diff --git a/plan.md b/plan.md
index 1d5f404..3e78f0d 100644
--- a/plan.md
+++ b/plan.md
@@ -207,9 +207,14 @@ Each tool module exports:
 - Timeout: 15s
 - Output truncation: 12,000 chars
 
-#### `tools/write_code.py` — Claude Code Subprocess
-- Clones valinor repo → runs `claude --print` → creates branch + PR
-- Risk classification for changes (optional, simpler than infra-agent's)
+#### `tools/write_code.py` — Valinor Code Changes
+- Clones valinor repo → runs `claude --print` → creates branch + draft PR
+- Scope: infrastructure changes (apps/, manifests/, ansible/, terraform/)
+- Always creates draft PRs, never merges
+
+#### `tools/write_documentation.py` — Lord of the Rings Doc Changes
+- Clones lord-of-the-rings repo → runs `claude --print` → creates branch + draft PR
+- Scope: homelab documentation (docs, runbooks, index pages)
 - Always creates draft PRs, never merges
 
 ### Tasks
@@ -330,8 +335,8 @@ Add Telegram or Signal as alternative interfaces.
 
 ## Open Questions
 
-1. **Ansible access**: Should tolkien be able to run ansible playbooks, or just read the config? Running playbooks from in-cluster would need SSH keys to external hosts — big blast radius. Start read-only?
-2. **write_code scope**: Should it only modify valinor, or also lord-of-the-rings? Probably both (code + docs).
-3. **Streaming responses**: Should the CLI stream Claude's response as it generates, or wait for the full response? Streaming is better UX for long answers.
-4. **Rate limiting**: Any concern about Anthropic API costs? Could add a simple per-session token budget.
-5. **lotr access in-cluster**: Git clone as init container (stale) vs. mount from a shared PVC vs. fetch on demand via Gitea API? Gitea API is simplest and always fresh.
+1. ~~**Ansible access**~~: Read config + propose changes via draft PR. Operator runs playbooks manually.
+2. ~~**write_code scope**~~: Two separate tools — `write_code` for valinor (infra), `write_documentation` for lord-of-the-rings (docs). Both produce draft PRs.
+3. ~~**Streaming responses**~~: Full response mode. CLI will be used on unreliable internet (trains), so wait for complete response rather than streaming.
+4. ~~**Rate limiting**~~: Use a dedicated Anthropic API key for tolkien with a monthly spend limit set in the Anthropic Console. No in-app budget tracking needed.
+5. ~~**lotr access in-cluster**~~: Git clone (init container or sidecar with periodic pull). Faster reads, works offline if needed.