From 393d72ac522c818597944f7b32792c7f5ca9daa8 Mon Sep 17 00:00:00 2001
From: Christian Gunderman <gundermanc@google.com>
Date: Fri, 1 May 2026 14:34:50 -0700
Subject: [PATCH] fix(bot): enforce defensive scripting and preservation of
 exemptions

---
 tools/gemini-cli-bot/brain/common.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tools/gemini-cli-bot/brain/common.md b/tools/gemini-cli-bot/brain/common.md
index d97eb2fc7f..7af6d4896b 100644
--- a/tools/gemini-cli-bot/brain/common.md
+++ b/tools/gemini-cli-bot/brain/common.md
@@ -88,6 +88,22 @@ advanced triage, or semantic labeling).
   updates)
 ```
 
+## Defensive Scripting & Resilience (MANDATORY)
+
+When implementing or modifying scripts, you must ensure they are robust and
+safe:
+
+1.  **Per-Item Error Handling**: If your script iterates over a list of items
+    (e.g., issues, PRs) and performs an API or CLI call for each, you MUST wrap
+    the body of the loop (or the API call itself) in a `try/catch` block. A
+    failure on a single item (e.g., a 403 error) must not crash the entire
+    workflow or prevent subsequent items from being processed.
+2.  **Preserve Exemptions**: When replacing, refactoring, or consolidating
+    existing policies (like stale bots or auto-closers), you MUST explicitly
+    preserve any existing exemptions (e.g., `-label:security`, `-label:pinned`,
+    `-label:"help wanted"`). Never drop existing protections or safety checks
+    unless you have proven they are the explicit root cause of the issue.
+
 ## Pull Request Preparation (MANDATORY)
 
 If the `ENABLE_PRS` environment variable is `true` and you are proposing script