No retention policy on agent transcript files in .logs/ — PII from issue bodies accumulates indefinitely

[ooloth]

Why

Agent transcript files in .logs/ contain the full prompt context passed to each step, which can include issue body text with PII from log-scan analysis (emails, user IDs, hostnames). These files accumulate indefinitely with no automated deletion — as the architecture docs explicitly note.

Current state

loops/common/logs.py line 9: LOGS_DIR = ROOT / ".logs". Transcripts are appended per-step in agent.py lines 96–98 with no cleanup. docs/architecture/harness-self-improvement.md line 174 states: "No retention policy — old runs accumulate indefinitely."

Ideal state

• Transcript run directories older than a documented retention window (e.g., 30 days) are automatically deleted by a cleanup step at the start of each coordinator invocation.
• The retention period is stated in docs/architecture/harness-self-improvement.md and enforced in code.
• Personal data from issue body context does not accumulate on disk beyond the retention window.

Starting points

• loops/common/logs.py — LOGS_DIR definition and make_run_dir function
• docs/architecture/harness-self-improvement.md line 174 — the existing gap note to update

QA plan

1. Artificially age a run directory beyond the retention threshold (e.g., set its mtime to 31 days ago).
2. Run the coordinator — confirm the aged directory is deleted and a new run directory is created.
3. Confirm recent run directories (within the retention window) are not deleted.

Done when

The coordinator deletes transcript run directories older than a defined retention window on each invocation, and the retention period is documented in the architecture docs.