diff --git a/SCOPE.md b/SCOPE.md
index 82fc631..68a3845 100644
--- a/SCOPE.md
+++ b/SCOPE.md
@@ -43,9 +43,17 @@ and smoke evidence (WP-0009 archived). flex-auth published the `ssh-certificate`
 policy package (FLEX-WP-0006). `policy.enabled` remains **false** in production
 until flex-auth is deployed to a reachable URL (flex-auth FLEX-WP-0007).
 
-**INTENT alignment:** SSH issuance mission met in production. Remaining distance
-is integration breadth (ops-bridge `cert_command` on live tunnels), flex-auth
-runtime deployment (not ops-warden code), and operator hygiene.
+**ops-bridge cert_command pilot** is shipped to pilot-ready (WP-0016): a read-only
+readiness gate (`scripts/check_tunnel_cert_readiness.py`) plus an opt-in offline
+contract smoke (`--sign-smoke`); the playbook leads with the gate and the pilot
+(`agt-state-hub-bridge`) is handed to ops-bridge. The live tunnel cutover is
+ops-bridge's to execute.
+
+**INTENT alignment:** SSH issuance mission met in production. All ops-warden workplans
+are finished. Remaining distance is in other repos' lanes: ops-bridge running the
+cert_command pilot cutover, flex-auth runtime deployment (FLEX-WP-0007, unblocks
+`policy.enabled: true`), and the owner-driven WP-0015 canon landing — plus ongoing
+operator hygiene.
 
 ### Issue vs route
 
@@ -80,13 +88,13 @@ Gap analysis: `history/2026-06-24-intent-scope-gap-analysis.md` (current);
 | Non-SSH secrets stay out of ops-warden | Met |
 | Workload posture / maturity model for secret-flow blockers | Met — two-axis standard + descriptors + conformance checker + dev doubles (WP-0015) |
 
-**Maturity vector:** `D5 / A5 / C4 / R3` (Discovery / Availability / Completeness / Reliability)
+**Maturity vector:** `D5 / A5 / C5 / R3` (Discovery / Availability / Completeness / Reliability)
 
 | Dimension | Level | Meaning today |
 | --- | --- | --- |
 | D5 | Discovery | Routing wiki + security map + pointer catalog + NK canon cross-links |
-| A5 | Availability | CLI + `warden route` + `warden access` advisory & proxy front door + opt-in policy gate + agent `--json` |
-| C4 | Completeness | SSH lane prod-verified; policy gate + registry smoke shipped; prod flip waits flex-auth deploy |
+| A5 | Availability | CLI + `warden route` + `warden access` advisory & proxy front door + `warden policy` + opt-in policy gate + agent `--json` |
+| C5 | Completeness | All ops-warden lanes shipped — SSH (prod), routing, access assist, posture conformance, cert_command pilot gate. Open items are external: flex-auth prod flip + ops-bridge live cutover |
 | R3 | Reliability | Live OpenBao sign evidence on Railiance |
 
 ---
@@ -154,6 +162,7 @@ for the rest.
 | WP-0013 | Production integration closeout — cert_command playbook, token hygiene, principals drift |
 | WP-0014 | Operator access assist — `warden access` advisory + proxy front door |
 | WP-0015 | Workload security posture — two-axis standard, descriptors, conformance checker, dev doubles |
+| WP-0016 | ops-bridge cert_command pilot — readiness gate (`check_tunnel_cert_readiness.py`) + handoff |
 
 ### Active / ready
 
@@ -223,6 +232,8 @@ repos' lanes (see Known gaps).
   `policy.enabled: false` until flex-auth reachable (`FLEX-WP-0007`)
 - **Workload posture:** WP-0015 shipped (standard, descriptors, `warden policy`,
   conformance checker, dev doubles); canon landing owner-driven
+- **ops-bridge cert_command:** WP-0016 shipped to pilot-ready (readiness gate +
+  offline contract smoke + handoff); live cutover is ops-bridge's
 - **Active work:** none open in ops-warden; remaining distance is other repos' lanes
 - **Integration docs:** cert_command migration, token hygiene, principals drift (`wiki/playbooks/`)
 - **Latest assessment:** `history/2026-06-24-intent-scope-gap-analysis.md`