Problem
docs/security/execution-safety-loop.md Section 9.2 says:
SHOULD include notifications in AutonomyDirective responses for non-hard-block events other than verify tier (which is a MUST — see Section 9.1)
The carve-out excludes the entire verify tier from the SHOULD. But the Section 9.1 MUST is specifically about autonomy_pause with metadata.verificationId — not all notification types in verify tier responses. Other notification types (e.g., status, error) that may accompany a verify tier response are now excluded from both MUST and SHOULD coverage.
Fix
Narrow the parenthetical to reference the specific obligation: "other than verify tier challenges, for which the autonomy_pause notification with metadata.verificationId is a MUST (see Section 9.1)."
Found during PR #213 review round 14.
Problem
docs/security/execution-safety-loop.mdSection 9.2 says:The carve-out excludes the entire
verifytier from the SHOULD. But the Section 9.1 MUST is specifically aboutautonomy_pausewithmetadata.verificationId— not all notification types inverifytier responses. Other notification types (e.g.,status,error) that may accompany averifytier response are now excluded from both MUST and SHOULD coverage.Fix
Narrow the parenthetical to reference the specific obligation: "other than
verifytier challenges, for which theautonomy_pausenotification withmetadata.verificationIdis a MUST (see Section 9.1)."Found during PR #213 review round 14.