diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d17f70..1a186c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ This project has a published GitHub Release line, but no stable support or API g
 ### Changed
 
 - Documented the published `v0.2.1` GitHub Release and PyPI package state on `main`.
+- Synced public security, README, and changelog wording after `v0.2.1` publication, PyPI availability, and GitHub Release assets were verified.
 
 ## [0.2.1] - 2026-06-17
 
@@ -42,8 +43,8 @@ This project has a published GitHub Release line, but no stable support or API g
 
 ### Release notes
 
-- These changes are present on `main` after `v0.2.0` and are not part of the published `v0.2.0` release artifacts.
-- The next release should be cut as a new patch release instead of moving the existing `v0.2.0` tag.
+- These changes were accumulated on `main` after `v0.2.0` and are released in `v0.2.1`.
+- The existing `v0.2.0` tag was not moved; `v0.2.1` was cut as a new patch release.
 
 ## [0.2.0] - 2026-06-15
 
diff --git a/README.md b/README.md
index c43cd8f..8d140fc 100644
--- a/README.md
+++ b/README.md
@@ -135,7 +135,7 @@ The default behavior is read-only.
 
 ## What This Project Does
 
-`v0.2.1` is published as a GitHub Release and as the first PyPI package line for `agent-rules-kit`. Current `main` may include post-release documentation updates after that published package.
+`v0.2.1` is published as a GitHub Release and as the first PyPI package line for `agent-rules-kit`. Current `main` reflects that published state and may include later documentation or maintenance updates.
 
 The implemented behavior includes:
 
@@ -150,7 +150,7 @@ The implemented behavior includes:
 - avoids LLM calls;
 - avoids executing commands from analyzed repositories.
 
-Governance diagnostics were introduced in `v0.2.0` and have received post-release fixes on `main`.
+Governance diagnostics were introduced in `v0.2.0` and hardened through the published `v0.2.1` release.
 
 These diagnostics are heuristic findings for instruction-file governance. They are meant to flag review-worthy instruction patterns, not to prove that a repository is safe.
 
@@ -173,7 +173,7 @@ Current `main` evaluates the following governance finding rules, in stable evalu
 
 Governance findings are intentionally conservative and pattern-based. They may produce false positives or false negatives, and they are not a substitute for maintainer review.
 
-The `v0.2.0` GitHub Release introduced this governance rule set. Current `main` may include unreleased fixes and coverage improvements after that tag.
+The `v0.2.0` GitHub Release introduced this governance rule set. The published `v0.2.1` release includes subsequent governance hardening, coverage expansion, and release/PyPI documentation sync without moving the `v0.2.0` tag.
 
 For detailed rule purpose, evidence, limits, and false-positive notes, see `docs/RULES.md`.
 
@@ -469,20 +469,20 @@ Current status:
 - `v0.2.0` remains the previous published GitHub Release baseline;
 - `main` may include post-`v0.2.1` documentation or maintenance updates;
 - no stable support or API guarantee yet;
-- release tag `v0.2.0` points to the verified release SHA;
+- release tag `v0.2.1` points to the verified release SHA;
 - local CLI behavior implemented;
 - governance diagnostics, structured finding evidence, and evidence redaction are implemented;
 - CI active;
 - branch protection is active with the required `local-checks / Python 3.12` status check;
 - the `pypi` GitHub environment exists for the release publishing workflow;
-- `.github/workflows/publish-pypi.yml` is prepared to publish `v0.2.1` through PyPI Trusted Publishing when the GitHub Release is published;
+- `.github/workflows/publish-pypi.yml` published `v0.2.1` through PyPI Trusted Publishing and remains the release publishing workflow;
 - README screenshots are generated from real local CLI commands;
 - security boundaries documented;
 - threat model documented.
 
 For future releases, verify:
 
-- all intended unreleased fixes for the patch release are merged into `main`;
+- all intended changes for the release are merged into `main`;
 - no known release-blocking audit finding remains open;
 - local checks pass from a development virtual environment;
 - CI passes for the release SHA;
@@ -494,7 +494,7 @@ For future releases, verify:
 - README documents normal CLI use, source-tree development use, virtual environment setup, development dependencies, and local checks;
 - README does not claim unsupported maturity;
 - SECURITY.md and CHANGELOG.md are current;
-- private vulnerability reporting is enabled or its absence is clearly documented;
+- private vulnerability reporting status is accurately documented;
 - tag and GitHub Release point to the verified release SHA;
 - no real secrets or private data are present.
 
diff --git a/SECURITY.md b/SECURITY.md
index 06cd7c2..d992358 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,9 +6,9 @@ It is not a security scanner, provides no security guarantees, and must not be d
 
 ## Supported versions
 
-`v0.2.0` is published as a GitHub Release.
+`v0.2.1` is published as a GitHub Release and PyPI package.
 
-Current `main` contains unreleased post-`v0.2.0` fixes intended for a future patch release.
+Current `main` may include post-`v0.2.1` documentation or maintenance updates after the published package.
 
 The project is still maintained on a best-effort basis. There is no commercial SLA, no guaranteed response time, and no guarantee that every security-relevant issue will be found or fixed.
 
@@ -18,7 +18,7 @@ The project is still maintained on a best-effort basis. There is no commercial S
 | 0.1.x | Historical pre-release line / not supported |
 | < 0.1 | Not supported |
 
-This project is not published to PyPI yet. Do not claim PyPI availability until a separate release phase verifies and publishes it.
+`agent-rules-kit==0.2.1` is published on PyPI. Future PyPI availability claims must be verified per release before updating this policy.
 
 ## Security boundaries
 
@@ -71,13 +71,13 @@ Security response is best-effort for the current `0.2.x` GitHub Release line.
 
 There is no commercial SLA or guaranteed response time.
 
-Before any broader public distribution, the maintainer should re-check and document:
+For future releases or broader public distribution, the maintainer should re-check and document:
 
 - supported versions;
 - expected response time;
 - disclosure handling;
 - whether GitHub Security Advisories or private vulnerability reporting are enabled;
-- whether PyPI publication changes the support policy.
+- whether the published package channel changes the support policy.
 
 ## Safe development rules