Field manual · observed live since 2026-07-12 · updated 07-16, campaign ongoing

Delegated development: a manager–worker pattern for long-running agent campaigns

How one persistent manager agent has coordinated Codex worker agents through a 97-hour (and running) frontend architecture replacement — 67 commits across roughly 50 gated batches, phases 0–6 complete and phase 7 of 8 in progress — using file-backed contracts, dual independent review, and a live ledger. Documented from the primary sources so another team can apply the same setup.

sources: the delegated-development skill (SKILL.md + 5 references + 2 scripts) · frontend-architecture-refactor execution ledger · 510 handoff artifacts (briefs / reports / reviews) · git history of the campaign branch
97 h+
campaign, ongoing
67
verified commits
510
handoff files
348 → 1,153
tests
45 → 81%
line coverage
~60
reject/changes verdicts
01Operating model

A manager that owns judgment, workers that own labor

The pattern is a strict hierarchy with one accountable node. A single manager agent runs for the entire campaign. It owns scope, sequencing, briefs, verification, commits, the ledger, and every conversation with the human author. Workers — spawned per task, discarded after — never own the final answer. The skill states this directly: workers' reports are "inputs to inspect, not truth."

The second structural idea is that durable state lives in files, not in any context window. The plan is a wiki page, progress is a ledger, and every delegation is a file on disk. Any agent — including a future manager session with no memory of this one — can resume the campaign from the ledger alone. That is what makes 54 hours of continuous operation possible: no single context has to survive it.

Roles from references/manager-protocol.md; counts from the live campaign. Workers were Codex CLI agents (gpt-5.x, high reasoning); the skill's "model floor" forbids weak models for adversarial or behavior-adjacent roles.
02Batch lifecycle

Every batch follows the same pipeline

Work is cut into batches with one dominant risk profile and one dominant gate each, ordered by risk. Nothing is edited until the survey has survived layered review and the author has decided policy. Then each batch runs this pipeline — observed ~50 times in the campaign:

Characterize first writer (test-only)

Before touching an owner, a test-only batch freezes current behavior — including it.fails markers for desired invariants the current code violates. A disposable "inversion" run must fail exactly those N and pass exactly the M others, proving the tests measure what they claim.

Map mapper, read-only

A source map pins exact files, line anchors, callers, live neighbors, deletion inventory, and stop conditions — minutes before the writer launches, not from a stale survey.

Brief manager

The manager writes a contract: exact ownership, non-goals, traps in capitals, a hostile-scenario matrix, gate commands, "DO NOT COMMIT." Median ~126 lines; big cutovers ran to 1,300.

Write one writer

One writer per write set, in the shared worktree. Skip-and-report on any mismatch with the brief. Old owners are deleted in the same batch — no fallback, no flag.

Dual independent review 2 reviewers + adversary

A correctness review and an architecture/deletion review, each re-running the full gate suite itself. Verdicts are typed: APPROVE, REJECT_WITH_BLOCKERS, CHANGES_REQUIRED

Bounded correction loop same writer

A rejection returns to the same writer for a bounded correction; then both reviewers re-read the complete final diff and append a superseding verdict. ~60 verdicts have taken this loop; every one converged.

Manager acceptance manager only

Diff-stat vs. report first (writers under-report), item-by-item diff review against the brief, full gates re-run outside the sandbox, browser proof for UI batches. Only then: one commit, ledger updated, plan page amended.

The rolling pipeline

Lanes overlap so no role sits idle: while the writer implements batch N, a mapper scopes N+1 against the live tree, and reviewers close out N−1.

Cadence evidence: commits landed in 48 of the 97 campaign hours so far, including 00:03, 02:19, 04:23, 05:40 and 07:16.
03File-backed handoffs

Delegation runs through files, not chat

No delegation happens in chat. Every brief, report, and review is a markdown file in a gitignored .delegated-development/ workspace, so reviewers read the actual diff package and the actual brief — never a paraphrase — and a resumed manager finds everything on disk.

DirectoryFilesTotal linesMedianWhat lives there
briefs/11323,279~106Writer/mapper contracts: ownership, non-goals, traps, hostile matrices, gates, DO NOT COMMIT
reports/14947,644~292Source maps, cutover reports, head-delta proofs, audits — file:line anchored
reviews/24854,687~195Correctness / architecture / test-integrity / adversary passes with typed verdicts
…-ledger.md161 KBStatus board · 15 verbatim decisions · constraints · deviations · handoff index

Naming is a grammar, not a habit: batch-5-7b-iii-analysis-owner-cutover-correctness-review.md tells you the batch, the slice, and the role without opening the file. Batch IDs nest as work splits (5.7b became 5.7b-I/II/IIa/III when it hit its own size trigger).

Typed review verdicts

APPROVE-class in ~200 files APPROVE_CORRECTED_TREE REJECT_WITH_BLOCKERS ×10 files CHANGES_REQUIRED-class ×52 files NEEDS_CORRECTION_BEFORE_CUTOVER UNCHANGED_READY READY_FOR_NARROW_WRITER SPLIT_WITH_EXACT_BOUNDARY

Rejection-class verdicts appear in roughly a quarter of all review files (~60 of 248) — an expected part of the process, not an exception. The reject verdict stays in the file; the correction appends a superseding verdict below it, so the audit trail keeps the mistake visible.

"The two outputs were both geometry:80ddfc5dbd995073, and equality was true. This is not the accepted non-cryptographic collision risk; it is a deterministic structural omission. … The full green suite does not override I1/I2."
reviews/batch-5-7b-i-correctness-review.md — a reviewer reproducing a hash-key collision the writer's 840 green tests had missed, and refusing to let the green suite outvote the counterexample. Verdict: REJECT_WITH_BLOCKERS → corrected → APPROVE.

Anatomy of a writer brief

The 576-line brief for the analysis-owner cutover is representative. It is a contract, not a prompt:

# batch-5-7b-iii-analysis-owner-cutover.md   (excerpted structure)

Mode: one writer, wholesale tracked implementation, no commit
Exact source base: <git SHA>          Mapper status: UNCHANGED_READY

## Campaign context and worker orientation      ← links: live wiki, plan page,
## Exact accepted IIa surface — PROTECTED         ledger, prior accepted reviews
## Exact objective                              ← what the one owner must own
## Binding behavior                             ← invariants, in prose
## Hostile settlement matrix                    ← 18 rows: Scenario | Exact required result
## Strict tracked write ownership               ← the ONLY files the writer may touch
## Required same-slice deletions                ← old owner dies in this batch
## Line/dependency/architecture triggers        ← "soft architecture triggers,
## Writer red/green and verification gates         not hard quotas"
## Stop conditions                              ← when to halt and report instead
## Worker report contract                       ← DONE | DONE_WITH_CONCERNS |
                                                   NEEDS_CONTEXT | BLOCKED
"The writer is not the acceptance authority."
"Do not commit. Do not start 5.7c, 5.8 or transit/partition work."
04Trust mechanics

Verification mechanisms

The load-bearing part of the pattern is not parallelism but inexpensive, repeatable verification: no claim is accepted on a worker's word. Six mechanisms recur across the 103 review files:

M1Inversion-proved characterization

Desired-but-violated invariants are written as it.fails tests. A disposable inversion run must fail exactly the expected set (e.g. "28 failures / 22 passes") — proving each test detects its defect. Cutovers then "promote" every marker to an ordinary test.

57 files reference inversion proofs; marker arithmetic is audited to the count ("no marker promoted, removed, duplicated, skipped").

M2Dual review with fresh gates

Both reviewers re-run typecheck, lint, debt ratchet, build, and the full test suite themselves and report their own figures. One reviewer caught the writer's report citing 833 tests when the tree ran 834 — "evidence drift" is a finding.

Every review file has a "Fresh independent gates" section with its own numbers.

M3Byte-identity head-delta proofs

Before a writer launches from an older source map, a delta verifier diffs base..HEAD and compares git blob IDs of every in-scope file. Identical blobs = the map's line anchors haven't drifted; verdict UNCHANGED_READY. Otherwise: re-map first.

17 files cite blob-level identity; e.g. reports/batch-5-7c-ii-b523-head-delta.md.

M4Frozen grep counts for deletion

Briefs freeze exact symbol counts before a cutover ("6 awaitResultPublication, 10 onAnalysisStart… post-cutover counts must be zero"), making "the old owner is fully deleted" mechanically checkable rather than rhetorical.

Deletion inventories appear in every cutover brief and are re-counted in review.

M5Manager re-verification

Diff-stat vs. report first — "writers under-report; unmentioned files are found only this way." Gates re-run outside the sandbox. "Pre-existing failure" claims stash-tested on a clean tree before being believed. Real-browser acceptance is manager-only.

Skill: "Do not claim a batch is complete until fresh evidence supports the claim."

M6The adversary role

A worker whose only job is disagreement: attack every "safe," "dead," and "behavior-preserving" claim, reverse-trace from user workflows, grep string dispatch. It killed a proposed universal-lease framework and forced honest line accounting in Batch 2.

Brief rule: "Do not tell a reviewer what not to flag." Asked for disagreement, not confirmation.

Why this scales to multi-day runs: each mechanism converts trust into a cheap, repeatable check — a blob hash, a marker count, a grep count, a re-run gate. The manager's judgment is reserved for what checks cannot cover: policy, integration, and acceptance.

05The numbers

Campaign metrics

Test-suite growth preceded every cutover
Full-suite Vitest test count at each accepted batch, in commit order · 348 → 1,153 (+231%) · statement coverage 45.05% → 80.56%
Per-batch net production-line accounting
Net production lines per accepted batch (tests excluded), in commit order. Additions are recorded exceptions with named paydown batches rather than silent growth.
net addition (recorded as campaign debt; Batches 6–8 own the paydown) net reduction
MeasureValueSource
Campaign span2026-07-12 14:50 → 07-16 15:45 (~97 h, ongoing)git log
Commits / accepted batch checkpoints67 / ~50git log · ledger status board
Commits per day6 · 20 · 15 · 16 · 10git log by date
Handoff prose written by the workers~125,600 linesbriefs+reports+reviews wc
Explicit reject/changes verdicts~60 (all converged)grep over reviews/
Verbatim owner decisions recorded24ledger Decisions table
Production diff vs. baseline (tests excluded)+15,695 / −11,598git diff --shortstat
Old owners deleted with no fallbackevery migrated familyplan + deletion reviews
Latent production bugs found by the process≥6orphaned delete completion · leaked drag listeners · StrictMode import cancel · geometry update loop · import params split-truth · stale area-acreage authority
06Rules that carried it

Operating rules

07Honest costs & failure modes

Costs and failure modes

Overhead is real. The workers have written ~125,600 lines of briefs, reports, and reviews to produce a ~27,300-line production diff — roughly 4.5 lines of process documentation per line of shipped code. For high-risk work that ratio bought zero regressions and six latent-bug discoveries; for routine work the overhead is not justified. The skill itself scopes the pattern to work "too large or too risky to do in one sitting."

Deferred payoff is the standing risk. Cutovers through phase 5 honestly ledgered net line growth (peak: +1,127 in one batch) against a campaign goal of −20%. Phase 6 delivered the first sustained paydown (−398, −451, −847 in successive registry cutovers), partially validating the back-loaded plan — but the books still only balance if phases 7–8 finish. A campaign abandoned mid-flight leaves the forbidden outcome: two architectures at once.

Known harness failure modes, all documented in the skill: ghost launches (a task id printed but no job ever registered — verify the job file exists); "dead" writers that keep landing edits hours after reporting failure (audit the tree, not the report, before every commit); sandbox artifacts (port binds fail inside sandboxes — re-run gates outside before believing a pass or a fail); and review-capacity fragility (an earlier campaign recorded two review waves that timed out and were simply not counted as evidence).

Judgment does not parallelize. The manager personally re-verified every decision-changing claim, adjudicated every reviewer disagreement, and owned every commit. Worker agents multiply reading and writing capacity; they do not multiply accountability.

08Replication kit

Replicating the pattern

Everything needed is small: a skill file the manager loads, two shell helpers, a directory convention, and the discipline above. The tools are swappable — the pattern ran here with a Codex manager and Codex CLI workers, but the same skill ships in a Claude-coordinator variant; nothing depends on the vendor.

Minimal file layout

~/.{claude,codex}/skills/delegated-development/
├── SKILL.md                  # core contract + 9-step workflow
├── references/
│   ├── manager-protocol.md   # phases, roles, blind spots
│   ├── delegation-briefs.md  # brief templates per role
│   ├── agent-operations.md   # lifecycle, watchers, concurrency
│   ├── verification-gates.md # gate design, diff review
│   └── ledgers-and-docs.md   # ledger shape, resumption
└── scripts/
    ├── campaign-workspace    # mkdir .delegated-development/{briefs,reports,reviews}
    └── review-package        # BASE HEAD → commits + diffstat + diff file

<repo>/.delegated-development/   # gitignored ('*' inside)
<repo>/<plan-page>.md            # owner-approved, versioned
<repo>/<campaign>-ledger.md      # resumable campaign state

Worker launch pattern

# brief goes through a FILE — never a giant
# shell argument (kills the quoting/ghost class)
P=$(mktemp); cat >"$P" <<'EOF'
<role, objective, exact ownership, non-goals,
 traps in CAPITALS, gates, DO NOT COMMIT,
 report-file path, skip-and-report rule>
EOF
nohup codex exec -C <repo> \
  -c model_reasoning_effort="high" \
  --sandbox workspace-write \
  -o /tmp/<name>-result.md - <"$P" \
  > /tmp/<name>.log 2>&1 &

# liveness = log mtime; alarm at 20 min
# of zero growth; INSPECT before killing.
# iterate: codex exec resume --last "<fix>"
# (cap 2 rounds, then manager takes over)

The ten-line starter checklist