Official References: Best Practices · Review · Sandboxing
Advanced mode is about failure containment
For high-risk surfaces (auth, billing, permissions, migration), speed is not the primary metric. The primary metric is predictable failure containment.
Required governance declarations
Before implementation starts, declare:
- risk class (medium/high/critical)
- final go/no-go owner
- rollback trigger conditions
- escalation channel and deadline policy
If these are missing, you are not in controlled execution.
Five mandatory gates
- code-quality gate
- security/behavior gate
- operations-readiness gate
- communication gate
- final decision gate
All five gates need explicit pass/fail status.
Advanced decision record
### Critical Change Decision
- Scope:
- Risk class:
- Gate statuses:
- Residual risks:
- Rollback trigger:
- Rollback owner:
- Escalation channel:
- Final decision owner:
- GO/NO-GO + timestamp:This record is your audit artifact when incidents happen.
Escalation rule
If a high-risk blocker survives two loops:
- set status to
blocked - attach command-level evidence
- assign a new owner
- set a hard deadline
- re-run gate evaluation after fix
Rollback rehearsal requirement
For high/critical classes, rollback must be rehearsed in non-production. A theoretical rollback is not a valid rollback.
Advanced anti-patterns
Tests pass -> auto deploy
This ignores operational and communication gates.
No named final owner
Decision ambiguity causes incident-time paralysis.
Escalation without deadline
Risk remains open while everyone assumes someone else is handling it.
Quick checklist
Before production:
- governance declarations complete
- five gate statuses recorded
- rollback rehearsed
- final owner signed off
- escalation path active
Advanced Codex operation is governed execution under pressure, not just capable generation.