1. Shell actuator: remove double bash -c wrapping (format ~s produces
S-expression-safe strings, not shell-safe). Now passes cmd directly
to (timeout N bash -c cmd) via run-program arg list.
2. Dispatcher: extend high-impact approval gate to :system :eval.
Previously only :shell, :tool "shell", and :emacs :eval triggered
HITL. Now :system :eval also requires Flight Plan approval.
3. Skill sandbox: before promoting a skill from its jailed package to
:passepartout, scan for restricted symbol references (uiop:run-program,
uiop:shell, uiop:run-shell-command). Block promotion on violation.
New skill-entry status :sandbox-blocked for blocked skills.
Test: 91 pass, 0 fail across 13 suites.
- New system-event-orchestrator skill with hook registry, cron registry, and tier classifier
- Three dispatch tiers: :reflex (no LLM), :cognition (light), :reasoning (full)
- Org-mode timestamp parsing for repeat patterns (+1w, +1d, +1m)
- Registers on heartbeat via defskill, dispatches due cron jobs
- Fix all remaining harness-log → log-message references across org files
