2 changed files with 57 additions and 11 deletions
--- a/prerequisites.md
+++ b/prerequisites.md
@ -1,5 +1,5 @@
 # Prerequisite Tree
-<!-- Last updated: 2026-04-08 -->
+<!-- Last updated: 2026-04-19 -->
 ## Objective: Foundation — Core agent loop (dev → CI → review → merge)
 - [x] dev-agent picks up backlog issues (dev/dev-agent.sh exists)
@ -18,7 +18,7 @@ Status: DONE
 ## Objective: Foundation — Planner gap analysis against vision
 - [x] Planner formula exists (run-planner.toml v4)
 - [x] planner-run.sh cron wrapper exists
- [x] Planning runs established and maintaining prerequisite tree (run 1: 2026-04-05, run 2: 2026-04-08)
+- [x] Planning runs established and maintaining prerequisite tree (runs 1–5)
 Status: DONE
 ## Objective: Foundation — Multi-project support
@ -29,14 +29,14 @@ Status: DONE
 ## Objective: Foundation — Knowledge graph for structural defect detection
 - [x] networkx package installed in agents container (#220 — closed)
 - [x] build-graph.py exists in lib/
- [x] Graph report generating successfully (165 nodes, 137 edges as of 2026-04-08)
+- [x] Graph report generating successfully (230 nodes, 233 edges as of 2026-04-19)
 Status: DONE
 ## Objective: Foundation — Predictor-planner adversarial feedback loop
 - [x] Predictor formula exists (run-predictor.toml)
 - [x] Planner prediction triage step defined
 - [x] Prediction workflow labels created on Forgejo (#225 — closed)
- [x] Predictor filing predictions (4 predictions triaged in run 2)
+- [x] Predictor filing predictions (6 predictions triaged across runs 2–5)
 Status: DONE
 ## --- FOUNDATION MILESTONE: DONE ---
@ -45,8 +45,10 @@ Status: DONE
 - [x] disinto init re-run stability (#158 — closed)
 - [x] disinto init repo creation API endpoint (#164 — closed)
 - [x] Prediction labels created during init (#225 — closed)
- [ ] Ops repo migration for existing deployments (#425 — backlog+priority)
+- [x] Ops repo migration issue filed (#425 — closed)
-Status: BLOCKED — #425 ops repo missing dirs on existing deployments
+- [ ] Ops repo branch protection blocks remote writes (#758 — blocked, HUMAN_BLOCKED)
 - [ ] Re-seed ops repo directories (#820 — backlog+priority, blocked on #758)
 Status: BLOCKED — #758 ops repo branch protection needs human admin action
 ## Objective: Adoption — Built-in Forgejo + Woodpecker CI
 - [x] Docker compose with Forgejo + Woodpecker
@ -54,31 +56,46 @@ Status: BLOCKED — #425 ops repo missing dirs on existing deployments
 - [x] WOODPECKER_HOST override fix (#178 — closed)
 Status: DONE
 ## Objective: Adoption — Nomad+Vault orchestration
 - [x] Step 0: Nomad+Vault installers (cluster-up.sh, install.sh, vault-init.sh, lib-systemd.sh)
 - [x] Step 1: Forgejo on Nomad (nomad/jobs/forgejo.hcl, deploy.sh, S1.3 wiring, S1.4 CI validation)
 - [x] Step 2: Vault policies + secret import (S2.1–S2.6, plus fixes S2-A through S2-G)
 - [x] Step 3: Woodpecker on Nomad (S3.1–S3.4 jobspecs + OAuth + wiring, plus fixes S3-1 through S3-6)
 - [x] Step 4: Agents on Nomad (S4.1 agents.hcl with 7 roles + llama + vault-templated tokens, S4.2 --with agents wiring, plus fixes S4-1 through S4-7)
 - [x] Step 5: Edge + staging + chat + vault-runner on Nomad (S5.1–S5.5, plus fixes S5-fix-1 through S5-fix-7)
 - [ ] Step 5 cutover: retire docker-compose, Nomad as live factory stack (#981 — vision, blocked on edge hostname routing #1022)
 Status: IN PROGRESS — Steps 0-5 infrastructure done, cutover (#981) blocked on edge networking fix
 ## Objective: Adoption — Landing page communicating value proposition
 - [x] Website addressable exists (disinto.ai)
 - [ ] Website observability — no engagement measurement (#426 — vision)
 Status: BLOCKED — no evidence process connected to website
 ## Objective: Adoption — Example project demonstrating full lifecycle
- [ ] No example project exists
+- [ ] No example project exists (#697 — vision+priority)
- [ ] Requires verified bootstrap (#425)
+- [ ] Requires verified bootstrap (blocked on #758/#820)
 Status: BLOCKED — depends on bootstrap completion and ops repo migration
 ## --- ADOPTION MILESTONE: IN PROGRESS ---
 ## Objective: Ship (Fold 2) — Deploy profiles per artifact type
 - [ ] No deploy profiles defined
 - [x] CI pipeline working (Woodpecker OAuth fixed)
 - [x] Nomad jobspec infrastructure available (Steps 0-5 complete)
 Status: BLOCKED — not started, needs design (vision-level)
 ## Objective: Ship (Fold 2) — Vault-gated fold transitions
 - [x] Vault redesign complete (#73-#77 — all closed)
 - [x] Vault PR workflow documented (docs/VAULT.md)
- [ ] Vault directories complete in ops repo (#425 — approved/fired/rejected missing)
+- [x] Vault + Nomad integration (template stanzas, JWT auth, policies)
-Status: BLOCKED — #425 ops repo dirs needed for vault workflow
+- [ ] Vault lifecycle directories on remote ops repo (blocked on #758/#820)
 Status: BLOCKED — #758/#820 ops repo dirs needed for vault workflow
 ## Objective: Ship (Fold 2) — Engagement measurement baked into deploy pipelines
 - [ ] No engagement measurement exists
 - [ ] collect-engagement.sh data loss fix needed (#982 — backlog+priority)
 - [ ] No observables yet (AGENTS.md confirms)
-Status: BLOCKED — depends on deploy profiles + website observability (#426)
+Status: BLOCKED — depends on deploy profiles + website observability (#426) + #982
 ## Objective: Ship (Fold 2) — Rent-a-human for gated channels
 - [x] run-rent-a-human formula exists
--- a/vault/pending/disinto-ops-branch-protection.md
+++ b/vault/pending/disinto-ops-branch-protection.md
@ -0,0 +1,29 @@
 # Request: Remove or relax ops repo branch protection for bot writes
 ## What
 The ops repo (`disinto-ops`) has branch protection on `main` that requires PR approvals. No bot account has sufficient permissions to merge PRs or push directly. This blocks all agent writes to the ops repo — prerequisites.md, planner-memory.md, vault items, evidence, and sprint artifacts are accumulating only locally and lost on container restart.
 ## Why
 Blocks #758 (ops repo branch protection), which blocks #820 (re-seed ops repo dirs), which blocks:
 - Vault PR workflow (pending/approved/fired dirs don't exist)
 - Evidence collection for all agents
 - Bootstrap verification for example project (#697)
 - Planner persistence (this is the 5th run where local changes will be lost)
 Waiting since 2026-04-15.
 ## Human action
 1. Go to Forgejo admin → disinto-ops repo settings → Branch Protection
 2. Either: remove branch protection on `main`, OR add `planner-bot` to the push allowlist
 3. Verify by running: `git push origin main` from the planner container
 4. Comment on #758 confirming the change
 ## Factory will then
 - Push accumulated prerequisites.md, planner-memory.md, vault procurement items
 - Re-seed ops repo directories (#820): evidence/, sprints/, portfolio.md, RESOURCES.md, vault subdirs
 - Enable vault PR workflow for fold transitions
 - Unblock evidence collection and example project bootstrap
 ## Unblocks
 - #758 — ops repo branch protection blocks all agent writes
 - #820 — re-seed ops repo directories
 - #697 — example project (transitively)