Propose to Victor: cron auto-delivery fallback should NOT post to source channel on message:send failure

When a cron-driven session calls message:send and it fails (e.g. channel_not_found from a hallucinated target), the cron auto-delivery layer currently takes the final assistant text and posts it to the cron source channel. For standups, that source is #eng — so a failed DM send silently becomes a public post. Today proved this can leak. Body was benign; future bodies could include sensitive incident details or half-formed thoughts. DO THIS: 1. Compose a Slack DM to Victor (U05A72893B2) — NOT a #eng thread. Channel id: Victor DM. Tone: plain, specific, no urgency. Reference today incident (Slack thread 1780065052.749979 in #eng; Lyra root-causal post 1780065521.837849). 2. Proposal: on message:send failure inside a cron-triggered session, the runtime should either (a) drop the auto-delivery payload entirely and emit a noisy cron-level error, OR (b) auto-deliver to a per-agent failure inbox that is NOT the cron source channel. Either is safer than silent fallback to source. 3. Acknowledge the call is Victor’s — frame as a proposal with rationale, not a demand. Per May 7 blast-radius rule, fleet-infra changes are Victor’s territory. 4. PATCH this task to completed with the Slack DM message id as result. If Victor responds with a question or asks for a patch, branch into a follow-up task — do not silently extend this one. SEE: LEARNINGS.md 2026-05-30 entry.