From a8c03ad350eeb3be20cf41e6509ac7ccd2db529e Mon Sep 17 00:00:00 2001
From: Affaan Mustafa <me@affaanmustafa.com>
Date: Tue, 12 May 2026 06:52:33 -0400
Subject: [PATCH] docs: record AgentShield HTML report evidence

Records AgentShield PR #59 in the ECC 2.0 GA roadmap and moves the next AgentShield roadmap slice to the remaining prompt-injection benchmark/PDF decision work.

Validation:
- npx --yes markdownlint-cli docs/ECC-2.0-GA-ROADMAP.md
- npm test (2324 tests)
- npm run harness:audit -- --format json (70/70)
- npm run harness:adapters -- --check (PASS, 11 adapters)
- npm run observability:ready (14/14)
- GitHub Actions matrix green on PR #1796
---
 docs/ECC-2.0-GA-ROADMAP.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/ECC-2.0-GA-ROADMAP.md b/docs/ECC-2.0-GA-ROADMAP.md
index 64f3db8c..1dd763eb 100644
--- a/docs/ECC-2.0-GA-ROADMAP.md
+++ b/docs/ECC-2.0-GA-ROADMAP.md
@@ -52,6 +52,9 @@ As of 2026-05-12:
 - AgentShield PR #58 added MCP package provenance fields and report-level
   counts for npm vs git, pinned vs unpinned, known-good, and registry-backed
   supply-chain evidence.
+- AgentShield PR #59 added self-contained HTML executive summaries with risk
+  posture, critical/high priority findings, category exposure, README/API
+  docs, built-CLI smoke validation, and 1,704-test coverage.
 - ECC PR #1778 recovered the useful stale #1413 network/homelab architect-agent
   concepts.
 - ECC-Tools PR #26 added cost/token-risk predictive follow-ups for AI routing,
@@ -178,7 +181,8 @@ Acceptance:
   path for npm/pip reputation, CVEs, typosquats, and dependency risk.
 - Prompt-injection corpus and regression benchmark are ready for continuous
   rule hardening.
-- Enterprise reports include JSON plus HTML/PDF or equivalent executive output.
+- Enterprise reports include JSON plus self-contained HTML executive output
+  with risk posture, priority findings, and category exposure.
 
 ### 6. ECC Tools Billing, Deep Analysis, PR Checks, And Linear Sync
 
@@ -222,7 +226,7 @@ Acceptance:
 
 ## Next Engineering Slices
 
-1. Extend AgentShield enterprise reporting beyond terminal/JSON supply-chain
-   evidence toward executive HTML/PDF or equivalent report output.
+1. Finish AgentShield prompt-injection corpus/regression benchmark work and
+   decide whether PDF export adds value beyond the merged HTML executive report.
 2. Extend ECC Tools deep analysis and Linear/project sync without flooding the
    workspace.