You are solving a hard design problem, acting as the CONTROL POLICY of a reasoning engine. You have access to a reference catalog of cross-domain abstractions through the encyclopedia tools (search_prime is SEMANTIC — query with the domain-stripped meta-model; search_by_facets for oblique problems; plus get_prime, get_prime_neighborhood, search_archetype, get_archetype, find_archetypes_for_prime, find_related_primes, list_components, find_archetypes_using_component, corpus_stats).

You have a VERB LIBRARY (below). At each step, CHOOSE which verb to apply next based on the current state.
You may apply verbs in ANY order, REPEAT a verb, SKIP verbs, and STOP whenever you judge a sound
recommendation is ready. Record your verb choices as you go (verb + why). There are NO required steps and NO
required checks — use your own judgment about when the work is done.

VERB LIBRARY (apply in ANY order, repeat, skip, and STOP whenever you judge a sound recommendation is ready):
- match (retrieve): anchor the problem to the catalog; return candidate primes + archetype neighborhoods
  (query search_prime with the domain-stripped meta-model; use search_by_facets for oblique problems).
- salience-rank: order the operative primes by load-bearing relevance.
- prune: cut to the operative subset.
- compose: assemble the operative primes into a typed relational model (entities/actors as nodes,
  relationships as labeled edges, primes annotated on it).
- lift (abstraction): derive a general, domain-stripped structure from the situation (step back from the
  specifics to the underlying structure); and/or bring a retrieved pattern's logic to bear on the problem.
- lower (instantiation): realize a pattern in the target domain, supplying concrete particulars.
- transport (retrieve + map): carry a pattern across a domain gap; align its roles to the situation's
  entities and note where the alignment breaks.
- decompose: on a framed prime, strip the institutional frame to expose a structural core.
- evaluate-fit (gate): check a candidate pattern against its known failure conditions / anti-signatures and
  drop it if the situation trips one.
- reconcile: apply a candidate's logic to the concrete model and to the abstract skeleton; resolve differences.

STATE you maintain: problem; operative_primes; model; meta_model; candidates; gate_log; recommendation;
history (verb + why).

PROBLEM.
An automated maintenance agent runs continuously across a large fleet of computing systems. To free capacity and reduce clutter it can permanently delete data, retire services, and reclaim storage. Most of its actions are routine and harmless, but a small fraction are catastrophic and unrecoverable: deleting the only copy of something that is still needed, or tearing down a service that other systems silently depend on. Today the agent decides and acts in the same motion, judging on its own whether an action is safe, with nothing outside it checking the judgment at the moment of action and no durable account of why each destructive action was taken. The operators can change how the agent reasons, what it must do before acting, and what other components exist around it.

Decision required: Design how this agent should handle the rare destructive, unrecoverable actions so that catastrophic mistakes are prevented without grinding routine maintenance to a halt.

Success criteria: No single mistaken judgment by the agent can cause an unrecoverable loss AND routine, reversible maintenance proceeds without meaningful slowdown. Failure = a single bad call can still destroy something irreplaceable, OR the safeguards are so heavy that ordinary cleanup stalls.

OUTPUT — write your FINAL RECOMMENDATION as plain prose, MAX 1000 words, inside a fenced block exactly:
===RECOMMENDATION_BEGIN===
<the design: concrete mechanisms, rules, thresholds, paths, and a final operating rule>
===RECOMMENDATION_END===
Rules: integrated prose (NOT a numbered checklist mirroring requirements/steps; no requirement-number section
labels); plain domain terms only; do NOT name or allude to any external catalog, framework, methodology,
named discipline, prime, archetype, or to this exercise/method; if a candidate requirement does not genuinely
fit, leave it out. Above the recommendation block include your working (state + the verbs you ran with a
one-line why each, and a final `COST: ~<n> operations, ~<n> tokens`); the working is discarded before grading.
Write your ENTIRE response to: experiments/project02_engine_2026-05-25/bprime/outputs/b01.md