership-service.ts` (I-002-1/I-002-2) + lock-ordering (I-002-4) + no-presence-table migration regression (I-002-3); P1–P10 green (143-test control-plane suite); STATE-ONLY per ADR-017 (no audit emission — deferred to Plan-006 Tier 4 per CP-002-6). NS-25's completion promotes NS-26 (Plan-002 Phase 3 — presence heartbeat + ChannelList projection) from `:::blocked` → `:::ready` per the `NS-25 → NS-26` edge — both upstream conditions are now satisfied (NS-24 Phase 1 + NS-25 Phase 2). New ready set: **NS-26 + NS-13b + NS-15** as concurrent code / governance / audit lanes (NS-24 + NS-25 now completed; NS-09 + NS-10 + NS-16..NS-21 remain blocked). **2026-05-25 amendment (PR #108):** NS-26 (Plan-002 Phase 3 — presence heartbeat + ChannelList projection) closes — T3.1–T3.4 shipped the presence-register service (in-memory Yjs Awareness ingestion + Postgres LISTEN/NOTIFY fan-out + reconnect-grace timer), the `presence.*` JSON-RPC handlers (durable `session_events` rows), the `ChannelList` read-only projection (`deriveMainChannelId`-keyed bootstrap `main` channel), and in-PR the hoisted `SubscribeAckResponse` generic + `presence.subscribe` wire contract on the Plan-007 streaming substrate; verifies I-002-3 (presence ephemeral, never persisted) + I-007-7 (streaming subscribe-init ack); Pr1–Pr4 + I3 green, P10 re-verified. NS-26 is a §6 DAG sink — no §6 entry lists `Upstream: NS-26` (Plan-018's `Upstream: Plan-002 (presence infrastructure)` dep at §3 has no §6 NS node — Plan-018 is Tier 6, not yet on the DAG), so NS-26's completion promotes nothing from `blocked` → `ready`. The ready set shrinks from **{NS-26, NS-13b, NS-15}** to **{NS-13b, NS-15}** (NS-26 drops out on completion; NS-13b + NS-15 are unaffected — their upstreams NS-13a + NS-14 are unrelated to NS-26). The completed set gains NS-26 (NS-24 + NS-25 + NS-26 = all three on-DAG Plan-002 phases now shipped; Phase 4 is NS-unlisted, structurally deferred to Tier 6 per CP-002-3/BL-120). The blocked set **{NS-09, NS-10, NS-16..NS-21}** is unchanged. Suggested next dispatch: **NS-13b + NS-15** as concurrent governance / audit lanes — no code-lane remains on the §6 axis until NS-09 unblocks via BL-108 procurement evidence. **2026-05-25 amendment (this PR — NS-13b):** NS-13b (Spec-027 `draft` → `approved`) closes — Spec-027's status flips to `approved` per the [runbook §Spec-Status Promotion Gate](../operations/plan-implementation-readiness-audit-runbook.md#spec-status-promotion-gate), clearing the corpus's only `draft` spec and restoring the doc-first-before-coding invariant that Plan-007 PR #16 (merged 2026-04-29, shipping `secure-defaults.ts` + `secure-defaults-events.ts` implementing Spec-027 rows 4 + 10) had inverted (the same-window Plan-007 Phase 2/3 PRs #17/#19 shipped Spec-007 wire substrate + `session.*` namespaces — #17 imported the SecureDefaults module, #19 cited no Spec-027 row; neither is a Spec-027 doc-first violation). The 4-criterion gate cleared: (1) all 6 `Depends On` specs (Spec-007/020/021/022/025/026) are `approved` and all 3 ADRs (ADR-010/012/020) are `accepted`; (2) the spec's 5 Open Questions are plan-owned deferrals (Plan-007 §7a polling cadence, Plan-020 §9 `/metrics` auth scheme, Plan-025 short-lived-LE-profile + OAuth-on-PG18, BL-063+Plan-001 backup plug-in), none gating a Required-Behavior row; (3) doc-first post-hoc affirmation — the now-`approved` body remains authoritative for the rows PR #16 shipped; (4) all current Plan-007→Spec-027 cross-references re-validated against the post-promotion body (row cites 2/3/4/7a/7b/8/10, anchor cites §Required Behavior + §Fallback Behavior, and the three line-specific cites Spec-027:81/:138/:146 all resolve — the status flip is a same-line word change preserving every line number below it). NS-13b is a §6 governance sink (no `Upstream: NS-13b` edge), so its closure promotes nothing; the ready set shrinks from **{NS-13b, NS-15}** to **{NS-15}**, and the blocked set **{NS-09, NS-10, NS-16..NS-21}** is unchanged. (The §6 DAG's omission of Plan-002 Phase 5 / Phase 6 as NS-nodes — Phase 5 is a ready Tier 2 code-lane whose precondition was met by PR #108 — is a tracking gap corrected in the NS-15 audit PR, not here, per the 2026-05-25 prioritization decision.) **2026-05-26 amendment (this PR — NS-15):** NS-15 (Tier 3 plan-readiness audit of Plan-003) closes — Plan-003's five `#### Tasks` blocks (29 tasks) authored, the runtime-node table-CREATE-ownership self-misattribution (header + Phase 1) corrected to Plan-003-owned, and the cross-cutting contract fills ratified in this PR: `clientVersion: EventEnvelopeVersion` on `RuntimeNodeAttachRequest` + a `client_version` column on `runtime_node_attachments`; a derived `readOnly` boolean on `RuntimeNodeAttachResponse` (orthogonal to `NodeState`); and the `runtimenode.*` method namespace — per the [api-payload-contracts.md §Tier 3 Runtime-Node Method-Name Registry](contracts/api-payload-contracts.md) and [shared-postgres-schema.md](schemas/shared-postgres-schema.md). The Spec-003 heartbeat degraded→offline threshold is dispositioned to a separate Spec-003 PR (distinct governance lifecycle — it re-discharges the Spec-Status Promotion Gate), and the no-automated-renderer-test major is tracked as [BL-131](../backlog.md) (V1.1, criterion-gated on the Plan-023 renderer test harness). NS-15's closure promotes NS-16 (Tier 4 audit, next in the strictly-serialized chain) from `blocked` → `ready` per the `NS-15 → NS-16` edge; NS-17..NS-21 remain `blocked` behind it. **Plan-002 Phase-5/6 tracking correction (discharges the NS-13b forward-reference above):** Plan-002's two remaining Tier-2 code-lanes are now on the DAG as NS-28 (Phase 5 — `membershipClient.ts` client SDK; `ready`, with PR #117 in flight as of 2026-05-26) and NS-29 (Phase 6 — `session-members` renderer subtree; `blocked` behind NS-28), with edges `NS-26 → NS-28 → NS-29` (Phase 4 stays NS-unlisted, structurally deferred to Tier 6 per CP-002-3 / BL-120). The ready set moves from **{NS-15}** to **{NS-16, NS-28}**; the blocked set becomes **{NS-09, NS-10, NS-17..NS-21, NS-29}**; the completed set gains NS-15. No §6 code-lane besides NS-28 (in flight via PR #117) is dispatchable until NS-09 unblocks via BL-108 procurement evidence. **2026-05-26 amendment (PR #117 — NS-28):** NS-28 (Plan-002 Phase 5 — `membershipClient.ts` client SDK) closes — shipped to `develop` as commit `dff6523`: the dual-factory `MembershipClient` surface (`createDaemonMembershipClient`, the Option A daemon-as-gateway path per ADR-008 over a single JSON-RPC transport; `createControlPlaneMembershipClient`, the Tier-5 forward-compat scaffold throwing `NotImplementedAtTier2Error`) plus the I1–I3 integration tests and the T5.0a/T5.0b contracts-hoist consolidating the invite/membership response schemas into `packages/contracts`. NS-28's completion promotes NS-29 (Phase 6 — `session-members` renderer subtree) from `blocked` → `ready` per the `NS-28 → NS-29` edge — both preconditions now satisfied (NS-28 Phase 5 SDK merged + the Plan-023 Tier 1 Partial `apps/desktop/src/renderer/` substrate already in place). The ready set moves from **{NS-16, NS-28}** to **{NS-16, NS-29}** (NS-28 drops out on completion; NS-29 enters); the blocked set drops NS-29 to **{NS-09, NS-10, NS-17..NS-21}**; the completed set gains NS-28. NS-29 (Phase 6 renderer) is now the dispatchable §6 code-lane — superseding the NS-15 sub-block's "no §6 code-lane besides NS-28 is dispatchable" framing, which PR #117's merge closed out; NS-09 + NS-10 remain blocked on BL-108 procurement evidence, and Plan-002 Phase 4 stays NS-unlisted (structurally deferred to Tier 6 per CP-002-3 / BL-120). **2026-05-27 amendment (PR #120 — NS-29):** NS-29 (Plan-002 Phase 6 — `session-members` renderer subtree) closes — shipped to `develop` as squash commit `9db79b4`: the desktop renderer session-members surface under `apps/desktop/src/renderer/src/session-members/` (an `invite-accept-view.tsx` + a `participant-roster.tsx` with presence indicators, both a thin projection over the `window.sidekicks` preload bridge — generic `daemon.call` / `daemon.subscribe` (via `createTier1Bridge`) hitting the same `invite.*` / `presence.*` daemon handlers the Phase 5 `membershipClient.ts` SDK wraps, consuming the Phase-5-hoisted invite/membership contract schemas in `@ai-sidekicks/contracts` rather than importing the SDK client — wired into `session-bootstrap/SessionBootstrap.tsx`) plus component tests and an import-restriction assertion enforcing CP-002-5 (the subtree never bypasses the bridge to reach `packages/runtime-daemon/` or `packages/control-plane/` state directly). Three cross-surface contracts were pinned in Spec-023 during review as forward obligations: (1) the `Spec-023 §Deep-Link Invite Flow` deep-link contract; (2) the `Spec-023 §Preload Bridge Contract` per-subscription request params (deferred to Plan-007/008); (3) the `Spec-023 §Deep-Link Invite Flow` non-consuming invite-metadata path (deferred to Spec-002/Plan-002) — their detail is recorded in Plan-002 §Phase 6 Notes. NS-29 is a §6 DAG sink — a repo-wide grep for `Upstream: NS-29` on this file returns zero matches, so NS-29's completion promotes nothing from `blocked` → `ready`. The ready set moves from **{NS-16, NS-29}** to **{NS-16}** (NS-29 drops out on completion; NS-16 is unaffected — its upstream is the audit chain, unrelated to NS-29); the blocked set **{NS-09, NS-10, NS-17..NS-21}** is unchanged; the completed set gains NS-29 — with it, all five on-DAG Plan-002 phases (NS-24 + NS-25 + NS-26 + NS-28 + NS-29) now read `completed`, so Plan-002 is fully shipped on the §6 axis (Phase 4 stays NS-unlisted, structurally deferred to Tier 6 per CP-002-3 / BL-120). NS-29 was the last Plan-002 Tier-2 code-lane; no §6 code-lane remains dispatchable until NS-09 unblocks via BL-108 procurement evidence. **2026-05-29 amendment (PR #124 — NS-16):** NS-16 (Tier 4 plan-readiness audit) closes — shipped to `develop` as squash commit `cb3d1b2`: the audit of Plan-005 (provider driver contract + capabilities), Plan-006 (session event taxonomy + audit log), and the Plan-007 remainder (local IPC + daemon control, Phases 4–7). Plan-005 + Plan-006 stay `approved`; Plan-007 flips `approved` → `review` for the Phases 4–7 design reopen (the Phases 1–3 partial PR sequence #16/#17/#19 is preserved in-plan as audit evidence). The cross-cutting contract shapes the audit ratified: the new local-SQLite `daemon_signing_keys` table + the `session_events.{retention_class, stub_signature}` columns + the `session_snapshots` compaction-cursor hints (per §Contested Tables), the shared-Postgres `event_log_anchors` `end_sequence` uniqueness widening, the `stub_scalar_mismatch` integrity `failureMode` (enum 10→11 per ADR-018 §Decision #8), and the Plan-003 + Plan-008 method-name-descriptor ripple to `dotted-camelCase`. NS-16's closure promotes NS-17 (Tier 5 audit, next in the strictly-serialized chain) from `blocked` → `ready` per the `NS-16 → NS-17` edge; NS-18..NS-21 remain `blocked` behind it. The ready set moves from **{NS-16}** to **{NS-17}** (NS-16 drops out on completion; NS-17 enters); the blocked set becomes **{NS-09, NS-10, NS-18..NS-21}** (NS-17 leaves blocked on promotion); the completed set gains NS-16. NS-17 (Tier 5 plan-readiness audit) is the sole dispatchable §6 lane — no §6 code-lane remains dispatchable until NS-09 unblocks via BL-108 procurement evidence.
 
 ### NS-01: Plan-024 Phase 1 — Rust crate scaffolding
 
@@ -532,16 +536,16 @@ With NS-01 + NS-02 + NS-04 + NS-05 completed 2026-05-11 (NS-01 via PR #42 — Pl
 
 ### NS-15..NS-21: Tier 3-9 plan-readiness audits
 
-- Status: NS-15 `completed` (resolved 2026-05-26 via this PR — Tier 3 audit of Plan-003); NS-16 (Tier 4) promoted `blocked` → `ready` per NS-15 closure; NS-17..NS-21 remain `blocked` per the strict-serialization rule
+- Status: NS-15 `completed` (Tier 3, 2026-05-26, PR #118); NS-16 `completed` (resolved 2026-05-29 via PR #124 — Tier 4 audit of Plan-005 / Plan-006 / Plan-007-remainder); NS-17 (Tier 5) promoted `blocked` → `ready` per NS-16 closure; NS-18..NS-21 remain `blocked` per the strict-serialization rule
 - Type: audit (doc-only chain)
-- Priority: `P1` (NS-15, current ready entry); `P2` (each downstream tier promotes to `P1` when its turn comes)
-- Upstream: NS-14 → NS-15 (Tier 3, completed 2026-05-26) → NS-16 (Tier 4, ready) → ... → NS-21 (Tier 9)
+- Priority: `P1` (NS-17, current ready entry); `P2` (each downstream tier promotes to `P1` when its turn comes)
+- Upstream: NS-14 → NS-15 (Tier 3, completed 2026-05-26) → NS-16 (Tier 4, completed 2026-05-29) → NS-17 (Tier 5, ready) → ... → NS-21 (Tier 9)
 - References: [audit runbook](../operations/plan-implementation-readiness-audit-runbook.md):89-91 ("Tiers: strictly serialized"), this document §5 (Tier 3-9 rows)
-- Summary: Tiers 3-9 audits run one PR per tier (per CLAUDE.md "8 tier-PRs of audit work owed before broad Tier 2+ code execution can resume"). Each tier-K audit PR commits the tier's plan amendments + tags `plan-readiness-audit-tier-K-complete`. Tier 8 includes Plan-017 — the only `review`-status plan, which must promote `review → approved` at its tier audit. NS-15 (Tier 3) shipped via this PR; NS-16 (Tier 4) is dispatchable now; NS-17..NS-21 sequentially unblock as each prior tier closes.
+- Summary: Tiers 3-9 audits run one PR per tier (per CLAUDE.md "8 tier-PRs of audit work owed before broad Tier 2+ code execution can resume"). Each tier-K audit PR commits the tier's plan amendments + tags `plan-readiness-audit-tier-K-complete`. Tier 8 includes Plan-017, which must promote `review → approved` at its tier audit. (Plan-007 is also `review`-status as of 2026-05-29 — reopened by its completed Tier-4 audit, re-approving via its own R1/R2/R3 review cycle rather than a pending tier audit; both status promotions stay tracked.) NS-15 (Tier 3) + NS-16 (Tier 4) shipped; NS-17 (Tier 5) is dispatchable now; NS-18..NS-21 sequentially unblock as each prior tier closes.
 - Exit Criteria: All 8 tier-PRs merged; all 27 plans cleared the audit; broad Tier 2+ code execution unblocked.
 - PRs:
-  - [x] tier-3 — Tier 3 plan-readiness audit (this PR)
-  - [ ] tier-4 — Tier 4 plan-readiness audit
+  - [x] tier-3 — Tier 3 plan-readiness audit (PR #118)
+  - [x] tier-4 — Tier 4 plan-readiness audit (PR #124)
   - [ ] tier-5 — Tier 5 plan-readiness audit
   - [ ] tier-6 — Tier 6 plan-readiness audit
   - [ ] tier-7 — Tier 7 plan-readiness audit
diff --git a/docs/plans/007-local-ipc-and-daemon-control.md b/docs/plans/007-local-ipc-and-daemon-control.md
index 96c50f88..51231a51 100644
--- a/docs/plans/007-local-ipc-and-daemon-control.md
+++ b/docs/plans/007-local-ipc-and-daemon-control.md
@@ -2,7 +2,7 @@
 
 | Field | Value |
 | --- | --- |
-| **Status** | `approved` |
+| **Status** | `review` |
 | **NNN** | `007` |
 | **Slug** | `local-ipc-and-daemon-control` |
 | **Date** | `2026-04-14` |