Diff stat empty — let me look at commit directly. Also master already has lots of reaper/killswitch infra (overlap signal).

Let me verify the key new file isn't already on master, and test status.

Work real: governor (1005 lines) + 765-line test file, not on master. Let me verify tests actually pass.

58 pass. Now clean up.

Verdict ready. Use review signal.

## MC-4639 Review — done? required? should do? **1. Was work done? YES — real + verified.** - Branch `cr/mc-4639-...-5b24f5`, SHA `31e77b1b`. NOT on master. - `agent_safety_governor.py` (1005 lines) + config + scheduler task (no_agent, every 2m) + plan doc + 765-line test file. - I ran tests fresh from the commit: **58 passed**. Council (Codex/Gemini/GLM/Opus) + adversarial review already applied. Not fabricated — code is genuine and working. **2. Is it required? PARTIAL overlap — not pure duplicate.** Master already has: `queue_reaper.py`, `worktree-reaper.py`, `reap-zombie-workers` task, `/stop_all` kill-switch, in-process `mc_pickup` watchdog. But those cover only **wall-clock + idle**, in-process, lost on restart. Governor adds genuinely-missing layer: **per-task cost ($12)/token (15M)/tool-call (250) ceilings, loop detection, stale-heartbeat, respawn caps (3), death-certificates** — out-of-process, survives restart, covers all dispatchers. The "$10/hr token burn" runaway from the reddit scan is the exact gap existing reapers don't catch. **3. Should we do it? My recommendation: YES, but lower than P0.** The runaway-cost ceiling is the one real hole in current safety. Worth landing. P0 framing came from a reddit-thread scan — overstated; our existing reapers already prevent the worst (zombie/wedge loops). Realistic priority: **medium-high**. **Decision is yours (product/priority + this ticket is in your inbox).** I did NOT merge — work sits review-ready on the branch. If you say go, landing is one safe ff-merge: `python3 mission-control/scripts/control_room_pickup.py --merge-recovered` Risk note before merge: governor *kills* worker pids. Code has guards (never kills persistent/interactive/pid≤1, /proc cmdline identity check, dry-run, flock). I'd want one live `--dry-run` cycle watched against real workers before enabling the scheduler task — cheap insurance on a kill-capable layer. {"mc_signal":"REVIEW","ticket":"MC-4639","nonce":"MC_TICKET_TURN:4639:1780605968135:05679972","payload":"Work done + verified (58 tests pass), on branch not master. Fills real runaway-cost gap existing reapers miss. Recommend land at medium-high (not P0); decision is Elmar's — did not merge."}