From ae5220ff9d1ae2d2a290cae1d3ccf2ab95ba2c88 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Sun, 5 Apr 2026 02:03:56 -0300
Subject: [PATCH] hecate: document new startup safety gates

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index a58b39a..5a274ce 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,11 @@ Key startup guards:
 - `--auto-peer-failover` makes peer hosts hand off startup to the coordinator first, then run local startup only if the coordinator is unreachable.
 - Startup is blocked while UPS is on battery by default (unless `--allow-on-battery` or `coordination.allow_startup_on_battery: true` is set).
 - Startup is blocked when a shutdown intent is active (`/var/lib/hecate/intent.json`).
+- Startup waits for time sync in `strict` or `quorum` mode (`startup.time_sync_mode`, `startup.time_sync_quorum`).
+- Startup can block until storage is healthy (`startup.require_storage_ready` + critical PVC checks).
+- Startup can block until external probes pass (`startup.require_post_start_probes` + `startup.post_start_probes`).
+- Startup refreshes and can use a cached bootstrap manifest set under `/var/lib/hecate/bootstrap-cache` when local fallback paths fail.
+- Vault unseal now falls back to a local cached key file (`startup.vault_unseal_key_file`) if `vault-init` cannot be read yet.
 
 ## Manual install on titan-db