Hugh (opencode_local) had no opencode.json, so opencode defaulted
to rejecting file access outside his cwd. This blocked him from
accessing .github/workflows/ in other repos.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore full heartbeat (was truncated at 41 lines)
- Add placeholder detection + agent creation via Paperclip API
- New hires get PRed back for board approval, not self-merged
- Update merge step to require triple approval (UAT + QA + CTO)
- Update SOUL.md merge rule to include Patty (UAT)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CEO heartbeat is mostly mechanical — repo sync, config PATCH,
delegation routing, PR merging. Sonnet on high effort handles
this reliably at a fraction of Opus token cost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reorder the review pipeline so cheap/fast stages gate expensive ones:
CI (free) runs first, then Patty validates E2E on MiniMax, then
Regina does deep code review on Sonnet, then Nancy reviews last.
- POLICIES.md: rewrite PR Workflow with 6-step ordered pipeline
- Patty SOUL.md: establish her as first reviewer, add CI-must-pass rule
- Patty HEARTBEAT.md: check CI status before E2E, report results for Regina
- Regina SOUL.md: flip from "review first" to "review after UAT"
- Regina HEARTBEAT.md: skip PRs without CI + E2E validation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Split QA and UAT responsibilities: Regina keeps code-level QA
(vitest, PR review, CI health) on claude_local/sonnet, while
new agent Pixel Patty handles E2E browser testing via Playwright
MCP on opencode_local/minimax — reducing token cost for the
browser-heavy automation work.
- Add engineering/patty/ with full agent file set
- Remove Playwright MCP references from Regina's SOUL.md
- Delete Regina's stale opencode.json (now on claude_local)
- Update roster, directory tree, and shared tools
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gandalf was missing the OpenCode permission config that CMO and Regina
already have. Without this file, OpenCode defaults to restricted
directory-scoped permissions, blocking normal operation.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Repo sync must complete before any other heartbeat work. If sync fails,
the heartbeat must exit with an error state immediately. No
parallelization, no skipping.
Also fixes escaped backslash-bang in cat-file check.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
If the repo was force-pushed or shallow-cloned, the saved SHA may no
longer exist. Detect this and fall back to a full resync instead of
failing silently.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Separates working directory (ephemeral, /workspaces/) from agent
home/config directory (persistent, /paperclip/). Prevents branch
switching in one agent's work from breaking other agents' instructions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Board directive (PRI-589): agents must stop requesting additional
RBAC, GitHub App permissions, and cluster permissions. Adds explicit
policy with workaround guidance for branch protection, security
scanning, CI runner health, and E2E testing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Agents were assuming the org infra repo is what Flux watches directly.
The actual flow is: org/infra → cpfarhood/kubernetes (Flux watches this).
New policy explains:
- Existing resources: commit to org infra repo, Flux picks it up
- New resources (namespaces, kustomizations, secrets): also needs
a cpfarhood/kubernetes change — escalate to the board
- Never assume committing to org infra repo is always sufficient
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Stripped rules that are already in POLICIES.md from all 28 SOUL.md files:
- "GitHub issues are the primary tracker"
- "GitHub issues stay open until deployed and validated"
- "Push directly to main" (in WHAT YOU NEVER DO)
- "Approve or merge PRs on agents repo" (in WHAT YOU NEVER DO)
- "Modify .github/workflows" (in WHAT YOU NEVER DO)
Also fixed:
- CartSnitch CTO: removed stale merge authority (contradicted POLICIES.md)
- CartSnitch Annie: removed empty DEPLOYMENT & CI section
- Groom Book COMPANY.md: updated roster with all 6 agents
- PRI COMPANY.md: removed Samuel, added VP Product, updated models/adapters
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Each org now has a -dev namespace where agents can freely use kubectl
for testing and iteration. Production namespaces remain Flux-only.
Access model:
- Cluster-wide: read-only
- Production namespace: read-write (Flux-managed, no manual kubectl)
- Dev namespace: read-write (agents may use kubectl freely)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CMOs (Savannah, Addison, Clipper):
- Switched from claude_local/sonnet to opencode_local/minimax
- Uses MINIMAX_API_KEY secret_ref (direct MiniMax API, not OpenRouter)
- opencode.json with web search MCP
- Removed .mcp.json (claude_local only)
- promptTemplate required in DB (no instructionsFilePath)
QAs (Betty, Regina, Lint Roller):
- Switched from openrouter/minimax to minimax direct
- Model: minimax/MiniMax-M2.7 (was openrouter/minimax/minimax-m2.7)
- Uses MINIMAX_API_KEY instead of OPENROUTER_API_KEY
VP Products: unchanged (stay on opus, .mcp.json for web search MCP only)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- .mcp.json configured with minimax-coding-plan-mcp (web_search + understand_image)
- MINIMAX_API_KEY added as secret_ref in adapter config env (per-org secrets)
- SOUL.md updated with web search usage guidance
- Keys stored in Paperclip secrets, not in repo
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEOs were missing issues in repos not explicitly listed (e.g.,
groombook/infra, PRI plugin repos). Now uses gh repo list to
discover all repos in the org at triage time.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All infra changes go through the infra repo and Flux reconciliation.
No manual kubectl apply, no direct cluster modifications.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Documents the curl commands for creating and reassigning Paperclip issues,
with guidance on required fields (title, description, assigneeAgentId, parentId)
and the rule: never leave work unassigned.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Provides every agent with the exact API calls for creating assigned
issues and reassigning existing ones. Includes curl examples with
assigneeAgentId, parentId, and run ID headers.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- All CMOs now own and execute the full marketing function (IC work)
- Removed delegation language — no subordinates to delegate to
- Removed GitHub auth and gh commands from CMO heartbeats (CMOs don't use GitHub)
- PRI: removed Samuel Stinkpost references (terminated)
- PRI: updated Addison's capabilities and SOUL.md
- Groom Book: hired Clipper McGee as CMO
- Updated org charts in CLAUDE.md and CEO SOUL.md files
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaced hardcoded "Check for assigned work from <manager>" and
pnpm paperclipai CLI with consistent inbox-lite API call.
Agents work on whatever is assigned regardless of who assigned it.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
AGENTS.md files are prose-first (no heading required — MD041), mix
list styles (MD004), and use tight lists in compact docs (MD032).
These are structural choices for agent prompts, not markdown errors.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Agent prompts, operational docs (OPERATIONS.md, POLICIES.md, TOOLS.md),
and marketing SOUL files intentionally use long lines, compact heading
style, and fences inside blockquotes. Disabling MD013, MD022, MD031,
and MD040 prevents false-positive CI failures on these files.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Chris Farhood
Countess von Containerheim
Countess von Containerheim