diff --git a/docs/gtm/cac-ecosystem-expansion-system.md b/docs/gtm/cac-ecosystem-expansion-system.md
new file mode 100644
index 00000000000..12b0534936c
--- /dev/null
+++ b/docs/gtm/cac-ecosystem-expansion-system.md
@@ -0,0 +1,152 @@
+# 1) PARTNER MODEL
+
+## Cloud Providers
+- **Value to them:** Higher marketplace conversion and reduced customer compliance friction because CACert pre-validates AI admissibility controls before workload purchase.
+- **Integration surface:**
+  - Marketplace listing badge: `CAC Verified` metadata field tied to CACert ID.
+  - Cloud policy packs: Terraform/OPA modules that enforce `cacerter://` validation at deploy time.
+  - Native log export to CAC transparency log mirror endpoint.
+- **CAC dependency created:** Customer deployment policies fail closed when CACert is missing/expired, making CAC a required deploy artifact.
+
+## SI / Consulting Firms
+- **Value to them:** Billable assessment + remediation + managed compliance services with reusable CAC accelerators that improve margin per project.
+- **Integration surface:**
+  - CAC readiness assessment toolkit (questionnaire + evidence mapper).
+  - Prebuilt CI templates for GitHub/GitLab/Azure DevOps with CAC gates.
+  - Managed service runbook for ongoing CACert renewal.
+- **CAC dependency created:** SI statements of work include CAC gate acceptance criteria; delivery sign-off requires valid CACert evidence.
+
+## AI Platform Vendors
+- **Value to them:** Faster enterprise procurement approval by embedding third-party-verifiable admissibility signals directly in model/app lifecycle tooling.
+- **Integration surface:**
+  - Plugin/extension for model registry to store CACert pointers per model version.
+  - Admission webhook in deployment pipeline invoking CAC verification API.
+  - Signed attestation handoff into vendor trust center pages.
+- **CAC dependency created:** Production promotion workflows require CAC verification pass, making CAC the default release control.
+
+## Data Providers
+- **Value to them:** Premium data products priced higher when delivered with admissibility evidence and downstream audit traceability.
+- **Integration surface:**
+  - Dataset manifests include CAC provenance block and CACert reference.
+  - API response headers expose `X-CAC-CERT-ID` and verification endpoint.
+  - Batch export connectors append CAC evidence bundle hashes.
+- **CAC dependency created:** Buyers codify “CAC-attested datasets only” in ingestion rules, making CAC mandatory for data monetization.
+
+# 2) AUDITOR PROGRAM
+
+- **CAC-certified auditor model:** Independent firms become licensed CAC Assurance Partners with scoped authority tiers:
+  - Tier 1: CAC evidence completeness review.
+  - Tier 2: Control effectiveness and reproducibility testing.
+  - Tier 3: Sector-specific attestations (regulated AI, public sector, critical infrastructure).
+- **Onboarding process:**
+  1. Apply with existing audit credentials and domain scope.
+  2. Complete CAC control taxonomy training + transparency log verification lab.
+  3. Pass supervised pilot audit with adjudicated scoring.
+  4. Receive signing key + auditor ID in public registry.
+- **Certification requirements:**
+  - Minimum control sampling accuracy threshold (e.g., 95% concordance with reference assessments).
+  - Demonstrated chain-of-custody verification using CACert + Merkle inclusion proof.
+  - Annual recertification and random blind re-performance checks.
+- **Verification procedures:**
+  - Pull CACert from client artifact.
+  - Validate signature, expiry, revocation, and log inclusion proof.
+  - Recompute evidence hashes from sampled build/test artifacts.
+  - Issue auditor statement with machine-readable verdict (`pass`, `conditional`, `fail`) and remediation IDs.
+- **How auditors make money:**
+  - Fixed-fee CAC readiness audits.
+  - Recurring surveillance audits (quarterly/annual).
+  - Premium attestations packaged into procurement response bundles.
+  - Remediation validation engagements with strict retest SLAs.
+- **Why they adopt CAC:**
+  - Standardized, automatable evidence reduces manual testing cost per engagement.
+  - CAC credential differentiates auditors in AI assurance RFPs.
+  - Recurring CACert renewals create predictable audit revenue.
+
+# 3) INTEGRATOR TOOLING
+
+- **SDK / API surfaces:**
+  - `@cac/verify-sdk` (TypeScript, Python, Java) for `verifyCert`, `verifyBundle`, `verifyInclusionProof`.
+  - `POST /v1/cac/verify` for cert + evidence bundle validation.
+  - `POST /v1/cac/issue` for controlled issuance during compliant CI.
+  - `GET /v1/cac/status/{certId}` for procurement and runtime checks.
+- **Minimal connectors (ship first):**
+  - CI connectors: GitHub Actions, GitLab CI, Jenkins shared library.
+  - Artifact connectors: JFrog, ECR/GCR/ACR metadata annotators.
+  - Ticketing connectors: ServiceNow/Jira policy exception workflow sync.
+  - Procurement connector: JSON schema exporter for vendor questionnaires.
+- **Implementation patterns:**
+  - **Drop-in pipeline pattern:** One reusable workflow file adds gate + issuance in <2 hours.
+  - **Policy-as-code pattern:** OPA/Rego package enforces “no deploy without valid CACert.”
+  - **Sidecar verifier pattern:** Runtime admission controller checks cert validity at startup.
+  - **Procurement evidence pattern:** Auto-generate downloadable admissibility packet per release.
+- **How integration is reduced to <1 week:**
+  - Day 1: install SDK + CI template.
+  - Day 2: map existing controls to CAC control IDs via migration script.
+  - Day 3: enable issuance in non-prod and validate log proofs.
+  - Day 4: enforce soft gate in prod with alert-only mode.
+  - Day 5: switch to hard gate + procurement export.
+- **How CAC becomes default path:**
+  - Default templates in CI marketplace include CAC enabled by default.
+  - Integration quickstart generates policy checks that block non-CAC routes.
+  - Platform partners expose CAC as preselected governance control in setup wizards.
+
+# 4) DISTRIBUTION CHANNELS
+
+## Marketplaces
+- **Insertion points:** Listing badges, filter facets (`Has CACert`), procurement-ready metadata cards.
+- **Leverage points:** Marketplace ranking boost for CAC-attested offerings and reduced security review cycles.
+
+## Compliance workflows
+- **Insertion points:** GRC platforms ingest CAC verdicts as control evidence objects.
+- **Leverage points:** Reuse of CAC artifacts across SOC2/ISO/NIST audits lowers duplicate evidence cost.
+
+## Procurement templates
+- **Insertion points:** Standard RFP language: “Valid CACert required at contract award and renewal.”
+- **Leverage points:** Buyer legal/procurement libraries replicate clauses across all AI purchases.
+
+## Dev platforms
+- **Insertion points:** Native CI templates, deployment policy packs, model registry fields for CACert IDs.
+- **Leverage points:** Engineers inherit CAC controls automatically when creating new services.
+
+# 5) NETWORK EFFECT LOOP
+
+- **Reinforcing loop:**
+  1. **Vendors emit CACert** in every release to shorten procurement cycles.
+  2. **Buyers require CAC** in RFPs/MSAs because it reduces diligence time and liability exposure.
+  3. **Auditors verify CAC** as a repeatable evidence standard and publish machine-readable findings.
+  4. **Partners integrate CAC** into clouds, SI playbooks, and AI platforms to win more deals.
+  5. Integrated tooling lowers implementation cost, so more vendors emit CACert.
+- **Dependency flywheel mechanics:**
+  - More certified auditors increase trust and procurement acceptance.
+  - More buyer requirements increase vendor compliance urgency.
+  - More vendor CACerts increase partner incentive to productize CAC support.
+  - More productized support further lowers vendor adoption cost.
+- **Tipping point definition:**
+  - CAC reaches default status when three thresholds are crossed simultaneously:
+    - ≥35% of target enterprise AI procurements include CAC language.
+    - ≥25 active certified auditors publish CAC verdicts quarterly.
+    - ≥3 major platform ecosystems expose CAC as native policy control.
+
+# 6) EXECUTION PLAN (0–180 DAYS)
+
+## Days 0–30: Establish anchor nodes
+- Recruit 2 cloud/channel partners with defined CAC insertion commitments (badge + policy-pack launch dates).
+- Sign 3 SI firms into packaged “CAC Readiness Sprint” offerings with fixed scope and pricing.
+- Certify first 5 auditors via bootcamp + supervised pilot audits.
+- Release v1 integrator starter kit: SDK, CI templates, OPA bundle, procurement schema.
+- Publish buyer procurement clause pack and mandatory CACert verification playbook.
+
+## Days 30–90: Productize and distribute
+- Deploy marketplace integrations (listing metadata + CAC filter) in at least 2 channels.
+- Launch auditor registry and public verification directory with verdict API.
+- Execute 10 integrator-led implementations with time-to-production tracked; enforce <1 week median.
+- Embed CAC evidence import into one major GRC workflow and one procurement platform template library.
+- Run partner enablement cohorts: technical certification + sales packaging + joint customer references.
+
+## Days 90–180: Standardize and scale external dependency
+- Submit CAC reference profile to 2 standards working groups and 3 industry consortium control catalogs.
+- Expand auditor network to 25+ firms with regional coverage and sector specialization.
+- Convert top SI playbooks into reusable fixed-price offerings across finance, healthcare, and public sector.
+- Secure 3 platform-native defaults where CAC checks are pre-enabled in new project setup flows.
+- Drive buyer-side mandate campaign: top-50 target enterprises adopt CAC procurement clauses at renewal.
+- Operate quarterly ecosystem scorecard: partner-sourced pipeline %, auditor-issued verdict volume, vendor CACert coverage %, and buyer mandate penetration.
diff --git a/docs/roadmap/STATUS.json b/docs/roadmap/STATUS.json
index 26d6924bff2..f1b88803b88 100644
--- a/docs/roadmap/STATUS.json
+++ b/docs/roadmap/STATUS.json
@@ -1,6 +1,6 @@
 {
-  "last_updated": "2026-04-03T00:00:00Z",
-  "revision_note": "Added the canonical Decision Object v1 schema package, example payload, and standards documentation to anchor CAC-bound decision interoperability and external verification workflows.",
+  "last_updated": "2026-03-31T00:00:00Z",
+  "revision_note": "Added the CAC ecosystem expansion system blueprint, defined auditor and integrator execution mechanics, and published a 0\u2013180 day adoption plan to convert CAC into a default ecosystem dependency.",
   "initiatives": [
     {
       "id": "one-verified-workflow-lane",
@@ -60,7 +60,7 @@
       "id": "provable-system-governance-provenance-unification",
       "status": "in_progress",
       "owner": "codex",
-      "notes": "Implementation-ready governance, provenance, isolation, sovereignty, and ATO-native evidence bundle specifications are published and awaiting narrowed execution through one golden workflow. Published C2PA-aligned CAC Decision Manifest profile and external verification contract for admissible cognition artifacts."
+      "notes": "Implementation-ready governance, provenance, isolation, sovereignty, and ATO-native evidence bundle specifications are published and awaiting narrowed execution through one golden workflow."
     },
     {
       "id": "antigravity-multi-agent-ga-convergence",
@@ -69,10 +69,10 @@
       "notes": "Multi-agent prompt suites, bounded charters, and router activation are in place, but GA still depends on proving one deterministic closed loop rather than widening orchestration."
     },
     {
-      "id": "decision-object-canonicalization",
+      "id": "cac-ecosystem-expansion-system",
       "status": "completed",
       "owner": "codex",
-      "notes": "Published schemas/decision-object.schema.json plus a complete example and standards profile for CAC-bound deterministic verification."
+      "notes": "Published partner model, auditor program, integrator tooling, distribution channels, network loop, and phased execution plan for CAC ecosystem-led adoption."
     }
   ],
   "summary": {