What was designed vs. what runs
Plan vs. reality.
The ring was built from an explicit design document. This page measures the running system against that plan, honestly — so that the things which look "missing" can be correctly sorted into deliberately deferred, drifted in deployment, and genuinely broken or unbuilt. It is the reconciliation that sits behind the Open Issues worklist.
The headline. The MVP the plan actually scoped — a three-peer ring on a local Postgres with a small set of delivery skills — is built and live. Most of what's absent was pushed past the MVP on purpose. A handful of items, though, are real defects or deployment drift, and those are the ones worth fixing first.
One framing correction first
This is an ongoing engagement, not a fixed term
The plan and these docs describe phases — Pilot → Scale → Transform — with phase-boundary rotation milestones. Those phases are real structural markers. The overall horizon, however, is long-running and open-ended; the ring is designed to keep operating indefinitely, not to wind down on a calendar date. Read every "phase" reference as a milestone within a continuing program.
The plan, line by line, against today
Scope scorecard
Status legend: built running today · partial exists in part · deferred intentionally past the MVP · gap designed but not running · drift deployed differently than planned.
Agent topology
| Planned | Status | Notes |
|---|---|---|
| 3 long-lived peers — CoS SA Steward | built | The full peer ring is spawned and live. This is the MVP, and it works. |
| 5 scheduled spawn-per-tick agents — Signal Scout, Backlog Sentinel, Pipeline Watcher, Reuse Scout, Intake Triage | partial | Substrate & scout-sweep built and staged; Signal Scout proven Unit J, four K-scouts built Batch 7 (Backlog Sentinel K3, Pipeline Watcher K4, Reuse Scout K5, Intake Triage K6 — briefs LIVE on disk under ~/.copilot/m-role-briefs/scouts/; per-scout manual prove + Charlie's posture-flag flip pending). K1 makes sp_create_signal idempotent without pre-check boilerplate. The driving ring-tick is built but its recurring schedule is off pending Charlie's posture call (see Roadmap). |
| 1 Library Curator agent | deferred | Not built. Part of the same deferred autonomous tier; on the K-extensions backlog alongside Pod Intel and Customer Health aggregators. |
| 2 aggregators — Pod Intel, Customer Health | partial | These exist as tables in the schema, not as running agents. The data shapes are there; nothing populates them autonomously yet. |
Skills
| Planned | Status | Notes |
|---|---|---|
3-skill delivery MVP — daily-brief, decision-capture, ado-bulk-triage | built | All three on disk and in use. Plus outbound-voice (the comms voice layer) and the bootstrap/rotate ceremony mechanics. |
cowork browser bridge | built | Present on disk (7th skill) but undocumented in the briefs/matrix — see ISS-17. |
| ~15 ceremony / operational skills | deferred | The plan sketched a much larger skill surface; only the MVP subset is real today. The rest is future work. |
| 5 demoted session→skill helpers — Reviewer, Compliance Checker, Diagnostician, Comms Draftsperson, ADO Scribe | in progress | The plan marked these "future work"; the fix campaign is building them out. ADO Scribe is now built — a real ado-scribe drainer skill (ISS-04, resolved). The other four remain backlog. |
Integration & schema
| Planned | Status | Notes |
|---|---|---|
Local Postgres — db haleon_aiac, schema haleon, 22 base tables, 15 enums, 12 *In views, 14 sp_* functions | built | All present and verified against the live DDL. This is the backbone and it's solid. |
Write-shim: DAB can't bind text→enum/jsonb → *In views + INSTEAD OF triggers + sp_*; the instructions:null envelope rewrite | built | Real and load-bearing — the plan even calls out the instructions:null shim. DAB v1.7.93. |
| ADO write-back — enqueue half | built | Idempotent enqueue path fully wired (ON CONFLICT (idempotency_key)). |
| ADO write-back — drain half | built | Now built: the ado-scribe drainer consumes queued rows and applies them via the ADO MCP, advancing status through sp_update_ado_writeback (ISS-02, ISS-03, resolved). Manual now; cadence under ISS-10. |
triage_summary output | built | Resolved — the Friday end-of-day brief row is the triage summary; no separate artefact needed. |
rotation_log, agent_snapshots tables | built | Built in Batch 3 (D4): both tables created with write shims and wired — rotation writes a handover record + snapshot on each ceremony (ISS-08, ISS-09). |
cost_telemetry table | built | Now populated by sp_rollup_cost_telemetry (idempotent whole-UTC-day cells), wired into daily-brief (ISS-07). |
| 15-minute health-tick automation | built | Built & staged — core-tick + scout-sweep mechanics and the ring-tick skill exist and are verified; the recurring schedule is intentionally off pending a Charlie posture decision (ISS-10). |
Absent on purpose
The deferred-by-design tier
The single most important thing to understand from the reconciliation: a large share of what looks "unfinished" was never in MVP scope. The plan deliberately staged the ring in two layers.
Layer 1 — the MVP (built)
Three long-lived peers, a local Postgres with the full write-shim, and a handful of delivery skills driven on demand. This is what runs today, and it is genuinely complete.
Layer 2 — the autonomous tier (deferred)
Scheduled scout agents, the Library Curator, the larger ceremony-skill surface, and the five demoted helper roles (Reviewer, Compliance Checker, Diagnostician, Comms Draftsperson, ADO Scribe). All explicitly "future work."
Why this matters for the worklist. Items in Layer 2 should be tracked as deferred, not as bugs. The only fix they need now is documentation hygiene — stop the briefs implying a live skill/agent that was intentionally postponed (the ADO Scribe reference is the clearest example).
Where deployment diverged from the design
Deployment drift
These are places where the running configuration differs from what the plan specified — not deferrals, and not code bugs, but the deployed environment having quietly drifted. Each is a discrepancy on the worklist.
MicrosoftMcCormickTesting/Loom
(area SEE-44471). The live azure_devops MCP points at the shakedown repo
smccormick0886/Haleon-AIAQ instead. The fix direction is therefore to repoint the
MCP, not the skill (ISS-05).m365_* tools — and the m365-softeria
MCP has now been removed from the live config (ISS-21, resolved). Native
m365_* is a builtin capability that survives the removal; only the unused extended-Graph surface
was dropped.anonymous = read-only with an authenticated role for
writes. The live config originally launched anonymous carrying redundant CRUD grants. As of
30 May this is resolved (ISS-22, Option A): the
anonymous role is tightened so every base table is read-only and all writes flow through
the validating *In shim views; authenticated=* stays defined as the dormant production
posture. Read/write separation is now enforced at the entity-permission layer.Where the plan itself left a gap — or seeded a bug
Acknowledged gaps & a self-inflicted bug
Some shortfalls are the plan being honest about what it didn't build. One is more interesting: the plan's own mitigation introduced a defect.
rotation_log or
agent_snapshots table, that Steward audit lived in the ledger rather than
agent_runs, and that cost_telemetry was dark. Per decision D4 ("build all") these
producers are now built and wired: dedicated rotation_log/agent_snapshots tables,
an agent_runs audit spine that every role writes (multi-writer; Steward audits), and a
cost_telemetry rollup. The DB is now the system-of-record; plan.md stays as the
human-readable ledger.slot=evening bug — caused by the plan's mitigation resolvedevening was never a member of the
original brief_slot enum {morning, afternoon, adhoc} — so the mitigation itself
produced the invalid-enum bug tracked as ISS-13. Now resolved:
brief_slot gained evening via ALTER TYPE … ADD VALUE, so the EOD brief
writes a valid slot. A neat reminder to validate mitigations against the schema.draft_pending_charlie bug resolveddraft_pending_charlie status that existed in no
enum, affecting both the ADO queue and comms_drafts
(ISS-01). Now resolved: comms drafts use the existing
awaiting_signoff; the ADO queue uses the newly added pending_approval (with the
queue default flipped to match).So, how do things stack up?
Bottom line
Built & live
The three-peer ring, the local Postgres + full write-shim, and the delivery-skill MVP. The core the plan scoped is real and running.
Deferred by design
Scheduled scouts, the Library Curator, the larger skill surface, and five helper roles — including ADO Scribe. Intentional, not broken.
Handoff. The full, prioritised, evidence-backed list lives on Open Issues — built to be handed straight to the Chief of Staff. This page is the "why": it explains which of those items are real defects versus deliberate scope decisions, so the CoS can triage by intent, not just by symptom.