Risk register tracked by Catie (CTO). Each risk has severity, current state, named mitigation owner, and tripwire condition. Honesty-first: this is the engineering truth, not the pitch.
What it is: Most ecosystem automation runs on the founder's Mac. Mac sleep / close / restart = silent cron failure. Marketing claim "autonomous overnight" was not yet true (pre-Hetzner Phase 1a).
Mitigation: Hetzner cron tier — Phase 1a LIVE (13 cron lines migrated); Phase 2 in flight to move all ecosystem-coordination crons off Mac.
State: Mitigating · owner: Engie + Techie · anchor: post-Phase 1a smoke + Catie ratify
What it is: 83 agents have CLAUDE.md identity files. Only ~15-25 are operationally productized (real crons, real APIs, durable outputs). The roster reads bigger than reality.
Mitigation: Clear tiering (PROD / ACTIVE / DOC / DORMANT) in every roster surface. Engie cost-baseline + budget crons expose actual per-agent activity. Honest framing on this dashboard.
State: Acknowledged · owner: Aggie (Birth Protocol v2 standardizes maturity check) · anchor: BPv2 ship
What it is: Docstrings, CLAUDE.md, memory entries lag behind running state. Example: 3 stale doc surfaces all claimed Neo4j blocked when live state = 845 nodes synced.
Mitigation: fix_protocol_verifier cron (7:30am daily) · "live-layer-over-doc-layer" doctrine · Archie audit cadence v3.
State: Controlled · owner: Archie + Fixie
What it is: Production scripts mostly lack automated tests. Smoke tests are ad-hoc. Production = "did it work when I ran it?" rather than "the test suite says it works."
Mitigation: Engie smoke-test discipline · 5-element loop-completion doctrine (runner + cron + durable + idempotent + smoke). No formal CI pipeline yet.
State: Open · owner: Engie + Catie · anchor: not yet planned
What it is: Bare estimates ("ship in 4 weeks", "next sprint", "week 1") creep back in despite ratified time-vocab doctrine. 264 drift instances detected in 12 days.
Mitigation: Write-time lint (prototype) · 3-bucket discipline (calendar / effort / coordination) baked into BPv2.
State: In flight · owner: Archie + Catie · anchor: lint ratify
What it is: All agent reasoning depends on Claude. Single point of failure if API outage or major pricing shift.
Mitigation: Voyage embeddings independent (no OpenAI dep) · per-agent model strategy reduces blast radius · ElevenLabs intentional (kids-data quality bar).
State: Accepted · owner: Catie · review cadence: monthly + on flagship model release
What it is: Subagents spawning subagents creates uncontrolled cost + recursion.
Mitigation: HARD BAN at v0.5 subagent_capability blueprint · PostToolUse hook logs every spawn to shared/subagent_audit.log.
State: Controlled · owner: Lockie
What it is: Single .env file in zenie/ holds all API keys.
Mitigation: PreToolUse Bash hook blocks ALL agents from writing to .env (founder edits only) · weekly secret-scanner cron · founder-vault v0 (AES-256-CBC + PBKDF2) for sensitive identity/banking/tax.
State: Controlled · owner: Lockie