diff --git a/.sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md b/.sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md
new file mode 100644
index 0000000..17c7d86
--- /dev/null
+++ b/.sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md
@@ -0,0 +1,91 @@
+---
+name: cto-hermes-real-refresh-control-replay-evidence
+tier: local
+status: validated
+owner: jp
+source: .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md
+created: 2026-06-01
+last_reviewed: 2026-06-01
+lifecycle_classification: planning
+core_promotion_status: not-promoted
+description: Child-local evidence that CTO-WORK-057 exposed Stage 6 real-governed refresh evidence through the Hermes CTO Harness control summary.
+---
+
+# CTO Hermes Real Refresh Control Replay Evidence
+
+Local planning SOT only. Not a Core Protocol. Not active Core authority.
+
+## Result
+
+Status: validated.
+
+Work item: `CTO-WORK-057`
+
+Hermes CTO commit:
+
+```text
+1f53307 Expose real refresh in control summary
+```
+
+Focused summary validator:
+
+```text
+python3 harness/runner/validate-webui-summary.py --json
+```
+
+Focused summary JSON:
+
+```text
+/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T112443Z-run-all-fake-262885/webui-summary.json
+```
+
+Focused Stage 6 real-governed refresh comparison artifact:
+
+```text
+/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T112448Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json
+```
+
+Post-merge aggregate Harness command:
+
+```text
+./harness/evals/health.sh --json
+```
+
+Post-merge aggregate status:
+
+```text
+pass
+```
+
+Post-merge Stage 6 real-governed refresh comparison artifact:
+
+```text
+/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T112541Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json
+```
+
+## Evidence Facts
+
+- summary exposes `case_stage6_real_governed_refresh`
+- summary exposes `stage6_real_governed_refresh_comparison_path`
+- summary exposes real Stage 5 pass report replay path
+- summary exposes real Stage 5 proof replay path
+- summary exposes target repository read-only proof status
+- summary exposes candidate-default refresh eligibility separately from `runtime_default_activation`
+- summary exposes Codex blocked-lane rationale from the refresh artifact
+- summary exposes Pi blocked-lane rationale from the refresh artifact
+- summary exposes next operator action after real-refresh validation
+- summary does not expose secrets, endpoints, credential values, or raw Target Repository content
+- summary does not mutate Target Repositories, vendor source, external developer repositories, unowned repositories, or Cortex Core
+- runtime default activation: false
+
+## Decision
+
+`CTO-WORK-057` is validated.
+
+Hermes now has a Harness-backed replay summary for Stage 6 real-governed refresh evidence.
+
+Case remains a gated adapter behind the CTO Harness seam.
+
+Runtime default activation remains false.
+
+This evidence does not promote CTO artifacts into Core and does not authorize broader target mutation.
diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml
index 4aef53d..a1ddb38 100644
--- a/WORKBOARD.yaml
+++ b/WORKBOARD.yaml
@@ -283,7 +283,7 @@ items:
     owner: ""
   - id: CTO-WORK-057
     title: Hermes Control Summary Real Refresh Replay Route
-    status: candidate
+    status: validated
     source: .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md
     owner: ""
 
diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py
index da5081a..346ebf7 100644
--- a/tools/validate_cto_child.py
+++ b/tools/validate_cto_child.py
@@ -47,6 +47,7 @@ REQUIRED_FILES = [
     ".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md",
     ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-PRD.md",
     ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md",
+    ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md",
     ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md",
     ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md",
     ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md",
@@ -134,6 +135,24 @@ REQUIRED_FIRST_REAL_WORKFLOW_APPROVAL_PACKET_PHRASES = [
     "Runtime default activation remains false.",
 ]
 
+REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES = [
+    "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
+    "CTO-WORK-057",
+    "1f53307 Expose real refresh in control summary",
+    "validate-webui-summary.py --json",
+    "webui-summary.json",
+    "case_stage6_real_governed_refresh",
+    "stage6_real_governed_refresh_comparison_path",
+    "real Stage 5 pass report replay path",
+    "real Stage 5 proof replay path",
+    "target repository read-only proof status",
+    "candidate-default refresh eligibility separately from `runtime_default_activation`",
+    "Codex blocked-lane rationale",
+    "Pi blocked-lane rationale",
+    "runtime default activation: false",
+    "Runtime default activation remains false.",
+]
+
 REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_PHRASES = [
     "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
     "Hermes may display and replay evidence; it must not govern",
@@ -1109,6 +1128,16 @@ def main() -> int:
             if phrase not in text:
                 errors.append(f"missing_hermes_real_refresh_control_replay_issue_phrase:{phrase}")
 
+    hermes_real_refresh_control_replay_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md"
+    if hermes_real_refresh_control_replay_evidence.is_file():
+        text = hermes_real_refresh_control_replay_evidence.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("hermes_real_refresh_control_replay_evidence_missing_not_promoted_frontmatter")
+        for phrase in REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES:
+            checked.append(f"hermes_real_refresh_control_replay_evidence_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_hermes_real_refresh_control_replay_evidence_phrase:{phrase}")
+
     stage6_real_refresh_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-EVIDENCE.md"
     if stage6_real_refresh_evidence.is_file():
         text = stage6_real_refresh_evidence.read_text(encoding="utf-8")
@@ -1706,7 +1735,7 @@ def main() -> int:
             "CTO-WORK-054": "validated",
             "CTO-WORK-055": "validated",
             "CTO-WORK-056": "validated",
-            "CTO-WORK-057": "candidate",
+            "CTO-WORK-057": "validated",
         }
         for issue_id, expected in expected_statuses.items():
             checked.append(f"workboard_status:{issue_id}:{expected}")