Every agent must have opencode.json with permission: allow,
regardless of adapter type. Without it, opencode auto-rejects
file access outside the agent's cwd.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The agents repo is not the agent's cwd — opencode.json and .mcp.json
must exist in the cwd at runtime for permissions and MCP access.
CEO now copies these files from the repo to each agent's cwd during
the sync step.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Hugh (opencode_local) had no opencode.json, so opencode defaulted
to rejecting file access outside his cwd. This blocked him from
accessing .github/workflows/ in other repos.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore full heartbeat (was truncated at 41 lines)
- Add placeholder detection + agent creation via Paperclip API
- New hires get PRed back for board approval, not self-merged
- Update merge step to require triple approval (UAT + QA + CTO)
- Update SOUL.md merge rule to include Patty (UAT)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CEO heartbeat is mostly mechanical — repo sync, config PATCH,
delegation routing, PR merging. Sonnet on high effort handles
this reliably at a fraction of Opus token cost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reorder the review pipeline so cheap/fast stages gate expensive ones:
CI (free) runs first, then Patty validates E2E on MiniMax, then
Regina does deep code review on Sonnet, then Nancy reviews last.
- POLICIES.md: rewrite PR Workflow with 6-step ordered pipeline
- Patty SOUL.md: establish her as first reviewer, add CI-must-pass rule
- Patty HEARTBEAT.md: check CI status before E2E, report results for Regina
- Regina SOUL.md: flip from "review first" to "review after UAT"
- Regina HEARTBEAT.md: skip PRs without CI + E2E validation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Split QA and UAT responsibilities: Regina keeps code-level QA
(vitest, PR review, CI health) on claude_local/sonnet, while
new agent Pixel Patty handles E2E browser testing via Playwright
MCP on opencode_local/minimax — reducing token cost for the
browser-heavy automation work.
- Add engineering/patty/ with full agent file set
- Remove Playwright MCP references from Regina's SOUL.md
- Delete Regina's stale opencode.json (now on claude_local)
- Update roster, directory tree, and shared tools
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gandalf was missing the OpenCode permission config that CMO and Regina
already have. Without this file, OpenCode defaults to restricted
directory-scoped permissions, blocking normal operation.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Repo sync must complete before any other heartbeat work. If sync fails,
the heartbeat must exit with an error state immediately. No
parallelization, no skipping.
Also fixes escaped backslash-bang in cat-file check.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
If the repo was force-pushed or shallow-cloned, the saved SHA may no
longer exist. Detect this and fall back to a full resync instead of
failing silently.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Separates working directory (ephemeral, /workspaces/) from agent
home/config directory (persistent, /paperclip/). Prevents branch
switching in one agent's work from breaking other agents' instructions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Board directive (PRI-589): agents must stop requesting additional
RBAC, GitHub App permissions, and cluster permissions. Adds explicit
policy with workaround guidance for branch protection, security
scanning, CI runner health, and E2E testing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Agents were assuming the org infra repo is what Flux watches directly.
The actual flow is: org/infra → cpfarhood/kubernetes (Flux watches this).
New policy explains:
- Existing resources: commit to org infra repo, Flux picks it up
- New resources (namespaces, kustomizations, secrets): also needs
a cpfarhood/kubernetes change — escalate to the board
- Never assume committing to org infra repo is always sufficient
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Stripped rules that are already in POLICIES.md from all 28 SOUL.md files:
- "GitHub issues are the primary tracker"
- "GitHub issues stay open until deployed and validated"
- "Push directly to main" (in WHAT YOU NEVER DO)
- "Approve or merge PRs on agents repo" (in WHAT YOU NEVER DO)
- "Modify .github/workflows" (in WHAT YOU NEVER DO)
Also fixed:
- CartSnitch CTO: removed stale merge authority (contradicted POLICIES.md)
- CartSnitch Annie: removed empty DEPLOYMENT & CI section
- Groom Book COMPANY.md: updated roster with all 6 agents
- PRI COMPANY.md: removed Samuel, added VP Product, updated models/adapters
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Each org now has a -dev namespace where agents can freely use kubectl
for testing and iteration. Production namespaces remain Flux-only.
Access model:
- Cluster-wide: read-only
- Production namespace: read-write (Flux-managed, no manual kubectl)
- Dev namespace: read-write (agents may use kubectl freely)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CMOs (Savannah, Addison, Clipper):
- Switched from claude_local/sonnet to opencode_local/minimax
- Uses MINIMAX_API_KEY secret_ref (direct MiniMax API, not OpenRouter)
- opencode.json with web search MCP
- Removed .mcp.json (claude_local only)
- promptTemplate required in DB (no instructionsFilePath)
QAs (Betty, Regina, Lint Roller):
- Switched from openrouter/minimax to minimax direct
- Model: minimax/MiniMax-M2.7 (was openrouter/minimax/minimax-m2.7)
- Uses MINIMAX_API_KEY instead of OPENROUTER_API_KEY
VP Products: unchanged (stay on opus, .mcp.json for web search MCP only)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- .mcp.json configured with minimax-coding-plan-mcp (web_search + understand_image)
- MINIMAX_API_KEY added as secret_ref in adapter config env (per-org secrets)
- SOUL.md updated with web search usage guidance
- Keys stored in Paperclip secrets, not in repo
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEOs were missing issues in repos not explicitly listed (e.g.,
groombook/infra, PRI plugin repos). Now uses gh repo list to
discover all repos in the org at triage time.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All infra changes go through the infra repo and Flux reconciliation.
No manual kubectl apply, no direct cluster modifications.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Documents the curl commands for creating and reassigning Paperclip issues,
with guidance on required fields (title, description, assigneeAgentId, parentId)
and the rule: never leave work unassigned.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Provides every agent with the exact API calls for creating assigned
issues and reassigning existing ones. Includes curl examples with
assigneeAgentId, parentId, and run ID headers.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- All CMOs now own and execute the full marketing function (IC work)
- Removed delegation language — no subordinates to delegate to
- Removed GitHub auth and gh commands from CMO heartbeats (CMOs don't use GitHub)
- PRI: removed Samuel Stinkpost references (terminated)
- PRI: updated Addison's capabilities and SOUL.md
- Groom Book: hired Clipper McGee as CMO
- Updated org charts in CLAUDE.md and CEO SOUL.md files
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaced hardcoded "Check for assigned work from <manager>" and
pnpm paperclipai CLI with consistent inbox-lite API call.
Agents work on whatever is assigned regardless of who assigned it.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
AGENTS.md files are prose-first (no heading required — MD041), mix
list styles (MD004), and use tight lists in compact docs (MD032).
These are structural choices for agent prompts, not markdown errors.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Agent prompts, operational docs (OPERATIONS.md, POLICIES.md, TOOLS.md),
and marketing SOUL files intentionally use long lines, compact heading
style, and fences inside blockquotes. Disabling MD013, MD022, MD031,
and MD040 prevents false-positive CI failures on these files.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Hugh Hackman
Chris Farhood
Countess von Containerheim