fix(bot): enforce defensive scripting and preservation of exemptions

tools/gemini-cli-bot/brain/common.md

@@ -88,6 +88,22 @@ advanced triage, or semantic labeling).
   updates)
 ```
 
+## Defensive Scripting & Resilience (MANDATORY)
+
+When implementing or modifying scripts, you must ensure they are robust and
+safe:
+
+1.  **Per-Item Error Handling**: If your script iterates over a list of items
+    (e.g., issues, PRs) and performs an API or CLI call for each, you MUST wrap
+    the body of the loop (or the API call itself) in a `try/catch` block. A
+    failure on a single item (e.g., a 403 error) must not crash the entire
+    workflow or prevent subsequent items from being processed.
+2.  **Preserve Exemptions**: When replacing, refactoring, or consolidating
+    existing policies (like stale bots or auto-closers), you MUST explicitly
+    preserve any existing exemptions (e.g., `-label:security`, `-label:pinned`,
+    `-label:"help wanted"`). Never drop existing protections or safety checks
+    unless you have proven they are the explicit root cause of the issue.
+
 ## Pull Request Preparation (MANDATORY)
 
 If the `ENABLE_PRS` environment variable is `true` and you are proposing script