diff --git a/docs/phase1b/README.md b/docs/phase1b/README.md
index 3473c3c..92e8ffa 100644
--- a/docs/phase1b/README.md
+++ b/docs/phase1b/README.md
@@ -16,6 +16,7 @@ Phase 1b is the `decision-engine` PR evaluation router. It sends each KB mutatio
 | GitHub identity and bot comments | `docs/phase1b/github-identity-bot-posture-spec.md` | ready_now after canonical target config freezes |
 | Reporting and contributor compatibility | `docs/phase1b/reporting-contributor-compatibility-spec.md` | ready_now after verdict state shape freezes |
 | Staging proof | `docs/phase1b/staging-proof-spec.md` | draft_gated on staging/VPS or disposable remote access |
+| Staging blocker | `docs/phase1b/staging-blocker.json` | external_only |
 
 ## Execution Order
 
diff --git a/docs/phase1b/staging-blocker.json b/docs/phase1b/staging-blocker.json
new file mode 100644
index 0000000..7aa6122
--- /dev/null
+++ b/docs/phase1b/staging-blocker.json
@@ -0,0 +1,18 @@
+{
+  "phase": "1b",
+  "blocked_area": "staging_and_production_proof",
+  "attempted_discovery": [
+    "audited teleo-infrastructure eval, config, deploy, systemd, github feedback, and health-check surfaces",
+    "implemented and tested local default-off phase1b routing path",
+    "opened draft pr for reviewed sha",
+    "recorded staging proof contract in docs/phase1b/staging-proof-spec.md"
+  ],
+  "exact_blocker": "no usable staging vps clone, crabbox runner config, sandbox decision-engine repo token, or production read-only access is available in this workspace",
+  "why_it_cannot_be_solved_autonomously": "staging proof requires external infrastructure authority and non-production credentials; creating or using those without the project owner/runtime owner would risk mutating production or leaking production secrets",
+  "exact_next_action": "fwaz or m3taversal should provide either a scrubbed hetzner snapshot clone or crabbox config plus staging-only github/openrouter tokens and the sandbox decision-engine repo target",
+  "safe_until_unblocked": [
+    "keep PHASE1B_AGENT_ROUTING_ENABLED=false in production",
+    "review the draft pr locally and in ci",
+    "do not allow agents to self-edit production vps state for this change"
+  ]
+}