diff --git a/plans/host-on-sx.md b/plans/host-on-sx.md
index adc1118a..74532f49 100644
--- a/plans/host-on-sx.md
+++ b/plans/host-on-sx.md
@@ -142,9 +142,11 @@ lib/host/sxtp.sx                        subsystem APIs (feed/search/commerce/…
       (default loopback; stack sets `0.0.0.0`) in `sx_server.ml`, rebuilt this
       worktree's binary. Verified: `/health`, `/feed`, relations reads serve real
       JSON through Cloudflare→Caddy; `/` 404 (no root route yet). `rose-ash.com`
-      untouched. CAVEAT: `/root/caddy/Caddyfile` is an inode-pinned bind mount —
-      edited file shows a NEW inode the container can't see; loaded live via
-      `caddy reload` from a non-bind path. A caddy restart reconciles the bind.
+      untouched. (Inode-pinned bind-mount gotcha: editing `/root/caddy/Caddyfile`
+      via a tool swaps its inode so the container kept the old content — loaded live
+      via reload-from-non-bind-path, then RECONCILED by restarting Caddy so the
+      bind re-points to the corrected file. Verified post-restart: blog serves, and
+      `sx.rose-ash.com`/`rose-ash.com` survived.)
 - [ ] proxy-to-Quart fallback for un-migrated paths (strangler requirement before
       a real subdomain fronts users).
 - [ ] internal-HMAC middleware on `/internal/*` (service-to-service auth; protocol