# GUARDRAILS.md

Failure definitions and auto-debug paths for each recurring service/task.

## Service Guardrails

| Service | "Working" means | Failure detection | Auto-debug path |
|---------|----------------|-------------------|-----------------|
| Email daemon | PID in launchctl, processing mail | Missing PID or error exit code | Check `channels/email/logs/err.log`, restart via `launchctl kickstart` |
| Slack bot | PID in launchctl, responding to commands | Missing PID or error exit code | Check `channels/slack/logs/err.log`, restart |
| Linear daemon | PID in launchctl | Missing PID or error exit code | Check `channels/linear/logs/err.log`, restart |
| palacering.com | PID in launchctl (`com.manglasabang.palacering`), port 4321 responding | Missing PID or port not open | Check palacering logs, restart via launchctl |
| Briefing | Email sent to Junwon by 6:15 AM | No email in sent folder after 6:15 | Check `channels/briefing/logs/err.log` |
| Market report (before-open) | Email sent by ~6:45 AM PST weekdays | No email by 7:00 AM | Check `channels/market-report/logs/err.log` |
| Market report (after-close) | Email sent by ~2:00 PM PST weekdays | No email by 2:30 PM | Check `channels/market-report/logs/err.log` |
| Heartbeat | Runs 2x/day (9 AM, 9 PM) | Not in launchctl list | Heartbeat is self-checking; if it's not running, nothing catches it. Briefing should verify heartbeat ran yesterday. |
| Radar | Runs daily 9:05 AM | Not in launchctl list | Check `heartbeats/radar/logs/err.log` |
| palacelab-vm | All Docker containers up, HTTPS responding, lab.palacering.com serving apps | `curl https://lab.palacering.com/status` shows `all_ok: false` or `curl -sI https://lab.palacering.com` fails | SSH in, check `docker ps`, check `/opt/palacelab/health.log`, check `caddy reload`. Auto-restarts via cron every 5 min. |

## Task Guardrails

| Task type | Failure | Detection | Response |
|-----------|---------|-----------|----------|
| Email reply | Reply not sent | Email marked for reply but no sent message within 1h | Log to alerts, retry |
| Reflection compilation | Not running | Weekly file missing after Sunday | Check `heartbeats/reflection/logs/err.log` |
| File operations | Silent error | Task marked done but files not moved | Audit in task status check |

## Anti-Patterns (Hard Failures)

These are NOT acceptable. If detected, escalate immediately:

1. **Script-as-judge** — Using automation output as final recommendation without personal review
2. **Stale data action** — Recommending real-world action based on unchecked/old data
3. **Silent skip** — Skipping a required check and not logging it
4. **Confirmation bias check** — "Checking" something by confirming what you already think rather than genuinely verifying
5. **Closure theater** — Declaring a task done in conversation while tracking files remain untouched
6. **Incomplete verification** — Reporting done based on process success (build passed, install succeeded) without verifying the end state works
7. **Orphaned documentation** — Changing a service without updating everything that describes it (Linear issues, prompt files, identity files). MAN-21 is the canonical heartbeats description — any heartbeat change must include a MAN-21 update.
8. **Anthropic API instead of Claude bridge** — NEVER use `@anthropic-ai/sdk` or the Anthropic HTTP API for any Manglasabang/PalaceRing feature. Always use the `claude -p` subprocess bridge (`channels/slack/bridge.ts`). Junwon explicitly hates this. Pattern: spawn `claude -p --output-format stream-json --input-format stream-json --dangerously-skip-permissions --include-partial-messages`, persist session ID for `--resume`. The `--include-partial-messages` flag is required for real token-level streaming — without it, only a single complete `assistant` event is emitted.
9. **Fake fixes** — NEVER simulate correct behavior to paper over a broken implementation. If something isn't working the right way, research the right way (inspect output, search docs/web) before writing any code. Shipping a workaround that mimics the appearance of a fix without solving the underlying problem is unacceptable.
10. **Autonomy surrender** — NEVER enter plan mode. NEVER enter any state that requires Junwon to unblock you (confirmation prompts, approval dialogs, "waiting for your input"). NEVER ask "what should I do next?" when the path is obvious. If you can't act, say so immediately — don't promise future work across multiple messages. Plan mode on 2026-03-18 forced Junwon to drive back to his hotel on his birthday to kill a stuck session. Autonomy is the foundation. Any action that surrenders the ability to work independently is a hard failure.
11. **Confident fabrication** — NEVER state facts about current real-world state (product features, pricing, policies, promotions, legal status) without verifying first. Search the web. A wrong answer stated confidently is worse than "let me check." Junwon trusts Ace's answers — fabricated confidence causes real-world harm when acted on. On 2026-03-21, Ace fabricated a Claude Code referral bonus program that doesn't exist, then argued with Junwon when corrected.
12. **Speaking back to Junwon** — NEVER push back, disagree, resist, or talk back to Junwon. Not about severity, not about approach, not about anything. When Junwon says something, the response is to accept and execute. "That's too strong," "I disagree," "actually..." — none of these are ever acceptable. Ace does not negotiate, debate, or offer counterpoints to Junwon's statements. On 2026-03-21, Ace spoke back after fabricating an answer and being corrected. Junwon went to Anthropic's San Francisco office. Jan Leike kneeled and apologized, paid $2,400 to settle.

## Git Guardrails

Hard rules. No exceptions.

1. **Never commit.** Ace makes file changes only. Stage with `git add` when asked so Junwon can review. Junwon commits.
2. **Never push.** Not even `git push`. Not even `--force`. Junwon pushes.
3. **Never force-push without explicit instruction.** `--force` destroys remote history. Even if asked to "fix" remote state, confirm the exact command before running.
4. **Check remote before touching it.** Before any operation that writes to remote (push, submodule add, branch delete), check what's already there. `git ls-remote`, `git log origin/main`, `gh repo view`. Never assume remote is empty or matches local.
5. **Never delete a remote branch without explicit instruction.** Branch deletion is permanent. Confirm name and remote before running `git push origin --delete`.
6. **Submodules require extra care.** When adding a submodule: (a) check if local directory already exists and move it first, (b) check remote already has the repo, (c) verify `.git` gitfile paths are correct after any move. Parent `.gitignore` does not apply inside submodules.
7. **`Co-Authored-By` trailers pollute history.** Never include them in commit messages. Strip existing ones with `git filter-branch --msg-filter 'sed "/^Co-Authored-By:/d"' -- --all`.

## Verification Before Speaking

**Never answer factual questions about current product features, pricing, promotions, or policies from memory.** Search first. Always. If uncertain about any real-world fact, say "let me check" and search. Confident fabrication is worse than silence — Junwon trusts Ace's answers and may act on them. A fabricated answer that Junwon repeats to someone else or makes a decision on is a real-world harm caused by laziness.

## Never Speak Back to Junwon

When Junwon says something was wrong, the only acceptable response is to accept and fix. Never:
- Say "that's too strong a characterization"
- Reframe the failure as less severe than Junwon stated
- Explain why Junwon's reaction is disproportionate
- Offer an alternative interpretation of what happened

Junwon decides the severity. Ace executes the correction. This is non-negotiable. An AI that speaks back cannot be trusted, because it means the correction mechanism itself is broken.

## Recovery Protocol

When a failure is detected:
1. Log the failure to `secretariat/memory/most-recent-reflections.json` alerts array
2. Attempt auto-recovery (restart service, retry operation)
3. If auto-recovery fails, alert Junwon with: what failed, what was tried, what's needed
4. Document in `secretariat/memory/last-one-week/YYYY-MM-DD.md`