Skip to main content

F2T2EA: Enterprise Operational Cycle

Find what matters. Fix what's broken. Track what moves. Target what's next. Engage your stakeholders. Access everything from one place.

F2T2EA is the enterprise operational cycle that powers the xOps Sovereign AI Command Centre. It transforms a single operations manager's ability to govern multi-account Landing Zones across regulated industries.

The Cycle

Stage Progression

StageMonthly CostInfrastructureF2T2EA ScopeValidation
LOCAL ($0)$0Docker Compose + K3DSingle-account dry-run, sample datadocker compose up
TEST (~$45)~$45/moK3s single-node3-account Landing Zone subset/inventory:discover
SIT (~$120)~$120/moEKS dev clusterFull org discovery (50+ accounts)/inventory:lz-cross-validate
PROD (~$180)~$180/moEKS productionFull F2T2EA cycle with HITL gates/xops:f2t2ea-cycle
PEAK (~$380)~$380/moMulti-region EKSMulti-cloud (AWS + Azure)Full 4-way cross-validation

Phase Details

FIND (Discover)

Org-wide discovery across all accounts in a single API call.

ToolWhat It DiscoversEvidence
Resource Explorer AGGREGATORAll resources (88 types)find-inventory-*.json
Config AggregatorCompliance posturefind-security-*.json
Cost ExplorerPer-account spendfind-cost-*.json
Security HubCRITICAL/HIGH findingsfind-security-*.json

Command: /inventory:lz-cross-validate

TARGET (Prioritize)

Score and rank remediation candidates using WSJF (Weighted Shortest Job First).

  • Scream test scoring (S1-S5, 0-100 scale)
  • Score >= 70 = decommission candidate
  • WSJF = (Business Value + Time Criticality + Risk Reduction) / Job Size

FIX (Remediate)

Execute remediation with dry-run validation and human approval gates.

  • Always --dry-run first (no mutations without approval)
  • HITL approval required per action
  • Rollback documented before execution
  • Post-fix validation confirms savings

TRACK (Monitor)

Continuous monitoring of operational health.

  • DORA 4 key metrics (deploy frequency, lead time, MTTR, change failure rate)
  • Cost trends (month-over-month comparison)
  • SLO compliance (availability, latency, error rate)

ENGAGE (Execute)

Generate persona-based reports and stakeholder communication.

PersonaFocusOutput
CFOCost savings, budget variancereport-cfo-*.md
CTOInfrastructure health, security posturereport-cto-*.md
CloudOpsOperations, pipeline healthreport-cloudops-*.md
FinOpsOptimization, waste, coveragereport-finops-*.md

Email: Max 15 lines, business language, specific action required.

ACCESS (Visualize)

Single-pane-of-glass operational dashboards.

DashboardPortStart
Vizro FinOps8050docker compose --profile dashboards up
JupyterLab8888docker compose up jupyter
MkDocs CLI Docs8001docker compose up mkdocs

Command Integration by Phase

PhasePrimary CommandsAgentEvidence
FIND/inventory:discover, /inventory:lz-cross-validate, /aws:security-posturesre-engineerfind-*.json
TARGET/finops:decommission-inventory, /aws:ec2-investigate, /aws:rds-investigatecloud-architecttarget-wsjf-*.json
FIX/itsm:create-change, /itsm:create-cr, /aws:alb-decommissionsre-engineerfix-plan-*.md
TRACK/ceremony:standup, /metrics:update-dora, /finops:analyzeobservability-engineertrack-dora-*.json
ENGAGE/finops:aws-monthly, /finops:azure-monthly, /finops:reportfinops-engineerengage-report-*.md
ACCESS/dashboards:generate, /dashboards:validate, /documentation:browsefullstack-engineeraccess-dashboards-*.json

7 Integrated Components

#ComponentRole
1xOpsOrchestrator + RAG chatbot
2runbooksCLI execution engine (160+ commands)
3runbooks docsKnowledge base (MkDocs)
4JupyterLabAnalysis workbench (184 notebooks)
5VizroInteractive dashboards
6Executive SummaryPersona-based HITL deliverables
7EmailStakeholder communication

ADLC Components

Component TypeUsed in F2T2EAPurpose
Agentssre-engineer, cloud-architect, finops-engineer, observability-engineer, python-engineer, fullstack-engineerPhase-specific execution
Commands18 commands across 6 phasesOrchestration entry points
Hooksenforce-coordination.sh, validate-bash.sh, detect-nato-violation.shGovernance gates
Skillsfinops/aws-monthly, inventory/org-wide-discovery, ceremonies/agent-scoring-pdcaDomain knowledge
MCPsawslabs-cost-explorer, atlassian-tools (for ITSM), vizro-analytics (dashboards)External tool connectivity
Rulesaws-profile-semantics.md, operational-efficiency.md, docker-first-enforcement.mdBehavioral guardrails

Agent Team

AgentF2T2EA RoleGolden Path PhaseTalent Bench
sre-engineerFIND inventory + FIX remediationFIND, FIXProfile
cloud-architectTARGET scoring + architecture reviewTARGETProfile
finops-engineerENGAGE cost reportsENGAGEProfile
observability-engineerTRACK DORA + monitoringTRACKProfile
python-engineerCLI execution engineAll phasesProfile
fullstack-engineerACCESS dashboardsACCESSProfile
product-ownerCycle prioritizationTARGET (WSJF)Profile
security-compliance-engineerSecurity posture assessmentFINDProfile

7 Skills Coverage

SkillF2T2EA CoverageImplementation
S1 System DesignF2T2EA IS the system architecture (6-phase cycle, 7 components)This golden path
S2 Tool Design18 commands with typed CLI inputs, MCP schema validationCommand integration table
S3 RetrievalConfig Aggregator (org-wide), Resource Explorer, Cost ExplorerFIND phase tools
S4 ReliabilityRetry on AWS APIs, `
S5 SecurityREADONLY profiles, deny lists, HITL gates before FIX mutationsvalidate-bash.sh, Principle I
S6 EvaluationDORA metrics, 4-way cross-validation, persona-based scoringTRACK phase + PDCA
S7 ProductCxO persona reports (CFO/CTO/CloudOps/FinOps), email templatesENGAGE phase outputs

Cycle Triggers

F2T2EA cycles are initiated by three trigger types. Each trigger maps to an entry phase.

TriggerEntry PhaseExample
Scheduled (weekly)FINDtask ceremony:standup → auto-runs FIND + TRACK
Event-drivenTARGETAWS Health event → EC2 retirement notice → scream test
On-demandAnyHITL runs /xops:f2t2ea-cycle --phase engage --persona cfo
Incident-drivenFIXOPS ticket opened → FIX phase with change request
Cost spike alertENGAGEBudget threshold breached → CFO report auto-generated

Cycle frequency recommendation: Full cycle weekly; FIND + TRACK daily (read-only, cost-free).

Quick Start

# Run one full F2T2EA cycle
/xops:f2t2ea-cycle

# Run a single phase
/xops:f2t2ea-cycle --phase find
/xops:f2t2ea-cycle --phase target
/xops:f2t2ea-cycle --phase engage --persona cfo

# Inventory cross-validation only (FIND phase)
/inventory:lz-cross-validate

# Security posture only (FIND phase)
/aws:security-posture --severity critical

Evidence Directory

All F2T2EA artifacts are written to tmp/command-center/f2t2ea/ with date-stamped filenames:

tmp/command-center/f2t2ea/
  find-inventory-YYYY-MM-DD.json
  find-cost-YYYY-MM-DD.json
  find-security-YYYY-MM-DD.json
  target-wsjf-YYYY-MM-DD.json
  fix-plan-YYYY-MM-DD.md
  track-dora-YYYY-MM-DD.json
  track-cost-trend-YYYY-MM-DD.json
  engage-report-{persona}-YYYY-MM-DD.md
  email.txt
  access-dashboards-YYYY-MM-DD.json
Golden PathRelationship to F2T2EA
FinOps Analytics LifecycleFIND cost discovery + ENGAGE reporting
ITSM LifecycleFIX change management + TRACK incident monitoring
CloudOps InfrastructureFIX infrastructure remediation patterns
ADLC GovernanceGovernance hooks and rules across all phases
Security & QualityFIND security posture assessment
Stage Progression OverviewLOCAL→TEST→SIT→PROD cost model

HITL Governance Gates

Each F2T2EA phase has defined HITL checkpoints. Agents operate autonomously within the boundary; mutations require HITL approval.

PhaseAutonomous (Agent)HITL Required
FINDREADONLY queries (describe-*, list-*, get-*), Config Aggregator, Resource ExplorerNone — discovery is read-only
TARGETWSJF scoring, scream test evaluation, decommission candidate rankingApproval of final decommission shortlist
FIX--dry-run validation, rollback plan generation, change request draftingAll mutation operations (terminate-*, delete-*, stop-*)
TRACKDORA metric collection, cost trend calculation, SLO status readNone — monitoring is read-only
ENGAGEReport generation, email drafting, Confluence page updatesSend email to external stakeholders
ACCESSDashboard generation, validation screenshotsNone — dashboard creation is non-destructive

Authority reference: principle-i-acceptable-agency.md — Agents prepare. Humans decide. Humans commit.

Anti-Patterns to Avoid

Lessons learned embedded in the F2T2EA governance cycle.

Anti-PatternPhasePrevention
NARROW_SEARCH_SCOPEFINDUse Resource Explorer AGGREGATOR (org-wide), not per-account describe-instances
SINGLE_ACCOUNT_ASSUMPTIONFINDPhase 0: Config Aggregator returns accountId for every resource before per-account queries
CROSS_ACCOUNT_SILENT_ZEROFIND, TARGET0 results from MANAGEMENT profile != clean; verify account matches resource's actual account
EXISTENCE_WITHOUT_ACTIVITYTARGETDiscovery alone does not prove active use; validate S3 last-modified, VPC flow logs, CloudWatch metrics
REBOOT_FIRST_DECOMMISSION_SECONDTARGETRun scream test scoring (S1-S5) before any maintenance preparation; score >= 70 = decommission, not reboot
TECHNICAL_WITHOUT_PROCESSFIXEvery HITL action must include change management process (who approves, which form, which team)
DRYRUN_OVER_READONLYFIXREADONLY profiles are the safety mechanism; skip --dry-run when READONLY profiles exist
EVIDENCE_NOT_DELIVERABLEENGAGEJSON evidence in tmp/ is agent-consumable; CFO/CTO needs a CxO-readable Confluence page
SAMPLE_DATA_IN_NOTEBOOKSACCESSNotebooks must assert returncode==0; no fallback sample data when AWS CLI fails
AWS_PROFILE_SEMANTIC_MISMATCHAll phasesBILLING→Cost Explorer only; MANAGEMENT→Organizations only; workload resources need per-account profiles

Further Reading