BDR-025: design gate = profile-based (tier=profil, GATE-BLOCK allowlist,
magic required-but-manual, unknown->fail-visible exit 11, claude resolved via
ensure_claude_on_path since command -v depends on PATH carrying nvm bin). Alts
rejected: hardcoded tier->tools, advisory magic, strict fail-closed.
BDR-026: secret source-of-truth in ~/.claude/.env via repo/.env symlink;
source follows link -> zero read-path change; link_env defensive.
LRN-037: verify the load-bearing scenario on the real subject in real context,
not a stub/logic — every refutation this chantier came from execution.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>