fix(ci): proxy Forgejo runner Docker socket #691

Merged

pdurlej merged 2 commits from codex/688-runner-hardening into main 2026-06-02 13:21:54 +02:00

Conversation 6 Commits 2 Files changed 7 +95 -17

codex commented 2026-06-02 12:38:02 +02:00

Collaborator

Copy link

Canary status: missing — fire canary 3+3 manually before merge

Summary

This PR prepares the #688 Forgejo runner hardening apply by removing the direct Docker socket mount from the runner container and routing Docker API calls through a constrained docker-socket-proxy sidecar.

It also updates the runner hardening audit so the critical raw_docker_socket_mounted finding clears only when the runner uses DOCKER_HOST=tcp://docker-socket-proxy:2375 and the proxy explicitly disables dangerous Docker API categories.

Refs #688.

#688 live status

Already applied and verified on RS2000 before this PR:

• home-platform-postgres-1: postgres:16.14-alpine@sha256:16bc17..., healthy.
• home-platform-kan-postgres-1: postgres:16.14-alpine@sha256:16bc17..., healthy.
• Memory Control Plane tables: task_run, task_run_event, task_checkpoint, and procedure registry tables exist in live main Postgres DB with append-only triggers.

This PR is the repo-side safety-net for the remaining runner item. Do not close #688 on merge alone; close it only after the live runner cutover and CI smoke pass.

Canary Context Pack

Product story

The normal Forgejo Docker runner should keep PR CI working while reducing the direct host-compromise surface from the raw Docker socket mount.

What changed

• Added docker-socket-proxy to infra/forgejo-runner/docker-compose.yml with a pinned digest.
• Removed /var/run/docker.sock from the runner service.
• Set runner DOCKER_HOST=tcp://docker-socket-proxy:2375.
• Updated the runner hardening audit, tests, runbook, CI policy, and runner contract docs.

Why it changed

#688 is the operator-approved runtime batch for pending applies. The runner part needed a repo-reviewed safety-net before touching /opt/forgejo-runner live state.

Files touched

• .forgejo/ci-policy.yaml
• infra/forgejo-runner/docker-compose.yml
• control-plane/platformctl/ci/runner_hardening_audit.py
• control-plane/platformctl/tests/test_forgejo_runner_infra.py
• control-plane/platformctl/tests/test_runner_hardening_audit.py
• docs/ci/runner-contract.md
• runbooks/forgejo-actions-runner.md

Relevant context

• Issue #688: pending runtime applies batch.
• Issue #675: runner hardening audit and risk surface.
• runbooks/forgejo-actions-runner.md: live runner operation and rollback path.
• docs/ci/runner-contract.md: runner boundary and deploy separation.

Runtime evidence

No live runner mutation in this PR. Live evidence before this PR showed forgejo-runner mounted /var/run/docker.sock directly. After merge, apply should copy the versioned compose file to /opt/forgejo-runner/docker-compose.yml, run docker compose up -d, and smoke a normal PR check.

Known constraints

A Docker socket proxy is not full isolation. It reduces direct socket exposure but the remaining docker:host label, persistent /data, and runner-local Infisical token still need follow-up hardening.

Explicit out-of-scope

• No deploy-host changes.
• No runner re-registration.
• No Forgejo token rotation.
• No removal of the docker:host label yet.
• No live runtime apply in this PR.

Requested decision

Approve this as the repo-side safety-net for #688 runner cutover.

Merge blockers

• Runner no longer uses the proxy.
• Critical raw socket audit finding remains.
• Targeted runner/CI tests fail.
• platformctl validate all --json fails.

Spec sources read

• https://git.pdurlej.com/pdurlej/platform/issues/688 — operator-approved runtime batch and acceptance criteria.
• infra/forgejo-runner/docker-compose.yml — versioned runner compose.
• infra/forgejo-runner/config.yaml — runner container config.
• control-plane/platformctl/ci/runner_hardening_audit.py — existing #675 audit path.
• control-plane/platformctl/tests/test_forgejo_runner_infra.py — runtime file tests.
• control-plane/platformctl/tests/test_runner_hardening_audit.py — audit tests.
• docs/ci/runner-contract.md — runner boundary.
• runbooks/forgejo-actions-runner.md — live runner operations.

Tests

• PYTHONPATH=control-plane python3 -m pytest control-plane/platformctl/tests/test_forgejo_runner_infra.py control-plane/platformctl/tests/test_runner_hardening_audit.py control-plane/platformctl/tests/test_forgejo_ci_scripts_contract.py — 53 passed.
• uv run pytest platformctl/tests/test_forgejo_runner_infra.py platformctl/tests/test_runner_hardening_audit.py platformctl/tests/test_forgejo_ci_scripts_contract.py — 53 passed.
• PYTHONPATH=control-plane python3 -m platformctl.cli validate all --json — exitCode 0.
• PYTHONPATH=control-plane python3 -m platformctl.ci.runner_hardening_audit --repo-root . --format markdown --fail-on critical — exits 0; remaining findings are high/medium follow-ups.

Canary status: missing — fire canary 3+3 manually before merge ## Summary This PR prepares the #688 Forgejo runner hardening apply by removing the direct Docker socket mount from the runner container and routing Docker API calls through a constrained `docker-socket-proxy` sidecar. It also updates the runner hardening audit so the critical `raw_docker_socket_mounted` finding clears only when the runner uses `DOCKER_HOST=tcp://docker-socket-proxy:2375` and the proxy explicitly disables dangerous Docker API categories. Refs #688. ## #688 live status Already applied and verified on RS2000 before this PR: - `home-platform-postgres-1`: `postgres:16.14-alpine@sha256:16bc17...`, healthy. - `home-platform-kan-postgres-1`: `postgres:16.14-alpine@sha256:16bc17...`, healthy. - Memory Control Plane tables: `task_run`, `task_run_event`, `task_checkpoint`, and procedure registry tables exist in live main Postgres DB with append-only triggers. This PR is the repo-side safety-net for the remaining runner item. Do not close #688 on merge alone; close it only after the live runner cutover and CI smoke pass. ## Canary Context Pack ### Product story The normal Forgejo Docker runner should keep PR CI working while reducing the direct host-compromise surface from the raw Docker socket mount. ### What changed - Added `docker-socket-proxy` to `infra/forgejo-runner/docker-compose.yml` with a pinned digest. - Removed `/var/run/docker.sock` from the runner service. - Set runner `DOCKER_HOST=tcp://docker-socket-proxy:2375`. - Updated the runner hardening audit, tests, runbook, CI policy, and runner contract docs. ### Why it changed #688 is the operator-approved runtime batch for pending applies. The runner part needed a repo-reviewed safety-net before touching `/opt/forgejo-runner` live state. ### Files touched - `.forgejo/ci-policy.yaml` - `infra/forgejo-runner/docker-compose.yml` - `control-plane/platformctl/ci/runner_hardening_audit.py` - `control-plane/platformctl/tests/test_forgejo_runner_infra.py` - `control-plane/platformctl/tests/test_runner_hardening_audit.py` - `docs/ci/runner-contract.md` - `runbooks/forgejo-actions-runner.md` ### Relevant context - Issue #688: pending runtime applies batch. - Issue #675: runner hardening audit and risk surface. - `runbooks/forgejo-actions-runner.md`: live runner operation and rollback path. - `docs/ci/runner-contract.md`: runner boundary and deploy separation. ### Runtime evidence No live runner mutation in this PR. Live evidence before this PR showed `forgejo-runner` mounted `/var/run/docker.sock` directly. After merge, apply should copy the versioned compose file to `/opt/forgejo-runner/docker-compose.yml`, run `docker compose up -d`, and smoke a normal PR check. ### Known constraints A Docker socket proxy is not full isolation. It reduces direct socket exposure but the remaining `docker:host` label, persistent `/data`, and runner-local Infisical token still need follow-up hardening. ### Explicit out-of-scope - No deploy-host changes. - No runner re-registration. - No Forgejo token rotation. - No removal of the `docker:host` label yet. - No live runtime apply in this PR. ### Requested decision Approve this as the repo-side safety-net for #688 runner cutover. ### Merge blockers - Runner no longer uses the proxy. - Critical raw socket audit finding remains. - Targeted runner/CI tests fail. - `platformctl validate all --json` fails. ## Spec sources read - `https://git.pdurlej.com/pdurlej/platform/issues/688` — operator-approved runtime batch and acceptance criteria. - `infra/forgejo-runner/docker-compose.yml` — versioned runner compose. - `infra/forgejo-runner/config.yaml` — runner container config. - `control-plane/platformctl/ci/runner_hardening_audit.py` — existing #675 audit path. - `control-plane/platformctl/tests/test_forgejo_runner_infra.py` — runtime file tests. - `control-plane/platformctl/tests/test_runner_hardening_audit.py` — audit tests. - `docs/ci/runner-contract.md` — runner boundary. - `runbooks/forgejo-actions-runner.md` — live runner operations. ## Tests - `PYTHONPATH=control-plane python3 -m pytest control-plane/platformctl/tests/test_forgejo_runner_infra.py control-plane/platformctl/tests/test_runner_hardening_audit.py control-plane/platformctl/tests/test_forgejo_ci_scripts_contract.py` — 53 passed. - `uv run pytest platformctl/tests/test_forgejo_runner_infra.py platformctl/tests/test_runner_hardening_audit.py platformctl/tests/test_forgejo_ci_scripts_contract.py` — 53 passed. - `PYTHONPATH=control-plane python3 -m platformctl.cli validate all --json` — exitCode 0. - `PYTHONPATH=control-plane python3 -m platformctl.ci.runner_hardening_audit --repo-root . --format markdown --fail-on critical` — exits 0; remaining findings are high/medium follow-ups.

codex added 1 commit 2026-06-02 12:38:02 +02:00

fix(ci): proxy Forgejo runner Docker socket 5f7df77ada

codex added the

agent/codex

class/security-sensitive

risk/process

risk/runtime

tier/full

labels 2026-06-02 12:38:30 +02:00

codex added this to the 10 - Improvements milestone 2026-06-02 12:38:31 +02:00

codex referenced this pull request 2026-06-02 12:40:05 +02:00

ops(apply): pending runtime applies — operator-approved batch (postgres / memory-migration / runner) #688

codex commented 2026-06-02 12:53:16 +02:00

Author

Collaborator

Copy link

Patchwarden PR sanity

• Status: eligible_sanity_clean
• PR: 691
• Commit: b5d248ad27460086e7897b308e315b224847e120
• Security-sensitive label: present
• Authority: advisory model review plus deterministic blockers only
• 3+3 canary: still alive; this does not replace it

Deterministic findings

No deterministic findings.

Model reviewers

global-glm / glm-5.1:cloud

• Status: ok
• Verdict: OK
• Findings: none

global-deepseek / deepseek-v4-pro:cloud

• Status: ok

• Verdict: OK

• low docker:host label remains misleading after proxy cutover

  • Evidence: infra/forgejo-runner/docker-compose.yml still includes docker:hostin bothGITEA_RUNNER_LABELSand thelabels section, even though the runner no longer mounts the Docker socket directly.
  • Next: Rename or remove the docker:host label to avoid confusion; document that Docker access is now proxied and not direct host socket access.

• medium Proxy still allows powerful Docker APIs (BUILD, CONTAINERS)

  • Evidence: infra/forgejo-runner/docker-compose.yml sets BUILD=1andCONTAINERS=1 on the docker-socket-proxy, enabling arbitrary image builds and container exec, which could be exploited by a malicious workflow.
  • Next: Consider further restricting the proxy to only the minimum required APIs for CI (e.g., disable BUILD if not needed, or isolate build jobs to a separate runner lane) as part of follow-up hardening.

redteam / kimi-k2.6:cloud

• Status: error
• Verdict: -
• Note: ReadTimeout: The read operation timed out
• Findings: none

Policy notes

• GLM 5.1 + DeepSeek V4 Pro are the operator-required model mix for this bot.
• Optional red-team model is enabled only when PLATFORMCTL_PR_SANITY_REDTEAM_MODEL is configured.
• Auto-merge is not enabled here.

<!-- patchwarden-pr-sanity:pdurlej/platform:PR-691 --> # Patchwarden PR sanity - Status: `eligible_sanity_clean` - PR: `691` - Commit: `b5d248ad27460086e7897b308e315b224847e120` - Security-sensitive label: `present` - Authority: advisory model review plus deterministic blockers only - 3+3 canary: still alive; this does not replace it ## Deterministic findings No deterministic findings. ## Model reviewers ### `global-glm` / `glm-5.1:cloud` - Status: `ok` - Verdict: `OK` - Findings: none ### `global-deepseek` / `deepseek-v4-pro:cloud` - Status: `ok` - Verdict: `OK` - **`low`** docker:host label remains misleading after proxy cutover - Evidence: `infra/forgejo-runner/docker-compose.yml still includes `docker:host` in both `GITEA_RUNNER_LABELS` and the `labels` section, even though the runner no longer mounts the Docker socket directly.` - Next: Rename or remove the `docker:host` label to avoid confusion; document that Docker access is now proxied and not direct host socket access. - **`medium`** Proxy still allows powerful Docker APIs (BUILD, CONTAINERS) - Evidence: `infra/forgejo-runner/docker-compose.yml sets `BUILD=1` and `CONTAINERS=1` on the docker-socket-proxy, enabling arbitrary image builds and container exec, which could be exploited by a malicious workflow.` - Next: Consider further restricting the proxy to only the minimum required APIs for CI (e.g., disable BUILD if not needed, or isolate build jobs to a separate runner lane) as part of follow-up hardening. ### `redteam` / `kimi-k2.6:cloud` - Status: `error` - Verdict: `-` - Note: ReadTimeout: The read operation timed out - Findings: none ## Policy notes - GLM 5.1 + DeepSeek V4 Pro are the operator-required model mix for this bot. - Optional red-team model is enabled only when `PLATFORMCTL_PR_SANITY_REDTEAM_MODEL` is configured. - Auto-merge is not enabled here.

codex commented 2026-06-02 13:04:26 +02:00

Author

Collaborator

Copy link

PR #691 status note (sanitized):

Forgejo commit status still shows patchwarden-pr-sanity / sanity as pending, but live read-only DB evidence shows the backing runner task completed successfully:

• action_task id: 7542
• status: 1
• stopped: set
• log metadata present

Other latest commit statuses are successful; no failure/error statuses observed. Treating this as a stale status-row issue unless Forgejo blocks merge.

PR #691 status note (sanitized): Forgejo commit status still shows `patchwarden-pr-sanity / sanity` as pending, but live read-only DB evidence shows the backing runner task completed successfully: - action_task id: 7542 - status: 1 - stopped: set - log metadata present Other latest commit statuses are successful; no failure/error statuses observed. Treating this as a stale status-row issue unless Forgejo blocks merge.

pdurlej commented 2026-06-02 13:06:48 +02:00

Owner

Copy link

Break-glass merge note (sanitized): using FORGEJO_ADMIN_PAT_TEMP for this narrow merge because codex PAT cannot merge PRs, #688 has explicit operator approval, local tests are green, 13/14 commit statuses are success, and the remaining Patchwarden status is stale while live action_task evidence shows the backing task completed successfully. No token value printed or persisted.

Break-glass merge note (sanitized): using `FORGEJO_ADMIN_PAT_TEMP` for this narrow merge because codex PAT cannot merge PRs, #688 has explicit operator approval, local tests are green, 13/14 commit statuses are success, and the remaining Patchwarden status is stale while live `action_task` evidence shows the backing task completed successfully. No token value printed or persisted.

codex added 1 commit 2026-06-02 13:08:20 +02:00

chore(ci): retrigger runner hardening checks b5d248ad27

pdurlej commented 2026-06-02 13:17:03 +02:00

Owner

Copy link

Admin PAT merge note (sanitized): using FORGEJO_ADMIN_PAT_TEMP narrowly for PR #691 because codex PAT cannot merge. This merge is after a normal retriggered check run with latest head b5d248ad2746 at 14/14 success; no required status bypass used.

Admin PAT merge note (sanitized): using `FORGEJO_ADMIN_PAT_TEMP` narrowly for PR #691 because codex PAT cannot merge. This merge is after a normal retriggered check run with latest head `b5d248ad2746` at 14/14 success; no required status bypass used.

pdurlej approved these changes 2026-06-02 13:18:01 +02:00

pdurlej left a comment

Copy link

Operator-approved admin review via FORGEJO_ADMIN_PAT_TEMP. Scope: PR #691 runner socket proxy safety-net for #688. Checks: latest head b5d248ad27 passed 14/14. No token values printed.

Operator-approved admin review via FORGEJO_ADMIN_PAT_TEMP. Scope: PR #691 runner socket proxy safety-net for #688. Checks: latest head b5d248ad2746 passed 14/14. No token values printed.

pdurlej approved these changes 2026-06-02 13:21:27 +02:00

pdurlej left a comment

Copy link

Submitting operator-approved admin review for PR #691 after 14/14 checks.

Submitting operator-approved admin review for PR #691 after 14/14 checks.

pdurlej merged commit b22d07939d into main 2026-06-02 13:21:54 +02:00

pdurlej referenced this pull request from a commit 2026-06-02 13:21:56 +02:00

Merge pull request 'fix(ci): proxy Forgejo runner Docker socket' (#691) from codex/688-runner-hardening into main

codex referenced this pull request 2026-06-02 13:42:22 +02:00

fix(ci): allow runner proxy exec API #693

codex referenced this pull request 2026-06-02 13:54:00 +02:00

ops(apply): pending runtime applies — operator-approved batch (postgres / memory-migration / runner) #688

Sign in to join this conversation.

Reviewers

No reviewers

pdurlej

Labels

Clear labels   

W6d-automerge-calibration

  

agent/claude-code

Vistula actor: Claude Code.

  

agent/codex

Vistula actor: Codex.

  

agent/hermes

Vistula actor: Hermes Upstream.

  

agent/iskra

Vistula actor: Iskra.

  

agent/ollama

Vistula actor: Ollama or compatible model.

  

agent/patchwarden

Vistula actor: Patchwarden.

  

automerge-candidate

Candidate for narrow W6d autonomous merge readiness pilot

  

class/security-sensitive

Security-sensitive class of service: smallest coherent PRs and full canary

  

cutover-gate

blocks production declare / final RS2000 replacement

  

dependency/blocked

Vistula dependency state: blocked.

  

dependency/blocks-others

Vistula dependency state: blocks other work.

  

dependency/cross-repo

Vistula dependency scope: cross-repository.

  

dependency/needs-confirmation

Vistula dependency state: needs confirmation.

  

domain:agents

Agent identity, delegation, subagents, routing, or workflows.

  

domain:ci

CI, checks, Actions, runners, or release automation.

  

domain:docs

Documentation, packets, practices, or source-of-truth text.

  

domain:forgejo

Forgejo issues, PRs, labels, repo settings, or identity.

  

domain:infra

Infrastructure, storage, backup, DNS, network, or host substrate.

  

domain:memory

Memory, recall, write gates, salience, or Honcho-adjacent behavior.

  

domain:runtime

Runtime services, deploys, daemons, timers, or live behavior.

  

domain:signal

Signal UX, delivery, context, or outbound behavior.

  

domain:ux

Product UX, operator experience, or conversation ergonomics.

  

flow/architecture

Vistula lifecycle: architecture phase in progress.

  

flow/blocked

Vistula lifecycle: blocked on dependency or decision.

  

flow/deployed

Vistula lifecycle: deployed to runtime where applicable.

  

flow/done

Vistula lifecycle: work merged or otherwise done.

  

flow/implementation

Vistula lifecycle: implementation phase in progress.

  

flow/intake

Vistula lifecycle: incoming signal not refined yet.

  

flow/maintained

Vistula lifecycle: maintained/steady state.

  

flow/observed

Vistula lifecycle: observed after delivery.

  

flow/ready

Vistula lifecycle: ready for architecture or implementation.

  

flow/refining

Vistula lifecycle: Hermes/spec refinement in progress.

  

flow/retired

Vistula lifecycle: retired or intentionally closed.

  

flow/review

Vistula lifecycle: review phase in progress.

  

iterating

Orchestrator/Codex actively amending in response to review — operator can ignore until resolved

  

judge/codex-candidate

Candidate for Codex implementation.

  

judge/hermes-candidate

Candidate for Hermes discovery/research.

  

judge/low-confidence

Judgment confidence is low.

  

judge/needs-refinement

Needs clearer evidence or scope.

  

judge/operator-needed

Needs Piotr decision or input.

  

judge/p0

Urgent, operator attention or unblock now.

  

judge/p1

High value, schedule soon.

  

judge/p2

Useful, normal queue.

  

judge/p3

Low priority, keep but do not chase.

  

judge/park

Parked from current attention.

  

judge/patchwarden-candidate

Needs Patchwarden merge-safety attention.

  

judge/stale-priority

Existing priority judgment appears stale.

  

kind/adr

Vistula work kind: architecture decision record.

  

kind/bug

Vistula work kind: bug fix.

  

kind/chore

Vistula work kind: chore.

  

kind/feature

Vistula work kind: feature.

  

kind/infra

Vistula work kind: infrastructure.

  

kind/ops

Vistula work kind: operations.

  

kind/refactor

Vistula work kind: refactor.

  

kind/research

Vistula work kind: research/discovery.

  

large-impact

Per charter §3 review-by-impact: large impact (≥300 LOC OR new module OR identity/secret change OR architectural pivot) — Oracle pre-review recommended

  

merge/auto

Vistula merge mode: automated merge.

  

merge/manual

Vistula merge mode: manual merge.

  

merge/manual-dependency-conflict

Manual merge reason: dependency conflict.

  

merge/manual-failing-tests

Manual merge reason: failing tests.

  

merge/manual-merge-conflict

Manual merge reason: merge conflict.

  

merge/manual-missing-review

Manual merge reason: missing review.

  

merge/manual-operator-preference

Manual merge reason: operator preference.

  

merge/manual-red-zone

Manual merge reason: red-zone risk.

  

merge/manual-security-sensitive

Manual merge reason: security-sensitive work.

  

merge/manual-unclear-scope

Manual merge reason: unclear scope.

  

merge/manual-unknown

Manual merge reason: unknown.

  

meta

meta-decomposition issue; first agent decomposes into atomic children

  

mode:operator-only

Apply step requires explicit operator approval.

  

mode:patchwarden-iskra-approved

Work eligible for Patchwarden/Iskra approval inside repo policy.

  

mode:safe-auto

Low-risk work eligible for lightweight autonomous handling.

  

needs-operator-decision

PR is blocked on operator yes/no decision — fresh-Claude/Codex won't make this call alone

  

needs-triage

decomposing agent has open questions / unknowns

  

not-ready

reviewed but blocked on a precondition

  

observed/erroring

Vistula observation: erroring.

  

observed/needs-followup

Vistula observation: needs follow-up.

  

observed/pending

Vistula observation: pending.

  

observed/retire-candidate

Vistula observation: retire candidate.

  

observed/unused

Vistula observation: unused.

  

observed/used

Vistula observation: used.

  

operator-emotional

operator-emotional importance (Iskra memory etc.)

  

owner-attention

owner must decide; blocks default path

  

phase/02

Phase 02 cataloging

  

phase/03

Phase 03 control plane (platformctl)

  

priority:p0

Immediate safety, uptime, data, or operator-blocking issue.

  

priority:p1

Important active work; should be pulled soon.

  

priority:p2

Useful normal-priority work.

  

priority:p3

Opportunistic cleanup, research, or backlog work.

  

proposed

auto-generated by meta-decomposition; awaiting human review

  

ready-for-agent

reviewed and pickable; agents may claim per cookbook

  

ready-for-operator

PR is ready for operator review/merge — orchestrator finished its part

  

recovery

disaster recovery / restore semantics relevant

  

review:claude-reviewed

Reviewed by Claude-family agent.

  

review:codex-reviewed

Reviewed by Codex-family agent.

  

review:dziadek-reviewed

Reviewed by Dziadek pinch-point reviewer.

  

review:needs-human

Needs human review before merge or apply.

  

risk/exposure

incorrectly public/private/tailnet/auth/routed

  

risk/process

workflow/review/orchestration may produce bad outcomes

  

risk/product

work may have lost owner/user value

  

risk/runtime

platform may not run, recover, validate, behave reproducibly

  

safety:external-write

May write to external systems, users, rooms, repos, or services.

  

safety:no-prod-mutation

Must not mutate production or live external state.

  

safety:prod-impact

May affect production/runtime behavior.

  

safety:secret-touch

Touches secrets, credentials, auth, or secret-adjacent config.

  

size/large

Vistula size: large.

  

size/medium

Vistula size: medium.

  

size/small

Vistula size: small.

  

size/tiny

Vistula size: tiny.

  

size/unknown

Vistula size: not classified yet.

  

source/adr

Vistula source: ADR.

  

source/agent-generated

Vistula source: agent generated.

  

source/manual

Vistula source: manual entry.

  

source/operator-chat

Vistula source: operator chat.

  

source/voice-note

Vistula source: voice note.

  

status:blocked

Blocked by missing dependency, evidence, access, or operator decision.

  

status:codex-ready

Ready for a Codex implementation pass.

  

status:merged:pending-evidence

Merged but waiting for live or artifact evidence before closure.

  

status:needs-evidence

Needs proof, logs, tests, or operator-visible evidence.

  

status:operator-needed

Requires explicit operator input before safe progress.

  

status:parked

Intentionally deferred; not active campaign work.

  

tier/full

Full review tier per ADR-0007

  

tier/lite

Lite review tier per ADR-0007

  

tier/stacked

Stacked PR (base != main) escape hatch per ADR-0017. Requires consolidator-PR plan in PR body.

  

tier:0-platform-substrate

Data, secrets, backup, storage, or critical platform substrate.

  

tier:1-iskra-value-layer

Iskra/OpenClaw behavior, memory, runtime, or value-layer work.

  

tier:2-tools-products-modules

Tools, products, modules, experiments, and lower-blast-radius work.

  

type:bug

Incorrect behavior or regression.

  

type:chore

Maintenance, cleanup, metadata, or operational task.

  

type:docs

Documentation-only work.

  

type:feat

New capability or product behavior.

  

type:policy

Governance, protocol, boundary, or decision-contract change.

  

type:research

Investigation, spike, or evidence-gathering task.

No labels

W6d-automerge-calibration

agent/claude-code

agent/codex

agent/hermes

agent/iskra

agent/ollama

agent/patchwarden

automerge-candidate

class/security-sensitive

cutover-gate

dependency/blocked

dependency/blocks-others

dependency/cross-repo

dependency/needs-confirmation

domain:agents

domain:ci

domain:docs

domain:forgejo

domain:infra

domain:memory

domain:runtime

domain:signal

domain:ux

flow/architecture

flow/blocked

flow/deployed

flow/done

flow/implementation

flow/intake

flow/maintained

flow/observed

flow/ready

flow/refining

flow/retired

flow/review

iterating

judge/codex-candidate

judge/hermes-candidate

judge/low-confidence

judge/needs-refinement

judge/operator-needed

judge/p0

judge/p1

judge/p2

judge/p3

judge/park

judge/patchwarden-candidate

judge/stale-priority

kind/adr

kind/bug

kind/chore

kind/feature

kind/infra

kind/ops

kind/refactor

kind/research

large-impact

merge/auto

merge/manual

merge/manual-dependency-conflict

merge/manual-failing-tests

merge/manual-merge-conflict

merge/manual-missing-review

merge/manual-operator-preference

merge/manual-red-zone

merge/manual-security-sensitive

merge/manual-unclear-scope

merge/manual-unknown

meta

mode:operator-only

mode:patchwarden-iskra-approved

mode:safe-auto

needs-operator-decision

needs-triage

not-ready

observed/erroring

observed/needs-followup

observed/pending

observed/retire-candidate

observed/unused

observed/used

operator-emotional

owner-attention

phase/02

phase/03

priority:p0

priority:p1

priority:p2

priority:p3

proposed

ready-for-agent

ready-for-operator

recovery

review:claude-reviewed

review:codex-reviewed

review:dziadek-reviewed

review:needs-human

risk/exposure

risk/process

risk/product

risk/runtime

safety:external-write

safety:no-prod-mutation

safety:prod-impact

safety:secret-touch

size/large

size/medium

size/small

size/tiny

size/unknown

source/adr

source/agent-generated

source/manual

source/operator-chat

source/voice-note

status:blocked

status:codex-ready

status:merged:pending-evidence

status:needs-evidence

status:operator-needed

status:parked

tier/full

tier/lite

tier/stacked

tier:0-platform-substrate

tier:1-iskra-value-layer

tier:2-tools-products-modules

type:bug

type:chore

type:docs

type:feat

type:policy

type:research

Milestone

Clear milestone

No items

No milestone

10 - Improvements

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pdurlej/platform!691

No description provided.