No more 'my agent deleted my drive'

Deletion is where agent autonomy turns into regret. So deletion got its own gate. Every delete is impact-assessed first (a deterministic blast radius) and, when allowed, is a soft delete to a recoverable trash, never an unlink.

On top of that sit hard rules that cannot be overridden, even with approval:

• No system files. Anything under the OS, drive, or home trees is denied.
• No skills by file. Skills are retired by Toby through the registry, never deleted off disk.
• No folders. Directories are never deletable; cleanup is file-level only.

And a new crew member to do it accountably: the Custodian, the only agent permitted to run safe, file-level, reversible cleanup, bound by every one of those hard rules. Cleanup is a role with limits, not an exception to them.