diff --git a/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md b/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md
index 20c806c..c8dd1e0 100644
--- a/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md
+++ b/docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md
@@ -223,7 +223,7 @@ Goal: the production-readiness checks run in automation, not only locally.
 - [x] **P8.3** Add CI Docker build job for backend and web images. Commit: `7fb44d0`; Verified: `bash -n scripts/docker-prep.sh`; `COMMON_PLAT=/definitely/missing bash scripts/docker-prep.sh --restore`; `git diff --check`; `rg -n "docker-build|Prepare Docker tarball dependencies|Build backend image|Build web image|Restore Docker prep changes|COMMON_PLAT" .github/workflows/ci.yml scripts/docker-prep.sh`; `docker --version` failed locally with `command not found`, so image build execution is delegated to the GitHub Ubuntu runner. Added a `docker-build` CI job gated after backend/web jobs to prepare common-platform tarball dependencies, build backend and web Docker images with BuildKit secrets, and restore docker-prep changes; made `scripts/docker-prep.sh` support the current `../learning_ai/learning_ai_common_plat` path, `COMMON_PLAT` override, restore without a common-platform checkout, and Linux-safe package rewrites.
 - [x] **P8.4** Add or document compose smoke: build, start backend/web, hit `/health`, `/api/bootstrap`, and a web smoke endpoint. Commit: `cae5941`; Verified: `bash -n scripts/compose-smoke.sh`; `git diff --check`; `rg -n "smoke:compose|compose-smoke|3000:3045|NEXT_PUBLIC_NOTES_API_URL|/api/bootstrap|NODE_ENV=development" package.json README.md docker-compose.yml scripts/compose-smoke.sh`; `docker --version` failed locally with `command not found`, so live compose execution is deferred to Docker-capable environments. Added `pnpm run smoke:compose`, an executable compose smoke script that runs docker-prep, builds backend/web images, starts compose in local memory mode, checks backend `/health`, backend `/api/bootstrap`, and web `/`, then restores docker-prep changes and tears down by default; fixed compose web port mapping to `3000:3045`, added web build args, and replaced the backend healthcheck with a Node fetch check.
 - [x] **P8.5** Add secret scan and hardcoded token/color checks, reusing common platform scripts where possible. Commit: `694a0be`; Verified: `bash -n scripts/release-guard-audit.sh`; `zsh -lc 'source ~/.zshrc; export GITEA_NPM_TOKEN; pnpm run audit:release-guards'`; `git diff --check`; `rg -n "release-guards|audit:release-guards|release-guard-audit|Hardcoded color|Hardcoded token|secret-scan-repo" .github/workflows/ci.yml package.json scripts/release-guard-audit.sh`. Added `pnpm run audit:release-guards` and a CI `release-guards` job that installs `ripgrep`, reuses common-platform `secret-scan-repo.sh` when available, falls back to the repo-local scanner otherwise, blocks hardcoded hex/rgb colors in web/mobile product code, and blocks hardcoded token-like values outside docs/node_modules.
-- [ ] **P8.6** Add dependency health workflow or scheduled check for `@bytelyst/*`, Next, React, Expo, Fastify, Vitest, and Playwright compatibility. Commit:
+- [x] **P8.6** Add dependency health workflow or scheduled check for `@bytelyst/*`, Next, React, Expo, Fastify, Vitest, and Playwright compatibility. Commit: `389a4c8`; Verified: `bash -n scripts/dependency-health.sh`; `rg -n "dependency-health|dependency:health|Dependency health|pnpm outdated|pnpm run typecheck" .github/workflows/dependency-health.yml package.json scripts/dependency-health.sh`; `zsh -lc 'source ~/.zshrc; export GITEA_NPM_TOKEN; pnpm run dependency:health'`; `git diff --check`. Added `pnpm run dependency:health` and a weekly/manual `Dependency Health — NoteLett` workflow that checks out common platform, links the expected workspace path, builds `@bytelyst/*`, installs with the frozen lockfile, runs a cross-surface typecheck compatibility sweep, prints key versions for `@bytelyst/*`, Next, React, Expo, Fastify, Vitest, and Playwright, emits `pnpm outdated -r --long` as a non-blocking report, and uploads the report artifact.
 - [ ] **P8.7** Add release notes template and production deploy checklist with environment variables, rollback, migrations, smoke tests, and monitoring links. Commit:
 
 Acceptance criteria: