safety / public failures

incident postmortems.

ZERO commits to publishing redacted postmortems for live-trading incidents that affect autonomous safety, journal truth, public proof, or operator control.

Open policy Open template

S0postmortem required

UTCtimeline standard

0secret disclosure

What gets publishedS0 failures, safety-gate refusal anomalies, journal hash-chain mismatches, live lease failures, public proof corrections, isolation failures, and emergency operator actions.What gets redactedPrivate keys, wallet secrets, bearer tokens, service keys, gameable thresholds, and identifying operator details unless the operator opts in.What cannot be hiddenDate, affected component, detection path, blast radius, rollback action, live-capital impact, and the test or monitor that prevents recurrence.Required templateSummary, timeline, impact, detection, root cause, resolution, what worked, what failed, follow-ups, tests added, and public artifacts.Failure-mode taxonomyEach postmortem maps back to the autonomous-loop taxonomy: detection, blast radius, rollback, journal entry, alerting, and required tests.Replay evidenceIncidents involving decisions or refusals should link the replay id or public evidence that proves what happened.Journal root evidenceIncidents involving decisions, refusals, or journal anomalies should cite a root hash and anchor URL or explain why they are unavailable.