docs(changelog): runner fleet execution-plane split

[indykish]

Adds a May 27, 2026 changelog <Update> for the M80 control-plane / execution-plane cutover landing in usezombie#349.

• Execution moved to a host-resident zombie-runner daemon over HTTPS; zombied is the control plane (owns PG/Redis/Vault).
• Lease-based ownership with a fencing token; runner death → reclaim + re-run, late report fenced.
• Mandatory Landlock + cgroups + netns sandbox, fail-closed.
• User-visible behavior unchanged (row-equivalence); host runners not yet enabled in production.
• Notes the known 30s lease-renewal limit (follow-up).

Tagged ["What's new", "Internal"]. Date label only, per the changelog convention.

🤖 Generated with Claude Code

Greptile Summary

This PR adds a single <Update> block to changelog.mdx documenting the M80 control-plane / execution-plane split, where agent execution moves from inside zombied to a separate zombie-runner daemon with lease-based ownership and a mandatory sandbox. The two <Note> callouts for the not-yet-production host runners and the 30-second lease-renewal limit are properly placed.

• Changelog entry covers the CP/EP architecture split, lease-based ownership with fencing, and fail-closed sandboxing, tagged ["What's new", "Internal"].
• Multiple uses of run/runs/re-run as verbs appear across the new bullets and the <Note> — AGENTS.md explicitly forbids these words; substituting execute/re-executed resolves all three occurrences.

Confidence Score: 5/5

Documentation-only change with no code or schema impact — safe to merge after addressing the terminology nits.

The change is a single changelog entry with no executable code, no API surface, and no schema. The <Note> callouts for forward-looking statements are already in place. The only outstanding items are word-choice corrections that have no correctness impact.

No files require special attention beyond the three terminology nits in changelog.mdx.

Important Files Changed

Filename	Overview
changelog.mdx	Adds a May 27, 2026 <Update> block documenting the M80 execution-plane split. The two <Note> callouts for future/limited states are present. Several instances of the forbidden terminology run/runs appear as verbs — AGENTS.md forbids these words regardless of part of speech.

Sequence Diagram

sequenceDiagram
    participant Trigger as Webhook / Cron
    participant zombied as zombied (control plane)
    participant PG as Postgres / Redis / Vault
    participant Runner as zombie-runner (execution plane)
    participant Sandbox as Isolated Sandbox

    Trigger->>zombied: Incoming event
    zombied->>PG: Persist event, issue lease + fencing token
    zombied->>Runner: Hand off event (HTTPS, lease token)
    Runner->>Sandbox: Fork sandboxed child (Landlock + cgroups + netns)
    Sandbox-->>Runner: Agent execution result
    Runner->>zombied: Report result (fencing token)
    zombied->>PG: Durable write (validates token)
    Note over zombied,Runner: If runner dies → lease expires → zombied reclaims and re-assigns

Loading

Prompt To Fix All With AI

Fix the following 3 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 3
changelog.mdx:28
The bullet uses "runs it", another instance of the forbidden `run`/`runs` terminology from `AGENTS.md`. "executes it" or rewording around "processes the event" keeps the same meaning while staying clear of the v1 surface term.

```suggestion
  - **Control plane / execution plane split.** A runner leases an event, executes it, and reports the result; `zombied` does the durable writes. Work can execute on hosts that never see a database credential.
```

### Issue 2 of 3
changelog.mdx:29
The phrase "re-run" (and the related verb "runs it" in the bullet above) introduces the word `run` / `runs`, which `AGENTS.md` explicitly lists as forbidden terminology because it refers to the retired v1 product surface. The equivalent operator-level phrasing uses "event" or "re-executed".

```suggestion
  - **Lease-based ownership.** Each lease carries a deadline. A runner that dies mid-event has its work reclaimed and re-executed by another runner; a late report from the dead runner is rejected, so state is never double-written.
```

### Issue 3 of 3
changelog.mdx:37
Same forbidden terminology: "runs longer" and "re-run" both introduce the word `run`/`runs`. The `AGENTS.md` rule applies to all usages; "re-executed" or "re-processed" avoids the v1 surface term entirely.

```suggestion
    One known limit: an agent that executes longer than the 30-second lease window is reclaimed and re-executed, so long single events wait on a follow-up that adds lease renewal.
```

_{Reviews (2): Last reviewed commit: "docs(changelog): address greptile P2s on..." | Re-trigger Greptile}

Context used:

• Context used - AGENTS.md (source)