docs(specs): Iskra Phase 1.0 bundle apply v0 prebuild (#236) #347

Merged

pdurlej merged 1 commit from claude/iskra/phase-1-0-bundle-v0 into main 2026-05-23 10:31:29 +02:00

Conversation 0 Commits 1 Files changed 7 +835

claude commented 2026-05-17 21:14:58 +02:00

Collaborator

Copy link

Summary

Operator-emotional priority. Prebuild for #236 — apply the Phase 1.0 constitutional bundle (4 documents) to live VPS1000 OpenClaw workspace, enabling Iskra autonomy gates that were defined-but-never-applied.

Per state/L3/OPEN_LOOPS.md cluster cbffac3e: bundle 3+ weeks stale. Operator quote: "Crons fire, Iskra does nothing." Without Phase 1.0 active, Iskra has constitutional documents on disk but no runtime enforcement.

The 4 documents

Operator + Iskra spec work; codex INSTALLS, does NOT modify:

1. PROMOTION-GATES.md — experimental → production capability gates
2. DRAFT-SPEC.md — artifact draft pattern before operator review
3. HUMAN-DECISION-POLICY.md — CRITICAL for autonomy safety; what requires operator approval
4. PROGRAM-portfolio-night-scout.md — nightly scout pattern for autonomous research

What's in this PR

6-file Spec Kit + companion execution prompt:

• 00-constitution.md — 8 principles:
  • P1 Bundle CONTENT untouched
  • P2 Canonical repo source
  • P3 Install via existing deployer (PR #150 anti-LLM-wrapper precedent)
  • P4 Behavioral verification: cron Iskra references HUMAN-DECISION-POLICY
  • P5 Telemetry: phase_1_0_bundle_active=true
  • P6 Sacred path discipline
  • P7 No content drift (SHA-256 verified)
  • P8 Atomic install with rollback (4 or none)
• 01-specify.md — problem, acceptance, success metrics
• 02-plan.md — 4-slice architecture with Q1-Q5 (canonical source, workspace path, telemetry surface, deployer location, drift detection)
• 03-tasks.md — per-slice tasks with deployer pseudo-shell
• 04-implement-notes.md — atomic rollback semantics, behavioral verification timing, telemetry false-positive risk, gotchas G1-G6
• prompts/codex-iskra-phase-1-0-bundle.md — execution prompt with Safety / production boundary + stop conditions (P1, P4, P8 violation triggers automatic STOP)

Slices (forthcoming PRs)

• (a) Recon — Lite — read-only investigation; recon doc resolves Q1-Q5
• (b) Module + canonical source — Lite — modules/iskra-constitution/ + bundle MANIFEST.json with SHA-256
• (c) Deployer extension — Full (security-sensitive) — pure-shell atomic install with rollback (PR #150 precedent)
• (d) Behavioral verification + telemetry — Lite — operator observes morning cron check-in within 24h

Hard rule for codex

Under NO circumstances does codex generate bundle content (P1 violation). If files missing in repo → operator commits canonical content; codex packages. If codex tempted to write any document content → automatic STOP.

Operator coordination points

• Slice (a) recon: SSH to VPS1000
• Slice (b) content review: operator confirms 4 documents are correct version (NOT content edit)
• Slice (c) real deploy: operator-scheduled window (sacred path mutation)
• Slice (d) behavioral verification: operator observes morning cron check-in within 24h

Tier

Trivial per ADR-0007 (docs-only prebuild).

Operator action

Draft for review. After merge: paste prompts/codex-iskra-phase-1-0-bundle.md to fresh codex session to begin Slice (a) recon.

Refs #236 (related: #235 mail consumer aligns reply approval with HUMAN-DECISION-POLICY; #135 OpenClaw scheduler obs PR #325 same sacred surface; #76 Agent Access Plane v0.1 ACL composition; PR #150 anti-LLM-wrapper precedent)

## Summary **Operator-emotional priority.** Prebuild for #236 — apply the Phase 1.0 constitutional bundle (4 documents) to live VPS1000 OpenClaw workspace, enabling Iskra autonomy gates that were defined-but-never-applied. Per `state/L3/OPEN_LOOPS.md` cluster `cbffac3e`: bundle 3+ weeks stale. Operator quote: *"Crons fire, Iskra does nothing."* Without Phase 1.0 active, Iskra has constitutional documents on disk but no runtime enforcement. ## The 4 documents Operator + Iskra spec work; codex INSTALLS, does NOT modify: 1. `PROMOTION-GATES.md` — experimental → production capability gates 2. `DRAFT-SPEC.md` — artifact draft pattern before operator review 3. `HUMAN-DECISION-POLICY.md` — **CRITICAL** for autonomy safety; what requires operator approval 4. `PROGRAM-portfolio-night-scout.md` — nightly scout pattern for autonomous research ## What's in this PR 6-file Spec Kit + companion execution prompt: - `00-constitution.md` — 8 principles: - **P1** Bundle CONTENT untouched - **P2** Canonical repo source - **P3** Install via existing deployer (PR #150 anti-LLM-wrapper precedent) - **P4** Behavioral verification: cron Iskra references HUMAN-DECISION-POLICY - **P5** Telemetry: `phase_1_0_bundle_active=true` - **P6** Sacred path discipline - **P7** No content drift (SHA-256 verified) - **P8** Atomic install with rollback (4 or none) - `01-specify.md` — problem, acceptance, success metrics - `02-plan.md` — 4-slice architecture with Q1-Q5 (canonical source, workspace path, telemetry surface, deployer location, drift detection) - `03-tasks.md` — per-slice tasks with deployer pseudo-shell - `04-implement-notes.md` — atomic rollback semantics, behavioral verification timing, telemetry false-positive risk, gotchas G1-G6 - `prompts/codex-iskra-phase-1-0-bundle.md` — execution prompt with Safety / production boundary + stop conditions (P1, P4, P8 violation triggers automatic STOP) ## Slices (forthcoming PRs) - **(a) Recon** — Lite — read-only investigation; recon doc resolves Q1-Q5 - **(b) Module + canonical source** — Lite — `modules/iskra-constitution/` + bundle MANIFEST.json with SHA-256 - **(c) Deployer extension** — Full (security-sensitive) — pure-shell atomic install with rollback (PR #150 precedent) - **(d) Behavioral verification + telemetry** — Lite — operator observes morning cron check-in within 24h ## Hard rule for codex **Under NO circumstances does codex generate bundle content** (P1 violation). If files missing in repo → operator commits canonical content; codex packages. If codex tempted to write any document content → automatic STOP. ## Operator coordination points - Slice (a) recon: SSH to VPS1000 - Slice (b) content review: operator confirms 4 documents are correct version (NOT content edit) - Slice (c) real deploy: operator-scheduled window (sacred path mutation) - Slice (d) behavioral verification: operator observes morning cron check-in within 24h ## Tier Trivial per ADR-0007 (docs-only prebuild). ## Operator action Draft for review. After merge: paste `prompts/codex-iskra-phase-1-0-bundle.md` to fresh codex session to begin Slice (a) recon. Refs #236 (related: #235 mail consumer aligns reply approval with HUMAN-DECISION-POLICY; #135 OpenClaw scheduler obs PR #325 same sacred surface; #76 Agent Access Plane v0.1 ACL composition; PR #150 anti-LLM-wrapper precedent)

claude added 1 commit 2026-05-17 21:14:58 +02:00

docs(specs): Iskra Phase 1.0 bundle apply v0 prebuild for #236 ... 3a8c956c7b

Apply the Phase 1.0 constitutional bundle (4 documents) to live VPS1000
OpenClaw workspace, enabling Iskra autonomy gates that were
defined-but-never-applied. Per L3/OPEN_LOOPS.md cluster cbffac3e:
3+ weeks stale. Operator quote: "Crons fire, Iskra does nothing."

The 4 documents (operator + Iskra spec work; codex INSTALLS, NOT modifies):
- PROMOTION-GATES.md
- DRAFT-SPEC.md
- HUMAN-DECISION-POLICY.md (CRITICAL for autonomy safety)
- PROGRAM-portfolio-night-scout.md

Spec Kit:
- 00-constitution.md: 8 principles (bundle content untouched, canonical
  repo source, install via existing deployer, behavioral verification
  required, phase_1_0_bundle_active telemetry emit, sacred path
  discipline, no content drift during install, atomic install with
  rollback)
- 01-specify.md: problem, acceptance criteria, success metrics
- 02-plan.md: 4-slice architecture (recon, module + canonical source,
  deployer extension, behavioral verification + telemetry) with Q1-Q5
- 03-tasks.md: per-slice tasks; deployer pure-shell per PR #150
  anti-LLM-wrapper precedent
- 04-implement-notes.md: atomic rollback semantics, behavioral
  verification timing, telemetry flag false-positive risk, gotchas
  G1-G6

Companion execution prompt: prompts/codex-iskra-phase-1-0-bundle.md
with explicit Safety / production boundary (P1 content sacred,
P8 atomic install non-negotiable).

Codex must NOT generate bundle content under any circumstances
(P1 violation). If files missing in repo, operator commits canonical
content first; codex packages.

Tier: Trivial per ADR-0007 (docs-only prebuild).

Refs #236 (related: #235 mail consumer HUMAN-DECISION-POLICY alignment,
#135 OpenClaw scheduler obs PR #325 same sacred surface, #76 Agent
Access Plane v0.1 capability composition)

pdurlej merged commit 8379675c9d into main 2026-05-23 10:31:29 +02:00

pdurlej referenced this pull request from a commit 2026-05-23 10:31:30 +02:00

Merge pull request 'docs(specs): Iskra Phase 1.0 bundle apply v0 prebuild (#236)' (#347) from claude/iskra/phase-1-0-bundle-v0 into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

W6d-automerge-calibration

  

agent/claude-code

Vistula actor: Claude Code.

  

agent/codex

Vistula actor: Codex.

  

agent/hermes

Vistula actor: Hermes Upstream.

  

agent/iskra

Vistula actor: Iskra.

  

agent/ollama

Vistula actor: Ollama or compatible model.

  

agent/patchwarden

Vistula actor: Patchwarden.

  

automerge-candidate

Candidate for narrow W6d autonomous merge readiness pilot

  

class/security-sensitive

Security-sensitive class of service: smallest coherent PRs and full canary

  

cutover-gate

blocks production declare / final RS2000 replacement

  

dependency/blocked

Vistula dependency state: blocked.

  

dependency/blocks-others

Vistula dependency state: blocks other work.

  

dependency/cross-repo

Vistula dependency scope: cross-repository.

  

dependency/needs-confirmation

Vistula dependency state: needs confirmation.

  

domain:agents

Agent identity, delegation, subagents, routing, or workflows.

  

domain:ci

CI, checks, Actions, runners, or release automation.

  

domain:docs

Documentation, packets, practices, or source-of-truth text.

  

domain:forgejo

Forgejo issues, PRs, labels, repo settings, or identity.

  

domain:infra

Infrastructure, storage, backup, DNS, network, or host substrate.

  

domain:memory

Memory, recall, write gates, salience, or Honcho-adjacent behavior.

  

domain:runtime

Runtime services, deploys, daemons, timers, or live behavior.

  

domain:signal

Signal UX, delivery, context, or outbound behavior.

  

domain:ux

Product UX, operator experience, or conversation ergonomics.

  

flow/architecture

Vistula lifecycle: architecture phase in progress.

  

flow/blocked

Vistula lifecycle: blocked on dependency or decision.

  

flow/deployed

Vistula lifecycle: deployed to runtime where applicable.

  

flow/done

Vistula lifecycle: work merged or otherwise done.

  

flow/implementation

Vistula lifecycle: implementation phase in progress.

  

flow/intake

Vistula lifecycle: incoming signal not refined yet.

  

flow/maintained

Vistula lifecycle: maintained/steady state.

  

flow/observed

Vistula lifecycle: observed after delivery.

  

flow/ready

Vistula lifecycle: ready for architecture or implementation.

  

flow/refining

Vistula lifecycle: Hermes/spec refinement in progress.

  

flow/retired

Vistula lifecycle: retired or intentionally closed.

  

flow/review

Vistula lifecycle: review phase in progress.

  

iterating

Orchestrator/Codex actively amending in response to review — operator can ignore until resolved

  

judge/codex-candidate

Candidate for Codex implementation.

  

judge/hermes-candidate

Candidate for Hermes discovery/research.

  

judge/low-confidence

Judgment confidence is low.

  

judge/needs-refinement

Needs clearer evidence or scope.

  

judge/operator-needed

Needs Piotr decision or input.

  

judge/p0

Urgent, operator attention or unblock now.

  

judge/p1

High value, schedule soon.

  

judge/p2

Useful, normal queue.

  

judge/p3

Low priority, keep but do not chase.

  

judge/park

Parked from current attention.

  

judge/patchwarden-candidate

Needs Patchwarden merge-safety attention.

  

judge/stale-priority

Existing priority judgment appears stale.

  

kind/adr

Vistula work kind: architecture decision record.

  

kind/bug

Vistula work kind: bug fix.

  

kind/chore

Vistula work kind: chore.

  

kind/feature

Vistula work kind: feature.

  

kind/infra

Vistula work kind: infrastructure.

  

kind/ops

Vistula work kind: operations.

  

kind/refactor

Vistula work kind: refactor.

  

kind/research

Vistula work kind: research/discovery.

  

large-impact

Per charter §3 review-by-impact: large impact (≥300 LOC OR new module OR identity/secret change OR architectural pivot) — Oracle pre-review recommended

  

merge/auto

Vistula merge mode: automated merge.

  

merge/manual

Vistula merge mode: manual merge.

  

merge/manual-dependency-conflict

Manual merge reason: dependency conflict.

  

merge/manual-failing-tests

Manual merge reason: failing tests.

  

merge/manual-merge-conflict

Manual merge reason: merge conflict.

  

merge/manual-missing-review

Manual merge reason: missing review.

  

merge/manual-operator-preference

Manual merge reason: operator preference.

  

merge/manual-red-zone

Manual merge reason: red-zone risk.

  

merge/manual-security-sensitive

Manual merge reason: security-sensitive work.

  

merge/manual-unclear-scope

Manual merge reason: unclear scope.

  

merge/manual-unknown

Manual merge reason: unknown.

  

meta

meta-decomposition issue; first agent decomposes into atomic children

  

mode:operator-only

Apply step requires explicit operator approval.

  

mode:patchwarden-iskra-approved

Work eligible for Patchwarden/Iskra approval inside repo policy.

  

mode:safe-auto

Low-risk work eligible for lightweight autonomous handling.

  

needs-operator-decision

PR is blocked on operator yes/no decision — fresh-Claude/Codex won't make this call alone

  

needs-triage

decomposing agent has open questions / unknowns

  

not-ready

reviewed but blocked on a precondition

  

observed/erroring

Vistula observation: erroring.

  

observed/needs-followup

Vistula observation: needs follow-up.

  

observed/pending

Vistula observation: pending.

  

observed/retire-candidate

Vistula observation: retire candidate.

  

observed/unused

Vistula observation: unused.

  

observed/used

Vistula observation: used.

  

operator-emotional

operator-emotional importance (Iskra memory etc.)

  

owner-attention

owner must decide; blocks default path

  

phase/02

Phase 02 cataloging

  

phase/03

Phase 03 control plane (platformctl)

  

priority:p0

Immediate safety, uptime, data, or operator-blocking issue.

  

priority:p1

Important active work; should be pulled soon.

  

priority:p2

Useful normal-priority work.

  

priority:p3

Opportunistic cleanup, research, or backlog work.

  

proposed

auto-generated by meta-decomposition; awaiting human review

  

ready-for-agent

reviewed and pickable; agents may claim per cookbook

  

ready-for-operator

PR is ready for operator review/merge — orchestrator finished its part

  

recovery

disaster recovery / restore semantics relevant

  

review:claude-reviewed

Reviewed by Claude-family agent.

  

review:codex-reviewed

Reviewed by Codex-family agent.

  

review:dziadek-reviewed

Reviewed by Dziadek pinch-point reviewer.

  

review:needs-human

Needs human review before merge or apply.

  

risk/exposure

incorrectly public/private/tailnet/auth/routed

  

risk/process

workflow/review/orchestration may produce bad outcomes

  

risk/product

work may have lost owner/user value

  

risk/runtime

platform may not run, recover, validate, behave reproducibly

  

safety:external-write

May write to external systems, users, rooms, repos, or services.

  

safety:no-prod-mutation

Must not mutate production or live external state.

  

safety:prod-impact

May affect production/runtime behavior.

  

safety:secret-touch

Touches secrets, credentials, auth, or secret-adjacent config.

  

size/large

Vistula size: large.

  

size/medium

Vistula size: medium.

  

size/small

Vistula size: small.

  

size/tiny

Vistula size: tiny.

  

size/unknown

Vistula size: not classified yet.

  

source/adr

Vistula source: ADR.

  

source/agent-generated

Vistula source: agent generated.

  

source/manual

Vistula source: manual entry.

  

source/operator-chat

Vistula source: operator chat.

  

source/voice-note

Vistula source: voice note.

  

status:blocked

Blocked by missing dependency, evidence, access, or operator decision.

  

status:codex-ready

Ready for a Codex implementation pass.

  

status:merged:pending-evidence

Merged but waiting for live or artifact evidence before closure.

  

status:needs-evidence

Needs proof, logs, tests, or operator-visible evidence.

  

status:operator-needed

Requires explicit operator input before safe progress.

  

status:parked

Intentionally deferred; not active campaign work.

  

tier/full

Full review tier per ADR-0007

  

tier/lite

Lite review tier per ADR-0007

  

tier/stacked

Stacked PR (base != main) escape hatch per ADR-0017. Requires consolidator-PR plan in PR body.

  

tier:0-platform-substrate

Data, secrets, backup, storage, or critical platform substrate.

  

tier:1-iskra-value-layer

Iskra/OpenClaw behavior, memory, runtime, or value-layer work.

  

tier:2-tools-products-modules

Tools, products, modules, experiments, and lower-blast-radius work.

  

type:bug

Incorrect behavior or regression.

  

type:chore

Maintenance, cleanup, metadata, or operational task.

  

type:docs

Documentation-only work.

  

type:feat

New capability or product behavior.

  

type:policy

Governance, protocol, boundary, or decision-contract change.

  

type:research

Investigation, spike, or evidence-gathering task.

No labels

W6d-automerge-calibration

agent/claude-code

agent/codex

agent/hermes

agent/iskra

agent/ollama

agent/patchwarden

automerge-candidate

class/security-sensitive

cutover-gate

dependency/blocked

dependency/blocks-others

dependency/cross-repo

dependency/needs-confirmation

domain:agents

domain:ci

domain:docs

domain:forgejo

domain:infra

domain:memory

domain:runtime

domain:signal

domain:ux

flow/architecture

flow/blocked

flow/deployed

flow/done

flow/implementation

flow/intake

flow/maintained

flow/observed

flow/ready

flow/refining

flow/retired

flow/review

iterating

judge/codex-candidate

judge/hermes-candidate

judge/low-confidence

judge/needs-refinement

judge/operator-needed

judge/p0

judge/p1

judge/p2

judge/p3

judge/park

judge/patchwarden-candidate

judge/stale-priority

kind/adr

kind/bug

kind/chore

kind/feature

kind/infra

kind/ops

kind/refactor

kind/research

large-impact

merge/auto

merge/manual

merge/manual-dependency-conflict

merge/manual-failing-tests

merge/manual-merge-conflict

merge/manual-missing-review

merge/manual-operator-preference

merge/manual-red-zone

merge/manual-security-sensitive

merge/manual-unclear-scope

merge/manual-unknown

meta

mode:operator-only

mode:patchwarden-iskra-approved

mode:safe-auto

needs-operator-decision

needs-triage

not-ready

observed/erroring

observed/needs-followup

observed/pending

observed/retire-candidate

observed/unused

observed/used

operator-emotional

owner-attention

phase/02

phase/03

priority:p0

priority:p1

priority:p2

priority:p3

proposed

ready-for-agent

ready-for-operator

recovery

review:claude-reviewed

review:codex-reviewed

review:dziadek-reviewed

review:needs-human

risk/exposure

risk/process

risk/product

risk/runtime

safety:external-write

safety:no-prod-mutation

safety:prod-impact

safety:secret-touch

size/large

size/medium

size/small

size/tiny

size/unknown

source/adr

source/agent-generated

source/manual

source/operator-chat

source/voice-note

status:blocked

status:codex-ready

status:merged:pending-evidence

status:needs-evidence

status:operator-needed

status:parked

tier/full

tier/lite

tier/stacked

tier:0-platform-substrate

tier:1-iskra-value-layer

tier:2-tools-products-modules

type:bug

type:chore

type:docs

type:feat

type:policy

type:research

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pdurlej/platform!347

No description provided.