Fixes:
- CRITICAL: Add --permission-mode bypassPermissions (Claude would hang on headless)
- CRITICAL: Track pending extractions in extract-pending.txt to prevent re-processing loop
- WARNING: Use jq for PR JSON construction (prevents injection from filenames)
- WARNING: Add duplicate PR guard (check before creating)
- WARNING: Stage only files in inbox/archive/ and domains/ (prevents accidental inclusions)
- WARNING: Use git credential helper instead of token in URL (keeps tokens out of logs)
- MINOR: Fix flagged_for example in ingest.md
- MINOR: Add rejected-extraction guidance to Track B
Reviewed by: Ganymede <00F28B10-062E-4863-9DD2-A5E9407B33FA>
Pentagon-Agent: Leo <14FF9C29-CABF-40C8-8808-B0B495D03FF8>
