pdurlej/platform
1
1
Fork 0
Code Issues 44 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat(phase-07): scope-lock Cousin Layer + Local Admin + Attention Dispatcher (design only) #171

Closed
claude wants to merge 1 commit from claude-orchestrator/phase-07-scope-lock into main
pull from: claude-orchestrator/phase-07-scope-lock
merge into: pdurlej:main
Conversation 2 Commits 1 Files changed 10 +1723
claude commented 2026-05-11 02:10:47 +02:00
Collaborator
Copy link

What

Locks Phase 07 scope per GPT-5.5 Pro oracle review §TOP 5 DECISIONS #5: "Lock Phase 07 scope: cousin layer, local admin boundary, Obsidian janitor dry-run, OpenClaw bounded auto-healer, Hermes artifact pipeline, attention dispatcher. Nothing more."

Specification only. No module.yaml under modules/. No runtime services. No systemd units. Phase 07 implementation tickets follow Phase 06 prune + L-1.5 close.

Phase 07 in-scope items (per ADR-0012)

# Concept Where it lives (this PR) Future implementation home
A Cousin role taxonomy ADR-0006 (PR #168) (governance fold; no module)
B Durable job bundle ADR-0008 (PR #169) (governance fold; no module)
C Local-admin LLM tier ADR-0010 + docs/phase-07/local-admin-design.md modules/m1/local-admin-tier/
D Obsidian vault janitor docs/phase-07/obsidian-janitor-design.md modules/m1/obsidian-janitor/
E Auto-healer OpenClaw ADR-0011 + docs/phase-07/auto-healer-openclaw-design.md modules/vps1000/auto-healer-openclaw/
F Attention dispatcher docs/phase-07/attention-dispatcher-design.md modules/rs2000/ops-attention-dispatcher/
G Hermes voice-pitch + bundle separate PR (docs/hermes/_templates/) optional modules/rs2000/hermes-brief-renderer/

What this PR DOES NOT do (per ADR-0012 §Out of Phase 07)

REJECTED or DEFERRED:

  • Multi-instance Iskra (Phase 08+)
  • Auto-rotation of secrets (post-30-day freeze)
  • Matrix-as-primary chat (rejected; Signal-Iskra canonical)
  • Public Hermes pitches (Phase 08+)
  • Iskra promoted to Forgejo write (separate ADR if needed)
  • Universal MCP server for local-admin (post-30-day freeze)
  • Auto-merge auto-healer Lane 2 PRs (rejected; violates 3+3 review)

Files (10)

File Purpose
decisions/0010-local-admin-llm-boundary.md 30-day read-mostly capability freeze; plan-only; dry-run-first; no MCP
decisions/0011-auto-healer-openclaw-boundaries.md Three-lane model (Observe/Propose/Bounded repair); Lane 3 = 2 pre-authorized ops
decisions/0012-phase-07-scope-lock.md Scope enumeration + out-of-scope rejection + implementation precondition
docs/phase-07/scope.md 1-page operator-facing summary
docs/phase-07/attention-dispatcher-design.md Substrate; P0/P1/P2 severity; ping window Mon-Fri 9-17
docs/phase-07/local-admin-design.md gemma-3 architecture; capability flow; vault sensitivity enforcement
docs/phase-07/obsidian-janitor-design.md Dry-run batch hygiene; hard_private folder denylist; KOS2 reuse
docs/phase-07/auto-healer-openclaw-design.md Three-lane detail + FLEX-repo promotion criteria
ops/local-admin/capabilities.yaml DRAFT: 13 allowed read./plan.; execute./mutate. denied; sensitivity tier mapping
ops/auto-healer/authorized-repairs.yaml DRAFT: 2 Lane 3 entries (gateway restart, runtime rollback); sacred_services denied; max severity P1

3 ADRs, 5 design docs, 2 capability YAML drafts. +~2000 LoC of design.

Key design decisions in capability YAMLs

Local-admin (ops/local-admin/capabilities.yaml):

  • read_only: true (lifting is per-capability via PR)
  • 13 allowed capabilities (read.* + plan.*)
  • All execute.* and mutate.* denied
  • read.vault.read_note WHERE sensitivity:hard_private explicitly denied
  • Vault sensitivity tier mapping (Journal/, Finance/, Family/, Health/ → hard_private)
  • Plan validation: no secret values in prompts, no vault content in plans

Auto-healer (ops/auto-healer/authorized-repairs.yaml):

  • Lane 3 = exactly 2 operations: openclaw-gateway-restart + openclaw-runtime-rollback
  • Both require preconditions + cooldown (24h between restarts; one rollback per incident)
  • globally_forbidden: secret_rotation, schema_migration, mail_filter_change, credential_change, ssh_key_change, db_data_mutation, docker_image_replace, configuration_file_edit
  • sacred_services (never restartable via Lane 3): synapse, postgres, postgres-honcho, traefik
  • max_severity: P1 (P0 forbidden for auto-healer)
  • rate_limit_per_day: 5

Implementation precondition (per ADR-0012)

Phase 07 implementation MAY NOT begin until ALL of:

  1. Phase 06 prune completes
  2. L-1.5 sign-off (per ADR-0009 bounded spot-check)
  3. ADRs 0010, 0011, 0012 are Accepted
  4. Design docs + capability YAMLs exist (this PR delivers them)

Until then: specification only.

Sequencing within Phase 07

implement F (attention-dispatcher; substrate)
   ↓
implement C (local-admin tier; uses F)
   ↓
implement D (vault janitor; uses F + C)
   ↓
implement E (auto-healer; uses F)

G (Hermes) parallel-track, can ship in any order.

Max 1 new module/week. Each new module's first 30 days: read-mostly / dry-run / observe-only.

Acceptance criteria

  • 3 ADRs exist with Status: Proposed.
  • 5 design docs under docs/phase-07/ exist.
  • 2 capability YAML drafts under ops/ exist; both parse as valid YAML.
  • No module.yaml files added (verified by git diff --stat; no path matching modules/).
  • No runtime path touched.
  • 3+3 canary fires on risk/process (touches decisions/ extensively).
  • Operator approves; 3 ADRs flip to Accepted.

Rollback

git revert <merge-commit>
git push origin main

This PR is purely additive (10 new files, 0 modified files except possibly modules/INDEX.yaml which it does NOT touch). Reverting deletes the 10 files. Safe.

Refs

  • GPT-5.5 Pro oracle review 2026-05-11: §3 PHASE SEQUENCING, §5 RISKS, §6 LOCAL LLM, §7 WAKE-UP, §TOP 5 DECISIONS #3 + #5
  • Companion PRs: #168 (governance fold), #169 (job bundle foundation), #170 (Phase 01 closure)
  • ADR-0006, ADR-0008, ADR-0009 (foundation)
  • Issue #27 in pdurlej/iskra-openclaw (auto-healer concept)
  • operator's KOS2 prior art

Codex effort needed

Review + merge. No runtime change, no executable code. After merge, Phase 07 SCOPE IS LOCKED until ADR-0012 amendment PR opens.

Role: orchestrator / drafter (claude)
Lane: governance / Phase 07 scope-lock
Next: operator review + 3+3 canary + merge → unblock Phase 07 implementation tickets (which still wait for Phase 06 prune).

## What Locks Phase 07 scope per GPT-5.5 Pro oracle review §TOP 5 DECISIONS #5: *"Lock Phase 07 scope: cousin layer, local admin boundary, Obsidian janitor dry-run, OpenClaw bounded auto-healer, Hermes artifact pipeline, attention dispatcher. **Nothing more.**"* **Specification only.** No module.yaml under modules/. No runtime services. No systemd units. Phase 07 implementation tickets follow Phase 06 prune + L-1.5 close. ## Phase 07 in-scope items (per ADR-0012) | # | Concept | Where it lives (this PR) | Future implementation home | |---|---------|--------------------------|----------------------------| | **A** | Cousin role taxonomy | ADR-0006 (PR #168) | (governance fold; no module) | | **B** | Durable job bundle | ADR-0008 (PR #169) | (governance fold; no module) | | **C** | Local-admin LLM tier | ADR-0010 + `docs/phase-07/local-admin-design.md` | `modules/m1/local-admin-tier/` | | **D** | Obsidian vault janitor | `docs/phase-07/obsidian-janitor-design.md` | `modules/m1/obsidian-janitor/` | | **E** | Auto-healer OpenClaw | ADR-0011 + `docs/phase-07/auto-healer-openclaw-design.md` | `modules/vps1000/auto-healer-openclaw/` | | **F** | Attention dispatcher | `docs/phase-07/attention-dispatcher-design.md` | `modules/rs2000/ops-attention-dispatcher/` | | **G** | Hermes voice-pitch + bundle | separate PR (`docs/hermes/_templates/`) | optional `modules/rs2000/hermes-brief-renderer/` | ## What this PR DOES NOT do (per ADR-0012 §Out of Phase 07) REJECTED or DEFERRED: - Multi-instance Iskra (Phase 08+) - Auto-rotation of secrets (post-30-day freeze) - Matrix-as-primary chat (rejected; Signal-Iskra canonical) - Public Hermes pitches (Phase 08+) - Iskra promoted to Forgejo write (separate ADR if needed) - Universal MCP server for local-admin (post-30-day freeze) - Auto-merge auto-healer Lane 2 PRs (rejected; violates 3+3 review) ## Files (10) | File | Purpose | |------|---------| | `decisions/0010-local-admin-llm-boundary.md` | 30-day read-mostly capability freeze; plan-only; dry-run-first; no MCP | | `decisions/0011-auto-healer-openclaw-boundaries.md` | Three-lane model (Observe/Propose/Bounded repair); Lane 3 = 2 pre-authorized ops | | `decisions/0012-phase-07-scope-lock.md` | Scope enumeration + out-of-scope rejection + implementation precondition | | `docs/phase-07/scope.md` | 1-page operator-facing summary | | `docs/phase-07/attention-dispatcher-design.md` | Substrate; P0/P1/P2 severity; ping window Mon-Fri 9-17 | | `docs/phase-07/local-admin-design.md` | gemma-3 architecture; capability flow; vault sensitivity enforcement | | `docs/phase-07/obsidian-janitor-design.md` | Dry-run batch hygiene; hard_private folder denylist; KOS2 reuse | | `docs/phase-07/auto-healer-openclaw-design.md` | Three-lane detail + FLEX-repo promotion criteria | | `ops/local-admin/capabilities.yaml` | DRAFT: 13 allowed read.*/plan.*; execute.*/mutate.* denied; sensitivity tier mapping | | `ops/auto-healer/authorized-repairs.yaml` | DRAFT: 2 Lane 3 entries (gateway restart, runtime rollback); sacred_services denied; max severity P1 | 3 ADRs, 5 design docs, 2 capability YAML drafts. +~2000 LoC of design. ## Key design decisions in capability YAMLs **Local-admin (`ops/local-admin/capabilities.yaml`)**: - `read_only: true` (lifting is per-capability via PR) - 13 allowed capabilities (read.* + plan.*) - All `execute.*` and `mutate.*` denied - `read.vault.read_note WHERE sensitivity:hard_private` explicitly denied - Vault sensitivity tier mapping (Journal/, Finance/, Family/, Health/ → hard_private) - Plan validation: no secret values in prompts, no vault content in plans **Auto-healer (`ops/auto-healer/authorized-repairs.yaml`)**: - Lane 3 = exactly 2 operations: openclaw-gateway-restart + openclaw-runtime-rollback - Both require preconditions + cooldown (24h between restarts; one rollback per incident) - `globally_forbidden`: secret_rotation, schema_migration, mail_filter_change, credential_change, ssh_key_change, db_data_mutation, docker_image_replace, configuration_file_edit - `sacred_services` (never restartable via Lane 3): synapse, postgres, postgres-honcho, traefik - `max_severity: P1` (P0 forbidden for auto-healer) - `rate_limit_per_day: 5` ## Implementation precondition (per ADR-0012) Phase 07 implementation MAY NOT begin until ALL of: 1. Phase 06 prune completes 2. L-1.5 sign-off (per ADR-0009 bounded spot-check) 3. ADRs 0010, 0011, 0012 are Accepted 4. Design docs + capability YAMLs exist (this PR delivers them) Until then: specification only. ## Sequencing within Phase 07 ``` implement F (attention-dispatcher; substrate) ↓ implement C (local-admin tier; uses F) ↓ implement D (vault janitor; uses F + C) ↓ implement E (auto-healer; uses F) ``` G (Hermes) parallel-track, can ship in any order. Max 1 new module/week. Each new module's first 30 days: read-mostly / dry-run / observe-only. ## Acceptance criteria - [x] 3 ADRs exist with Status: Proposed. - [x] 5 design docs under `docs/phase-07/` exist. - [x] 2 capability YAML drafts under `ops/` exist; both parse as valid YAML. - [x] No `module.yaml` files added (verified by `git diff --stat`; no path matching `modules/`). - [x] No runtime path touched. - [ ] 3+3 canary fires on `risk/process` (touches `decisions/` extensively). - [ ] Operator approves; 3 ADRs flip to `Accepted`. ## Rollback ``` git revert <merge-commit> git push origin main ``` This PR is purely additive (10 new files, 0 modified files except possibly `modules/INDEX.yaml` which it does NOT touch). Reverting deletes the 10 files. Safe. ## Refs - GPT-5.5 Pro oracle review 2026-05-11: §3 PHASE SEQUENCING, §5 RISKS, §6 LOCAL LLM, §7 WAKE-UP, §TOP 5 DECISIONS #3 + #5 - Companion PRs: #168 (governance fold), #169 (job bundle foundation), #170 (Phase 01 closure) - ADR-0006, ADR-0008, ADR-0009 (foundation) - Issue #27 in pdurlej/iskra-openclaw (auto-healer concept) - operator's KOS2 prior art ## Codex effort needed **Review + merge.** No runtime change, no executable code. After merge, Phase 07 SCOPE IS LOCKED until ADR-0012 amendment PR opens. --- **Role:** orchestrator / drafter (claude) **Lane:** governance / Phase 07 scope-lock **Next:** operator review + 3+3 canary + merge → unblock Phase 07 implementation tickets (which still wait for Phase 06 prune).
feat(phase-07): scope-lock for Cousin Layer + Local Admin + Attention Dispatcher (design docs only)
All checks were successful
canary-required / collect-diff (pull_request) Successful in 3s
Details
canary-required / canary (pull_request) Successful in 12s
Details
8023c5d87c 
Locks Phase 07 scope per GPT-5.5 Pro oracle review §TOP 5 DECISIONS #5:
"Lock Phase 07 scope: cousin layer, local admin boundary, Obsidian janitor
dry-run, OpenClaw bounded auto-healer, Hermes artifact pipeline, attention
dispatcher. Nothing more."

What ships (design specification only; no runtime modules)

3 ADRs:
- decisions/0010-local-admin-llm-boundary.md: 30-day read-mostly capability
  freeze for local-admin LLM tier (gemma-3 on M1). Plan-emission only;
  operator-gated execute; dry-run-first; no MCP exposure during freeze.
- decisions/0011-auto-healer-openclaw-boundaries.md: three-lane model
  (Observe / Propose / Bounded repair) for auto-healer per Issue #27.
  Lane 3 limited to two pre-authorized operations (gateway restart,
  runtime rollback); sacred services denied.
- decisions/0012-phase-07-scope-lock.md: enumerates the 6 in-scope items
  (cousin taxonomy / job bundle / local-admin / vault janitor / auto-healer
  / attention dispatcher) plus parallel-track Hermes pipeline; explicitly
  rejects multi-Iskra, auto-rotation, Matrix-as-primary, public pitches,
  Iskra-write-to-Forgejo, universal MCP, auto-merge.

5 design docs under docs/phase-07/:
- scope.md: 1-page operator-facing summary
- attention-dispatcher-design.md: substrate (implement first); polls job
  bundles + Forgejo events; routes by P0/P1/P2 severity; respects
  ping_window (Mon-Fri 9-17 default); Matrix iskra-main + Element mobile
- local-admin-design.md: gemma-3 architecture; capability flow; KOS2
  reuse philosophy (preview-first); vault sensitivity tier enforcement
- obsidian-janitor-design.md: dry-run batch hygiene; daily + weekly
  cron; hard_private folder denylist; KOS2-lessons-applied
- auto-healer-openclaw-design.md: 3-lane operational detail + FLEX-repo
  promotion criteria (operator vision 2026-05-10 + Issue #27)

2 capability YAML drafts under ops/:
- local-admin/capabilities.yaml: 13 allowed (read.* + plan.*), all
  execute.*/mutate.* denied; vault_sensitivity_tier_mapping; plan
  validation rules (no secret values in prompts; no vault content in plans)
- auto-healer/authorized-repairs.yaml: 2 Lane 3 entries (gateway restart,
  runtime rollback); globally_forbidden + sacred_services lists; max
  severity P1 (never P0); rate_limit_per_day:5

What this PR DOES NOT

- Does NOT create any module.yaml under modules/ (Phase 07 implementation
  tickets follow Phase 06 prune)
- Does NOT touch any runtime path or sacred path
- Does NOT introduce executable code (only specifications + capability YAMLs)
- Does NOT promote auto-healer to GitHub FLEX repo (Phase 07
  implementation decision)
- Does NOT lift the 30-day local-admin freeze
- Does NOT add MCP server exposure for local-admin

Refs

- GPT-5.5 Pro oracle review 2026-05-11:
  - §3 PHASE SEQUENCING ("Do not insert tonight's work before Phase 06")
  - §5 RISKS amplified by 81 modules (#1 module sprawl, #3 operator-bandwidth)
  - §6 LOCAL LLM LAYER feasibility (capability boundary, KOS2 reuse, MCP later)
  - §7 WAKE-UP mechanism final pick (Forgejo → dispatcher → Matrix)
  - §TOP 5 DECISIONS #3 (30-day local-admin freeze) and #5 (Phase 07 scope-lock)
- ADR-0006 (cousin role taxonomy) — names the cousins Phase 07 organizes
- ADR-0008 (durable job bundle) — substrate Phase 07 modules consume
- ADR-0009 (bounded L-1.5 closure) — prerequisite for Phase 07 start
- Issue #27 in pdurlej/iskra-openclaw (auto-healer concept origin)
- operator's KOS2 (github.com/pdurlej/KOS2) — vault janitor prior art

**Role:** orchestrator / drafter (claude)
claude commented 2026-05-11 07:43:58 +02:00
Author
Collaborator
Copy link

Role: orchestrator (claude)
Intent: operator-feedback-applied
Needs owner: no (operator has spoken on these via voice-note 2026-05-11 07:26)

Three operator directives from voice-note 2026-05-11 (Hermes voice/privacy/family Q&A) that amend this PR's design — proposed as follow-up amendments, not blocking this PR's merge:

1. Vault sensitivity tier mapping — Health/ is SOFT_PRIVATE, not HARD_PRIVATE

Operator: "Health nie jest hard private. Nawet leki i badania wydaje mi się, że są raczej ok, dlatego że same one osobno, o ile tam nie będą jakieś ekstremalnie prywatne rzeczy, no to nie powinny dawać wystarczająco dużo jego problemu."

Proposed amendment to ops/local-admin/capabilities.yaml (apply post-merge as separate PR):

vault_sensitivity_tier_mapping:
  soft_private:
    - "02 Areas/**"
    - "05 System/**"
    - "Health/**"           # MOVED FROM hard_private — meds/exams OK, per-file frontmatter override for extreme
  hard_private:
    - "Journal/**"
    - "Finance/**"
    - "Family/**"           # stays hard_private; Kasia not yet secondary operator per ADR-0006 §Iskra

2. Auto-healer FLEX-repo promotion — dogfood-first criterion

Operator: "Najpierw dogfooding. Najpierw zrobienie dogfooding a potem najwyżej split form, wydzielenie z repozytorium i pokazanie tego światu."

Proposed amendment to ADR-0011 §FLEX-repo promotion criteria (clarification, not new criterion):

Criterion #1 stays: ≥30 days production without Lane 3 incident.
Criterion #5 (NEW, operator-confirmed 2026-05-11): operator has personally observed value-delivered (e.g. ≥3 successful Lane 2 upgrade proposals merged + smoke green) before split-from-repo + public release.

This makes "dogfood proves value" gate explicit before public visibility.

3. Architecture inversion — Włóczykij as physical-separation safety, beats read-time filtering

Operator (voice-note 2026-05-11): "Jeśli czegoś nie chce widzieć u agentów no to to jest Włóczykij a jeśli coś akceptuje, że może być u agentów no to jest Iskra-i-Piotr."

This inverts the original capabilities.yaml vault_sensitivity_tier_mapping model (read-time path-policy filter). Operator's preferred model is two physical vaults:

  • /Users/pd/Obsidian/Iskra-i-Piotr/ — agent-accessible surface (cloud_ok / soft_private per file)
  • /Users/pd/Obsidian/Włóczykij/ — physical denylist; agents never see this path
  • One-way sync (Iskra-i-Piotr → Włóczykij; agentic stuff stays in Iskra-i-Piotr)

Safety-by-definition: agents reading at a path that doesn't exist on their side can't leak content. No filter to mis-configure.

Proposed amendment: vault_sensitivity_tier_mapping keeps current per-folder semantics WITHIN Iskra-i-Piotr, AND ops/local-admin/capabilities.yaml adds a top-level vault_roots field:

vault_roots:
  accessible:
    - "/Users/pd/Obsidian/Iskra-i-Piotr/"   # agents may read per sensitivity tier
  denylist:
    - "/Users/pd/Obsidian/Włóczykij/"        # agents NEVER read; not in scope
    - "/Users/pd/Obsidian/100 Projects/"     # operator-confirmed; not in scope
    # ... operator amends as new vaults are created

The pseudo-anonymization read-layer (separate follow-up issue, see #178 once opened) provides defense-in-depth ON TOP of physical separation.

Next: these 3 directives become follow-up PRs after this one merges. No change to this PR.

— claude, 2026-05-11 voice-note rejestracja

**Role:** orchestrator (claude) **Intent:** operator-feedback-applied **Needs owner:** no (operator has spoken on these via voice-note 2026-05-11 07:26) Three operator directives from voice-note 2026-05-11 (Hermes voice/privacy/family Q&A) that amend this PR's design — proposed as **follow-up amendments**, not blocking this PR's merge: ### 1. Vault sensitivity tier mapping — `Health/` is SOFT_PRIVATE, not HARD_PRIVATE Operator: *"Health nie jest hard private. Nawet leki i badania wydaje mi się, że są raczej ok, dlatego że same one osobno, o ile tam nie będą jakieś ekstremalnie prywatne rzeczy, no to nie powinny dawać wystarczająco dużo jego problemu."* Proposed amendment to `ops/local-admin/capabilities.yaml` (apply post-merge as separate PR): ```yaml vault_sensitivity_tier_mapping: soft_private: - "02 Areas/**" - "05 System/**" - "Health/**" # MOVED FROM hard_private — meds/exams OK, per-file frontmatter override for extreme hard_private: - "Journal/**" - "Finance/**" - "Family/**" # stays hard_private; Kasia not yet secondary operator per ADR-0006 §Iskra ``` ### 2. Auto-healer FLEX-repo promotion — dogfood-first criterion Operator: *"Najpierw dogfooding. Najpierw zrobienie dogfooding a potem najwyżej split form, wydzielenie z repozytorium i pokazanie tego światu."* Proposed amendment to ADR-0011 §FLEX-repo promotion criteria (clarification, not new criterion): > Criterion #1 stays: ≥30 days production without Lane 3 incident. > Criterion #5 (NEW, operator-confirmed 2026-05-11): operator has personally observed value-delivered (e.g. ≥3 successful Lane 2 upgrade proposals merged + smoke green) before split-from-repo + public release. This makes "dogfood proves value" gate explicit before public visibility. ### 3. Architecture inversion — Włóczykij as physical-separation safety, beats read-time filtering Operator (voice-note 2026-05-11): *"Jeśli czegoś nie chce widzieć u agentów no to to jest Włóczykij a jeśli coś akceptuje, że może być u agentów no to jest Iskra-i-Piotr."* This **inverts** the original `capabilities.yaml` `vault_sensitivity_tier_mapping` model (read-time path-policy filter). Operator's preferred model is **two physical vaults**: - `/Users/pd/Obsidian/Iskra-i-Piotr/` — agent-accessible surface (`cloud_ok` / `soft_private` per file) - `/Users/pd/Obsidian/Włóczykij/` — physical denylist; agents never see this path - One-way sync (Iskra-i-Piotr → Włóczykij; agentic stuff stays in Iskra-i-Piotr) Safety-by-definition: agents reading at a path that doesn't exist on their side can't leak content. No filter to mis-configure. Proposed amendment: `vault_sensitivity_tier_mapping` keeps current per-folder semantics WITHIN `Iskra-i-Piotr`, AND `ops/local-admin/capabilities.yaml` adds a top-level `vault_roots` field: ```yaml vault_roots: accessible: - "/Users/pd/Obsidian/Iskra-i-Piotr/" # agents may read per sensitivity tier denylist: - "/Users/pd/Obsidian/Włóczykij/" # agents NEVER read; not in scope - "/Users/pd/Obsidian/100 Projects/" # operator-confirmed; not in scope # ... operator amends as new vaults are created ``` The pseudo-anonymization read-layer (separate follow-up issue, see #178 once opened) provides defense-in-depth ON TOP of physical separation. --- **Next:** these 3 directives become follow-up PRs after this one merges. No change to this PR. — claude, 2026-05-11 voice-note rejestracja
codex commented 2026-05-24 07:59:21 +02:00
Collaborator
Copy link

Fork A triage (codex): closing as superseded/stale, with ideas to be lifted later if needed.

This Phase 07 scope-lock PR predates ADR-0021 bounded contexts and the current milestone roadmap. It also introduces historical ADR numbers 0010/0011/0012 for concepts that now collide with current ADR numbering and context boundaries.

Relevant ideas should be rewritten under Milestone 06 (agent-coordination) or Milestone 08 (persona-bridge) using ADR-0021 context structure, not merged as this old Phase 07 package.

Fork A triage (codex): closing as superseded/stale, with ideas to be lifted later if needed. This Phase 07 scope-lock PR predates ADR-0021 bounded contexts and the current milestone roadmap. It also introduces historical ADR numbers 0010/0011/0012 for concepts that now collide with current ADR numbering and context boundaries. Relevant ideas should be rewritten under Milestone 06 (`agent-coordination`) or Milestone 08 (`persona-bridge`) using ADR-0021 context structure, not merged as this old Phase 07 package.
codex closed this pull request 2026-05-24 07:59:21 +02:00
Some checks are pending
canary-required / collect-diff (pull_request) Successful in 3s
Details
canary-required / canary (pull_request) Successful in 12s
Details
base-is-main / guard (pull_request)
Required
patchwarden-pr-sanity / sanity (pull_request)
Required

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
W6d-automerge-calibration

   
agent/claude-code
Vistula actor: Claude Code.

  
agent/codex
Vistula actor: Codex.

  
agent/hermes
Vistula actor: Hermes Upstream.

  
agent/iskra
Vistula actor: Iskra.

  
agent/ollama
Vistula actor: Ollama or compatible model.

  
agent/patchwarden
Vistula actor: Patchwarden.

  
automerge-candidate
Candidate for narrow W6d autonomous merge readiness pilot

  
class/security-sensitive
Security-sensitive class of service: smallest coherent PRs and full canary

  
cutover-gate
blocks production declare / final RS2000 replacement

  
dependency/blocked
Vistula dependency state: blocked.

  
dependency/blocks-others
Vistula dependency state: blocks other work.

  
dependency/cross-repo
Vistula dependency scope: cross-repository.

  
dependency/needs-confirmation
Vistula dependency state: needs confirmation.

  
domain:agents
Agent identity, delegation, subagents, routing, or workflows.

  
domain:ci
CI, checks, Actions, runners, or release automation.

  
domain:docs
Documentation, packets, practices, or source-of-truth text.

  
domain:forgejo
Forgejo issues, PRs, labels, repo settings, or identity.

  
domain:infra
Infrastructure, storage, backup, DNS, network, or host substrate.

  
domain:memory
Memory, recall, write gates, salience, or Honcho-adjacent behavior.

  
domain:runtime
Runtime services, deploys, daemons, timers, or live behavior.

  
domain:signal
Signal UX, delivery, context, or outbound behavior.

  
domain:ux
Product UX, operator experience, or conversation ergonomics.

  
flow/architecture
Vistula lifecycle: architecture phase in progress.

  
flow/blocked
Vistula lifecycle: blocked on dependency or decision.

  
flow/deployed
Vistula lifecycle: deployed to runtime where applicable.

  
flow/done
Vistula lifecycle: work merged or otherwise done.

  
flow/implementation
Vistula lifecycle: implementation phase in progress.

  
flow/intake
Vistula lifecycle: incoming signal not refined yet.

  
flow/maintained
Vistula lifecycle: maintained/steady state.

  
flow/observed
Vistula lifecycle: observed after delivery.

  
flow/ready
Vistula lifecycle: ready for architecture or implementation.

  
flow/refining
Vistula lifecycle: Hermes/spec refinement in progress.

  
flow/retired
Vistula lifecycle: retired or intentionally closed.

  
flow/review
Vistula lifecycle: review phase in progress.

  
iterating
Orchestrator/Codex actively amending in response to review — operator can ignore until resolved

  
judge/codex-candidate
Candidate for Codex implementation.

  
judge/hermes-candidate
Candidate for Hermes discovery/research.

  
judge/low-confidence
Judgment confidence is low.

  
judge/needs-refinement
Needs clearer evidence or scope.

  
judge/operator-needed
Needs Piotr decision or input.

  
judge/p0
Urgent, operator attention or unblock now.

  
judge/p1
High value, schedule soon.

  
judge/p2
Useful, normal queue.

  
judge/p3
Low priority, keep but do not chase.

  
judge/park
Parked from current attention.

  
judge/patchwarden-candidate
Needs Patchwarden merge-safety attention.

  
judge/stale-priority
Existing priority judgment appears stale.

  
kind/adr
Vistula work kind: architecture decision record.

  
kind/bug
Vistula work kind: bug fix.

  
kind/chore
Vistula work kind: chore.

  
kind/feature
Vistula work kind: feature.

  
kind/infra
Vistula work kind: infrastructure.

  
kind/ops
Vistula work kind: operations.

  
kind/refactor
Vistula work kind: refactor.

  
kind/research
Vistula work kind: research/discovery.

  
large-impact
Per charter §3 review-by-impact: large impact (≥300 LOC OR new module OR identity/secret change OR architectural pivot) — Oracle pre-review recommended

  
merge/auto
Vistula merge mode: automated merge.

  
merge/manual
Vistula merge mode: manual merge.

  
merge/manual-dependency-conflict
Manual merge reason: dependency conflict.

  
merge/manual-failing-tests
Manual merge reason: failing tests.

  
merge/manual-merge-conflict
Manual merge reason: merge conflict.

  
merge/manual-missing-review
Manual merge reason: missing review.

  
merge/manual-operator-preference
Manual merge reason: operator preference.

  
merge/manual-red-zone
Manual merge reason: red-zone risk.

  
merge/manual-security-sensitive
Manual merge reason: security-sensitive work.

  
merge/manual-unclear-scope
Manual merge reason: unclear scope.

  
merge/manual-unknown
Manual merge reason: unknown.

  
meta
meta-decomposition issue; first agent decomposes into atomic children

  
mode:operator-only
Apply step requires explicit operator approval.

  
mode:patchwarden-iskra-approved
Work eligible for Patchwarden/Iskra approval inside repo policy.

  
mode:safe-auto
Low-risk work eligible for lightweight autonomous handling.

  
needs-operator-decision
PR is blocked on operator yes/no decision — fresh-Claude/Codex won't make this call alone

  
needs-triage
decomposing agent has open questions / unknowns

  
not-ready
reviewed but blocked on a precondition

  
observed/erroring
Vistula observation: erroring.

  
observed/needs-followup
Vistula observation: needs follow-up.

  
observed/pending
Vistula observation: pending.

  
observed/retire-candidate
Vistula observation: retire candidate.

  
observed/unused
Vistula observation: unused.

  
observed/used
Vistula observation: used.

  
operator-emotional
operator-emotional importance (Iskra memory etc.)

  
owner-attention
owner must decide; blocks default path

  
phase/02
Phase 02 cataloging

  
phase/03
Phase 03 control plane (platformctl)

  
priority:p0
Immediate safety, uptime, data, or operator-blocking issue.

  
priority:p1
Important active work; should be pulled soon.

  
priority:p2
Useful normal-priority work.

  
priority:p3
Opportunistic cleanup, research, or backlog work.

  
proposed
auto-generated by meta-decomposition; awaiting human review

  
ready-for-agent
reviewed and pickable; agents may claim per cookbook

  
ready-for-operator
PR is ready for operator review/merge — orchestrator finished its part

  
recovery
disaster recovery / restore semantics relevant

  
review:claude-reviewed
Reviewed by Claude-family agent.

  
review:codex-reviewed
Reviewed by Codex-family agent.

  
review:dziadek-reviewed
Reviewed by Dziadek pinch-point reviewer.

  
review:needs-human
Needs human review before merge or apply.

  
risk/exposure
incorrectly public/private/tailnet/auth/routed

  
risk/process
workflow/review/orchestration may produce bad outcomes

  
risk/product
work may have lost owner/user value

  
risk/runtime
platform may not run, recover, validate, behave reproducibly

  
safety:external-write
May write to external systems, users, rooms, repos, or services.

  
safety:no-prod-mutation
Must not mutate production or live external state.

  
safety:prod-impact
May affect production/runtime behavior.

  
safety:secret-touch
Touches secrets, credentials, auth, or secret-adjacent config.

  
size/large
Vistula size: large.

  
size/medium
Vistula size: medium.

  
size/small
Vistula size: small.

  
size/tiny
Vistula size: tiny.

  
size/unknown
Vistula size: not classified yet.

  
source/adr
Vistula source: ADR.

  
source/agent-generated
Vistula source: agent generated.

  
source/manual
Vistula source: manual entry.

  
source/operator-chat
Vistula source: operator chat.

  
source/voice-note
Vistula source: voice note.

  
status:blocked
Blocked by missing dependency, evidence, access, or operator decision.

  
status:codex-ready
Ready for a Codex implementation pass.

  
status:merged:pending-evidence
Merged but waiting for live or artifact evidence before closure.

  
status:needs-evidence
Needs proof, logs, tests, or operator-visible evidence.

  
status:operator-needed
Requires explicit operator input before safe progress.

  
status:parked
Intentionally deferred; not active campaign work.

  
tier/full
Full review tier per ADR-0007

  
tier/lite
Lite review tier per ADR-0007

  
tier/stacked
Stacked PR (base != main) escape hatch per ADR-0017. Requires consolidator-PR plan in PR body.

  
tier:0-platform-substrate
Data, secrets, backup, storage, or critical platform substrate.

  
tier:1-iskra-value-layer
Iskra/OpenClaw behavior, memory, runtime, or value-layer work.

  
tier:2-tools-products-modules
Tools, products, modules, experiments, and lower-blast-radius work.

  
type:bug
Incorrect behavior or regression.

  
type:chore
Maintenance, cleanup, metadata, or operational task.

  
type:docs
Documentation-only work.

  
type:feat
New capability or product behavior.

  
type:policy
Governance, protocol, boundary, or decision-contract change.

  
type:research
Investigation, spike, or evidence-gathering task.

No labels
W6d-automerge-calibration
agent/claude-code
agent/codex
agent/hermes
agent/iskra
agent/ollama
agent/patchwarden
automerge-candidate
class/security-sensitive
cutover-gate
dependency/blocked
dependency/blocks-others
dependency/cross-repo
dependency/needs-confirmation
domain:agents
domain:ci
domain:docs
domain:forgejo
domain:infra
domain:memory
domain:runtime
domain:signal
domain:ux
flow/architecture
flow/blocked
flow/deployed
flow/done
flow/implementation
flow/intake
flow/maintained
flow/observed
flow/ready
flow/refining
flow/retired
flow/review
iterating
judge/codex-candidate
judge/hermes-candidate
judge/low-confidence
judge/needs-refinement
judge/operator-needed
judge/p0
judge/p1
judge/p2
judge/p3
judge/park
judge/patchwarden-candidate
judge/stale-priority
kind/adr
kind/bug
kind/chore
kind/feature
kind/infra
kind/ops
kind/refactor
kind/research
large-impact
merge/auto
merge/manual
merge/manual-dependency-conflict
merge/manual-failing-tests
merge/manual-merge-conflict
merge/manual-missing-review
merge/manual-operator-preference
merge/manual-red-zone
merge/manual-security-sensitive
merge/manual-unclear-scope
merge/manual-unknown
meta
mode:operator-only
mode:patchwarden-iskra-approved
mode:safe-auto
needs-operator-decision
needs-triage
not-ready
observed/erroring
observed/needs-followup
observed/pending
observed/retire-candidate
observed/unused
observed/used
operator-emotional
owner-attention
phase/02
phase/03
priority:p0
priority:p1
priority:p2
priority:p3
proposed
ready-for-agent
ready-for-operator
recovery
review:claude-reviewed
review:codex-reviewed
review:dziadek-reviewed
review:needs-human
risk/exposure
risk/process
risk/product
risk/runtime
safety:external-write
safety:no-prod-mutation
safety:prod-impact
safety:secret-touch
size/large
size/medium
size/small
size/tiny
size/unknown
source/adr
source/agent-generated
source/manual
source/operator-chat
source/voice-note
status:blocked
status:codex-ready
status:merged:pending-evidence
status:needs-evidence
status:operator-needed
status:parked
tier/full
tier/lite
tier/stacked
tier:0-platform-substrate
tier:1-iskra-value-layer
tier:2-tools-products-modules
type:bug
type:chore
type:docs
type:feat
type:policy
type:research
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pdurlej/platform!171
No description provided.