diff --git a/AGENTS.md b/AGENTS.md
index df7f39d..195f6f3 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -2,6 +2,20 @@
 
 Endgoal: Maintain child-local CTO planning for governed execution routing, adapter design, transportability, and validation scaffolds without Core authority, Runtime authority, backend ownership, vendor-source authority, execution-backend authority, or readiness claims.
 
+## Universal Cortex OS Agent Contract
+
+- Treat this file as route-local instruction after parent `AGENTS.md` files and before chat memory.
+- Start broad or ambiguous work with `cortex graph context`; use it only as Derived State, then read this repo's local files.
+- Before edits, read `AGENTS.md`, `README.md`, and `WORKBOARD.yaml`; keep writes route-local unless a governed Core route explicitly authorizes promotion.
+- Run this repo's named validator before handoff or done claims; use stronger proof only for runtime, provider, secret, memory, profile exposure, branch, release, or readiness effects.
+- Record proof and handoffs as refs-only artifacts. Do not write Hindsight memory, Core SOT, sibling repos, or live runtime state unless explicitly authorized by the owning route.
+
+## Repo-Custom Agent Contract
+
+CTO owns child-local execution-routing planning, adapter design, transportability briefs, staged proof gates, target-repo admission templates, approval packets, evidence interface contracts, and validation scaffolds. It must not own Core truth, Runtime authority, Host Runtime authority, backend ownership, vendor-source authority, external developer repo authority, execution-backend authority, provider authority, target-repo mutation authority, Profile Exposure authority, product readiness, release authority, or production readiness.
+
+Allowed proof is child-local and refs-only unless an explicit governed route approves a stronger gate: planning docs, WorkBoard entries, target-admission records, approval packets, harness evidence contracts, validator output, and git commits. This repo may inform CTO routing and execution planning only through the owning route; it does not activate Case as default backend, mutate target repositories, mutate vendor source, start Runtime, call providers, read secrets, broaden profile exposure, write Hindsight memory, mutate Core, mutate Seed, mutate sibling repos, mutate OpenDesign, claim readiness, publish, deploy, or release.
+
 ## Pickup
 
 Route: `cto` at `/home/svrnty/workspaces/cortex-os/cto`.
diff --git a/README.md b/README.md
index 7624066..8f4d6d8 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,8 @@ Evidence records.
 Core promotes only through SOT route.
 ```
 
+Cortex OS use is child-local and refs-only by default: this repo preserves CTO planning, execution-routing contracts, adapter design, transportability briefs, staged proof gates, approval packets, evidence interfaces, and validation scaffolds as child-local material. It is not Core truth, Runtime authority, Host Runtime authority, backend ownership, vendor-source authority, external developer repo authority, execution-backend authority, provider authority, target-repo mutation authority, Profile Exposure authority, product readiness, release authority, production readiness, or permission to activate Case, mutate target repos, call providers, read secrets, publish, deploy, or release.
+
 ## Status
 
 This workspace is registered as a child-local planning workspace. Registration does not grant Core authority.
diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml
index 1c5a8a0..fd376c5 100644
--- a/WORKBOARD.yaml
+++ b/WORKBOARD.yaml
@@ -506,3 +506,8 @@ items:
     status: validated
     source: docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md
     owner: ""
+  - id: CTO-WORK-102
+    title: CTO Agent Contract Enforcement
+    status: validated
+    source: AGENTS.md
+    owner: ""
diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py
index e822f06..2bb5f1e 100644
--- a/tools/validate_cto_child.py
+++ b/tools/validate_cto_child.py
@@ -124,6 +124,21 @@ REQUIRED_FILES = [
     "tools/codex_ephemeral_exec.py",
 ]
 
+AGENT_CONTRACT_SNIPPETS = [
+    "## Universal Cortex OS Agent Contract",
+    "## Repo-Custom Agent Contract",
+    "Record proof and handoffs as refs-only artifacts.",
+    "CTO owns child-local execution-routing planning",
+    "it does not activate Case as default backend",
+    "mutate OpenDesign",
+]
+
+README_CONTRACT_SNIPPETS = [
+    "Cortex OS use is child-local and refs-only by default",
+    "It is not Core truth, Runtime authority, Host Runtime authority, backend ownership",
+    "permission to activate Case, mutate target repos, call providers, read secrets, publish, deploy, or release",
+]
+
 REQUIRED_BRIEF_PHRASES = [
     "Cortex governs.",
     "Hermes controls.",
@@ -1871,6 +1886,22 @@ def main() -> int:
         if not path.is_file():
             errors.append(f"missing_required_file:{rel}")
 
+    agents = ROOT / "AGENTS.md"
+    if agents.is_file():
+        text = agents.read_text(encoding="utf-8")
+        for snippet in AGENT_CONTRACT_SNIPPETS:
+            checked.append(f"agent_contract_snippet:{snippet}")
+            if snippet not in text:
+                errors.append(f"missing_agent_contract_snippet:{snippet}")
+
+    readme = ROOT / "README.md"
+    if readme.is_file():
+        text = readme.read_text(encoding="utf-8")
+        for snippet in README_CONTRACT_SNIPPETS:
+            checked.append(f"readme_contract_snippet:{snippet}")
+            if snippet not in text:
+                errors.append(f"missing_readme_contract_snippet:{snippet}")
+
     legacy_ingest = ROOT / "docs/LEGACY-INGEST.md"
     if legacy_ingest.is_file():
         text = legacy_ingest.read_text(encoding="utf-8")
@@ -3090,7 +3121,7 @@ def main() -> int:
             checked.append(f"workboard_id:{issue_id}")
             if issue_id not in text:
                 errors.append(f"missing_workboard_id:{issue_id}")
-        for issue_id in ["CTO-WORK-098", "CTO-WORK-099", "CTO-WORK-100", "CTO-WORK-101"]:
+        for issue_id in ["CTO-WORK-098", "CTO-WORK-099", "CTO-WORK-100", "CTO-WORK-101", "CTO-WORK-102"]:
             checked.append(f"workboard_id:{issue_id}")
             if issue_id not in text:
                 errors.append(f"missing_workboard_id:{issue_id}")
@@ -3193,6 +3224,7 @@ def main() -> int:
             "CTO-WORK-099": "validated",
             "CTO-WORK-100": "validated",
             "CTO-WORK-101": "validated",
+            "CTO-WORK-102": "validated",
         }
         for issue_id, expected in expected_statuses.items():
             checked.append(f"workboard_status:{issue_id}:{expected}")
@@ -3299,6 +3331,10 @@ def main() -> int:
             errors.append("workboard_missing_stage5_target_stale_state_source")
         if "docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md" not in text:
             errors.append("workboard_missing_stage5_target_custody_preflight_source")
+        if "CTO Agent Contract Enforcement" not in text:
+            errors.append("workboard_missing_agent_contract_title")
+        if "source: AGENTS.md" not in text:
+            errors.append("workboard_missing_agent_contract_source")
 
     payload = {
         "ok": not errors,