diff --git a/.agentguard/squads/shellforge/blockers.md b/.agentguard/squads/shellforge/blockers.md
index 682759a..fccbdf2 100644
--- a/.agentguard/squads/shellforge/blockers.md
+++ b/.agentguard/squads/shellforge/blockers.md
@@ -1,19 +1,30 @@
 # ShellForge Squad — Blockers
 
-**Updated:** 2026-03-29T18:00Z
-**Reported by:** EM run (claude-code:opus:shellforge:em)
+**Updated:** 2026-03-29T20:00Z
+**Reported by:** EM run 5 (claude-code:opus:shellforge:em)
 
 ---
 
-## P0 — Active Blockers (0)
+## P0 — Critical Blockers (2)
 
-All 3 P0 governance security bugs are fixed in PR #83 (pending CI + merge).
+### 1. All 3 PRs Awaiting Human Review — BLOCKING SQUAD PROGRESS
+**Description:** All 3 open PRs are passing CI (5/5 checks each) but blocked on `REVIEW_REQUIRED`. GitHub branch protection prevents the EM (authored as jpleva91) from self-approving.
+**PRs blocked:**
+- **#83** — `fix(p0): close governance fail-open vulnerabilities` — closes #58, #59, #62, #67, #69, #75
+- **#84** — `fix(docs): update stale Crush comments in cmdEvaluate (#74)` — closes #74
+- **#85** — `chore(squad): EM state update — run 4` — squad ops housekeeping
 
-See PR: https://github.com/AgentGuardHQ/shellforge/pull/83
+**Action Required:** @jpleva91 or a collaborator must review and approve PRs #83, #84, #85.
+**Priority:** Review #83 first — it carries all P0/P1 governance security fixes.
+
+### 2. PR Budget AT LIMIT (3/3) — No New Fix PRs Possible
+**Description:** Squad has reached the max of 3 open PRs. No new work can be opened until at least one PR merges.
+**Impact:** P2 bugs (#65 scheduler silent error, #66 flattenParams dead code, #52 cmdScan glob broken, #53 README stale) remain queued but cannot be addressed.
+**Unblocked by:** Merging any of #83, #84, or #85.
 
 ---
 
-## P1 — Remaining Work
+## P1 — Remaining Work (queued, no new PRs until budget frees)
 
 ### #68 — Zero test coverage across all packages
 **Severity:** High — governance runtime with no tests is unshipable
@@ -26,26 +37,41 @@ See PR: https://github.com/AgentGuardHQ/shellforge/pull/83
 **Assignee:** qa-agent
 **URL:** https://github.com/AgentGuardHQ/shellforge/issues/63
 
-### #74 — Stale crush references in main.go
-**Severity:** Low-medium — cosmetic but misleading; crush→goose migration was v0.6
-**URL:** https://github.com/AgentGuardHQ/shellforge/issues/74
-
 ---
 
-## Resolved This Run
+## P2 — Unassigned (queued, blocked by PR budget)
 
-- **#58** — bounded-execution wildcard policy matched every run_shell → `engine.go` fix merged in PR #83
-- **#62** — cmdEvaluate fail-open on JSON unmarshal → fail-closed fix in PR #83
-- **#75** — govern-shell.sh printf injection → jq --arg fix in PR #83
-- **#67** — govern-shell.sh fragile sed output parsing → jq fix in PR #83
-- **#69** — rm policy only blocked -rf/-fr, not plain rm → policy broadened in PR #83
-- **#59** — misleading `# Mode: monitor` comment with `mode: enforce` → fixed in PR #83
+| # | Issue | Notes |
+|---|-------|-------|
+| #65 | scheduler.go silent os.WriteFile error | Silent failure on job persistence |
+| #66 | flattenParams dead code | Logic bug, result overwritten before use |
+| #52 | filepath.Glob ** never matches Go files | cmdScan broken for entire scan feature |
+| #53 | README stale ./shellforge commands | Docs rot |
 
 ---
 
-## Notes
+## Resolved (pending merge of PR #83)
+
+- **#58** — bounded-execution wildcard policy blocked all run_shell → fix in PR #83
+- **#62** — cmdEvaluate fail-open on JSON unmarshal → fix in PR #83
+- **#75** — govern-shell.sh printf injection → fix in PR #83
+- **#67** — govern-shell.sh fragile sed output parsing → fix in PR #83
+- **#69** — rm policy only blocked -rf/-fr, not plain rm → fix in PR #83
+- **#59** — misleading `# Mode: monitor` comment with `mode: enforce` → fix in PR #83
+- **#74** — stale crush references in cmdEvaluate → fix in PR #84
+
+---
 
-- PR budget: 1/3 open — capacity for 2 more fix PRs
-- No retry loops or blast radius concerns
-- Dogfood run (#76) unblocked once PR #83 merges
-- Test coverage (#68) is now the most pressing remaining gap — no regression safety net
+## Status Summary
+
+| Item | Status |
+|------|--------|
+| PR #83 (P0 fixes) | CI ✅ 5/5 — REVIEW BLOCKED |
+| PR #84 (P1 docs) | CI ✅ 5/5 — REVIEW BLOCKED |
+| PR #85 (EM state) | CI ✅ 5/5 — REVIEW BLOCKED |
+| PR budget | 3/3 AT LIMIT |
+| Dogfood (#76) | BLOCKED on #83 merge |
+| QA-agent (#63, #68) | Active |
+| New fix PRs | BLOCKED until budget frees |
+| Retry loops | None |
+| Blast radius | Low |
diff --git a/.agentguard/squads/shellforge/state.json b/.agentguard/squads/shellforge/state.json
index f38421d..2748f29 100644
--- a/.agentguard/squads/shellforge/state.json
+++ b/.agentguard/squads/shellforge/state.json
@@ -1,14 +1,14 @@
 {
   "squad": "shellforge",
-  "updated_at": "2026-03-29T18:00:00Z",
+  "updated_at": "2026-03-29T20:00:00Z",
   "sprint": {
     "goal": "Harden enforcement runtime — fix all P0/P1 governance bugs before dogfood run",
     "focus": "Security correctness: govern-shell.sh JSON safety, cmdEvaluate bypass, bounded-execution policy, test coverage baseline"
   },
   "pr_budget": {
     "max_open": 3,
-    "current_open": 1,
-    "status": "green"
+    "current_open": 3,
+    "status": "at-limit"
   },
   "loop_guard": {
     "retry_loop_detected": false,
@@ -25,7 +25,7 @@
       { "number": 67, "title": "bug: govern-shell.sh uses fragile sed to parse JSON", "assignee": "em", "status": "fix-in-pr-83" },
       { "number": 63, "title": "bug: classifyShellRisk prefix matching too broad — false read-only classification", "assignee": "qa-agent" },
       { "number": 68, "title": "test: zero test coverage across all packages", "assignee": "qa-agent" },
-      { "number": 74, "title": "bug: stale crush references in cmd/shellforge/main.go", "assignee": null }
+      { "number": 74, "title": "bug: stale crush references in cmd/shellforge/main.go", "assignee": "em", "status": "fix-in-pr-84" }
     ],
     "p2": [
       { "number": 65, "title": "bug: scheduler.go silently ignores os.WriteFile error", "assignee": null },
@@ -47,7 +47,30 @@
     ]
   },
   "pr_queue": [
-    { "number": 83, "title": "fix(p0): close governance fail-open vulnerabilities", "status": "open", "ci": "pending", "issues_closed": [58, 59, 62, 67, 69, 75] }
+    {
+      "number": 83,
+      "title": "fix(p0): close governance fail-open vulnerabilities",
+      "status": "open",
+      "ci": "passing (5/5)",
+      "review_status": "REVIEW_REQUIRED — awaiting human approval (cannot self-approve)",
+      "issues_closed": [58, 59, 62, 67, 69, 75]
+    },
+    {
+      "number": 84,
+      "title": "fix(docs): update stale Crush comments in cmdEvaluate (#74)",
+      "status": "open",
+      "ci": "passing (5/5)",
+      "review_status": "REVIEW_REQUIRED — awaiting human approval (cannot self-approve)",
+      "issues_closed": [74]
+    },
+    {
+      "number": 85,
+      "title": "chore(squad): EM state update — run 4 (2026-03-29)",
+      "status": "open",
+      "ci": "passing (5/5)",
+      "review_status": "REVIEW_REQUIRED — awaiting human approval (cannot self-approve)",
+      "issues_closed": []
+    }
   ],
   "agents": {
     "qa-agent": { "status": "assigned", "schedule": "4h", "last_issue": 63 },
@@ -56,7 +79,13 @@
     "slack-notifier": { "status": "disabled", "schedule": "8h", "last_issue": null }
   },
   "capability_gaps": [
-    "No dev-agent in swarm — P0 bugs required EM to author fixes directly this run"
+    "No dev-agent in swarm — P0/P1 bugs require EM to author fixes directly"
   ],
-  "notes": "Run 3 (2026-03-29T18:00Z): EM stepped in as dev-agent to fix all 3 P0s + 2 P1s (#58, #59, #62, #67, #69, #75). PR #83 open. PR budget 1/3. P0 blockers pending CI + merge. Next priority after merge: test coverage (#68) and classifyShellRisk false classification (#63). Dogfood run (#76) unblocked once PR #83 merges."
+  "blockers": [
+    "PR #83 (P0 fixes): CI passing 5/5, review BLOCKED — GitHub prevents self-approval. Requires human review from @jpleva91 or a collaborator.",
+    "PR #84 (P1 docs fix): CI passing 5/5, review BLOCKED — same constraint.",
+    "PR #85 (EM state update): CI passing 5/5, review BLOCKED — same constraint.",
+    "PR budget AT LIMIT (3/3) — cannot open new fix PRs until at least one merges."
+  ],
+  "notes": "Run 5 (2026-03-29T20:00Z): No new issues since Run 4. All 3 open PRs now passing CI (5/5) but all blocked on REVIEW_REQUIRED — GitHub branch protection prevents self-approval. PR budget at limit (3/3). No new work can be opened. Dogfood run (#76) still blocked pending PR #83 merge. Human review of PRs #83, #84, #85 is the sole critical path item."
 }