How one persistent manager agent has coordinated Codex worker agents through a 97-hour (and running) frontend architecture replacement — 67 commits across roughly 50 gated batches, phases 0–6 complete and phase 7 of 8 in progress — using file-backed contracts, dual independent review, and a live ledger. Documented from the primary sources so another team can apply the same setup.
The pattern is a strict hierarchy with one accountable node. A single manager agent runs for the entire campaign. It owns scope, sequencing, briefs, verification, commits, the ledger, and every conversation with the human author. Workers — spawned per task, discarded after — never own the final answer. The skill states this directly: workers' reports are "inputs to inspect, not truth."
The second structural idea is that durable state lives in files, not in any context window. The plan is a wiki page, progress is a ledger, and every delegation is a file on disk. Any agent — including a future manager session with no memory of this one — can resume the campaign from the ledger alone. That is what makes 54 hours of continuous operation possible: no single context has to survive it.
Work is cut into batches with one dominant risk profile and one dominant gate each, ordered by risk. Nothing is edited until the survey has survived layered review and the author has decided policy. Then each batch runs this pipeline — observed ~50 times in the campaign:
Before touching an owner, a test-only batch freezes current behavior — including it.fails markers for desired invariants the current code violates. A disposable "inversion" run must fail exactly those N and pass exactly the M others, proving the tests measure what they claim.
A source map pins exact files, line anchors, callers, live neighbors, deletion inventory, and stop conditions — minutes before the writer launches, not from a stale survey.
The manager writes a contract: exact ownership, non-goals, traps in capitals, a hostile-scenario matrix, gate commands, "DO NOT COMMIT." Median ~126 lines; big cutovers ran to 1,300.
One writer per write set, in the shared worktree. Skip-and-report on any mismatch with the brief. Old owners are deleted in the same batch — no fallback, no flag.
A correctness review and an architecture/deletion review, each re-running the full gate suite itself. Verdicts are typed: APPROVE, REJECT_WITH_BLOCKERS, CHANGES_REQUIRED…
A rejection returns to the same writer for a bounded correction; then both reviewers re-read the complete final diff and append a superseding verdict. ~60 verdicts have taken this loop; every one converged.
Diff-stat vs. report first (writers under-report), item-by-item diff review against the brief, full gates re-run outside the sandbox, browser proof for UI batches. Only then: one commit, ledger updated, plan page amended.
Lanes overlap so no role sits idle: while the writer implements batch N, a mapper scopes N+1 against the live tree, and reviewers close out N−1.
No delegation happens in chat. Every brief, report, and review is a markdown file in a
gitignored .delegated-development/ workspace, so reviewers read the actual diff
package and the actual brief — never a paraphrase — and a resumed manager finds everything on disk.
| Directory | Files | Total lines | Median | What lives there |
|---|---|---|---|---|
| briefs/ | 113 | 23,279 | ~106 | Writer/mapper contracts: ownership, non-goals, traps, hostile matrices, gates, DO NOT COMMIT |
| reports/ | 149 | 47,644 | ~292 | Source maps, cutover reports, head-delta proofs, audits — file:line anchored |
| reviews/ | 248 | 54,687 | ~195 | Correctness / architecture / test-integrity / adversary passes with typed verdicts |
| …-ledger.md | 1 | 61 KB | — | Status board · 15 verbatim decisions · constraints · deviations · handoff index |
Naming is a grammar, not a habit: batch-5-7b-iii-analysis-owner-cutover-correctness-review.md
tells you the batch, the slice, and the role without opening the file. Batch IDs nest as work splits
(5.7b became 5.7b-I/II/IIa/III when it hit its own size trigger).
Rejection-class verdicts appear in roughly a quarter of all review files (~60 of 248) — an expected part of the process, not an exception. The reject verdict stays in the file; the correction appends a superseding verdict below it, so the audit trail keeps the mistake visible.
"The two outputs were bothgeometry:80ddfc5dbd995073, and equality wastrue. This is not the accepted non-cryptographic collision risk; it is a deterministic structural omission. … The full green suite does not override I1/I2."
The 576-line brief for the analysis-owner cutover is representative. It is a contract, not a prompt:
# batch-5-7b-iii-analysis-owner-cutover.md (excerpted structure)
Mode: one writer, wholesale tracked implementation, no commit
Exact source base: <git SHA> Mapper status: UNCHANGED_READY
## Campaign context and worker orientation ← links: live wiki, plan page,
## Exact accepted IIa surface — PROTECTED ledger, prior accepted reviews
## Exact objective ← what the one owner must own
## Binding behavior ← invariants, in prose
## Hostile settlement matrix ← 18 rows: Scenario | Exact required result
## Strict tracked write ownership ← the ONLY files the writer may touch
## Required same-slice deletions ← old owner dies in this batch
## Line/dependency/architecture triggers ← "soft architecture triggers,
## Writer red/green and verification gates not hard quotas"
## Stop conditions ← when to halt and report instead
## Worker report contract ← DONE | DONE_WITH_CONCERNS |
NEEDS_CONTEXT | BLOCKED
"The writer is not the acceptance authority."
"Do not commit. Do not start 5.7c, 5.8 or transit/partition work."
The load-bearing part of the pattern is not parallelism but inexpensive, repeatable verification: no claim is accepted on a worker's word. Six mechanisms recur across the 103 review files:
Desired-but-violated invariants are written as it.fails tests. A disposable inversion run must fail exactly the expected set (e.g. "28 failures / 22 passes") — proving each test detects its defect. Cutovers then "promote" every marker to an ordinary test.
Both reviewers re-run typecheck, lint, debt ratchet, build, and the full test suite themselves and report their own figures. One reviewer caught the writer's report citing 833 tests when the tree ran 834 — "evidence drift" is a finding.
Before a writer launches from an older source map, a delta verifier diffs base..HEAD and compares git blob IDs of every in-scope file. Identical blobs = the map's line anchors haven't drifted; verdict UNCHANGED_READY. Otherwise: re-map first.
Briefs freeze exact symbol counts before a cutover ("6 awaitResultPublication, 10 onAnalysisStart… post-cutover counts must be zero"), making "the old owner is fully deleted" mechanically checkable rather than rhetorical.
Diff-stat vs. report first — "writers under-report; unmentioned files are found only this way." Gates re-run outside the sandbox. "Pre-existing failure" claims stash-tested on a clean tree before being believed. Real-browser acceptance is manager-only.
A worker whose only job is disagreement: attack every "safe," "dead," and "behavior-preserving" claim, reverse-trace from user workflows, grep string dispatch. It killed a proposed universal-lease framework and forced honest line accounting in Batch 2.
Why this scales to multi-day runs: each mechanism converts trust into a cheap, repeatable check — a blob hash, a marker count, a grep count, a re-run gate. The manager's judgment is reserved for what checks cannot cover: policy, integration, and acceptance.
| Measure | Value | Source |
|---|---|---|
| Campaign span | 2026-07-12 14:50 → 07-16 15:45 (~97 h, ongoing) | git log |
| Commits / accepted batch checkpoints | 67 / ~50 | git log · ledger status board |
| Commits per day | 6 · 20 · 15 · 16 · 10 | git log by date |
| Handoff prose written by the workers | ~125,600 lines | briefs+reports+reviews wc |
| Explicit reject/changes verdicts | ~60 (all converged) | grep over reviews/ |
| Verbatim owner decisions recorded | 24 | ledger Decisions table |
| Production diff vs. baseline (tests excluded) | +15,695 / −11,598 | git diff --shortstat |
| Old owners deleted with no fallback | every migrated family | plan + deletion reviews |
| Latent production bugs found by the process | ≥6 | orphaned delete completion · leaked drag listeners · StrictMode import cancel · geometry update loop · import params split-truth · stale area-acreage authority |
Overhead is real. The workers have written ~125,600 lines of briefs, reports, and reviews to produce a ~27,300-line production diff — roughly 4.5 lines of process documentation per line of shipped code. For high-risk work that ratio bought zero regressions and six latent-bug discoveries; for routine work the overhead is not justified. The skill itself scopes the pattern to work "too large or too risky to do in one sitting."
Deferred payoff is the standing risk. Cutovers through phase 5 honestly ledgered net line growth (peak: +1,127 in one batch) against a campaign goal of −20%. Phase 6 delivered the first sustained paydown (−398, −451, −847 in successive registry cutovers), partially validating the back-loaded plan — but the books still only balance if phases 7–8 finish. A campaign abandoned mid-flight leaves the forbidden outcome: two architectures at once.
Known harness failure modes, all documented in the skill: ghost launches (a task id printed but no job ever registered — verify the job file exists); "dead" writers that keep landing edits hours after reporting failure (audit the tree, not the report, before every commit); sandbox artifacts (port binds fail inside sandboxes — re-run gates outside before believing a pass or a fail); and review-capacity fragility (an earlier campaign recorded two review waves that timed out and were simply not counted as evidence).
Judgment does not parallelize. The manager personally re-verified every decision-changing claim, adjudicated every reviewer disagreement, and owned every commit. Worker agents multiply reading and writing capacity; they do not multiply accountability.
Everything needed is small: a skill file the manager loads, two shell helpers, a directory convention, and the discipline above. The tools are swappable — the pattern ran here with a Codex manager and Codex CLI workers, but the same skill ships in a Claude-coordinator variant; nothing depends on the vendor.
~/.{claude,codex}/skills/delegated-development/
├── SKILL.md # core contract + 9-step workflow
├── references/
│ ├── manager-protocol.md # phases, roles, blind spots
│ ├── delegation-briefs.md # brief templates per role
│ ├── agent-operations.md # lifecycle, watchers, concurrency
│ ├── verification-gates.md # gate design, diff review
│ └── ledgers-and-docs.md # ledger shape, resumption
└── scripts/
├── campaign-workspace # mkdir .delegated-development/{briefs,reports,reviews}
└── review-package # BASE HEAD → commits + diffstat + diff file
<repo>/.delegated-development/ # gitignored ('*' inside)
<repo>/<plan-page>.md # owner-approved, versioned
<repo>/<campaign>-ledger.md # resumable campaign state
# brief goes through a FILE — never a giant
# shell argument (kills the quoting/ghost class)
P=$(mktemp); cat >"$P" <<'EOF'
<role, objective, exact ownership, non-goals,
traps in CAPITALS, gates, DO NOT COMMIT,
report-file path, skip-and-report rule>
EOF
nohup codex exec -C <repo> \
-c model_reasoning_effort="high" \
--sandbox workspace-write \
-o /tmp/<name>-result.md - <"$P" \
> /tmp/<name>.log 2>&1 &
# liveness = log mtime; alarm at 20 min
# of zero growth; INSPECT before killing.
# iterate: codex exec resume --last "<fix>"
# (cap 2 rounds, then manager takes over)