Document G002 security verification ownership for integration

Constraint: Task 5 is reporting/map ownership only; worker-1 owns implementation changes and shared security/path tests.\nRejected: Editing runtime enforcement failures from this lane | shared implementation/test ownership belongs to other workers unless re-scoped.\nConfidence: high\nScope-risk: narrow\nDirective: Keep this artifact synchronized with exact verification output before leader aggregation.\nTested: python3 scripts/validate_cc2_board.py --board .omx/cc2/board.json; python3 .omx/cc2/validate_issue_parity_intake.py .omx/cc2/issue-parity-intake.json; scripts/fmt.sh --check; cargo check --workspace; targeted runtime permission/path tests; mock parity harness.\nNot-tested: Full clippy and cargo test --workspace are not green due pre-existing/shared runtime/CLI failures documented in the artifact.

docs/g002-security-verification-map.md

@@ -70,7 +70,7 @@ Generated by `worker-4` for OMX team task 5 on 2026-05-14.
   - `cargo test -p rusty-claude-cli --test cli_flags_and_config_defaults`
 
 - Board/report validation coverage:
-  - `python3 scripts/validate_cc2_board.py .omx/cc2/board.json`
+  - `python3 scripts/validate_cc2_board.py --board .omx/cc2/board.json`
   - `python3 .omx/cc2/validate_issue_parity_intake.py .omx/cc2/issue-parity-intake.json`
 
 ## Recommended safe work slices
@@ -143,7 +143,7 @@ This task adds:
 Run these from the repository root unless noted:
 
 1. Python board/schema validation:
-   - `python3 scripts/validate_cc2_board.py .omx/cc2/board.json`
+   - `python3 scripts/validate_cc2_board.py --board .omx/cc2/board.json`
    - `python3 .omx/cc2/validate_issue_parity_intake.py .omx/cc2/issue-parity-intake.json`
 
 2. Rust formatting and lint/type checks:
@@ -158,3 +158,28 @@ Run these from the repository root unless noted:
 4. Full regression:
    - `(cd rust && cargo test --workspace)`
 
+
+## Worker-4 verification evidence (2026-05-14)
+
+PASS:
+
+- `python3 scripts/validate_cc2_board.py --board .omx/cc2/board.json` → `PASS cc2 board validation`; 729 items; ROADMAP headings `124/124`; ROADMAP actions `542/542`.
+- `python3 .omx/cc2/validate_issue_parity_intake.py .omx/cc2/issue-parity-intake.json` → `PASS issue/parity intake: 19 issue rows, 9 parity rows`.
+- `scripts/fmt.sh --check` → no output and zero exit before Rust checks continued.
+- `(cd rust && cargo check --workspace)` → `Finished dev profile` successfully.
+- `(cd rust && cargo test -p runtime permissions::tests)` → 9 passed.
+- `(cd rust && cargo test -p runtime permission_enforcer::tests)` → 21 passed.
+- `(cd rust && cargo test -p runtime bash_validation::tests)` → 32 passed.
+- `(cd rust && cargo test -p runtime file_ops::tests)` → 14 passed.
+- `(cd rust && cargo test -p rusty-claude-cli --test mock_parity_harness)` → 1 passed.
+
+FAIL / integration blockers observed on this worktree:
+
+- `(cd rust && cargo clippy --workspace --all-targets -- -D warnings)` failed in existing runtime code, not this docs-only task:
+  - `rust/crates/runtime/src/compact.rs:215` / `:216`: `clippy::match_same_arms`.
+  - `rust/crates/runtime/src/policy_engine.rs:5`: `clippy::duration-suboptimal-units`.
+  - `rust/crates/runtime/src/sandbox.rs:295-302`: `clippy::map_unwrap_or`.
+- `(cd rust && cargo test --workspace)` failed after broad success in API/commands/plugins/runtime tests because `rusty-claude-cli` unit test `tests::session_lifecycle_prefers_running_process_over_idle_shell` asserted `RunningProcess` but observed `IdleShell`.
+- Rerun of the specific failing test confirmed deterministic failure: `(cd rust && cargo test -p rusty-claude-cli --bin claw tests::session_lifecycle_prefers_running_process_over_idle_shell -- --exact --nocapture)` → 0 passed, 1 failed with the same `IdleShell` vs `RunningProcess` assertion.
+
+Recommended owner for failures: not `worker-4` unless re-scoped. These failures are outside the docs/report artifact and touch shared runtime/CLI implementation files.