diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml
index 1d86b68..f9599bd 100644
--- a/WORKBOARD.yaml
+++ b/WORKBOARD.yaml
@@ -496,3 +496,8 @@ items:
     status: validated
     source: docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md
     owner: ""
+  - id: CTO-WORK-100
+    title: Stage 5 Target Sandbox Mirror Blocker Check
+    status: validated
+    source: docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md
+    owner: ""
diff --git a/docs/LEGACY-INGEST.md b/docs/LEGACY-INGEST.md
index b7bdf80..841e08f 100644
--- a/docs/LEGACY-INGEST.md
+++ b/docs/LEGACY-INGEST.md
@@ -107,6 +107,14 @@ historical proof context only. The admission record sets
 separate host-aware custody gate because the MacBook mirror can rehydrate root
 paths unless policy is checked first.
 
+2026-06-17 mirror blocker check: the MacBook source path
+`/Users/jean-philippebrule/Steev/Cortex-OS/cto-stage5-target-sandbox` exists,
+and `/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh` does not
+exclude `cto-stage5-target-sandbox/`. The custody preflight now records an
+archive-stable evidence candidate for the target, but physical movement remains
+blocked until mirror policy is updated or JP chooses a different MacBook source
+custody policy.
+
 Move or archive only after CTO replaces the absolute live path with archive-stable evidence or a new admitted target fixture, reruns `python3 tools/validate_cto_child.py`, reruns `python3 tools/validate_cto_stage5_target_sandbox_child.py`, and records that target ownership remains outside CTO and Core. The target-local Case task residue is now declared stale, but the absolute path dependency remains open.
 
 Rejected now: raw move, hard delete, validator path rewrites for cleanup optics, Case rerun, Harness rerun, provider mutation, target source mutation, Core mutation, Seed mutation, readiness claim, release claim.
diff --git a/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md b/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md
index e2b8764..4ec7484 100644
--- a/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md
+++ b/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md
@@ -42,3 +42,52 @@ Physical relocation remains a separate host-aware custody gate. That gate must:
 No target source mutation, Case rerun, Harness rerun, provider call, runtime
 start, browser open, branch mutation, Core mutation, readiness claim, or release
 claim occurred.
+
+## Host Mirror Check
+
+2026-06-17 host-aware custody check:
+
+- MacBook source path: present at
+  `/Users/jean-philippebrule/Steev/Cortex-OS/cto-stage5-target-sandbox`.
+- MacBook push script:
+  `/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh`.
+- Current push script excludes known root shadows, but does not exclude
+  `cto-stage5-target-sandbox/`.
+- Physical movement is blocked until the mirror policy is updated or JP chooses
+  a different custody policy for the MacBook source.
+
+This check is read-only. No MacBook script mutation occurred in this slice.
+
+## Archive-Stable Evidence Candidate
+
+Current target evidence, read-only from
+`/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`:
+
+- total files: 31.
+- route-relevant files excluding generated caches: 24.
+- directories: 15.
+- route-relevant combined sha256:
+  `c73b40f5bbdd32bb61a93fc926c108d7cef256bdb4598c71ea66ee29f73444e5`.
+- full current combined sha256 including generated caches:
+  `1afc53c9e5ea4a9275ffb9d85cf3509c4a66ab1f89e1e118b76f5a7ea2aaa788`.
+- `AGENTS.md` sha256:
+  `e9db56431baa9708bd6ce0be7d0379d6d7fa1c9e2b00595bca1932f49242ec84`.
+- `README.md` sha256:
+  `c5019bab84472ac4110112c95ebf30c3412f6f5b09dddf9a98411a9f62d830f9`.
+- `WORKBOARD.yaml` sha256:
+  `3180db858dc74381dd736f25311d24d82dbad3eb9166090b9d36448ccee4da66`.
+- `strings.py` and `src/strings.py` sha256:
+  `aa8b1ba8108b0fe8a6170e26a9f51c180a60241fa91b9878c1aaf45ef0a42280`.
+- `test_strings.py` sha256:
+  `d76bb7f9959eacc2fe2e0fc70dcc1ff1525f9aef3918cf849eae4e382fd2e704`.
+- `tools/validate_cto_stage5_target_sandbox_child.py` sha256:
+  `09d5dd192a17e460885a657bfad5e929b9832fd6a1ac5b6b86a432213781bdd6`.
+
+Validators observed during this slice:
+
+- `python3 tools/validate_cto_stage5_target_sandbox_child.py`: `ok: true`.
+- `python3 -m pytest -q`: `11 passed`.
+- `python3 tools/validate_cto_child.py`: `ok: true`.
+
+The archive-stable candidate is enough to stop treating the path as execution
+authority. It is not yet a physical custody move proof.
diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py
index 40c0d74..2466b92 100644
--- a/tools/validate_cto_child.py
+++ b/tools/validate_cto_child.py
@@ -942,6 +942,29 @@ REQUIRED_STAGE5_TARGET_CUSTODY_PREFLIGHT_PHRASES = [
     "preserve the target sandbox outside the umbrella with a manifest",
     "prove root absence or record any MacBook sync rehydration",
     "No target source mutation, Case rerun, Harness rerun, provider call",
+    "2026-06-17 host-aware custody check:",
+    "/Users/jean-philippebrule/Steev/Cortex-OS/cto-stage5-target-sandbox",
+    "/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh",
+    "does not exclude",
+    "`cto-stage5-target-sandbox/`",
+    "Physical movement is blocked until the mirror policy is updated",
+    "This check is read-only. No MacBook script mutation occurred in this slice.",
+    "Archive-Stable Evidence Candidate",
+    "total files: 31.",
+    "route-relevant files excluding generated caches: 24.",
+    "directories: 15.",
+    "c73b40f5bbdd32bb61a93fc926c108d7cef256bdb4598c71ea66ee29f73444e5",
+    "1afc53c9e5ea4a9275ffb9d85cf3509c4a66ab1f89e1e118b76f5a7ea2aaa788",
+    "e9db56431baa9708bd6ce0be7d0379d6d7fa1c9e2b00595bca1932f49242ec84",
+    "c5019bab84472ac4110112c95ebf30c3412f6f5b09dddf9a98411a9f62d830f9",
+    "3180db858dc74381dd736f25311d24d82dbad3eb9166090b9d36448ccee4da66",
+    "aa8b1ba8108b0fe8a6170e26a9f51c180a60241fa91b9878c1aaf45ef0a42280",
+    "d76bb7f9959eacc2fe2e0fc70dcc1ff1525f9aef3918cf849eae4e382fd2e704",
+    "09d5dd192a17e460885a657bfad5e929b9832fd6a1ac5b6b86a432213781bdd6",
+    "`python3 tools/validate_cto_stage5_target_sandbox_child.py`: `ok: true`.",
+    "`python3 -m pytest -q`: `11 passed`.",
+    "`python3 tools/validate_cto_child.py`: `ok: true`.",
+    "It is not yet a physical custody move proof.",
 ]
 
 REQUIRED_PROVIDER_ADMISSION_PRD_PHRASES = [
@@ -3055,7 +3078,7 @@ def main() -> int:
             checked.append(f"workboard_id:{issue_id}")
             if issue_id not in text:
                 errors.append(f"missing_workboard_id:{issue_id}")
-        for issue_id in ["CTO-WORK-098", "CTO-WORK-099"]:
+        for issue_id in ["CTO-WORK-098", "CTO-WORK-099", "CTO-WORK-100"]:
             checked.append(f"workboard_id:{issue_id}")
             if issue_id not in text:
                 errors.append(f"missing_workboard_id:{issue_id}")
@@ -3156,6 +3179,7 @@ def main() -> int:
             "CTO-WORK-097": "validated",
             "CTO-WORK-098": "validated",
             "CTO-WORK-099": "validated",
+            "CTO-WORK-100": "validated",
         }
         for issue_id, expected in expected_statuses.items():
             checked.append(f"workboard_status:{issue_id}:{expected}")