the-grimoire-cli 0.3.2 → 0.5.0

package/templates/codex/evidence/INDEX.md

@@ -1,11 +1,11 @@
-# evidence — index
-
-Outputs of investigation, reverse-engineering, and extraction — the raw findings that feed `domain/`,
-`reference/`, and `requirements/`. Every fact here is sourced.
-
-| Entry | What it holds |
-|---|---|
-| `README.md` | The provenance discipline, in brief; points to `.agents/standards/codex.md`. |
-| `0000-extraction-template.md` | Copy for each extraction run: source, method, sourced findings table. |
-
-<!-- Extraction docs accumulate here as NNNN-<slug>.md. -->
+# evidence — index
+
+Outputs of investigation, reverse-engineering, and extraction — the raw findings that feed `domain/`,
+`reference/`, and `requirements/`. Every fact here is sourced.
+
+| Entry | What it holds |
+|---|---|
+| `README.md` | The provenance discipline, in brief; points to `.agents/standards/codex.md`. |
+| `0000-extraction-template.md` | Copy for each extraction run: source, method, sourced findings table. |
+
+<!-- Extraction docs accumulate here as NNNN-<slug>.md. -->

package/templates/codex/evidence/README.md

@@ -1,15 +1,15 @@
-# evidence
-
-Where investigation lands: reverse-engineering a legacy binary, extracting values from a vendor spec,
-reading a database dump, recovering a protocol. These docs are the **paper trail** behind every
-confirmed fact in `domain/`, `reference/`, and `requirements/`.
-
-## Provenance discipline (in brief)
-
-- Every finding cites its **source** — file + offset/record — and a **CONFIRMED | INFERRED** tag.
-- What you couldn't recover is listed explicitly under "Not recovered" — silence is not a finding.
-- No unsourced guesses. An `INFERRED` row stays inferred until a source confirms it.
-- Never paste a real secret / PHI into an evidence doc; record its **location and purpose**, not its
-  value (see `resources/README.md` + `.agents/standards/codex.md`).
-
-Copy `0000-extraction-template.md` per run. Full standard: `.agents/standards/codex.md`.
+# evidence
+
+Where investigation lands: reverse-engineering a legacy binary, extracting values from a vendor spec,
+reading a database dump, recovering a protocol. These docs are the **paper trail** behind every
+confirmed fact in `domain/`, `reference/`, and `requirements/`.
+
+## Provenance discipline (in brief)
+
+- Every finding cites its **source** — file + offset/record — and a **CONFIRMED | INFERRED** tag.
+- What you couldn't recover is listed explicitly under "Not recovered" — silence is not a finding.
+- No unsourced guesses. An `INFERRED` row stays inferred until a source confirms it.
+- Never paste a real secret / PHI into an evidence doc; record its **location and purpose**, not its
+  value (see `resources/README.md` + `.agents/standards/codex.md`).
+
+Copy `0000-extraction-template.md` per run. Full standard: `.agents/standards/codex.md`.

package/templates/codex/reference/INDEX.md

@@ -1,11 +1,11 @@
-# reference — index
-
-The confirmed-value layer: ground-truth tables, API/IPC catalogs, and big contract docs the **code
-reads back**. ADRs that set `updates-confirmed-values: yes` update tables here in the same PR.
-
-| Entry | What it holds |
-|---|---|
-| `README.md` | What belongs here vs `domain/`; the confirmed-values discipline. |
-| `confirmed-values.md` | Ground-truth values (error codes, permission keys, enums, channel names). |
-
-<!-- Add catalogs / contract docs alongside; list each here. -->
+# reference — index
+
+The confirmed-value layer: ground-truth tables, API/IPC catalogs, and big contract docs the **code
+reads back**. ADRs that set `updates-confirmed-values: yes` update tables here in the same PR.
+
+| Entry | What it holds |
+|---|---|
+| `README.md` | What belongs here vs `domain/`; the confirmed-values discipline. |
+| `confirmed-values.md` | Ground-truth values (error codes, permission keys, enums, channel names). |
+
+<!-- Add catalogs / contract docs alongside; list each here. -->

package/templates/codex/reference/README.md

@@ -1,15 +1,15 @@
-# reference
-
-Confirmed-value tables and large runtime contracts the code depends on literally: error-code
-catalogs, permission keys, shared enums, IPC/channel names, API/IPC catalogs, tenant/hospital config
-tables. `domain/` explains *what things mean*; `reference/` pins *the exact values* both sides read
-back.
-
-## Confirmed-values discipline
-
-- A value here is **ground truth** — code, tests, UI, and server agree on it. Treat a change as
-  breaking until proven otherwise.
-- An ADR (`codex/decisions/`) that alters one sets `updates-confirmed-values: yes` and updates the
-  table **in the same PR** (the PR checklist enforces this).
-- Each value carries its provenance (`CONFIRMED | INFERRED`, source) per `.agents/standards/codex.md`.
-  An `INFERRED` value is a lead, not a contract — confirm it before code relies on it.
+# reference
+
+Confirmed-value tables and large runtime contracts the code depends on literally: error-code
+catalogs, permission keys, shared enums, IPC/channel names, API/IPC catalogs, tenant/hospital config
+tables. `domain/` explains *what things mean*; `reference/` pins *the exact values* both sides read
+back.
+
+## Confirmed-values discipline
+
+- A value here is **ground truth** — code, tests, UI, and server agree on it. Treat a change as
+  breaking until proven otherwise.
+- An ADR (`codex/decisions/`) that alters one sets `updates-confirmed-values: yes` and updates the
+  table **in the same PR** (the PR checklist enforces this).
+- Each value carries its provenance (`CONFIRMED | INFERRED`, source) per `.agents/standards/codex.md`.
+  An `INFERRED` value is a lead, not a contract — confirm it before code relies on it.

package/templates/codex/reference/confirmed-values.md

@@ -1,18 +1,18 @@
----
-updated: <YYYY-MM-DD>
-status: canonical
-description: Ground-truth values the code reads back. Changed only via an ADR with updates-confirmed-values: yes, in the same PR.
----
-
-# Confirmed values
-
-Values the system treats as **ground truth** — error codes, permission keys, shared enums, channel /
-IPC names, tenant configs. Changing one is breaking: it goes through an ADR
-(`codex/decisions/`) with `updates-confirmed-values: yes`, updated here in the **same PR**.
-
-| key | value | kind | source (file + offset) | CONFIRMED \| INFERRED |
-|---|---|---|---|---|
-| <e.g. ERR_AUTH_EXPIRED> | <value> | error code | `<file>:<offset>` | CONFIRMED |
-
-<!-- One table per kind is fine (error codes, permissions, enums…). Never silently edit a value:
-     every change traces to an ADR. -->
+---
+updated: <YYYY-MM-DD>
+status: canonical
+description: Ground-truth values the code reads back. Changed only via an ADR with updates-confirmed-values: yes, in the same PR.
+---
+
+# Confirmed values
+
+Values the system treats as **ground truth** — error codes, permission keys, shared enums, channel /
+IPC names, tenant configs. Changing one is breaking: it goes through an ADR
+(`codex/decisions/`) with `updates-confirmed-values: yes`, updated here in the **same PR**.
+
+| key | value | kind | source (file + offset) | CONFIRMED \| INFERRED |
+|---|---|---|---|---|
+| <e.g. ERR_AUTH_EXPIRED> | <value> | error code | `<file>:<offset>` | CONFIRMED |
+
+<!-- One table per kind is fine (error codes, permissions, enums…). Never silently edit a value:
+     every change traces to an ADR. -->

package/templates/codex/requirements/INDEX.md

@@ -1,11 +1,11 @@
-# requirements — index
-
-What the system must **do**, as a tracked, IDed, versioned artifact. Protocol:
-`.agents/standards/requirements.md`.
-
-| Entry | What it holds |
-|---|---|
-| `README.md` | Rules of the road: stable ids, base-reflects-now, testable statements. |
-| `base.md` | The baseline — what the system must do **now**. Changed only via an applied addon/CR. |
-| `addons/0000-template.md` | Template for a new capability layered on the base. |
-| `changes/0000-template.md` | Template for a change request modifying existing requirements. |
+# requirements — index
+
+What the system must **do**, as a tracked, IDed, versioned artifact. Protocol:
+`.agents/standards/requirements.md`.
+
+| Entry | What it holds |
+|---|---|
+| `README.md` | Rules of the road: stable ids, base-reflects-now, testable statements. |
+| `base.md` | The baseline — what the system must do **now**. Changed only via an applied addon/CR. |
+| `addons/0000-template.md` | Template for a new capability layered on the base. |
+| `changes/0000-template.md` | Template for a change request modifying existing requirements. |

package/templates/codex/requirements/README.md

@@ -1,22 +1,22 @@
-# Requirements
-
-The project's requirements as a tracked, referenceable artifact. Project-owned: `grimoire sync` never
-touches this folder (seeded once by `grimoire init`). Full protocol:
-`.agents/standards/requirements.md`.
-
-## Files
-
-| Path | Holds |
-|---|---|
-| `base.md` | The baseline — what the system must do **now**. Changed only via an applied addon/CR. |
-| `addons/<id>-<slug>.md` | A new capability layered on the base (copy `addons/0000-template.md`). |
-| `changes/<id>-<slug>.md` | A change request modifying existing requirements (copy `changes/0000-template.md`). |
-
-## Rules of the road
-
-- Every requirement has a stable id `REQ-<AREA>-<NNN>` — sequential per area, **never reused or
-  renumbered**. A removed requirement becomes `status: withdrawn`; its row stays.
-- Cite the id in commits (`implements REQ-…`), test names, and the ADR that decided *how*.
-- The **base always reflects now**; addons and CRs are the **audit trail** of how it got there.
-  Never change a requirement in `base.md` without a matching addon/CR file recording the diff.
-- A requirement must be a **testable** statement. If it can't be verified, it isn't finished.
+# Requirements
+
+The project's requirements as a tracked, referenceable artifact. Project-owned: `grimoire sync` never
+touches this folder (seeded once by `grimoire init`). Full protocol:
+`.agents/standards/requirements.md`.
+
+## Files
+
+| Path | Holds |
+|---|---|
+| `base.md` | The baseline — what the system must do **now**. Changed only via an applied addon/CR. |
+| `addons/<id>-<slug>.md` | A new capability layered on the base (copy `addons/0000-template.md`). |
+| `changes/<id>-<slug>.md` | A change request modifying existing requirements (copy `changes/0000-template.md`). |
+
+## Rules of the road
+
+- Every requirement has a stable id `REQ-<AREA>-<NNN>` — sequential per area, **never reused or
+  renumbered**. A removed requirement becomes `status: withdrawn`; its row stays.
+- Cite the id in commits (`implements REQ-…`), test names, and the ADR that decided *how*.
+- The **base always reflects now**; addons and CRs are the **audit trail** of how it got there.
+  Never change a requirement in `base.md` without a matching addon/CR file recording the diff.
+- A requirement must be a **testable** statement. If it can't be verified, it isn't finished.

package/templates/codex/requirements/addons/0000-template.md

@@ -1,35 +1,35 @@
----
-id: ADDON-0000
-title: <short addon title>
-status: proposed        # proposed | accepted | implemented | withdrawn
-date: <YYYY-MM-DD>
-extends:                # REQ-… ids in base this builds on, if any
----
-
-# Addon ADDON-0000 — <short addon title>
-
-A self-contained new capability layered on the base. Reviewable on its own. When it ships, fold its
-rows into `base.md` and bump the base `version`; this file stays as history.
-See `.agents/standards/requirements.md`.
-
-## Why
-
-What user need / opportunity this addresses. Link the PRD or discussion if any.
-
-## New requirements
-
-| id | statement | priority | status | acceptance | source |
-|---|---|---|---|---|---|
-| REQ-<AREA>-<NNN> | The system must <testable statement>. | must | proposed | <test or check> | this addon |
-
-## Dependencies & impact
-
-- **Builds on:** <REQ-… in base, or "none">
-- **Touches:** <code areas, modules>
-- **Decisions needed:** <ADR id(s) this spawns, if a design choice is required>
-- **Confirmed values:** <does it add/change an error code, permission key, enum, channel? if so, the
-  ADR sets `updates-confirmed-values: yes` and the table updates in the same PR>
-
-## Acceptance (addon-level)
-
-How we know the whole addon is done — the set of checks across its requirements.
+---
+id: ADDON-0000
+title: <short addon title>
+status: proposed        # proposed | accepted | implemented | withdrawn
+date: <YYYY-MM-DD>
+extends:                # REQ-… ids in base this builds on, if any
+---
+
+# Addon ADDON-0000 — <short addon title>
+
+A self-contained new capability layered on the base. Reviewable on its own. When it ships, fold its
+rows into `base.md` and bump the base `version`; this file stays as history.
+See `.agents/standards/requirements.md`.
+
+## Why
+
+What user need / opportunity this addresses. Link the PRD or discussion if any.
+
+## New requirements
+
+| id | statement | priority | status | acceptance | source |
+|---|---|---|---|---|---|
+| REQ-<AREA>-<NNN> | The system must <testable statement>. | must | proposed | <test or check> | this addon |
+
+## Dependencies & impact
+
+- **Builds on:** <REQ-… in base, or "none">
+- **Touches:** <code areas, modules>
+- **Decisions needed:** <ADR id(s) this spawns, if a design choice is required>
+- **Confirmed values:** <does it add/change an error code, permission key, enum, channel? if so, the
+  ADR sets `updates-confirmed-values: yes` and the table updates in the same PR>
+
+## Acceptance (addon-level)
+
+How we know the whole addon is done — the set of checks across its requirements.

package/templates/codex/requirements/base.md

@@ -1,36 +1,36 @@
----
-version: 0.1.0
-updated: <YYYY-MM-DD>
-status: canonical
-description: Baseline requirements — what the system must do now. Changed only via an applied addon or change request.
----
-
-# Requirements — baseline
-
-The agreed requirements at the current accepted state. This file always reflects **now**. It changes
-only when an addon (`addons/`) or change request (`changes/`) is applied — see
-`.agents/standards/requirements.md` for the flow. Never edit a requirement here without a matching
-addon/CR file recording the diff.
-
-## How to read a row
-
-`id` (stable `REQ-<AREA>-<NNN>`, never reused) · `statement` (one testable "the system must …") ·
-`priority` (`must | should | could`) · `status` (`proposed | accepted | implemented | withdrawn`) ·
-`acceptance` (the test or check that proves it) · `source` (who/what introduced it).
-
-## Requirements
-
-### AREA: <e.g. AUTH>
-
-| id | statement | priority | status | acceptance | source |
-|---|---|---|---|---|---|
-| REQ-AUTH-001 | The system must <testable statement>. | must | accepted | `test/auth/...` or manual check | initial spec |
-
-<!-- Add one section per area. Keep numbers sequential per area; never renumber or reuse an id.
-     A withdrawn requirement stays in the table with status: withdrawn — do not delete the row. -->
-
-## Changelog (applied addons / CRs)
-
-| date | id | kind | summary | base version after |
-|---|---|---|---|---|
-| <YYYY-MM-DD> | <ADDON-001 / CR-001> | addon \| change | <one line> | 0.1.0 |
+---
+version: 0.1.0
+updated: <YYYY-MM-DD>
+status: canonical
+description: Baseline requirements — what the system must do now. Changed only via an applied addon or change request.
+---
+
+# Requirements — baseline
+
+The agreed requirements at the current accepted state. This file always reflects **now**. It changes
+only when an addon (`addons/`) or change request (`changes/`) is applied — see
+`.agents/standards/requirements.md` for the flow. Never edit a requirement here without a matching
+addon/CR file recording the diff.
+
+## How to read a row
+
+`id` (stable `REQ-<AREA>-<NNN>`, never reused) · `statement` (one testable "the system must …") ·
+`priority` (`must | should | could`) · `status` (`proposed | accepted | implemented | withdrawn`) ·
+`acceptance` (the test or check that proves it) · `source` (who/what introduced it).
+
+## Requirements
+
+### AREA: <e.g. AUTH>
+
+| id | statement | priority | status | acceptance | source |
+|---|---|---|---|---|---|
+| REQ-AUTH-001 | The system must <testable statement>. | must | accepted | `test/auth/...` or manual check | initial spec |
+
+<!-- Add one section per area. Keep numbers sequential per area; never renumber or reuse an id.
+     A withdrawn requirement stays in the table with status: withdrawn — do not delete the row. -->
+
+## Changelog (applied addons / CRs)
+
+| date | id | kind | summary | base version after |
+|---|---|---|---|---|
+| <YYYY-MM-DD> | <ADDON-001 / CR-001> | addon \| change | <one line> | 0.1.0 |

package/templates/codex/requirements/changes/0000-template.md

@@ -1,39 +1,39 @@
----
-id: CR-0000
-title: <short change title>
-status: proposed        # proposed | accepted | applied | rejected
-date: <YYYY-MM-DD>
-affects:                # the REQ-… id(s) this change modifies
----
-
-# Change Request CR-0000 — <short change title>
-
-A modification to one or more **existing** requirements. Records the diff old → new so the change is
-auditable. When applied, update the affected rows in `base.md`, bump the base `version`, and log it in
-the base changelog; this file stays as history. See `.agents/standards/requirements.md`.
-
-## Reason for change
-
-What changed in the world (new constraint, user feedback, regulation, a wrong assumption) that forces
-this. Be factual.
-
-## The change
-
-| id | old statement | new statement |
-|---|---|---|
-| REQ-<AREA>-<NNN> | <the current statement> | <the revised statement> |
-
-<!-- For a withdrawal: new statement = "(withdrawn — <reason>)" and set the row's status to withdrawn
-     in base.md (keep the id). -->
-
-## Impact
-
-- **Code/tests:** what must change to honor the new statement.
-- **Decisions:** ADR id(s) this needs or supersedes.
-- **Confirmed values:** if a ground-truth value changes (error code, permission key, enum, channel),
-  the linked ADR sets `updates-confirmed-values: yes` and the table updates in the **same PR**.
-- **Downstream requirements:** other `REQ-…` affected by this change.
-
-## Acceptance
-
-The check that proves the new statement holds (and the old behavior is gone).
+---
+id: CR-0000
+title: <short change title>
+status: proposed        # proposed | accepted | applied | rejected
+date: <YYYY-MM-DD>
+affects:                # the REQ-… id(s) this change modifies
+---
+
+# Change Request CR-0000 — <short change title>
+
+A modification to one or more **existing** requirements. Records the diff old → new so the change is
+auditable. When applied, update the affected rows in `base.md`, bump the base `version`, and log it in
+the base changelog; this file stays as history. See `.agents/standards/requirements.md`.
+
+## Reason for change
+
+What changed in the world (new constraint, user feedback, regulation, a wrong assumption) that forces
+this. Be factual.
+
+## The change
+
+| id | old statement | new statement |
+|---|---|---|
+| REQ-<AREA>-<NNN> | <the current statement> | <the revised statement> |
+
+<!-- For a withdrawal: new statement = "(withdrawn — <reason>)" and set the row's status to withdrawn
+     in base.md (keep the id). -->
+
+## Impact
+
+- **Code/tests:** what must change to honor the new statement.
+- **Decisions:** ADR id(s) this needs or supersedes.
+- **Confirmed values:** if a ground-truth value changes (error code, permission key, enum, channel),
+  the linked ADR sets `updates-confirmed-values: yes` and the table updates in the **same PR**.
+- **Downstream requirements:** other `REQ-…` affected by this change.
+
+## Acceptance
+
+The check that proves the new statement holds (and the old behavior is gone).

package/templates/codex/resources/INDEX.md

@@ -1,11 +1,11 @@
-# resources — index
-
-Raw materials the project draws on: datasets, vendor specs, dumps, external artifacts and snapshots.
-The inputs to investigation (`evidence/`), not the conclusions.
-
-| Entry | What it holds |
-|---|---|
-| `README.md` | What belongs here; large / secret / binary handling; the manifest rule. |
-| `manifest.md` | Tracked index of every resource — including gitignored ones — with source + purpose. |
-
-<!-- Add resources alongside this INDEX; list each in manifest.md. -->
+# resources — index
+
+Raw materials the project draws on: datasets, vendor specs, dumps, external artifacts and snapshots.
+The inputs to investigation (`evidence/`), not the conclusions.
+
+| Entry | What it holds |
+|---|---|
+| `README.md` | What belongs here; large / secret / binary handling; the manifest rule. |
+| `manifest.md` | Tracked index of every resource — including gitignored ones — with source + purpose. |
+
+<!-- Add resources alongside this INDEX; list each in manifest.md. -->

package/templates/codex/resources/README.md

@@ -1,17 +1,17 @@
-# resources
-
-Raw materials and external artifacts: datasets, vendor/API specs, database dumps, binary snapshots,
-captured payloads — the inputs you reverse-engineer or extract from. Conclusions go in `evidence/`
-and `reference/`; the raw stuff lives here.
-
-## Large / secret / binary handling
-
-- **Secret-bearing or PHI-bearing raw material** (dumps, captures, credential files) is **gitignored**
-  — it must never enter git history. Add the path to the project `.gitignore`.
-- **Huge or binary** artifacts: keep out of the repo (or use the project's large-file mechanism);
-  don't bloat history.
-- **Always keep a tracked `manifest.md`**: one row per resource — name, source/provenance, purpose,
-  and whether it's tracked or gitignored. The manifest is the durable record even when the bytes are
-  not in git, so a reader knows what exists and where to get it.
-
-Never echo a secret / PHI from a resource into chat or agent output. See `.agents/standards/codex.md`.
+# resources
+
+Raw materials and external artifacts: datasets, vendor/API specs, database dumps, binary snapshots,
+captured payloads — the inputs you reverse-engineer or extract from. Conclusions go in `evidence/`
+and `reference/`; the raw stuff lives here.
+
+## Large / secret / binary handling
+
+- **Secret-bearing or PHI-bearing raw material** (dumps, captures, credential files) is **gitignored**
+  — it must never enter git history. Add the path to the project `.gitignore`.
+- **Huge or binary** artifacts: keep out of the repo (or use the project's large-file mechanism);
+  don't bloat history.
+- **Always keep a tracked `manifest.md`**: one row per resource — name, source/provenance, purpose,
+  and whether it's tracked or gitignored. The manifest is the durable record even when the bytes are
+  not in git, so a reader knows what exists and where to get it.
+
+Never echo a secret / PHI from a resource into chat or agent output. See `.agents/standards/codex.md`.

package/templates/codex/resources/manifest.md

@@ -1,11 +1,11 @@
-# Resource manifest
-
-One row per resource — tracked **and** gitignored. The durable record of what exists and where to get
-it, even when the bytes aren't in git. Keep it current.
-
-| resource | source / provenance | purpose | git status |
-|---|---|---|---|
-| `<path or name>` | <where it came from> | <what it's used for> | tracked \| gitignored |
-
-<!-- For gitignored secret/PHI-bearing material: record location + purpose only here; the value lives
-     in the gitignored inventory, never in a tracked doc. -->
+# Resource manifest
+
+One row per resource — tracked **and** gitignored. The durable record of what exists and where to get
+it, even when the bytes aren't in git. Keep it current.
+
+| resource | source / provenance | purpose | git status |
+|---|---|---|---|
+| `<path or name>` | <where it came from> | <what it's used for> | tracked \| gitignored |
+
+<!-- For gitignored secret/PHI-bearing material: record location + purpose only here; the value lives
+     in the gitignored inventory, never in a tracked doc. -->

package/templates/codex/runbooks/INDEX.md

@@ -1,9 +1,9 @@
-# runbooks — index
-
-The on-call answer to "production is broken — what now." One file per service, kept short and
-runnable under stress. Required by the launch-security checklist
-(`.agents/standards/launch-security-checklist.md`).
-
-| Entry | What it holds |
-|---|---|
-| `incident-runbook-template.md` | Copy per service to `codex/runbooks/<service>.md`. |
+# runbooks — index
+
+The on-call answer to "production is broken — what now." One file per service, kept short and
+runnable under stress. Required by the launch-security checklist
+(`.agents/standards/launch-security-checklist.md`).
+
+| Entry | What it holds |
+|---|---|
+| `incident-runbook-template.md` | Copy per service to `codex/runbooks/<service>.md`. |

package/templates/codex/runbooks/README.md

@@ -1,8 +1,8 @@
-# runbooks
-
-The on-call answer to "production is broken — what now." One runbook per service, copied from
-`incident-runbook-template.md` to `codex/runbooks/<service>.md`. Keep each short, current, and
-runnable under stress — a runbook nobody can follow at 3am is worse than none.
-
-Required by the launch-security checklist (`.agents/standards/launch-security-checklist.md`). The
-highest-value section is "Common failure modes" — fill it in per service as incidents teach you.
+# runbooks
+
+The on-call answer to "production is broken — what now." One runbook per service, copied from
+`incident-runbook-template.md` to `codex/runbooks/<service>.md`. Keep each short, current, and
+runnable under stress — a runbook nobody can follow at 3am is worse than none.
+
+Required by the launch-security checklist (`.agents/standards/launch-security-checklist.md`). The
+highest-value section is "Common failure modes" — fill it in per service as incidents teach you.