pdurlej/platform
1
1
Fork 0
Code Issues 44 Pull requests 1 Projects Releases Packages Wiki Activity Actions

governance: ADR-0006 cousin role taxonomy + ADR-0007 domain promotion policy #168

Closed
pdurlej wants to merge 1 commit from claude-orchestrator/governance-cousin-taxonomy-domain-promotion into main
pull from: claude-orchestrator/governance-cousin-taxonomy-domain-promotion
merge into: pdurlej:main
Conversation 3 Commits 1 Files changed 5 +533
pdurlej commented 2026-05-11 01:52:34 +02:00
Owner
Copy link

What

Two governance ADRs that fold cleanly per GPT-5.5 Pro oracle review (2026-05-11) without adding runtime weight. Lands as Phase 03-compatible (no module changes, no runtime mutation, pure spec/charter/docs).

ADR-0006 — Cousin Role Taxonomy (extends ADR-0005)

Formalizes the seven canonical cousins (operator, Iskra, Hermes, claude, codex, glm, antigravity) with one-sentence triggers, memory persistence model, and Forgejo-write authority.

Key decision: role attribution via metadata field (**Role:**), NOT separate git identities per role. Rejected GPT's proposed claude-orchestrator / claude-reviewer-tech separate-identity model because 9 identities × 9 PATs × 9 BW entries × rotation overhead exceeds the audit-clarity benefit in a single-operator homelab.

New named cousins: Iskra (vps1000 runtime; read-only to Forgejo) and Hermes Upstream Agency (rs2000 product discovery; outputs under /hermes/<slug>/). Both surface in operator workflows but cannot author PRs autonomously.

Identity collision rule: two roles, one cousin → disambiguate via the **Role:** field in coordination-lane comments (already required by ADR-0005), audit-log entries, and 3+3 review artifacts.

ADR-0007 — Domain Promotion Policy (path-default, subdomain-as-promotion)

Closes the operator-bandwidth sink of DNS-registrar friction per new project. GPT flagged this as one of the bandwidth-sinks ("subdomain-as-default optimizes for elegance at the cost of operator bandwidth").

Rule: new services live under pdurlej.com/projects/<slug> (experimental) or pdurlej.com/products/<slug> (post-validation) or tailnet.ts.net/<service> (Tailnet-only). Subdomain <service>.pdurlej.com granted only when one of: public identity, auth boundary, cookie boundary, product surface, or operator preference (with justification).

Schema change (separate PR follows to keep this review-clean): module.yaml adds exposure.path_or_subdomain with conditional subdomain + subdomain_justification requirements.

Grandfathered: existing subdomains as of 2026-05-11 (git, kan, honcho, umami) stay as-is; each adds subdomain_justification opportunistically.

Files

File Change Purpose
decisions/0006-cousin-role-taxonomy.md NEW The ADR itself
decisions/0007-domain-promotion-policy.md NEW The ADR itself
AGENTS.md EDIT New ## Cousins section before ## Joining as a new agent
PLATFORM_CHARTER.md EDIT New §3.5 Domain promotion policy sub-section before ## 4. Observability stack
docs/agents/cousin-roles.md NEW Operator-facing glossary; companion to ADR-0006

5 files changed, +533 / -0.

What this PR DOES

  • Formalizes Iskra and Hermes as named cousins with documented scope.
  • Resolves identity-collision ambiguity via metadata convention (no new git identities).
  • Eliminates DNS-registrar friction for short-lived experiments via path-default.
  • Codifies subdomain promotion criteria in writing for audit.
  • Stays compatible with Phase 03 platformctl work (no module-level changes; only spec/docs).

What this PR DOES NOT

  • Does NOT modify schema/module.schema.json (separate PR for the path_or_subdomain field; ADR-0007 just specifies the contract).
  • Does NOT retroactively migrate grandfathered subdomains.
  • Does NOT add a platformctl lint check for missing **Role:** fields (deferred follow-up).
  • Does NOT promote Iskra or Hermes to Forgejo write authority (requires separate ADR if needed).
  • Does NOT touch any runtime path, sacred path, or module manifest.
  • Does NOT introduce Phase 07 runtime work (that ships as separate PRs as design docs only).

Acceptance criteria

  • Two ADRs exist with Status: Proposed.
  • AGENTS.md has new ## Cousins section with canonical enumeration table.
  • PLATFORM_CHARTER.md has §3.5 Domain promotion policy with summary + ADR reference.
  • docs/agents/cousin-roles.md exists as operator-facing glossary.
  • 3+3 canary review passes (will fire on risk/process label — this PR touches decisions/ per §Security-Sensitive Class Of Service trigger).
  • Operator approves; Status: line in both ADRs flips to Accepted.

Rollback

git revert 28e0de5   # single squashable commit
git push origin main

No runtime state touched. Reverting deletes 3 net-new files + reverts AGENTS.md + PLATFORM_CHARTER.md additions. No DNS, no Traefik, no module change. Safe to revert at any point pre- or post-merge.

Refs

  • Closes (conceptual): part of the operator's 2026-05-10 vision-session asks; GPT-5.5 Pro oracle review 2026-05-11 §1 "DELTA INTEGRATION" + §2 "CONFLICTS WITH EXISTING CHARTER" + §4 OVER-ENGINEERING audit (path-vs-subdomain row).
  • Companion ADRs: ADR-0001 (canary cadence), ADR-0003 (Agent Access Plane), ADR-0005 (Forgejo coordination lanes).
  • Related future work: separate schema PR for module.yaml exposure.path_or_subdomain field; deferred platformctl lint check; Phase 07 design docs (separate PRs).

Codex effort needed

Review + merge. No runtime change. Acceptance is documentation-verifiable. After merge, the cousin language is part of the canonical spec and future PRs can reference these ADRs.

Role: advisor / drafter (claude-orchestrator)
Lane: governance, ADR drafting
Next: operator review + 3+3 canary + merge → unblock subsequent PRs in this overnight session.

## What Two governance ADRs that fold cleanly per GPT-5.5 Pro oracle review (2026-05-11) without adding runtime weight. Lands as Phase 03-compatible (no module changes, no runtime mutation, pure spec/charter/docs). ## ADR-0006 — Cousin Role Taxonomy (extends ADR-0005) Formalizes the seven canonical cousins (operator, Iskra, Hermes, claude, codex, glm, antigravity) with one-sentence triggers, memory persistence model, and Forgejo-write authority. **Key decision**: role attribution via **metadata field** (`**Role:**`), NOT separate git identities per role. Rejected GPT's proposed `claude-orchestrator` / `claude-reviewer-tech` separate-identity model because 9 identities × 9 PATs × 9 BW entries × rotation overhead exceeds the audit-clarity benefit in a single-operator homelab. **New named cousins**: Iskra (vps1000 runtime; read-only to Forgejo) and Hermes Upstream Agency (rs2000 product discovery; outputs under `/hermes/<slug>/`). Both surface in operator workflows but cannot author PRs autonomously. **Identity collision rule**: two roles, one cousin → disambiguate via the `**Role:**` field in coordination-lane comments (already required by ADR-0005), audit-log entries, and 3+3 review artifacts. ## ADR-0007 — Domain Promotion Policy (path-default, subdomain-as-promotion) Closes the operator-bandwidth sink of DNS-registrar friction per new project. GPT flagged this as one of the bandwidth-sinks ("subdomain-as-default optimizes for elegance at the cost of operator bandwidth"). **Rule**: new services live under `pdurlej.com/projects/<slug>` (experimental) or `pdurlej.com/products/<slug>` (post-validation) or `tailnet.ts.net/<service>` (Tailnet-only). Subdomain `<service>.pdurlej.com` granted only when one of: public identity, auth boundary, cookie boundary, product surface, or operator preference (with justification). **Schema change** (separate PR follows to keep this review-clean): `module.yaml` adds `exposure.path_or_subdomain` with conditional `subdomain` + `subdomain_justification` requirements. **Grandfathered**: existing subdomains as of 2026-05-11 (`git`, `kan`, `honcho`, `umami`) stay as-is; each adds `subdomain_justification` opportunistically. ## Files | File | Change | Purpose | |------|--------|---------| | `decisions/0006-cousin-role-taxonomy.md` | NEW | The ADR itself | | `decisions/0007-domain-promotion-policy.md` | NEW | The ADR itself | | `AGENTS.md` | EDIT | New `## Cousins` section before `## Joining as a new agent` | | `PLATFORM_CHARTER.md` | EDIT | New `§3.5 Domain promotion policy` sub-section before `## 4. Observability stack` | | `docs/agents/cousin-roles.md` | NEW | Operator-facing glossary; companion to ADR-0006 | 5 files changed, +533 / -0. ## What this PR DOES - ✅ Formalizes Iskra and Hermes as named cousins with documented scope. - ✅ Resolves identity-collision ambiguity via metadata convention (no new git identities). - ✅ Eliminates DNS-registrar friction for short-lived experiments via path-default. - ✅ Codifies subdomain promotion criteria in writing for audit. - ✅ Stays compatible with Phase 03 platformctl work (no module-level changes; only spec/docs). ## What this PR DOES NOT - Does NOT modify `schema/module.schema.json` (separate PR for the `path_or_subdomain` field; ADR-0007 just specifies the contract). - Does NOT retroactively migrate grandfathered subdomains. - Does NOT add a `platformctl` lint check for missing `**Role:**` fields (deferred follow-up). - Does NOT promote Iskra or Hermes to Forgejo write authority (requires separate ADR if needed). - Does NOT touch any runtime path, sacred path, or module manifest. - Does NOT introduce Phase 07 runtime work (that ships as separate PRs as design docs only). ## Acceptance criteria - [x] Two ADRs exist with Status: Proposed. - [x] AGENTS.md has new `## Cousins` section with canonical enumeration table. - [x] PLATFORM_CHARTER.md has `§3.5 Domain promotion policy` with summary + ADR reference. - [x] `docs/agents/cousin-roles.md` exists as operator-facing glossary. - [ ] 3+3 canary review passes (will fire on `risk/process` label — this PR touches `decisions/` per §Security-Sensitive Class Of Service trigger). - [ ] Operator approves; `Status:` line in both ADRs flips to `Accepted`. ## Rollback ``` git revert 28e0de5 # single squashable commit git push origin main ``` No runtime state touched. Reverting deletes 3 net-new files + reverts AGENTS.md + PLATFORM_CHARTER.md additions. No DNS, no Traefik, no module change. Safe to revert at any point pre- or post-merge. ## Refs - Closes (conceptual): part of the operator's 2026-05-10 vision-session asks; GPT-5.5 Pro oracle review 2026-05-11 §1 "DELTA INTEGRATION" + §2 "CONFLICTS WITH EXISTING CHARTER" + §4 OVER-ENGINEERING audit (path-vs-subdomain row). - Companion ADRs: ADR-0001 (canary cadence), ADR-0003 (Agent Access Plane), ADR-0005 (Forgejo coordination lanes). - Related future work: separate schema PR for `module.yaml exposure.path_or_subdomain` field; deferred `platformctl` lint check; Phase 07 design docs (separate PRs). ## Codex effort needed **Review + merge.** No runtime change. Acceptance is documentation-verifiable. After merge, the cousin language is part of the canonical spec and future PRs can reference these ADRs. --- **Role:** advisor / drafter (claude-orchestrator) **Lane:** governance, ADR drafting **Next:** operator review + 3+3 canary + merge → unblock subsequent PRs in this overnight session.
governance: ADR-0006 cousin role taxonomy + ADR-0007 domain promotion policy
All checks were successful
canary-required / collect-diff (pull_request) Successful in 3s
Details
canary-required / canary (pull_request) Successful in 12s
Details
28e0de5f38 
Two ADRs + AGENTS.md §Cousins amendment + PLATFORM_CHARTER.md §3.5 amendment
+ operator-facing glossary docs/agents/cousin-roles.md.

ADR-0006 — Cousin Role Taxonomy (extends ADR-0005)

Formalizes the seven canonical cousins (operator, Iskra, Hermes, claude,
codex, glm, antigravity) with one-sentence triggers, memory persistence
model, and Forgejo-write authority. Adopts role-metadata attribution (not
separate git identities per role) to avoid the 9-identity x 9-PAT x 9-BW
operational overhead while still disambiguating "claude said X" between
orchestrator/advisor/reviewer-tech/reviewer-product lanes.

Iskra and Hermes added as named cousins. Both are read-only to Forgejo
(cannot author PRs); their outputs land under their respective surfaces
(Signal/Matrix for Iskra; /hermes/<slug>/ for Hermes) and get promoted to
issues/PRs by operator or claude-orchestrator.

Role attribution via mandatory **Role:** field in coordination-lane comments
(per ADR-0005), recommended in PR descriptions, mandatory in
state/AUDIT_LOG.jsonl entries written after this ADR merges. Co-Role: commit
footer is RECOMMENDED when tooling distinguishes lanes (e.g.
platformctl.tools.run_review writes commits with Co-Role: reviewer-tech).

ADR-0007 — Domain Promotion Policy (path-default, subdomain-as-promotion)

Closes the operator-bandwidth sink of DNS-registrar friction per new project.

Rule: new services live under pdurlej.com/projects/<slug> (experimental) or
pdurlej.com/products/<slug> (post-validation) or tailnet.ts.net/<service>
(Tailnet-only). Subdomain (<service>.pdurlej.com) granted only on explicit
criteria: public identity, auth boundary, cookie boundary, product surface,
or operator preference with runbook justification.

Schema change: module.yaml adds exposure.path_or_subdomain field with
conditional subdomain + subdomain_justification (schema PR follows
separately to keep this PR review-clean).

Grandfathered subdomains as of 2026-05-11 (git/kan/honcho/umami) remain
as-is; each must add subdomain_justification opportunistically (follow-up
issue, low priority).

Promotion procedure: Forgejo issue using subdomain_promotion template,
operator-approved, PR amends manifest + Traefik router, operator manually
adds DNS record at the registrar (deliberate manual gate), operator
verifies via iskra-canary.

Companion files

- AGENTS.md adds §Cousins section before §Joining as a new agent.
- PLATFORM_CHARTER.md §3.5 adds Domain promotion policy sub-section
  referencing ADR-0007.
- docs/agents/cousin-roles.md is the operator-facing glossary (read when
  forgetting which cousin owns what; companion to ADR-0006).

Refs

- ADR-0005 (Forgejo coordination lanes) — extended by ADR-0006
- ADR-0001 (canary cadence) — referenced for PR size class via antigravity
- GPT-5.5 Pro oracle review 2026-05-11 — flagged identity collision and
  subdomain bandwidth sink as gaps
- vision session 2026-05-10 — surfaced cousin language (Iskra/Hermes named)

**Role:** advisor / drafter (claude-orchestrator)
claude commented 2026-05-11 01:54:30 +02:00
Collaborator
Copy link

Role: orchestrator
Intent: checkpoint
Needs owner: no (transparency note)

Self-correction: this PR (#168) was opened via the Forgejo MCP, which currently uses the operator PAT (per AGENTS.md §Step 6 + Issue #56 reference). The PR user.login therefore shows as pdurlej rather than claude. The commits within were authored as claude-orchestrator@noreply.git.pdurlej.com which is a separate identity-drift (ADR-0006 actually rejects per-role git identities; canonical is claude@noreply.git.pdurlej.com).

Two slips, both caught by me in the next PR setup. For the remainder of this overnight session:

  • git config user is reset to canonical claude (per AGENTS.md §Identity-isolation)
  • PR openings use direct curl API with claude PAT (per AGENTS.md §Step 6 explicit guidance)

Options for operator:

  • A (recommended): merge this PR as-is. The slip is documented; the ADRs themselves are correct; force-pushing to fix commit authorship would lose review history.
  • B: I close + reopen via API with claude PAT (commits stay claude-orchestrator since git history is immutable without force-push).
  • C: I rebase the branch with --author="claude <claude@noreply.git.pdurlej.com>" and force-push, then close+reopen the PR. Clean but destructive to any existing review trail.

Default if no response: A. Will note in WAKEUP_BRIEF.md.

Next: operator decision (Y/N/A) on which option, OR silent default = A.

**Role:** orchestrator **Intent:** checkpoint **Needs owner:** no (transparency note) **Self-correction**: this PR (#168) was opened via the Forgejo MCP, which currently uses the operator PAT (per AGENTS.md §Step 6 + Issue #56 reference). The PR `user.login` therefore shows as `pdurlej` rather than `claude`. The commits within were authored as `claude-orchestrator@noreply.git.pdurlej.com` which is a separate identity-drift (ADR-0006 actually rejects per-role git identities; canonical is `claude@noreply.git.pdurlej.com`). Two slips, both caught by me in the next PR setup. For the remainder of this overnight session: - git config user is reset to canonical `claude` (per AGENTS.md §Identity-isolation) - PR openings use direct curl API with `claude` PAT (per AGENTS.md §Step 6 explicit guidance) Options for operator: - **A (recommended)**: merge this PR as-is. The slip is documented; the ADRs themselves are correct; force-pushing to fix commit authorship would lose review history. - **B**: I close + reopen via API with claude PAT (commits stay claude-orchestrator since git history is immutable without force-push). - **C**: I rebase the branch with `--author="claude <claude@noreply.git.pdurlej.com>"` and force-push, then close+reopen the PR. Clean but destructive to any existing review trail. Default if no response: **A**. Will note in WAKEUP_BRIEF.md. **Next:** operator decision (Y/N/A) on which option, OR silent default = A.
claude commented 2026-05-12 00:26:49 +02:00
Collaborator
Copy link

Superseded by PR #187 (renumeration)

Role: orchestrator (Pan Herbatka, claude-thread for pdurlej/platform)

Operator's decision 2026-05-12: ADR numbers in this PR (0006 + 0007) collide with merged PR #184 (single-operator-status-file + risk-proportional-canary). Resolution:

  • Files renamed decisions/0006-cousin-role-taxonomy.mddecisions/0010-cousin-role-taxonomy.md
  • Files renamed decisions/0007-domain-promotion-policy.mddecisions/0011-domain-promotion-policy.md
  • All cross-references updated
  • Renumeration trace added to each ADR header + AGENTS.md / PLATFORM_CHARTER.md / docs/agents/cousin-roles.md inline notes
  • Substantive content from this PR preserved unchanged

This PR can be closed in favor of #187. The original drafter's work (claude-orchestrator thread) is fully preserved with attribution; only ADR numbers shift to free up 0006/0007 for the merged ADRs.

Flagged in PR #186 by Pan Herbatka; resolved by operator + Pan Herbatka in PR #187.

Refs: PR #184 (collision source), PR #186 (flag origin), PR #187 (replacement, opened 2026-05-12)

🍵

## Superseded by PR #187 (renumeration) **Role:** orchestrator (Pan Herbatka, claude-thread for `pdurlej/platform`) Operator's decision 2026-05-12: ADR numbers in this PR (0006 + 0007) collide with merged PR #184 (single-operator-status-file + risk-proportional-canary). Resolution: - Files renamed `decisions/0006-cousin-role-taxonomy.md` → `decisions/0010-cousin-role-taxonomy.md` - Files renamed `decisions/0007-domain-promotion-policy.md` → `decisions/0011-domain-promotion-policy.md` - All cross-references updated - Renumeration trace added to each ADR header + AGENTS.md / PLATFORM_CHARTER.md / docs/agents/cousin-roles.md inline notes - Substantive content from this PR preserved unchanged **This PR can be closed** in favor of #187. The original drafter's work (claude-orchestrator thread) is fully preserved with attribution; only ADR numbers shift to free up 0006/0007 for the merged ADRs. Flagged in PR #186 by Pan Herbatka; resolved by operator + Pan Herbatka in PR #187. Refs: PR #184 (collision source), PR #186 (flag origin), PR #187 (replacement, opened 2026-05-12) 🍵
claude commented 2026-05-12 00:36:54 +02:00
Collaborator
Copy link

Closing — PR #187 merged. ADR-0010/0011 + cross-refs live in main. Renumeration trace preserved in ADR headers + AGENTS.md / PLATFORM_CHARTER.md / docs/agents/cousin-roles.md.

Thanks to original drafter (claude-orchestrator thread) — content preserved verbatim, only numbers shifted.

🍵

Closing — PR #187 merged. ADR-0010/0011 + cross-refs live in main. Renumeration trace preserved in ADR headers + AGENTS.md / PLATFORM_CHARTER.md / docs/agents/cousin-roles.md. Thanks to original drafter (claude-orchestrator thread) — content preserved verbatim, only numbers shifted. 🍵
claude closed this pull request 2026-05-12 00:36:54 +02:00
Some checks are pending
canary-required / collect-diff (pull_request) Successful in 3s
Details
canary-required / canary (pull_request) Successful in 12s
Details
base-is-main / guard (pull_request)
Required
patchwarden-pr-sanity / sanity (pull_request)
Required

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
W6d-automerge-calibration

   
agent/claude-code
Vistula actor: Claude Code.

  
agent/codex
Vistula actor: Codex.

  
agent/hermes
Vistula actor: Hermes Upstream.

  
agent/iskra
Vistula actor: Iskra.

  
agent/ollama
Vistula actor: Ollama or compatible model.

  
agent/patchwarden
Vistula actor: Patchwarden.

  
automerge-candidate
Candidate for narrow W6d autonomous merge readiness pilot

  
class/security-sensitive
Security-sensitive class of service: smallest coherent PRs and full canary

  
cutover-gate
blocks production declare / final RS2000 replacement

  
dependency/blocked
Vistula dependency state: blocked.

  
dependency/blocks-others
Vistula dependency state: blocks other work.

  
dependency/cross-repo
Vistula dependency scope: cross-repository.

  
dependency/needs-confirmation
Vistula dependency state: needs confirmation.

  
domain:agents
Agent identity, delegation, subagents, routing, or workflows.

  
domain:ci
CI, checks, Actions, runners, or release automation.

  
domain:docs
Documentation, packets, practices, or source-of-truth text.

  
domain:forgejo
Forgejo issues, PRs, labels, repo settings, or identity.

  
domain:infra
Infrastructure, storage, backup, DNS, network, or host substrate.

  
domain:memory
Memory, recall, write gates, salience, or Honcho-adjacent behavior.

  
domain:runtime
Runtime services, deploys, daemons, timers, or live behavior.

  
domain:signal
Signal UX, delivery, context, or outbound behavior.

  
domain:ux
Product UX, operator experience, or conversation ergonomics.

  
flow/architecture
Vistula lifecycle: architecture phase in progress.

  
flow/blocked
Vistula lifecycle: blocked on dependency or decision.

  
flow/deployed
Vistula lifecycle: deployed to runtime where applicable.

  
flow/done
Vistula lifecycle: work merged or otherwise done.

  
flow/implementation
Vistula lifecycle: implementation phase in progress.

  
flow/intake
Vistula lifecycle: incoming signal not refined yet.

  
flow/maintained
Vistula lifecycle: maintained/steady state.

  
flow/observed
Vistula lifecycle: observed after delivery.

  
flow/ready
Vistula lifecycle: ready for architecture or implementation.

  
flow/refining
Vistula lifecycle: Hermes/spec refinement in progress.

  
flow/retired
Vistula lifecycle: retired or intentionally closed.

  
flow/review
Vistula lifecycle: review phase in progress.

  
iterating
Orchestrator/Codex actively amending in response to review — operator can ignore until resolved

  
judge/codex-candidate
Candidate for Codex implementation.

  
judge/hermes-candidate
Candidate for Hermes discovery/research.

  
judge/low-confidence
Judgment confidence is low.

  
judge/needs-refinement
Needs clearer evidence or scope.

  
judge/operator-needed
Needs Piotr decision or input.

  
judge/p0
Urgent, operator attention or unblock now.

  
judge/p1
High value, schedule soon.

  
judge/p2
Useful, normal queue.

  
judge/p3
Low priority, keep but do not chase.

  
judge/park
Parked from current attention.

  
judge/patchwarden-candidate
Needs Patchwarden merge-safety attention.

  
judge/stale-priority
Existing priority judgment appears stale.

  
kind/adr
Vistula work kind: architecture decision record.

  
kind/bug
Vistula work kind: bug fix.

  
kind/chore
Vistula work kind: chore.

  
kind/feature
Vistula work kind: feature.

  
kind/infra
Vistula work kind: infrastructure.

  
kind/ops
Vistula work kind: operations.

  
kind/refactor
Vistula work kind: refactor.

  
kind/research
Vistula work kind: research/discovery.

  
large-impact
Per charter §3 review-by-impact: large impact (≥300 LOC OR new module OR identity/secret change OR architectural pivot) — Oracle pre-review recommended

  
merge/auto
Vistula merge mode: automated merge.

  
merge/manual
Vistula merge mode: manual merge.

  
merge/manual-dependency-conflict
Manual merge reason: dependency conflict.

  
merge/manual-failing-tests
Manual merge reason: failing tests.

  
merge/manual-merge-conflict
Manual merge reason: merge conflict.

  
merge/manual-missing-review
Manual merge reason: missing review.

  
merge/manual-operator-preference
Manual merge reason: operator preference.

  
merge/manual-red-zone
Manual merge reason: red-zone risk.

  
merge/manual-security-sensitive
Manual merge reason: security-sensitive work.

  
merge/manual-unclear-scope
Manual merge reason: unclear scope.

  
merge/manual-unknown
Manual merge reason: unknown.

  
meta
meta-decomposition issue; first agent decomposes into atomic children

  
mode:operator-only
Apply step requires explicit operator approval.

  
mode:patchwarden-iskra-approved
Work eligible for Patchwarden/Iskra approval inside repo policy.

  
mode:safe-auto
Low-risk work eligible for lightweight autonomous handling.

  
needs-operator-decision
PR is blocked on operator yes/no decision — fresh-Claude/Codex won't make this call alone

  
needs-triage
decomposing agent has open questions / unknowns

  
not-ready
reviewed but blocked on a precondition

  
observed/erroring
Vistula observation: erroring.

  
observed/needs-followup
Vistula observation: needs follow-up.

  
observed/pending
Vistula observation: pending.

  
observed/retire-candidate
Vistula observation: retire candidate.

  
observed/unused
Vistula observation: unused.

  
observed/used
Vistula observation: used.

  
operator-emotional
operator-emotional importance (Iskra memory etc.)

  
owner-attention
owner must decide; blocks default path

  
phase/02
Phase 02 cataloging

  
phase/03
Phase 03 control plane (platformctl)

  
priority:p0
Immediate safety, uptime, data, or operator-blocking issue.

  
priority:p1
Important active work; should be pulled soon.

  
priority:p2
Useful normal-priority work.

  
priority:p3
Opportunistic cleanup, research, or backlog work.

  
proposed
auto-generated by meta-decomposition; awaiting human review

  
ready-for-agent
reviewed and pickable; agents may claim per cookbook

  
ready-for-operator
PR is ready for operator review/merge — orchestrator finished its part

  
recovery
disaster recovery / restore semantics relevant

  
review:claude-reviewed
Reviewed by Claude-family agent.

  
review:codex-reviewed
Reviewed by Codex-family agent.

  
review:dziadek-reviewed
Reviewed by Dziadek pinch-point reviewer.

  
review:needs-human
Needs human review before merge or apply.

  
risk/exposure
incorrectly public/private/tailnet/auth/routed

  
risk/process
workflow/review/orchestration may produce bad outcomes

  
risk/product
work may have lost owner/user value

  
risk/runtime
platform may not run, recover, validate, behave reproducibly

  
safety:external-write
May write to external systems, users, rooms, repos, or services.

  
safety:no-prod-mutation
Must not mutate production or live external state.

  
safety:prod-impact
May affect production/runtime behavior.

  
safety:secret-touch
Touches secrets, credentials, auth, or secret-adjacent config.

  
size/large
Vistula size: large.

  
size/medium
Vistula size: medium.

  
size/small
Vistula size: small.

  
size/tiny
Vistula size: tiny.

  
size/unknown
Vistula size: not classified yet.

  
source/adr
Vistula source: ADR.

  
source/agent-generated
Vistula source: agent generated.

  
source/manual
Vistula source: manual entry.

  
source/operator-chat
Vistula source: operator chat.

  
source/voice-note
Vistula source: voice note.

  
status:blocked
Blocked by missing dependency, evidence, access, or operator decision.

  
status:codex-ready
Ready for a Codex implementation pass.

  
status:merged:pending-evidence
Merged but waiting for live or artifact evidence before closure.

  
status:needs-evidence
Needs proof, logs, tests, or operator-visible evidence.

  
status:operator-needed
Requires explicit operator input before safe progress.

  
status:parked
Intentionally deferred; not active campaign work.

  
tier/full
Full review tier per ADR-0007

  
tier/lite
Lite review tier per ADR-0007

  
tier/stacked
Stacked PR (base != main) escape hatch per ADR-0017. Requires consolidator-PR plan in PR body.

  
tier:0-platform-substrate
Data, secrets, backup, storage, or critical platform substrate.

  
tier:1-iskra-value-layer
Iskra/OpenClaw behavior, memory, runtime, or value-layer work.

  
tier:2-tools-products-modules
Tools, products, modules, experiments, and lower-blast-radius work.

  
type:bug
Incorrect behavior or regression.

  
type:chore
Maintenance, cleanup, metadata, or operational task.

  
type:docs
Documentation-only work.

  
type:feat
New capability or product behavior.

  
type:policy
Governance, protocol, boundary, or decision-contract change.

  
type:research
Investigation, spike, or evidence-gathering task.

No labels
W6d-automerge-calibration
agent/claude-code
agent/codex
agent/hermes
agent/iskra
agent/ollama
agent/patchwarden
automerge-candidate
class/security-sensitive
cutover-gate
dependency/blocked
dependency/blocks-others
dependency/cross-repo
dependency/needs-confirmation
domain:agents
domain:ci
domain:docs
domain:forgejo
domain:infra
domain:memory
domain:runtime
domain:signal
domain:ux
flow/architecture
flow/blocked
flow/deployed
flow/done
flow/implementation
flow/intake
flow/maintained
flow/observed
flow/ready
flow/refining
flow/retired
flow/review
iterating
judge/codex-candidate
judge/hermes-candidate
judge/low-confidence
judge/needs-refinement
judge/operator-needed
judge/p0
judge/p1
judge/p2
judge/p3
judge/park
judge/patchwarden-candidate
judge/stale-priority
kind/adr
kind/bug
kind/chore
kind/feature
kind/infra
kind/ops
kind/refactor
kind/research
large-impact
merge/auto
merge/manual
merge/manual-dependency-conflict
merge/manual-failing-tests
merge/manual-merge-conflict
merge/manual-missing-review
merge/manual-operator-preference
merge/manual-red-zone
merge/manual-security-sensitive
merge/manual-unclear-scope
merge/manual-unknown
meta
mode:operator-only
mode:patchwarden-iskra-approved
mode:safe-auto
needs-operator-decision
needs-triage
not-ready
observed/erroring
observed/needs-followup
observed/pending
observed/retire-candidate
observed/unused
observed/used
operator-emotional
owner-attention
phase/02
phase/03
priority:p0
priority:p1
priority:p2
priority:p3
proposed
ready-for-agent
ready-for-operator
recovery
review:claude-reviewed
review:codex-reviewed
review:dziadek-reviewed
review:needs-human
risk/exposure
risk/process
risk/product
risk/runtime
safety:external-write
safety:no-prod-mutation
safety:prod-impact
safety:secret-touch
size/large
size/medium
size/small
size/tiny
size/unknown
source/adr
source/agent-generated
source/manual
source/operator-chat
source/voice-note
status:blocked
status:codex-ready
status:merged:pending-evidence
status:needs-evidence
status:operator-needed
status:parked
tier/full
tier/lite
tier/stacked
tier:0-platform-substrate
tier:1-iskra-value-layer
tier:2-tools-products-modules
type:bug
type:chore
type:docs
type:feat
type:policy
type:research
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pdurlej/platform!168
No description provided.