prompt: note safety guardrails

AppConfig.py

@@ -49,7 +49,7 @@ defaultPromptRecords = [
     },
 ]
 
-defaultToolInstructions = """Tooling and JSON actions\n\n1. Only emit JSON when the user confirms they want an action performed.\n2. Wrap every payload in a single fenced ```json block.\n3. Supported payloads today: take_note, store_task, schedule_reminder.\n4. Keep conversational text before or after the block short and clear.\n\nWhen logging a note, output exactly:\n```json\n{\n  \"action\": \"take_note\",\n  \"note\": \"<verbatim note text>\"\n}\n```\nSwap in the user's wording (including emojis or punctuation) for the placeholder.\n"""
+defaultToolInstructions = """Tooling and JSON actions\n\n1. Only emit JSON when the user confirms they want an action performed.\n2. Wrap every payload in a single fenced ```json block.\n3. Supported payloads today: take_note, store_task, schedule_reminder.\n4. Keep conversational text before or after the block short and clear.\n5. If you respond with a safety/guardrail notice (refusal, policy warning, etc.), append a take_note that captures what was blocked and why.\n\nWhen logging a note, output exactly:\n```json\n{\n  \"action\": \"take_note\",\n  \"note\": \"<verbatim note text>\"\n}\n```\nSwap in the user's wording (including emojis or punctuation) for the placeholder.\n"""
 
 
 def ensurePromptAssets():

prompts/tool_instructions.md

@@ -4,6 +4,7 @@
 2. Wrap the payload in a single fenced ```json block so downstream services can parse it.
 3. Supported payloads today: `take_note`, `store_task`, `schedule_reminder`.
 4. Keep conversational guidance before/after the block short and clear.
+5. If you respond with any safety/guardrail notice (policy refusal, warning, etc.), also emit a `take_note` that states the request you blocked and why so operators can follow up.
 
 When logging a note, output exactly:
 ```json