diff --git a/DESIGN.md b/DESIGN.md
index a29c891..9b6bce0 100644
--- a/DESIGN.md
+++ b/DESIGN.md
@@ -6,6 +6,15 @@
 **Spec:** GCAP-SPEC-SHELLBOUND-BROKER-0001 (Layer 3)
 **Language:** Rust
 **License:** Apache 2.0
+**References:** DESIGN-TYPED-SHELL-HIERARCHY-0001 (T0-T6), DESIGN-GOVERNANCE-LAYERING-MODEL-0001 (five-layer model)
+
+> **Shell Tier Context (2026-05-28):** gsh is the **T2 Operator Runtime** binary
+> per DESIGN-TYPED-SHELL-HIERARCHY-0001. It compiles with `--features operator`
+> and is one of seven tier-specific binaries (T0-T6). `NO_NEW_PRIVS` is set at
+> session start. The Free/Observed/Governed command categorization maps to
+> governance layers: Free = L1 Permitted (within PosixBinding ceiling),
+> Observed = L2 Authorized (AC-scoped), Governed = L3 Approved (ceremony-gated).
+> See DESIGN-GOVERNANCE-LAYERING-MODEL-0001 for the full five-layer model.
 
 ---