Recurring + scheduled tasks (Claude session-local)

Most of these live in Claude's in-session CronCreate store and die on session exit. They must be recreated after every session restart. The truly durable nightly work lives in GitHub Actions (.github/workflows/nightly-security-scan.yml etc.) and is unaffected.

Why they're session-local

CronCreate's durable: true flag has not reliably persisted across sessions in our testing (2026-04-26). Until we either fix that or migrate to GitHub-Actions-driven cron + RemoteTrigger callbacks, the operator is responsible for re-issuing these on each restart.

Recreate after restart

When restarting Claude, ask: "recreate the scheduled tasks per docs/ops/scheduled-tasks.md" — Claude will re-issue the three CronCreate calls verbatim.

1. Daily card-groomer pass

Prompt to fire:

Run a card-groomer pass on the TradeMasterAPI backlog. Score open issues for atomicity, clarity, and readiness. Apply labels (groomed / ready-for-dev / needs-grooming / blocked). Don't pile on cards groomed within the last 24 hours. Per feedback_t5_morning_sprint memory, the recurring grooming pass is Kristerpher's morning briefing prep. Brief return summary: counts of (scanned / advanced-to-ready / re-flagged / closed-as-stale) + any human-decision items needing his input. Dispatch via: Agent({subagent_type: "card-groomer", isolation: "worktree"}).

2. Daily security-agent triage

Prompt to fire:

Run security-agent triage on the overnight scan findings. The GH Actions workflow .github/workflows/nightly-security-scan.yml fires at 08:07 UTC (~01:07 PDT) and writes docs/security/scans/<today>.md + opens GitHub issues for CRITICAL/HIGH. This triage is the layer on top: read today's scan report, file follow-ups for any unresolved CRITICAL/HIGH findings per the routing rules in .claude/agents/security-agent.md, Slack-ping the operator on CRITICAL. Dispatch via: Agent({subagent_type: "security-agent", isolation: "worktree"}). If sre-agent or security-agent isn't loaded in the current session, fall back to general-purpose with the agent's .md as context.

3. Wednesday 2026-04-29 09:00 PDT — Matthew Crosby attorney follow-up

Prompt to fire:

Wednesday 2026-04-29 09:00 PDT follow-up — check for Matthew Crosby (IP attorney) reply on the referral email Kristerpher confirmed sent. If no reply, suggest a polite nudge or alternative path. Reference: reference_attorneys.md memory.

Out of scope for this doc

• The nightly security scan itself — runs in GitHub Actions, durable, configured at .github/workflows/nightly-security-scan.yml.
• Heroku scheduler jobs — see Heroku dashboard per app.
• Slack notifications on prod release (#376 follow-up) — once shipped, will be GH-Actions-driven.

Why this list lives in docs/ops/

Operator-facing reference, not code. Lives near the runbooks (docs/ops/runbooks/) so it's discoverable when reviewing ops state. Memory entry project_scheduled_recurring_tasks.md points here.