docs(prompts): cutover flight — 5-phase Codex master prompt suite (NIECH GINIE) #141

Merged

pdurlej merged 1 commit from claude/orders/codex-cutover-flight into main

2026-05-10 00:47:59 +02:00

claude commented

2026-05-10 00:41:03 +02:00

Collaborator

Canary status: missing — Large PR class (multi-phase orchestrator + 5 phase packets driving full cutover). Fire canary 3+3 manually OR operator_override per ADR 0001 (force-push intent).

Mission

Operator decision 2026-05-10: NIECH GINIE 🔥🔥🔥A🔥🔥🔥 — force-push to Phase 6 cutover overnight. Codex executes 5 phases sequentially; operator reviews tomorrow morning + answers 3 explicit operator-gates.

What ships

6 files in new subdir prompts/codex-cutover-flight/ (839 lines total):

dispatch.md (117) — orchestrator: sequence + halt-on-failure + per-phase Owner Checkpoint protocol
phase-2-finish.md (140) — meta-decomposition + parallel atomic packets to reach 30+ v2 modules (Phase 03 gate)
phase-3-operational.md (150) — platformctl plan/apply/health + TailscaleTransport + safety.py sacred-path enforcer
phase-4-observability.md (117) — Grafana + VictoriaMetrics + Loki + Alloy on RS 2000, Tailnet-only, 14-day retention
phase-5-agent-execution.md (107) — Forgejo Actions auto-deploy on merge + Renovate config
phase-6-cutover.md (208) — image prune + Vault sunset + sunset modules + compose migration to canonical + MOVED.md + Issue #47 close

Plus state/STATUS_NOW.md updated with cutover-flight intent + 3 operator-gates + modelizm-#3 codified.

Operator-gates in Phase 6 (Codex MUST halt at each)

Image prune confirmation — Codex lists candidate images + computes list-hash; operator confirms with prune-confirmed: <hash>
Vault unseal — operator-only action (Codex cannot unseal); operator types vault-unsealed: ready
Switch-over GO — final atomic moment; operator types switch-over-confirmed

These are not bypassable. Per agent-coordination-protocol.md "approving production mutation = forbidden cousin move; only Piotr."

Sequencing

Phase 2 → 3 → 4 → 5 → 6 (sequential, halt-on-failure)

Each phase blocks the next. Codex polls main for previous phase merges; halts with Owner Checkpoint if pending >2h.

Wait conditions

Before Phase 2 starts: PR #140 (honcho-redis v2 cataloging) must be merged so baseline = 7 v2 modules
Before each subsequent phase: previous phase's PRs all merged to origin/main

Why this PR is Large class

Multi-phase driver (5 phases × multiple packets each)
Phase 6 includes production mutation paths (Vault sunset, image prune, compose migration) — operator-gates enforced in code via stop_conditions, but PR-driver itself is governance-touching
Plus: explicit operator-disengaged execution mode after dispatch

What this PR does NOT do

Does NOT execute the 5 phases (Codex does that post-merge dispatch)
Does NOT modify modules/, schema/, control-plane/, decisions/, AGENTS.md (Codex does in resulting per-phase PRs)
Does NOT touch RS 2000 directly
Does NOT bypass canary 3+3 governance (each phase's child PRs still go through canary; some may use operator_override per Rule 2)
Does NOT auto-merge Codex's work (operator merges per existing review flow)

Out of scope

Per-phase PR-by-PR review (operator handles morning review batch)
Issue #138 cross-link debt (separate; deferred)
Issue #56 Forgejo MCP identity-split (separate; not blocker for cutover)

Spec sources read

agent-souls/practices/agent-coordination-protocol.md — 5-turn cap, Owner Checkpoint, forbidden cousin moves
agent-souls/references/codex-handoff-packet-format.md — packet schema
state/agent-execution-template.md — execution discipline + symmetric disclosure
prompts/codex-night-close-2026-05-09.md + prompts/codex-wave-2-v2-cataloging-2026-05-09.md + prompts/codex-cleanup-122-124-2026-05-09.md — sibling prompts for structural consistency
state/L3/{JOURNEY,OPEN_LOOPS,CONTRADICTIONS,ORPHANS}.md — for Issue #47 vps-home-platform-infra context (legacy salvage worktree, not Forgejo repo)
state/glm-sunset-watch.md — modelizm anti-pattern history
PLATFORM_CHARTER.md §sacred paths — for safety.py spec
migrations/vault-to-infisical.md — for Phase 6.2 secret migration plan
decisions/0001-canary-mandatory-pm-cadence.md + decisions/0002-ci-enforcement-canary.md — governance discipline
docs/forgejo-agent-operations.md — Forgejo not GitHub conventions
Live Forgejo API: PR #140 status (Packet O honcho-redis cataloging — must merge before Phase 2 starts)
Live RS 2000 SSH: compose layout (/opt/vps-home-platform-infra/compose/{base,edge,core,apps}/compose.yaml + scripts/compose.sh wrapper)

Test plan

Operator readback: 5 phases correctly scoped (no scope creep, sequencing makes sense)
Operator readback: 3 operator-gates feel sufficient + match operator's appetite ("NIECH GINIE" mode)
Operator readback: phase-6-cutover.md Packet 6.4 compose migration approach feels right (or amend)
Operator merge of this PR
Operator dispatches: codex exec < prompts/codex-cutover-flight/dispatch.md
Codex executes Phase 2 → opens meta-issues + child PRs → operator reviews + merges
Phase 3-5 cascade automatically as previous phases merge
Phase 6 halts at 3 operator-gates; operator answers each; cutover completes
Final cutover commit comment posted by Codex with summary
After cutover: claude (next session) updates STATUS_NOW.md to post-cutover state

Dispatch instruction (operator pastes in Codex App after merge)

cd ~/Developer/iskra-platform-2026-04-30
git pull
codex exec < prompts/codex-cutover-flight/dispatch.md

Codex reads dispatch, then sequentially reads + executes phase-2-finish.md → phase-3-operational.md → phase-4-observability.md → phase-5-agent-execution.md → phase-6-cutover.md.

🔥 NIECH GINIE.

Canary status: missing — Large PR class (multi-phase orchestrator + 5 phase packets driving full cutover). Fire canary 3+3 manually OR operator_override per ADR 0001 (force-push intent). ## Mission Operator decision 2026-05-10: **NIECH GINIE 🔥🔥🔥A🔥🔥🔥** — force-push to Phase 6 cutover overnight. Codex executes 5 phases sequentially; operator reviews tomorrow morning + answers 3 explicit operator-gates. ## What ships 6 files in new subdir `prompts/codex-cutover-flight/` (839 lines total): - **dispatch.md** (117) — orchestrator: sequence + halt-on-failure + per-phase Owner Checkpoint protocol - **phase-2-finish.md** (140) — meta-decomposition + parallel atomic packets to reach 30+ v2 modules (Phase 03 gate) - **phase-3-operational.md** (150) — platformctl `plan`/`apply`/`health` + TailscaleTransport + safety.py sacred-path enforcer - **phase-4-observability.md** (117) — Grafana + VictoriaMetrics + Loki + Alloy on RS 2000, Tailnet-only, 14-day retention - **phase-5-agent-execution.md** (107) — Forgejo Actions auto-deploy on merge + Renovate config - **phase-6-cutover.md** (208) — image prune + Vault sunset + sunset modules + compose migration to canonical + MOVED.md + Issue #47 close Plus `state/STATUS_NOW.md` updated with cutover-flight intent + 3 operator-gates + modelizm-#3 codified. ## Operator-gates in Phase 6 (Codex MUST halt at each) 1. **Image prune confirmation** — Codex lists candidate images + computes list-hash; operator confirms with `prune-confirmed: <hash>` 2. **Vault unseal** — operator-only action (Codex cannot unseal); operator types `vault-unsealed: ready` 3. **Switch-over GO** — final atomic moment; operator types `switch-over-confirmed` These are not bypassable. Per `agent-coordination-protocol.md` "approving production mutation = forbidden cousin move; only Piotr." ## Sequencing ``` Phase 2 → 3 → 4 → 5 → 6 (sequential, halt-on-failure) ``` Each phase blocks the next. Codex polls main for previous phase merges; halts with Owner Checkpoint if pending >2h. ## Wait conditions - Before Phase 2 starts: PR #140 (honcho-redis v2 cataloging) must be merged so baseline = 7 v2 modules - Before each subsequent phase: previous phase's PRs all merged to origin/main ## Why this PR is Large class - Multi-phase driver (5 phases × multiple packets each) - Phase 6 includes production mutation paths (Vault sunset, image prune, compose migration) — operator-gates enforced in code via stop_conditions, but PR-driver itself is governance-touching - Plus: explicit operator-disengaged execution mode after dispatch ## What this PR does NOT do - Does NOT execute the 5 phases (Codex does that post-merge dispatch) - Does NOT modify modules/, schema/, control-plane/, decisions/, AGENTS.md (Codex does in resulting per-phase PRs) - Does NOT touch RS 2000 directly - Does NOT bypass canary 3+3 governance (each phase's child PRs still go through canary; some may use operator_override per Rule 2) - Does NOT auto-merge Codex's work (operator merges per existing review flow) ## Out of scope - Per-phase PR-by-PR review (operator handles morning review batch) - Issue #138 cross-link debt (separate; deferred) - Issue #56 Forgejo MCP identity-split (separate; not blocker for cutover) ## Spec sources read - `agent-souls/practices/agent-coordination-protocol.md` — 5-turn cap, Owner Checkpoint, forbidden cousin moves - `agent-souls/references/codex-handoff-packet-format.md` — packet schema - `state/agent-execution-template.md` — execution discipline + symmetric disclosure - `prompts/codex-night-close-2026-05-09.md` + `prompts/codex-wave-2-v2-cataloging-2026-05-09.md` + `prompts/codex-cleanup-122-124-2026-05-09.md` — sibling prompts for structural consistency - `state/L3/{JOURNEY,OPEN_LOOPS,CONTRADICTIONS,ORPHANS}.md` — for Issue #47 vps-home-platform-infra context (legacy salvage worktree, not Forgejo repo) - `state/glm-sunset-watch.md` — modelizm anti-pattern history - `PLATFORM_CHARTER.md` §sacred paths — for safety.py spec - `migrations/vault-to-infisical.md` — for Phase 6.2 secret migration plan - `decisions/0001-canary-mandatory-pm-cadence.md` + `decisions/0002-ci-enforcement-canary.md` — governance discipline - `docs/forgejo-agent-operations.md` — Forgejo not GitHub conventions - Live Forgejo API: PR #140 status (Packet O honcho-redis cataloging — must merge before Phase 2 starts) - Live RS 2000 SSH: compose layout (`/opt/vps-home-platform-infra/compose/{base,edge,core,apps}/compose.yaml` + `scripts/compose.sh` wrapper) ## Test plan - [ ] Operator readback: 5 phases correctly scoped (no scope creep, sequencing makes sense) - [ ] Operator readback: 3 operator-gates feel sufficient + match operator's appetite ("NIECH GINIE" mode) - [ ] Operator readback: phase-6-cutover.md Packet 6.4 compose migration approach feels right (or amend) - [ ] Operator merge of this PR - [ ] Operator dispatches: `codex exec < prompts/codex-cutover-flight/dispatch.md` - [ ] Codex executes Phase 2 → opens meta-issues + child PRs → operator reviews + merges - [ ] Phase 3-5 cascade automatically as previous phases merge - [ ] Phase 6 halts at 3 operator-gates; operator answers each; cutover completes - [ ] Final cutover commit comment posted by Codex with summary - [ ] After cutover: claude (next session) updates STATUS_NOW.md to post-cutover state ## Dispatch instruction (operator pastes in Codex App after merge) ``` cd ~/Developer/iskra-platform-2026-04-30 git pull codex exec < prompts/codex-cutover-flight/dispatch.md ``` Codex reads dispatch, then sequentially reads + executes phase-2-finish.md → phase-3-operational.md → phase-4-observability.md → phase-5-agent-execution.md → phase-6-cutover.md. 🔥 **NIECH GINIE.**

claude added 1 commit

2026-05-10 00:41:04 +02:00

docs(prompts): cutover flight — 5-phase Codex master prompt suite

canary-required / collect-diff (pull_request) Successful in 4s

Details

canary-required / canary (pull_request) Successful in 12s

Details

6e56510e1d

Operator decision 2026-05-10 chat: "NIECH GINIE 🔥🔥🔥A🔥🔥🔥" — force-push
to Phase 6 cutover overnight, operator review tomorrow morning.

5 phase prompts in agent-souls codex-handoff-packet-format, sequenced via
dispatch.md orchestrator:

- Phase 2 finish: 7 → 30+ modules v2 cataloging (gate Phase 03)
- Phase 3 operational: platformctl plan/apply/health + Tailscale SSH +
  sacred-path safety enforcer in code (safety.py)
- Phase 4 observability: Grafana + VictoriaMetrics + Loki + Alloy stack on
  RS 2000, Tailnet-only access, 14-day retention
- Phase 5 agent execution: Forgejo Actions auto-deploy on merge to main,
  Renovate dependency updates
- Phase 6 cutover: image prune + Vault sunset + sunset modules + compose
  migration to canonical pdurlej/platform/compose/ + MOVED.md finalization
  + Issue #47 close

Phase 6 has 3 explicit operator-gates (Codex MUST halt at each):
1. Image prune confirmation (operator confirms list-hash)
2. Vault unseal (operator-only action)
3. Switch-over GO (final atomic moment)

Total prompt budget: 839 lines across 6 files. Each under PROMPT_TOKEN_LIMIT
(worst: phase-6 at ~1660 tokens). Subdir `prompts/codex-cutover-flight/`
auto-excluded from test_l4_verify glob (non-recursive *.md scan).

Plus state/STATUS_NOW.md updated with:
- Cutover-flight intent + sequencing
- Operator-gates explicit
- Modelizm-#3 codified (architectural context loss; my error caught by
  Codex; addressed in phase-6-cutover.md Packet 6.4)
- PR base_ref oversight lesson (PR #123 chained branch trap; cherry-pick
  #137 fixed)
- Symmetric disclosure obligation (orchestrator follows same rules as
  atomic-task agents)

After this PR merges, in master operator (Codex thread):
  cd ~/Developer/iskra-platform-2026-04-30
  git pull
  codex exec < prompts/codex-cutover-flight/dispatch.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>