From 0e40ff640c0f28555312c3afecfb1884f4b2a61c Mon Sep 17 00:00:00 2001
From: Affaan Mustafa <me@affaanmustafa.com>
Date: Tue, 12 May 2026 05:38:35 -0400
Subject: [PATCH] docs: record ECC Tools taxonomy evidence (#1792)

---
 docs/ECC-2.0-GA-ROADMAP.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/ECC-2.0-GA-ROADMAP.md b/docs/ECC-2.0-GA-ROADMAP.md
index 86df2f8e..e6612907 100644
--- a/docs/ECC-2.0-GA-ROADMAP.md
+++ b/docs/ECC-2.0-GA-ROADMAP.md
@@ -54,6 +54,9 @@ As of 2026-05-12:
 - ECC-Tools PR #26 added cost/token-risk predictive follow-ups for AI routing,
   Claude/model calls, usage limits, quota, and analysis-budget changes that lack
   budget, quota, rate-limit, or cost validation evidence.
+- ECC-Tools PR #27 added the non-blocking `ECC Tools / PR Risk Taxonomy`
+  check-run for Security Evidence, Harness Drift, Install Manifest Integrity,
+  CI/CD Recommendation, Cost/Token Risk, and Agent Config Review buckets.
 
 ## Operating Rules
 
@@ -214,5 +217,5 @@ Acceptance:
 
 1. Continue AgentShield enterprise supply-chain intelligence and reporting in
    the AgentShield repo.
-2. Audit ECC Tools billing and check-run surfaces before any native GitHub
-   payments announcement.
+2. Audit ECC Tools billing, entitlement, and marketplace surfaces before any
+   native GitHub payments announcement.