Refine security blocker posture review

docs/infrastructure-stabilization-pickup-checkpoint.md

@@ -50,7 +50,13 @@ Hygiene status:
 ## Blocker Board
 
 No live credential, access, or approval gate is unowned. Do not ask
-`ops-warden` for secret values; use the route catalog and the owning subsystem.
+`ops-warden` for secret values; use the route catalog, the `warden access`
+assist/proxy surface where the catalog lane allows it, and the owning subsystem.
+
+For credential-related blockers, classify the environment posture and workload
+maturity first. Dev/test work can use synthetic contract doubles; production
+real-value work needs owner custody, policy gates where applicable, and
+non-secret evidence. See `docs/ops-warden-secret-posture-review.md`.
 
 | Gate | Owner/route | Non-secret evidence to collect | Next action |
 | --- | --- | --- | --- |