Need to restart an ECS service to pick up a changed SSM Parameter Store value (env vars/secrets are resolved when a task starts, so any fresh task picks up the new value). Two ways to force a restart look equivalent but aren't.
aws ecs update-service --force-new-deployment runs a normal rolling deployment, governed by the service's deploymentConfiguration:
aws ecs update-service --cluster my-cluster --service my-service --force-new-deployment
desiredCount never changes. If maximumPercent is above 100 (e.g. 200%), ECS starts the new task first, waits for it to pass the ALB health check, then drains and stops the old one — new and old run side by side for a moment, so there's effectively zero downtime.
Scaling desiredCount to 0 and back to 1 is a hard stop-then-start: every running task is killed first, the target group is empty until the new task comes up and passes health checks, and anything hitting the service in that window fails. It also completely bypasses the rolling-deployment logic — there's no overlap to make it graceful.
Same end state (new task, new config), different path to get there. Two things to check before relying on force-new-deployment for a "safe" restart: maximumPercent needs to allow >100%, or you get the same stop-then-start behavior with the failure mode you were trying to avoid; and deploymentCircuitBreaker — if it's disabled, a broken new task version just cycles and retries forever without rolling back, while the old task quietly keeps serving traffic, so the deployment looks non-disruptive but never actually finishes.
A solo design pick ships a brittle ticket. A small jury forces you to surface the hard rule, spot when "labeling problem" is really a data gap, and converge to ready instead of refining.
When to convene
Caucus is for design questions with real divergence, where the goal is a ready ticket. Skip it for one-line facts (one agent), pure execution (just do it), or where there's only one sane option.
Composition: two advocates + one skeptic
Two advocates pick majority-wins and call it consensus. Add an impartial chair/skeptic whose job is failure modes and a decision criterion. Three is convention, not doctrine — two advocates + one chair works; one advocate + one skeptic works; three advocates doesn't.
The three prompts share one SCENARIO
Each agent gets the same verified facts (IDs, code-line refs, observed outcomes). Letting each agent self-research drifts the facts and you can't synthesize. Then each gets a distinct lens and a boundary:
SCENARIO (verified): ...
CONTEXT (read these files, these are the related issues, decision-maker's steer): ...
YOUR LENS: [extend-X | separate-track | skeptic/chair]
BOUNDARY: read-only, no code, ≤500 words, return VERDICT line.
Use VERDICT as the last line so synthesis can grep it. Pick lens names that frame the choice (extend-#122 advocate, separate-track advocate, skeptic/chair) — the framing shapes the output.
Run the three concurrently in background; wait for all three before synthesizing. Sequential loses the wall-clock and the parallel disagreement.
Synthesize
- Consensus → hard rule. Whatever all three agree on goes in as a non-negotiable constraint, not a soft preference.
- Divergence → chair's criterion + compatibility points. The skeptic's job is to name when each advocate breaks. Often the advocates are compatible once you apply the criterion (e.g. fallback rule + quarantine path, gated by data-first verification).
- Lock → ready. The whole point of the caucus is to converge. If you converged, open
ready and release the lock. Don't re-refine.
Traps
- Treating caucus as solution. Three agents return positions; you synthesize. Letting them agree with each other is a fragile consensus.
- No skeptic. Two advocates ship majority-wins.
- No shared SCENARIO. Facts diverge, synthesis collapses.
- No VERDICT line. Agent writes an essay, you can't grep.
- Caucus for execution. Locating a bug, writing a doc, picking a flag value — none of these need a jury.
- "Three" as dogma. Two advocates + one chair is the minimum useful shape. Three advocates is the maximum useless shape.
The synthesis rule that matters most: when the chair says "this is a data problem disguised as a labeling problem," that's the reframe — verify the data first, then design the fallback. Without the skeptic, you'd have built a clever rule on top of an incomplete export and shipped proxy labels.
You're migrating a GitHub Pages site from your personal account to an org. You verify the custom domain for the org, the org's Pages settings show it green "Verified", and then binding it to the repo fails — over and over:
You must verify your domain app.example.com before being able to use it.
Every route is blocked. The API returns 400:
gh api -X PUT repos/<org>/<repo>/pages -f cname=app.example.com
# => "Invalid cname" / "You must verify your domain..."
The repo's Settings → Pages custom-domain box throws the same error. Switching to legacy "Deploy from a branch" with a CNAME file already in the branch? The cname stays null. You can't even unpublish to reset — DELETE /repos/<org>/<repo>/pages comes back 422 Deactivating GitHub Pages for this repository is not allowed.
The verified-domains list says green. The cname check says unverified. Both are telling the truth.
The domain is also verified under your personal account. It's a leftover from when the site lived there and pointed at <user>.github.io. That personal verified claim silently takes precedence and blocks the org repo from binding the cname. GitHub never says "this domain is claimed elsewhere" — just the generic must-verify error, which sends you down a rabbit hole of re-verifying on the org side that never helps.
Fix: remove the verified domain from the personal account (user Settings → Pages → verified domains → remove), then bind the cname on the org repo. It goes through immediately.
A tell that this is your problem: the custom domain used to resolve to <user>.github.io before the migration.
One related trap: apex-domain verification does not auto-cover subdomains for cname binding, despite the docs implying it does. app.example.com needs its own _gh-<org>-o.app.example.com TXT even when example.com is already verified — otherwise the same must-verify wall.
Same task — "show me what this branch changed" — but the two tools take opposite dot conventions. Get it backwards and your review fills with commits the author never touched.
The diff: use three dots
git diff origin/main...HEAD
Three-dot diff is git diff $(git merge-base origin/main HEAD) HEAD — it diffs against the branch point, not the tip of main. That's exactly what you want: the author's delta and nothing else.
The nice property: it's immune to origin/main moving forward. New commits landing on main after the branch point aren't ancestors of HEAD, so they don't shift the merge-base. The diff stays clean.
The trap is a stale base, not a newer one. If your local main is older than the branch point, the merge-base slides back to an older ancestor and the diff swallows unrelated upstream commits — making the author look like they changed far more than they did. So fetch first:
git fetch origin
git diff origin/main...HEAD
Want to see the branch point itself? git merge-base origin/main HEAD.
The log: use two dots
git log origin/main..HEAD
Two-dot log = commits reachable from HEAD but not from origin/main = the branch's own commits, exactly.
Don't reach for three dots here out of habit — git log A...B is the symmetric difference, so it also lists the commits main picked up that HEAD doesn't have. That's the noise you were trying to avoid.
So: diff three-dot, log two-dot. Different tools, opposite defaults, same job.
Moving a vagrant-libvirt VM between Linux hosts looks like a two-step
(vagrant package then vagrant up on the other side), and that's exactly
what I tried. Both steps died in the same place: fog-libvirt's stream
upload/download of a large qcow2 from/to libvirt's storage pool reset
mid-flight (Cannot recv data: Connection reset by peer, hung at 0%).
The streaming bug is in fog-libvirt's vol upload/download. The fix is to
bypass vagrant-libvirt's vol-upload/vol-download entirely: flatten
the overlay qcow2 against its backing file, drop the result in a libvirt
storage pool by hand, then virsh define + virsh start. Treat
vagrant-libvirt as the boot-time scaffolding only; the running VM is plain
libvirt after that.
1. Make the box self-contained
vagrant package exists to bake the VM's disk + metadata into a .box
file. With a libvirt provider the disk is usually a qcow2 with a backing
file (qemu-img info ... | grep "backing file"), and vol-download only
streams the overlay — you'd ship an incomplete box. Skip it and flatten
manually:
…more