-
Identify the true source of truth vs. the derived artifact. For privately-built images: the release tag lives in the build script and is checked into the repo — that's authoritative. The image pin file is derived at build time (release tag + commit SHA baked in) — it is not something to hand-edit.
-
Always edit the source-of-truth field, never the derived pin directly. If you only edit the pin file by hand, the next build silently no-ops and rebuilds the old release — the change appears to do nothing because the driver re-derives the pin from the (unchanged) release tag on its next run.
-
Let the driver own the derivation. The deployment driver reads the release tag, builds the image with the commit SHA appended, and auto-rewrites the pin file (tag:sha format) as a build side-effect. The pin file becomes a cache of the driver's last derivation, not a place to make decisions.
-
Apply the same source-of-truth discipline to orchestration loops. When designing a /loop (or any iterative agent driver) that must decide the next action: pin the source of truth (git commit tags, plan-file task rows) and make each iteration idempotent by re-reading that source fresh every time — git fetch + git log to confirm the current dev tip, then re-read plan rows for the next eligible task. Do not let the loop trust chat history or a memory of "what I did last iteration" — it always re-derives from current repo state.
-
Define explicit pause conditions for the loop so it doesn't spin or act on stale/ambiguous state: no eligible todo task found, a release step isn't authorized yet, or the token/usage budget is approaching its limit.