agent-conveyor 0.1.13 → 0.1.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +132 -16
- package/dist/cli/typescript-runtime.js +1305 -20
- package/dist/cli/typescript-runtime.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/runtime/app-autonomy.d.ts +1 -0
- package/dist/runtime/app-autonomy.js +16 -0
- package/dist/runtime/app-autonomy.js.map +1 -1
- package/dist/runtime/campaigns.d.ts +197 -0
- package/dist/runtime/campaigns.js +438 -0
- package/dist/runtime/campaigns.js.map +1 -0
- package/dist/runtime/manager-permissions.js +1 -1
- package/dist/runtime/manager-permissions.js.map +1 -1
- package/dist/state/schema-v23.js +87 -1
- package/dist/state/schema-v23.js.map +1 -1
- package/dist/state/sqlite-contract.d.ts +1 -1
- package/dist/state/sqlite-contract.js +13 -1
- package/dist/state/sqlite-contract.js.map +1 -1
- package/docs/manager-recipes.md +182 -0
- package/package.json +1 -1
- package/skills/manage-codex-workers/SKILL.md +143 -8
- package/skills/manage-codex-workers/agents/openai.yaml +2 -2
package/docs/manager-recipes.md
CHANGED
|
@@ -24,6 +24,7 @@ Tools: verification.run_tests, context.fetch_prs
|
|
|
24
24
|
Epilogues: draft-pr, record-handoff
|
|
25
25
|
Cleanup: compact between child boards after saved handoff
|
|
26
26
|
Evidence gates: child receipt, focused verification, adversarial review, PR/CI/merge or satisfied_on_main
|
|
27
|
+
Final report: record manager closeout proof separately from accepted worker criteria
|
|
27
28
|
Not allowed: merge without green CI; compact/clear before handoff; run two child boards at once
|
|
28
29
|
User confirmed: yes
|
|
29
30
|
```
|
|
@@ -48,6 +49,8 @@ inspection while Dispatch is writing to the same `--path` database.
|
|
|
48
49
|
| UX Polish Loop | Worker should iterate on visible UI quality | guided or strict | screenshots, visual diff, browser evidence, `adversarial_check` | compact by default |
|
|
49
50
|
| Nudge / What's Next Manager | Manager should observe, ask status, and negotiate criteria | guided | manager decision, worker receipt, accepted criteria | off by default |
|
|
50
51
|
| PR/CI/Merge Ralph Loop | Manager should drive delivery through PR, CI, merge, handoff | strict | PR URL, green CI, merge receipt, adversarial proof | clear after handoff |
|
|
52
|
+
| Autonomous Ship-It Loop | Manager may push, open PRs, monitor CI, fix bounded conflicts, and merge | strict | branch, PR, CI, mergeability, manager decision, merge, post-merge, adversarial proof | clear after handoff |
|
|
53
|
+
| Creative Ops Campaign | One manager should supervise multiple Codex app worker slots for channel-specific creative assets | strict | campaign dashboard, slot lifecycle, assignment receipts, asset review receipts, human publish gate | rotate owned stale workers only |
|
|
51
54
|
|
|
52
55
|
Two support patterns apply across recipes:
|
|
53
56
|
|
|
@@ -56,6 +59,12 @@ Two support patterns apply across recipes:
|
|
|
56
59
|
- **Recovery / Resume / Handoff**: use saved config, handoff, replay, audit,
|
|
57
60
|
telemetry, and inbox state to resume a managed task safely.
|
|
58
61
|
|
|
62
|
+
Across all recipes, accepted criteria should describe worker/task deliverables.
|
|
63
|
+
Manager closeout mechanics such as `finish-task`, `--require-criteria-audit`,
|
|
64
|
+
final task state, heartbeat teardown, and final manager reporting are final
|
|
65
|
+
report or audit evidence. Do not seed them as accepted worker criteria unless
|
|
66
|
+
the task is explicitly Conveyor closeout QA.
|
|
67
|
+
|
|
59
68
|
## GoalBuddy Conveyor
|
|
60
69
|
|
|
61
70
|
Use this when the user says things like "make GoalBuddy boards", "run the
|
|
@@ -248,6 +257,150 @@ sequenceDiagram
|
|
|
248
257
|
M->>W: Clear after saved handoff and worker_compact_clear permission
|
|
249
258
|
```
|
|
250
259
|
|
|
260
|
+
## Autonomous Ship-It Loop
|
|
261
|
+
|
|
262
|
+
Use this when the operator explicitly wants a manager-worker pair to ship a
|
|
263
|
+
bounded repo task through branch push, PR creation, CI monitoring, conflict
|
|
264
|
+
repair, and merge. This recipe is stricter than a PR/CI/Merge Ralph loop:
|
|
265
|
+
green CI is necessary, but never sufficient. The manager must also record a
|
|
266
|
+
fresh mergeability check, an explicit manager merge decision, the merge receipt,
|
|
267
|
+
post-merge verification, and structured adversarial proof.
|
|
268
|
+
|
|
269
|
+
Suggested setup:
|
|
270
|
+
|
|
271
|
+
```bash
|
|
272
|
+
conveyor loop-templates --create-run "$TASK" \
|
|
273
|
+
--template ship_it_loop \
|
|
274
|
+
--max-iterations 2 \
|
|
275
|
+
--current-iteration 1 \
|
|
276
|
+
--json
|
|
277
|
+
|
|
278
|
+
conveyor manager-config "$TASK" \
|
|
279
|
+
--mode strict \
|
|
280
|
+
--objective "Ship the bounded repo task through branch, PR, CI, conflict handling, manager merge decision, merge, and post-merge verification." \
|
|
281
|
+
--acceptance "Branch, PR URL, green CI, clean mergeability, manager merge decision, merge receipt, post-merge verification, and adversarial proof are recorded before closeout." \
|
|
282
|
+
--acceptance "Blocked conflict loops stop with retry count, last sanitized evidence, and next exact operator action." \
|
|
283
|
+
--permit repo.push_branch \
|
|
284
|
+
--permit repo.open_pr \
|
|
285
|
+
--permit repo.monitor_ci \
|
|
286
|
+
--permit repo.resolve_conflicts \
|
|
287
|
+
--permit repo.merge_green_pr \
|
|
288
|
+
--allow-worker-compact-clear \
|
|
289
|
+
--tool verification.run_tests \
|
|
290
|
+
--tool context.fetch_prs
|
|
291
|
+
```
|
|
292
|
+
|
|
293
|
+
Conversation storyboard:
|
|
294
|
+
|
|
295
|
+
```mermaid
|
|
296
|
+
sequenceDiagram
|
|
297
|
+
participant M as Manager
|
|
298
|
+
participant D as Dispatch
|
|
299
|
+
participant W as Worker
|
|
300
|
+
M->>W: Ask for bounded implementation and local proof
|
|
301
|
+
W->>D: completion event with branch/test receipt
|
|
302
|
+
D->>M: worker_task_complete notification
|
|
303
|
+
M->>M: Verify diff, branch receipt, and push authority
|
|
304
|
+
M->>M: Open PR only with repo.open_pr permission
|
|
305
|
+
M->>M: Monitor CI and mergeability; request conflict fixes only within policy
|
|
306
|
+
M->>M: Record explicit manager_merge_decision
|
|
307
|
+
M->>M: Merge only with repo.merge_green_pr plus post-merge/adversarial proof
|
|
308
|
+
```
|
|
309
|
+
|
|
310
|
+
Fail closed on these conditions:
|
|
311
|
+
|
|
312
|
+
- no explicit permission for the requested repo side effect;
|
|
313
|
+
- CI green but mergeability, manager decision, or post-merge proof is missing;
|
|
314
|
+
- conflict retries reach the configured limit;
|
|
315
|
+
- a worker proposes merge based only on its own completion claim;
|
|
316
|
+
- the live manager/worker transcript is not reviewable through the app or tmux
|
|
317
|
+
session.
|
|
318
|
+
|
|
319
|
+
Local proof:
|
|
320
|
+
|
|
321
|
+
```bash
|
|
322
|
+
conveyor qa-plan ship-it-loop
|
|
323
|
+
conveyor qa-run ship-it-loop --receipt-output /tmp/ship-it-loop-receipt.json --json
|
|
324
|
+
```
|
|
325
|
+
|
|
326
|
+
## Creative Ops Campaign
|
|
327
|
+
|
|
328
|
+
Use this when one manager should coordinate multiple Codex app worker sessions
|
|
329
|
+
for channel-specific creative work such as YouTube, TikTok, LinkedIn, Facebook,
|
|
330
|
+
image generation prompts, HyperFrames scripts, or reviewable copy drafts.
|
|
331
|
+
This recipe layers campaign state on top of ordinary manager/worker sessions:
|
|
332
|
+
workers remain visible app or tmux sessions, while the campaign record tracks
|
|
333
|
+
slots, channel briefs, assignments, asset receipts, blockers, and review state.
|
|
334
|
+
|
|
335
|
+
Suggested setup:
|
|
336
|
+
|
|
337
|
+
```bash
|
|
338
|
+
conveyor campaign create \
|
|
339
|
+
--name "$CAMPAIGN" \
|
|
340
|
+
--objective "Produce reviewable creative assets across named channels." \
|
|
341
|
+
--json
|
|
342
|
+
|
|
343
|
+
conveyor campaign add-slot \
|
|
344
|
+
--name "$CAMPAIGN" \
|
|
345
|
+
--slot-key tiktok \
|
|
346
|
+
--role-label "TikTok worker" \
|
|
347
|
+
--channel tiktok \
|
|
348
|
+
--thread-id "$TIKTOK_THREAD_ID" \
|
|
349
|
+
--thread-title "TikTok Campaign Worker" \
|
|
350
|
+
--state active \
|
|
351
|
+
--json
|
|
352
|
+
|
|
353
|
+
conveyor campaign brief \
|
|
354
|
+
--name "$CAMPAIGN" \
|
|
355
|
+
--channel tiktok \
|
|
356
|
+
--brief-json '{"format":"9:16","review_gate":"human approval before publish"}' \
|
|
357
|
+
--json
|
|
358
|
+
|
|
359
|
+
conveyor dashboard --campaign "$CAMPAIGN" --ensure-dispatch
|
|
360
|
+
```
|
|
361
|
+
|
|
362
|
+
Manager operating loop:
|
|
363
|
+
|
|
364
|
+
```bash
|
|
365
|
+
conveyor campaign dashboard --name "$CAMPAIGN" --json
|
|
366
|
+
conveyor campaign assign --name "$CAMPAIGN" --slot "$SLOT_ID" \
|
|
367
|
+
--title "Draft first-pass TikTok hooks" \
|
|
368
|
+
--instructions "Create reviewable draft copy only; do not publish." \
|
|
369
|
+
--status active --json
|
|
370
|
+
conveyor campaign asset --name "$CAMPAIGN" --slot "$SLOT_ID" \
|
|
371
|
+
--assignment "$ASSIGNMENT_ID" --asset-type copy \
|
|
372
|
+
--title "TikTok hooks v1" --status needs_review \
|
|
373
|
+
--prompt-summary "Sanitized prompt summary only." --json
|
|
374
|
+
```
|
|
375
|
+
|
|
376
|
+
Evidence gates:
|
|
377
|
+
|
|
378
|
+
- `campaign dashboard --name "$CAMPAIGN" --json` shows every active worker
|
|
379
|
+
slot, lifecycle state, blockers, approval counts, and `next_manager_action`.
|
|
380
|
+
- Each worker task has a slot-scoped `campaign assign` receipt before work
|
|
381
|
+
starts and at least one `campaign asset` receipt before it can be reviewed.
|
|
382
|
+
- Human approval is required before public publishing, scheduling, or posting.
|
|
383
|
+
Use `approved` or `published` asset receipt statuses only to record actual
|
|
384
|
+
review outcomes; they are not permission to publish by themselves.
|
|
385
|
+
- Stale or context-heavy Codex app workers are rotated only through
|
|
386
|
+
`campaign rotate-slot` with the exact current `--expected-thread-id`.
|
|
387
|
+
- Finished or replaced workers are archived only through `campaign archive-slot`
|
|
388
|
+
with the exact current `--expected-thread-id`.
|
|
389
|
+
|
|
390
|
+
Fail closed on these conditions:
|
|
391
|
+
|
|
392
|
+
- the manager cannot see the worker slot in `campaign dashboard`;
|
|
393
|
+
- a worker thread id does not match the slot before rotate/archive;
|
|
394
|
+
- a worker asks to publish or schedule without explicit human approval;
|
|
395
|
+
- raw screenshots, private phone content, tokens, JWTs, keys, audio, or
|
|
396
|
+
unsanitized transcripts would be committed as receipts;
|
|
397
|
+
- dogfood proof is missing but the manager tries to claim the campaign system
|
|
398
|
+
is fully validated.
|
|
399
|
+
|
|
400
|
+
This recipe is ready for local dry runs and controlled dogfood. Treat final
|
|
401
|
+
dogfood success as a separate evidence task: the recipe can configure the loop,
|
|
402
|
+
but it does not by itself prove that a real campaign finished.
|
|
403
|
+
|
|
251
404
|
## Inbox / No-Tmux App Loop
|
|
252
405
|
|
|
253
406
|
When a manager or worker is a Codex app session without a tmux pane, Dispatch
|
|
@@ -271,6 +424,14 @@ there is no next worker task, the manager should record the terminal decision,
|
|
|
271
424
|
run `conveyor finish-task "$TASK" --require-criteria-audit`, and explicitly
|
|
272
425
|
report heartbeat teardown status. If the task or binding still appears active,
|
|
273
426
|
report that as a control-plane blocker instead of calling the loop complete.
|
|
427
|
+
That closeout proof belongs in the manager final report or audit receipts, not
|
|
428
|
+
as a blocking accepted criterion for the worker.
|
|
429
|
+
|
|
430
|
+
For operator review, the live app or tmux session is the primary transcript.
|
|
431
|
+
Any consumed inbox item must be visible in that same session while the turn is
|
|
432
|
+
running: print `CONVEYOR POLL`, `CONVEYOR RECEIVED`, `WORK`, `CONVEYOR SEND`,
|
|
433
|
+
and `DISPATCH` sections. A one-line idle receipt is acceptable only when no
|
|
434
|
+
item is consumed.
|
|
274
435
|
|
|
275
436
|
When the manager is running in the Codex app and thread tools are available,
|
|
276
437
|
create fresh same-project manager and worker threads with `create_thread`, set
|
|
@@ -315,6 +476,9 @@ heartbeat policy and emit the exact Codex app heartbeat automation specs plus a
|
|
|
315
476
|
bounded Dispatch watch command. `app-autopilot stop` records the teardown policy
|
|
316
477
|
decision; it does not itself delete Codex app automations because that action
|
|
317
478
|
belongs to the Codex app automation layer.
|
|
479
|
+
The emitted heartbeat prompts include the visible-session protocol; do not
|
|
480
|
+
replace them with compact prompts that hide consumed work behind SQLite or
|
|
481
|
+
replay.
|
|
318
482
|
Each operator pulse should inspect `app-autopilot status --json`; if
|
|
319
483
|
`plan.quiescence.recommended_action` is `stop_autopilot`, record
|
|
320
484
|
`app-autopilot stop`, pause/delete the app heartbeat automations, and report the
|
|
@@ -334,6 +498,24 @@ record each outcome with `app-wakeup-record-delivery` linked to the dispatch
|
|
|
334
498
|
receipt. Record healthy roles as `skipped` and missing-thread roles as
|
|
335
499
|
`blocked`; do not treat the app-thread send as task completion.
|
|
336
500
|
|
|
501
|
+
For worker context cleanup in Codex app sessions, prefer fresh-worker rotation
|
|
502
|
+
over remote slash commands. Run:
|
|
503
|
+
|
|
504
|
+
```bash
|
|
505
|
+
conveyor app-worker-rotation-plan "$TASK" \
|
|
506
|
+
--old-worker-thread-id "$OLD_WORKER_THREAD_ID" \
|
|
507
|
+
--require-handoff \
|
|
508
|
+
--json
|
|
509
|
+
```
|
|
510
|
+
|
|
511
|
+
Only act on plans where `eligible=true`. First create the replacement worker
|
|
512
|
+
thread with the emitted prompt, then archive exactly the
|
|
513
|
+
`archive_old_worker_thread.thread.id` from the plan, and finally record the
|
|
514
|
+
result with the emitted `record_command`. Conveyor re-checks that the old thread
|
|
515
|
+
still belongs to the active bound worker before updating the worker session to
|
|
516
|
+
the new thread id. Never archive a manager thread, an unrelated worker thread,
|
|
517
|
+
or any thread id that did not come from the current rotation plan.
|
|
518
|
+
|
|
337
519
|
The saved dogfood example is
|
|
338
520
|
`docs/goals/live-codex-app-inbox-drill/notes/T001-live-drill.md`. It proves
|
|
339
521
|
manager-to-worker `nudge_worker` delivery and worker-to-manager
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: manage-codex-workers
|
|
3
|
-
description: Use when the user asks to set up an Agent Conveyor Ralph loop, register an existing Codex session as a worker or manager, create a supervised task, bind a pair, run observation cycles, send nudges, interrupt busy-waits, finish a task, or audit/replay supervision history.
|
|
3
|
+
description: Use when the user asks to set up an Agent Conveyor Ralph loop or autonomous ship-it loop, register an existing Codex session as a worker or manager, create a supervised task, bind a pair, run observation cycles, send nudges, interrupt busy-waits, finish a task, or audit/replay supervision history.
|
|
4
4
|
---
|
|
5
5
|
|
|
6
6
|
# Manage Codex Workers
|
|
@@ -28,6 +28,26 @@ Max iterations: <number, default 3>
|
|
|
28
28
|
Require adversarial proof before another worker iteration.
|
|
29
29
|
```
|
|
30
30
|
|
|
31
|
+
For repo delivery where the user explicitly grants branch, PR, CI, conflict,
|
|
32
|
+
and merge authority, use the `ship-it-loop` recipe and `ship_it_loop` template
|
|
33
|
+
instead of a generic Ralph loop:
|
|
34
|
+
|
|
35
|
+
```text
|
|
36
|
+
Use the manage-codex-workers skill.
|
|
37
|
+
|
|
38
|
+
Set up a Codex app autonomous ship-it loop for <bounded repo task>.
|
|
39
|
+
Manager may push a branch, open a PR, monitor CI, resolve bounded conflicts,
|
|
40
|
+
and merge only after explicit manager merge evidence.
|
|
41
|
+
Max iterations: <number, default 2>
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
For creative-ops work where the user wants one manager to supervise multiple
|
|
45
|
+
Codex app workers across channels such as YouTube, TikTok, LinkedIn, Facebook,
|
|
46
|
+
image generation, HyperFrames, or copy drafts, use the Creative Ops Campaign
|
|
47
|
+
recipe. It should create campaign records, worker slots, channel briefs,
|
|
48
|
+
slot-scoped assignments, asset receipts, and dashboard status proof. It must
|
|
49
|
+
not imply public publishing or scheduling without explicit human approval.
|
|
50
|
+
|
|
31
51
|
Skill behavior:
|
|
32
52
|
|
|
33
53
|
1. Work from `/Users/neonwatty/Desktop/codex-terminal-manager`.
|
|
@@ -42,10 +62,19 @@ Skill behavior:
|
|
|
42
62
|
`fork_thread` unless the user explicitly asks to fork or resume this exact
|
|
43
63
|
conversation. If the current thread is explicitly acting as the manager,
|
|
44
64
|
use the current thread as manager and create only the worker thread.
|
|
45
|
-
5. Create the no-tmux binding with `conveyor create-disposable-binding
|
|
46
|
-
|
|
47
|
-
`--
|
|
48
|
-
|
|
65
|
+
5. Create the no-tmux binding with `conveyor create-disposable-binding`.
|
|
66
|
+
For same-thread Codex app visible-session loops, prefer
|
|
67
|
+
`--template app_visible_build_loop` for build/test dogfood or a custom
|
|
68
|
+
`--required-before-continue adversarial_check` gate; do not choose
|
|
69
|
+
cleanup-gated templates such as `build_then_clear` or
|
|
70
|
+
`compact_then_continue` unless the setup creates a fresh worker thread per
|
|
71
|
+
iteration or has a concrete app-session cleanup receipt path. For an
|
|
72
|
+
operator-approved ship-it loop, use `--template ship_it_loop`, save the
|
|
73
|
+
`ship-it-loop` manager recipe, and require branch, push, PR, CI,
|
|
74
|
+
mergeability, manager merge decision, merge, post-merge, and
|
|
75
|
+
`adversarial_check` receipts before merge or closeout. Use `--adversarial`,
|
|
76
|
+
a bounded `--max-iterations`, and `--json`. When step 4 produced app thread
|
|
77
|
+
ids, pass them through `--manager-codex-app-thread-id`,
|
|
49
78
|
`--manager-codex-app-thread-title`, `--worker-codex-app-thread-id`, and
|
|
50
79
|
`--worker-codex-app-thread-title` so Conveyor can surface app identities in
|
|
51
80
|
`sessions`, `discover`, and setup JSON. If app thread tools are not
|
|
@@ -100,6 +129,13 @@ Idle polling rule for Codex app/no-tmux sessions:
|
|
|
100
129
|
one-iteration Dispatch run before treating the worker pass as reported. A
|
|
101
130
|
direct Codex app final answer is local thread text; it does not notify the
|
|
102
131
|
manager inbox or prove the manager saw the result.
|
|
132
|
+
- The actual manager and worker sessions are the primary human-reviewable
|
|
133
|
+
transcript. SQLite, replay, and status commands are audit proof, not a
|
|
134
|
+
substitute for visible work. When a manager or worker consumes an inbox item,
|
|
135
|
+
it must print live session sections before acting and before final answer:
|
|
136
|
+
`CONVEYOR POLL`, `CONVEYOR RECEIVED`, `WORK`, `CONVEYOR SEND`, and
|
|
137
|
+
`DISPATCH`. Idle polls may end with one short `CONVEYOR IDLE` receipt, but
|
|
138
|
+
consumed work must never be handled silently or only summarized later.
|
|
103
139
|
- Prefer `conveyor app-autopilot start <task> --json` from the operator or
|
|
104
140
|
manager session when setting up a Codex app/no-tmux pair for autonomous
|
|
105
141
|
heartbeat management. It records a durable pair-level heartbeat policy and
|
|
@@ -134,6 +170,16 @@ Idle polling rule for Codex app/no-tmux sessions:
|
|
|
134
170
|
`--delivery-status skipped`; for `blocked_missing_thread`, record
|
|
135
171
|
`--delivery-status blocked`. These delivery receipts audit app-thread wake
|
|
136
172
|
attempts; they do not replace Dispatch inbox, heartbeat, or task evidence.
|
|
173
|
+
- For Codex app/no-tmux worker cleanup, do not rely on sending `/compact` or
|
|
174
|
+
`/clear` with `send_message_to_thread`; that arrives as ordinary prompt text.
|
|
175
|
+
Prefer `conveyor app-worker-rotation-plan <task> --old-worker-thread-id
|
|
176
|
+
<active-worker-thread-id> --require-handoff --json`. Only if the plan reports
|
|
177
|
+
`eligible=true`, create the replacement worker thread from the emitted
|
|
178
|
+
`create_replacement_worker_thread.prompt`, archive exactly the emitted
|
|
179
|
+
`archive_old_worker_thread.thread.id`, then run the emitted
|
|
180
|
+
`app-worker-rotation-record` command with the new thread id/title. The
|
|
181
|
+
manager must never archive a thread that is not the active bound worker in the
|
|
182
|
+
current plan.
|
|
137
183
|
- For bounded Ralph loops, treat `ralph_loop_iteration_advanced` telemetry as
|
|
138
184
|
the receipt that a worker actually consumed and began the requested
|
|
139
185
|
iteration.
|
|
@@ -457,7 +503,10 @@ compact progress summary and likely next steps in SQLite. Use `manager-config`
|
|
|
457
503
|
to save what the manager should check against, how structured supervision
|
|
458
504
|
should be, acceptance criteria, planning/PRD/mockup references, and permissions
|
|
459
505
|
such as `--allow-pr`, `--allow-merge-green`, and
|
|
460
|
-
`--allow-worker-compact-clear`.
|
|
506
|
+
`--allow-worker-compact-clear`. For ship-it loops, also use explicit
|
|
507
|
+
`--permit repo.push_branch`, `--permit repo.monitor_ci`, and
|
|
508
|
+
`--permit repo.resolve_conflicts`; never imply these from a general request to
|
|
509
|
+
"ship it."
|
|
461
510
|
|
|
462
511
|
## Manager Recipes
|
|
463
512
|
|
|
@@ -471,6 +520,9 @@ First-draft recipes:
|
|
|
471
520
|
|
|
472
521
|
- `GoalBuddy Conveyor` — one parent board, one active child board, PR/CI/merge
|
|
473
522
|
or `satisfied_on_main` proof, and parent receipt update before the next child.
|
|
523
|
+
- `Creative Ops Campaign` — one manager supervises multiple named worker slots
|
|
524
|
+
for channel-specific creative assets using campaign state, dashboard status,
|
|
525
|
+
assignment receipts, asset review receipts, and human publish gates.
|
|
474
526
|
- `Test Coverage Loop` — require test coverage evidence plus structured
|
|
475
527
|
adversarial proof before another worker pass.
|
|
476
528
|
- `UX Polish Loop` — require browser/screenshot/visual-diff evidence plus
|
|
@@ -479,6 +531,9 @@ First-draft recipes:
|
|
|
479
531
|
nudge sparingly, and keep permissions minimal.
|
|
480
532
|
- `PR/CI/Merge Ralph Loop` — manage PR readiness, CI, fixes, merge, handoff,
|
|
481
533
|
and compact/clear receipts.
|
|
534
|
+
- `Autonomous Ship-It Loop` — push branch, open PR, monitor CI, handle bounded
|
|
535
|
+
conflicts, and merge only after manager-owned mergeability, merge decision,
|
|
536
|
+
post-merge, and adversarial evidence.
|
|
482
537
|
|
|
483
538
|
Support patterns:
|
|
484
539
|
|
|
@@ -504,10 +559,16 @@ the human interaction in the Codex chat where the user is already working and
|
|
|
504
559
|
keeps SQLite writes explicit. Use `manager-config --interactive` only as a
|
|
505
560
|
terminal fallback for a human running `conveyor` directly.
|
|
506
561
|
|
|
507
|
-
Before instructing high-level actions such as
|
|
508
|
-
worker compact/clear, check
|
|
562
|
+
Before instructing high-level actions such as branch push, PR creation, CI
|
|
563
|
+
monitoring, conflict resolution, green PR merge, or worker compact/clear, check
|
|
564
|
+
the saved policy:
|
|
509
565
|
|
|
510
566
|
```bash
|
|
567
|
+
conveyor manager-permission my-task repo.push_branch --require
|
|
568
|
+
conveyor manager-permission my-task repo.open_pr --require
|
|
569
|
+
conveyor manager-permission my-task repo.monitor_ci --require
|
|
570
|
+
conveyor manager-permission my-task repo.resolve_conflicts --require
|
|
571
|
+
conveyor manager-permission my-task repo.merge_green_pr --require
|
|
511
572
|
conveyor manager-permission my-task worker_compact_clear \
|
|
512
573
|
--require-handoff --require
|
|
513
574
|
```
|
|
@@ -538,6 +599,11 @@ This command checks `worker_compact_clear`, requires a saved handoff, records a
|
|
|
538
599
|
durable command, and sends Codex `/compact` to the worker's tmux pane. Use
|
|
539
600
|
`--clear` for `/clear`, or `--prompt-only` to send the conservative
|
|
540
601
|
verify/update-handoff prompt instead of a slash command.
|
|
602
|
+
For Codex app workers, use app worker rotation instead of this tmux slash path:
|
|
603
|
+
`conveyor app-worker-rotation-plan my-task --old-worker-thread-id
|
|
604
|
+
<active-worker-thread-id> --require-handoff --json`, followed by Codex app
|
|
605
|
+
`create_thread`, exact old-worker `set_thread_archived`, and
|
|
606
|
+
`app-worker-rotation-record`.
|
|
541
607
|
|
|
542
608
|
## Manager Loop Pattern
|
|
543
609
|
|
|
@@ -581,6 +647,43 @@ child board active, require PR/CI/merge or `satisfied_on_main` proof before
|
|
|
581
647
|
marking a child done, and update the parent receipt before activating the next
|
|
582
648
|
child.
|
|
583
649
|
|
|
650
|
+
Natural-language requests such as "run a multi-channel creative ops campaign",
|
|
651
|
+
"have one manager coordinate YouTube, TikTok, LinkedIn, and Facebook workers",
|
|
652
|
+
"generate imagery, HyperFrames, videos, and copy across channels", or "use
|
|
653
|
+
multiple first-time manager guys and girls" should resolve to the Creative Ops
|
|
654
|
+
Campaign recipe unless the user chooses a custom policy. The manager should:
|
|
655
|
+
|
|
656
|
+
1. Create or reuse a campaign with `conveyor campaign create`.
|
|
657
|
+
2. Create one worker slot per channel or discipline with `campaign add-slot`,
|
|
658
|
+
preserving Codex app thread ids/titles when available.
|
|
659
|
+
3. Record structured channel briefs with `campaign brief`.
|
|
660
|
+
4. Assign work with `campaign assign` before asking a worker to produce assets.
|
|
661
|
+
5. Record worker output with `campaign asset` using sanitized prompt summaries,
|
|
662
|
+
asset type, review status, and safe artifact paths.
|
|
663
|
+
6. Use `campaign dashboard --name <campaign> --json` or
|
|
664
|
+
`dashboard --campaign <campaign>` as the manager status surface.
|
|
665
|
+
7. Rotate stale/context-heavy workers only with `campaign rotate-slot` and an
|
|
666
|
+
exact `--expected-thread-id`; archive only with `campaign archive-slot` and
|
|
667
|
+
the exact current thread id.
|
|
668
|
+
8. Treat public publishing, scheduling, posting, external account access,
|
|
669
|
+
private phone content, raw audio, tokens, JWTs, keys, archives, and IPAs as
|
|
670
|
+
human-gated or forbidden unless the operator explicitly approves the narrow
|
|
671
|
+
action.
|
|
672
|
+
|
|
673
|
+
Do not claim that the campaign system is fully dogfooded merely because the
|
|
674
|
+
recipe was configured. Final campaign dogfood requires dashboard proof, asset
|
|
675
|
+
receipts, manager review decisions, and a separate dogfood receipt or blocker.
|
|
676
|
+
|
|
677
|
+
Natural-language requests such as "ship this autonomously", "let the manager
|
|
678
|
+
open the PR and merge when green", or "have the manager handle conflicts and
|
|
679
|
+
merge" must resolve to the `ship-it-loop` recipe or an explicit custom policy.
|
|
680
|
+
Use `conveyor qa-plan ship-it-loop` to retrieve the permission boundaries,
|
|
681
|
+
correlation markers, lifecycle evidence template, and negative QA checks. The
|
|
682
|
+
manager must record `branch_ready`, `branch_pushed`, `pr_url`, `ci_green`,
|
|
683
|
+
`mergeability_clean`, `manager_merge_decision`, `merge`,
|
|
684
|
+
`post_merge_verification`, and structured `adversarial_check` evidence before
|
|
685
|
+
treating the loop as merge-ready. CI green is not a merge decision.
|
|
686
|
+
|
|
584
687
|
```bash
|
|
585
688
|
conveyor cycle my-task
|
|
586
689
|
# {
|
|
@@ -652,6 +755,11 @@ Acceptance criteria are living supervision state, not just setup text. Inspect
|
|
|
652
755
|
versus follow-up.
|
|
653
756
|
- Record current-task criteria as proposed or accepted, and record follow-up
|
|
654
757
|
criteria as deferred.
|
|
758
|
+
- Keep manager closeout/control-plane proof out of accepted worker criteria.
|
|
759
|
+
Items such as `finish-task`, `--require-criteria-audit`, final task state,
|
|
760
|
+
heartbeat teardown, and final manager reporting belong in the manager final
|
|
761
|
+
report, audit, replay, or epilogue evidence unless the task is explicitly
|
|
762
|
+
Conveyor closeout QA.
|
|
655
763
|
- Use `conveyor criteria` to accept, satisfy, defer, or reject
|
|
656
764
|
criteria as evidence accumulates.
|
|
657
765
|
- Before finishing, compare the worker's receipts and verification against all
|
|
@@ -796,6 +904,31 @@ etc.) run `conveyor db-doctor --live`.
|
|
|
796
904
|
current manager is a Codex app session with thread tools, send only
|
|
797
905
|
`send_ready=true` wake prompts with `send_message_to_thread`, then record the
|
|
798
906
|
outcome with `app-wakeup-record-delivery`.
|
|
907
|
+
- "fresh worker", "clear app worker", or "rotate Codex app worker": require a
|
|
908
|
+
saved worker handoff, run `app-worker-rotation-plan` with the active bound
|
|
909
|
+
worker thread id, create a new same-project worker thread from the emitted
|
|
910
|
+
prompt, archive only the exact old worker thread id emitted by the plan, and
|
|
911
|
+
record with `app-worker-rotation-record`. If the plan is blocked or the old
|
|
912
|
+
id does not exactly match the active bound worker, stop and report the
|
|
913
|
+
blocker.
|
|
914
|
+
- "set up a Creative Ops Campaign", "run a multi-channel campaign", or "one
|
|
915
|
+
manager with multiple channel workers": use the Creative Ops Campaign recipe;
|
|
916
|
+
create or reuse a campaign, add one slot per channel or discipline, record
|
|
917
|
+
briefs, assign work before worker prompts, require `campaign asset` receipts
|
|
918
|
+
for outputs, run `campaign dashboard --name <campaign> --json` for manager
|
|
919
|
+
status, and require exact-thread `campaign rotate-slot`/`campaign
|
|
920
|
+
archive-slot` for owned worker cleanup. Do not publish or schedule without
|
|
921
|
+
explicit human approval.
|
|
922
|
+
- "set up an autonomous ship-it loop", "ship this through PR and merge", or
|
|
923
|
+
"merge when green": resolve to `ship-it-loop` unless the user explicitly
|
|
924
|
+
chooses a custom policy. Show the locked recipe summary, require explicit
|
|
925
|
+
operator confirmation for `repo.push_branch`, `repo.open_pr`,
|
|
926
|
+
`repo.monitor_ci`, `repo.resolve_conflicts`, and `repo.merge_green_pr`, then
|
|
927
|
+
create or use a `ship_it_loop` run. Before merge, require fresh CI,
|
|
928
|
+
mergeability, manager merge decision, merge receipt, post-merge verification,
|
|
929
|
+
and adversarial proof receipts. If conflict retries hit the configured limit,
|
|
930
|
+
block with sanitized evidence and the next exact action instead of continuing
|
|
931
|
+
to wake the worker.
|
|
799
932
|
- "register this Codex session as the worker for dashboard setup <CODE>":
|
|
800
933
|
derive `dashboard-<CODE>-worker`, run `conveyor doctor-self`, then
|
|
801
934
|
`conveyor register-worker --name dashboard-<CODE>-worker --pid <PID> --cwd <CWD> --tmux-session <SESSION>`.
|
|
@@ -833,6 +966,8 @@ conveyor qa-plan emergent-criteria
|
|
|
833
966
|
conveyor qa-plan emergent-criteria --json
|
|
834
967
|
conveyor qa-plan tmux-errors
|
|
835
968
|
conveyor qa-plan tmux-errors --json
|
|
969
|
+
conveyor qa-plan ship-it-loop
|
|
970
|
+
conveyor qa-run ship-it-loop --receipt-output /tmp/ship-it-loop-receipt.json --json
|
|
836
971
|
```
|
|
837
972
|
|
|
838
973
|
Use `emergent-criteria` when validating a real worker/manager pair through
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
interface:
|
|
2
2
|
display_name: "Manage Codex Workers"
|
|
3
|
-
short_description: "Manage tmux
|
|
4
|
-
default_prompt: "Use $manage-codex-workers to start, supervise, or stop
|
|
3
|
+
short_description: "Manage Codex app or tmux workers"
|
|
4
|
+
default_prompt: "Use $manage-codex-workers to start, supervise, rotate, or stop Codex worker sessions with conveyor."
|
|
5
5
|
brand_color: "#2563EB"
|