CC: Add Codex inactive archive executor
This commit is contained in:
Svrnty
@@ -0,0 +1,89 @@
|
||||
---
|
||||
name: cto-codex-retention-archive-executor-packet
|
||||
tier: T1
|
||||
status: validated
|
||||
owner: jp
|
||||
source: CTO-WORK-095
|
||||
last_reviewed: 2026-06-04
|
||||
description: Local CTO packet for the guarded Codex inactive-thread archive executor.
|
||||
---
|
||||
|
||||
# CTO Codex Retention Archive Executor Packet
|
||||
|
||||
Local planning SOT only. Not a Core Protocol. Not active Core authority.
|
||||
|
||||
## Claim
|
||||
|
||||
Codex retention cleanup now has a guarded archive-only executor. Default mode is dry-run. Mutation requires an exact approval token.
|
||||
|
||||
## Context
|
||||
|
||||
`CTO-WORK-094` defined the retention policy. The next vertical move is executable archive-only cleanup, not more Core output tuning.
|
||||
|
||||
This packet keeps the destructive boundary intact. It prepares phase 2 only: set inactive Codex thread records to archived. It does not delete session JSONL, truncate logs, checkpoint, vacuum, read transcript bodies, or import transcripts into Core.
|
||||
|
||||
## Executor
|
||||
|
||||
Dry-run:
|
||||
|
||||
```bash
|
||||
python3 tools/archive_codex_inactive_threads.py
|
||||
```
|
||||
|
||||
Focused check:
|
||||
|
||||
```bash
|
||||
python3 tools/archive_codex_inactive_threads.py --check
|
||||
```
|
||||
|
||||
Approved archive-only execution:
|
||||
|
||||
```bash
|
||||
python3 tools/archive_codex_inactive_threads.py --execute --approval-token "I approve CTO-WORK-095 archive-only Codex threads older than 7 days."
|
||||
```
|
||||
|
||||
## Guardrails
|
||||
|
||||
- candidate selection reads only `id`, `rollout_path`, `updated_at`, `archived`, and file size;
|
||||
- raw transcript bodies are not read;
|
||||
- thread title, preview, and first user message are not read;
|
||||
- default execution is dry-run;
|
||||
- execution requires the exact approval token;
|
||||
- backup runs before DB mutation;
|
||||
- mutation is limited to `threads.archived=1` and `archived_at`;
|
||||
- session JSONL deletion is blocked;
|
||||
- log deletion or truncation is blocked;
|
||||
- SQLite checkpoint or vacuum is blocked;
|
||||
- Core source mutation is blocked.
|
||||
|
||||
## Backup
|
||||
|
||||
Before any approved archive update, the executor backs up:
|
||||
|
||||
- `state_5.sqlite`;
|
||||
- `logs_2.sqlite`;
|
||||
- `state_5.sqlite-wal` when present;
|
||||
- `state_5.sqlite-shm` when present;
|
||||
- `logs_2.sqlite-wal` when present;
|
||||
- `logs_2.sqlite-shm` when present.
|
||||
|
||||
Default backup path is inside `~/.codex/backups/cto-codex-retention/<timestamp>/`.
|
||||
|
||||
## Approval Boundary
|
||||
|
||||
Still blocked without separate approval:
|
||||
|
||||
- delete archived session JSONL;
|
||||
- delete or truncate Codex logs;
|
||||
- run SQLite checkpoint or vacuum;
|
||||
- read raw transcript bodies;
|
||||
- import raw transcripts into Cortex OS Core.
|
||||
|
||||
## Decision
|
||||
|
||||
Use this executor only after JP gives the exact archive-only approval token. Keep delete, log cleanup, checkpoint, and vacuum as later decisions.
|
||||
|
||||
## New Issues
|
||||
|
||||
- must-fix: obtain exact approval token before running `--execute`.
|
||||
- follow-up: after archive-only execution, re-run retention planner and decide whether deletion is still worth separate approval.
|
||||
Reference in New Issue
Block a user