diff --git a/.custodian-brief.md b/.custodian-brief.md
index ef242e4..283194c 100644
--- a/.custodian-brief.md
+++ b/.custodian-brief.md
@@ -2,11 +2,30 @@
 # Custodian Brief — railiance-platform
 
 **Domain:** financials  
-**Last synced:** 2026-06-29 15:19 UTC  
+**Last synced:** 2026-06-29 15:36 UTC  
 **State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
 
 ## Active Workstreams
 
+### Credential Change Proposal Review Workflow
+Progress: 3/9 done  |  workstream_id: `4d7ce243-f40a-4249-a46a-a24f75d6fe4c`
+
+**Open tasks:**
+- ► T04 - Generate OpenBao apply plans from approved CCRs  `1b2e7752`
+- ► T05 - Add chat/CLI approval commands  `e6d4d2d1`
+- ► T07 - Pilot with whynot-design and ops-warden  `07a7d8bf`
+- · T06 - Build an interactive runbook for apply and verify  `3c3fc38c`
+- · T08 - Add deactivation, rotation, and compromise flows  `23d6ef9d`
+- · T09 - Add decision templates and guided review actions  `c436fd8b`
+
+### OpenBao Approved Automation Delegation
+Progress: 2/5 done  |  workstream_id: `671898ef-2378-4814-b8f6-066148cdad46`
+
+**Open tasks:**
+- ! T05 - Close the whynot-design pilot  `18f34c95`
+- · T03 - Add non-production applier role first  `ff927a19`
+- · T04 - Add production metadata applier with human approval gate  `414abd65`
+
 ### Issue-Core Runtime Ingestion Credential Lane
 Progress: 0/7 done  |  workstream_id: `b059c81d-96f1-451f-896f-a05cd73744a1`
 
@@ -31,27 +50,6 @@ Progress: 0/7 done  |  workstream_id: `f364d405-a85d-4b89-b600-1964ab436cad`
 - · T01 - Review CCR scope and selector naming  `307b75a6`
 - · T02 - Confirm Kubernetes auth and External Secrets binding  `829192f5`
 
-### Credential Change Proposal Review Workflow
-Progress: 3/9 done  |  workstream_id: `4d7ce243-f40a-4249-a46a-a24f75d6fe4c`
-
-**Open tasks:**
-- ► T04 - Generate OpenBao apply plans from approved CCRs  `1b2e7752`
-- ► T05 - Add chat/CLI approval commands  `e6d4d2d1`
-- ► T07 - Pilot with whynot-design and ops-warden  `07a7d8bf`
-- · T06 - Build an interactive runbook for apply and verify  `3c3fc38c`
-- · T08 - Add deactivation, rotation, and compromise flows  `23d6ef9d`
-- · T09 - Add decision templates and guided review actions  `c436fd8b`
-
-### OpenBao Approved Automation Delegation
-Progress: 0/5 done  |  workstream_id: `671898ef-2378-4814-b8f6-066148cdad46`
-
-**Open tasks:**
-- ! T05 - Close the whynot-design pilot  `18f34c95`
-- · T01 - Specify delegated applier policy boundaries  `d19fdfc5`
-- · T02 - Implement a CCR-aware applier dry-run  `2613f40d`
-- · T03 - Add non-production applier role first  `ff927a19`
-- · T04 - Add production metadata applier with human approval gate  `414abd65`
-
 ### Credential Request and Lease Broker
 Progress: 3/10 done  |  workstream_id: `2731fece-6c49-45b8-ab8a-4ea6c04ac603`