orchestrator.path_guard.violations_in_diff() is consulted by merge_policy.decide() and by the dashboard PR detail page. Any file matching the repo's forbidden_paths globs blocks the PR regardless of risk band. Allowing an exception requires:

1. An operator decision logged in the decisions table, AND
2. A temporary override to the repo's forbidden_paths list.

orchestrator.secret_scanner.scan(diff_text) checks added lines for common API key shapes (AWS, GitHub, Anthropic, OpenAI, Gemini, Slack, PEM headers, generic SECRET_*=value). Hits show on the PR detail page and (in M10+) block auto-merge.

This is a guardrail, not a substitute for proper secret scanning (gitleaks, truffleHog). The orchestrator only ever pushes branches the user explicitly opted into; secret-detection is the last fallback.

Switches between modes are logged and never silent.

Every action that reaches the orchestrator is persisted:

• commands table — all CLI / dashboard / remote / scheduled inputs
• task_events — every state machine transition
• runs — every worker container invocation
• notifications — every ntfy + log emission
• decisions — every approval / rejection / override
• incidents — operator-tagged anomalies

The claude247 logs and dashboard /logs + /commands pages are the read-side of the audit trail. They both go through the same SQLite state, no parallel files.

claude247 stop-all

Enqueues a stop_all command. The orchestrator drains it by:

• halting the scheduler (no new tasks pulled)
• pausing all queued / planning / coding / testing / reviewing / validating tasks
• writing a system_paused notification
• recording a stop_all decision row