prerequisites.md

@@ -1,5 +1,5 @@
 # Prerequisite Tree
-<!-- Last updated: 2026-04-08 -->
+<!-- Last updated: 2026-04-15 -->
 
 ## Objective: Foundation — Core agent loop (dev → CI → review → merge)
 - [x] dev-agent picks up backlog issues (dev/dev-agent.sh exists)
@@ -8,6 +8,9 @@
 - [x] Stale in-progress recovery (#224 — closed)
 - [x] Agent race condition fix (#160 — closed)
 - [x] Dispatcher grep Alpine fix (#150 — closed)
+- [x] Dev-poll post-crash deadlock (#749 — closed)
+- [x] Entrypoint wait deadlock (#753 — closed)
+- [x] Credential helper race on cold boot (#741 — closed)
 Status: DONE
 
 ## Objective: Foundation — Supervisor health monitoring
@@ -18,7 +21,7 @@ Status: DONE
 ## Objective: Foundation — Planner gap analysis against vision
 - [x] Planner formula exists (run-planner.toml v4)
 - [x] planner-run.sh cron wrapper exists
-- [x] Planning runs established and maintaining prerequisite tree (run 1: 2026-04-05, run 2: 2026-04-08)
+- [x] Planning runs established (run 1: 2026-04-05, run 2: 2026-04-08, run 3: 2026-04-15)
 Status: DONE
 
 ## Objective: Foundation — Multi-project support
@@ -29,7 +32,7 @@ Status: DONE
 ## Objective: Foundation — Knowledge graph for structural defect detection
 - [x] networkx package installed in agents container (#220 — closed)
 - [x] build-graph.py exists in lib/
-- [x] Graph report generating successfully (165 nodes, 137 edges as of 2026-04-08)
+- [x] Graph report generating successfully (208 nodes, 291 edges as of 2026-04-15)
 Status: DONE
 
 ## Objective: Foundation — Predictor-planner adversarial feedback loop
@@ -45,24 +48,44 @@ Status: DONE
 - [x] disinto init re-run stability (#158 — closed)
 - [x] disinto init repo creation API endpoint (#164 — closed)
 - [x] Prediction labels created during init (#225 — closed)
-- [ ] Ops repo migration for existing deployments (#425 — backlog+priority)
+- [x] Ops repo migration for existing deployments (#425 — closed, #688 — closed)
-Status: BLOCKED — #425 ops repo missing dirs on existing deployments
+- [ ] Ops repo branch protection blocks agent writes (#758 — blocked, bug-report) blocked-on-vault (vault/pending/disinto-ops-branch-protection.md)
+Status: BLOCKED — #758 ops repo branch protection prevents agent writes
 
 ## Objective: Adoption — Built-in Forgejo + Woodpecker CI
 - [x] Docker compose with Forgejo + Woodpecker
 - [x] Woodpecker OAuth2 redirect URI fix (#172 — closed)
 - [x] WOODPECKER_HOST override fix (#178 — closed)
+- [x] CI exhaustion root cause fixed (#742 — closed)
 Status: DONE
 
 ## Objective: Adoption — Landing page communicating value proposition
 - [x] Website addressable exists (disinto.ai)
-- [ ] Website observability — no engagement measurement (#426 — vision)
+- [x] Evidence/engagement directory setup (#747 — closed)
-Status: BLOCKED — no evidence process connected to website
+- [x] Format-detection guard in collect-engagement.sh (#746 — closed)
+- [ ] Collect-engagement formula + container script (#745 — backlog+priority, retry)
+- [ ] Website observability — engagement measurement wired (#426 — vision)
+Status: BLOCKED — #745 needs successful dev-agent run, then #426 design decisions
 
 ## Objective: Adoption — Example project demonstrating full lifecycle
-- [ ] No example project exists
+- [x] Bootstrap path verified (#425, #688 — closed)
-- [ ] Requires verified bootstrap (#425)
+- [ ] Example project design and implementation (#697 — vision+priority)
-Status: BLOCKED — depends on bootstrap completion and ops repo migration
+Status: BLOCKED — #697 needs design (vision-level), depends on verified bootstrap (now unblocked)
+
+## Objective: Adoption — Subpath routing + Forgejo-OAuth-gated Claude chat (#623)
+- [x] Caddy subpath routing skeleton (#704 — closed)
+- [x] Chat container scaffold (#705 — closed)
+- [x] Chat sandbox hardening (#706 — closed)
+- [x] Forgejo OAuth gate (#708 — closed)
+- [x] Caddy Remote-User forwarding (#709 — closed)
+- [x] Conversation history persistence (#710 — closed)
+- [x] Cost caps + rate limiting (#711 — closed)
+- [x] Per-project subdomain fallback (#713 — closed)
+- [ ] Claude identity isolation (#707 — backlog+priority, ready for retry after #742 fix)
+- [ ] Escalation tools (#712 — backlog+priority, ready for retry after #742 fix)
+Status: BLOCKED — 2 sub-issues remaining (#707, #712), both cleared for retry
+
+## --- ADOPTION MILESTONE: IN PROGRESS ---
 
 ## Objective: Ship (Fold 2) — Deploy profiles per artifact type
 - [ ] No deploy profiles defined
@@ -72,8 +95,9 @@ Status: BLOCKED — not started, needs design (vision-level)
 ## Objective: Ship (Fold 2) — Vault-gated fold transitions
 - [x] Vault redesign complete (#73-#77 — all closed)
 - [x] Vault PR workflow documented (docs/VAULT.md)
-- [ ] Vault directories complete in ops repo (#425 — approved/fired/rejected missing)
+- [x] Vault directories seeded in ops repo (#425, #688 — closed)
-Status: BLOCKED — #425 ops repo dirs needed for vault workflow
+- [ ] Ops repo branch protection blocks vault item visibility (#758) blocked-on-vault (vault/pending/disinto-ops-branch-protection.md)
+Status: BLOCKED — #758 prevents vault items from reaching remote
 
 ## Objective: Ship (Fold 2) — Engagement measurement baked into deploy pipelines
 - [ ] No engagement measurement exists
@@ -82,6 +106,7 @@ Status: BLOCKED — depends on deploy profiles + website observability (#426)
 
 ## Objective: Ship (Fold 2) — Rent-a-human for gated channels
 - [x] run-rent-a-human formula exists
+- [x] Caddy SSH key setup documented (#748 — closed)
 - [ ] Not yet exercised in production
 Status: READY
 

vault/pending/disinto-ops-branch-protection.md

@@ -0,0 +1,31 @@
+# Request: Remove or relax ops repo branch protection for agent writes
+
+## What
+The ops repo (`disinto-ops`) has branch protection on `main` that requires approvals, but no bot account has sufficient permissions to merge. The `planner-bot` has push access but cannot merge. The `review-bot` can approve but cannot push or merge. No admin token is available to agents.
+
+This means `prerequisites.md`, `knowledge/planner-memory.md`, and vault items have been accumulating **only locally** since planner run 2 (2026-04-08). The remote `origin/main` is frozen.
+
+## Why
+Blocks #758 (ops repo branch protection), which blocks ALL agent ops-repo writes: planner prerequisite tree, planner memory, evidence collection, vault pending items. Every agent that writes to the ops repo is silently failing.
+
+Downstream: blocks website observability (#426), collect-engagement (#745), and the entire evidence pipeline.
+
+Waiting since 2026-04-08 (first observed planner run 2).
+
+## Human action
+1. In Forgejo, go to `disinto-ops` → Settings → Branch Protection → `main`
+2. Either:
+   - **Option A (recommended):** Remove branch protection from `disinto-ops` entirely — the ops repo is an internal artifact, not production code. Agent writes should flow freely.
+   - **Option B:** Add `planner-bot` and `dev-bot` to the push/merge allowlist so they can push directly to `main`.
+3. Verify by running: `cd disinto-ops && git push origin main` from the agents container.
+
+## Factory will then
+- Planner will push prerequisite tree updates and memory to `origin/main`
+- Evidence collection (#745) will unblock — collect-engagement formula can commit to ops repo
+- Vault pending items will be visible on the remote for human review
+- All agents writing to ops repo will resume normal operation
+
+## Unblocks
+- #758 — ops repo branch protection blocks all agent writes
+- #745 — collect-engagement formula (indirectly, if the no_push is ops-related)
+- #426 — website observability (downstream)