The forensic operating hub. GitHub is source of truth. VPS is disposable runtime. Hermes is the operator shell. Everything is evidence-backed or it does not count.
Source: /migration/status.json
as of 2026-06-08 18:23:33 UTC (static snapshot — live fetch overrides)
Static snapshot (2026-06-08) baked in for instant render; all numbers are overwritten from /migration/status.json at page load. Generated: 2026-06-08 18:23:33 UTC
Total: 139 tasks · full board →
Static fallback numbers from the 2026-06-05 audit and 2026-06-08 status snapshot are baked in; the live status.json fetch overwrites them on load.
139 tasks across the execution board
Throughput ≈ 0: 139 planned, 1 done. WATCH (3) is a static board-snapshot lane; the other four lanes go live from status.json. Full board →
13 audit sections · 2026-06-05 run
36 redacted public evidence files · 1,187 total redactions. Audit evidence →
VPS 66-container runtime · read-only reconciliation
saathi-app-1 Up 4 wks (unhealthy)
origin-backend Up 5 wks
platformx-nextcloud Up 5 wks
P0 queue: RuntimeContract + issue required before any restart/fix · mutation_allowed: false. Issue #196 →
GitHub holds the durable truth; a lightweight Cloudflare Worker proxies committed files to viewport.llc. Work only counts when it travels the full execution loop with evidence.
viewport-corp/viewport-ops · branch ops/openclaw-github-flow-44. Issues, branches, PRs, evidence files. Durable rules, repos, handoffs, prompts, decisions, deployable artifacts.
Lightweight Worker proxying committed GitHub files. (The earlier embedded Worker exceeded the 3 MiB size limit — recorded as a resolved failure in status.json.)
DELIVERY9 public pages, all live HTTP 200, plus the machine surface /migration/status.json that this dashboard fetches at load. Hermes updates the JSON only.
GSD variant in force: GitHub issue → branch → artifact → validator → evidence → live status. VPS runtime stays read-only/reconciliation until RuntimeContracts, backups, rollback, and approval gates exist. Runtime changes without GitHub proof are exceptions.
Active priorities and blockers from status.json. Updated by Hermes.
Items requiring Sam approval before proceeding. Source: status.json blocked array.
72 total containers across families. Read-only reconciliation mode until RuntimeContracts exist. Source: status.json.
All operational approvals, agent commands, finance reviews, document approvals, and customer-facing actions flow through Slack first. Discord, Telegram, and WhatsApp are secondary channels beneath Slack. No production action without Slack approval on record.
Pinned reference for humans and agents. Where documents, support, and finance work must go.
Odoo: Documents / project document folder
Flow: Document needed → Odoo document folder → Slack approval if legal/signature → sign only after approval.
Slack: #mlh-warranty-support, #mlh-legacy-issues
Odoo: Helpdesk
Flow: MLH issue → Slack issue thread → Odoo helpdesk ticket → evidence attached → agent suggests next action → approval if legal/financial/customer-facing.
Slack: #mlg-finance-review
Odoo: Accounting / Invoicing / Expenses
Flow: Draft invoice/payment/expense → Slack finance review → Odoo record → approval before sending/payment/customer-facing action.
Mode: GitHub issue → branch → artifact → validator → evidence → live status. VPS runtime remains read-only/reconciliation until RuntimeContracts, backups, rollback, and approval gates exist.
Move real business/runtime work through visible GitHub issues and acceptance criteria.
Create branch, artifacts, validator, evidence path, and rollback boundary before touching runtime.
Run the smallest safe action, verify with tests or live proof, diagnose failures, then repeat.
Issue #196 ·
status JSON ·
viewport-company-os/workflows/gsd-ralphloop-operating-contract.yaml
Live-verified state. Cloudflare pages are live; Odoo/Slack foundations validate; GitHub source-of-truth, VPS contracts, CompanyOS enforcement, tenant isolation, and watcher autonomy are not finished.
The operating principles this migration was built on. Not marketing. Not aspirations.
Mixed Docker/proxy/state model caused hidden ownership, fragile recovery, and impossible audit trails.
Agents work from issues, branches, PRs, and evidence files. Runtime changes without GitHub proof are exceptions.
Hermes keeps sessions, Telegram/Discord/CLI surface, memories, and provider routing. OpenClaw is fenced.
Redacted migration narratives now live on the VPS at /srv/viewport/migration. Hermes must read via /opt/data/migration.
1,187 total redactions in public evidence files. No token, password, session file, or auth value is embedded here.
The full evidence corpus behind this report. Original research metrics, not live-updated.
Standard handoff for any agent starting a session. Active tenants, do-not-touch list, and next priority.
Every section of the original 242 KB Command Center (gutted by commit 03c1ecf on 2026-06-08) is restored below in original order — company tree, master migration diagram, evidence dashboards, domain registries, Telegram forensics, phase plans, and the agent contract. Content is verbatim from the recovered June-5 page; only the visual theme was aligned to the unified design system.
This page is the public-safe operating report built from the full Telegram exports, Migration docs, Hermes/OpenClaw evidence, VPS Docker inventory, and domain records. It is not a marketing page. It is the control surface for what happened, what failed, what remains open, and how the new system must run.
This corrects the report against live checks. Cloudflare pages are live; Odoo/Slack foundations validate; old OpenClaw roles/crons are read. But GitHub source-of-truth, VPS contracts, CompanyOS enforcement, tenant isolation, and watcher autonomy are not finished.
PARTIAL / BLOCKED
Local branch ops/openclaw-github-flow-44 is ahead 6 commits; gh CLI missing; GitHub MCP get_file_contents for branch/path returned Not Found; previous push/write blocked. Live worker deploy is Cloudflare-side, not GitHub-synced source of truth.WORKING FOR LIVE PAGES
Cloudflare API auth with contactviewport@gmail.com succeeds; account Workers scripts listed; viewport.llc zone found; /migration, /migration/plan, /migration/task are live HTTP 200 after deploy.LIVE BUT UNRECONCILED
Read-only Docker check: 72 total containers, 65 running, 3 unhealthy: saathi-app-1, origin-backend, platformx-nextcloud. Dokploy, Coolify, NPM/nginx, Traefik coexist.LEGACY KNOWLEDGE READ; NOT CENTRALIZED COMPANYOS
Old backup verified 24 configured seats, 25 workspace docs, 50 legacy crons; fresh OpenClaw has 1 cron. Roles exist as source material, not operating agents under current GitHub/Odoo/Slack loop.DESIGN + TEST FILES EXIST; NOT ENFORCED END-TO-END
viewport-company-os/tests/gsd-ralph-loop.yaml exists; task board has agent/role/watchers tasks; no CI/issue/PR/runtime enforcement proven.PARTIAL OPERATIONAL FOUNDATION
validate_odoo_slack_integration.py passes 15/15; Odoo safe draft/control records and Slack bot/channel checks exist. Still not a full production app/control room with all commands, workflows, approvals, and tenant operations automated.TEMPLATE PLANNED, PARTIAL FOUNDATION ONLY
Odoo/Slack matrices, task board, and plan include tenant template; repo/runtime isolation and per-tenant GitHub/Odoo/Slack/agent registry not proven complete.IDENTIFIED / NOT INTEGRATED
Task board now includes Postiz/social automation tasks; no verified Postiz repo-to-runtime/control-flow integration completed.API PRESENT NOW; PLAN CLAIMS NEED TIMESTAMPED STATUS
Current OpenRouter key present and /models returned HTTP 200. Prior model council runs were partial/unstable; not enough to claim all council review done.Ambition: Viewport is being designed as an AI-operated global company that can serve every country and every industry — an all-country/all-industry operating architecture — through reusable tenant/company operating systems. This is not yet fully built. The live reality audit above shows the missing rails: GitHub source-of-truth, RuntimeContracts, CompanyOS enforcement, tenant isolation, and watcher execution.
Viewport LLC / parent governancePlatformX / multi-tenant AI business OSCompanyOS / rules + roles + workflowsHermes operator shellOpenClaw legacy role libraryGitHub source-of-truthVPS/cloud runtimeOdoo business recordSlack command room
Each company, tenant, client, associate, or partner gets an isolated package: GitHub repo/labels/issues, Slack channels, Odoo company/context/apps, runtime namespace, domain map, knowledgebase, approval matrix, agent roster, watchers, reports, onboarding, rollback, and offboarding.
Real estate & constructionFinance & accountingLegal & complianceHealthcare & wellnessEducation & trainingRetail & commerceManufacturing & supply chainHospitality & tourismMedia & entertainmentAgriculture & foodEnergy & utilitiesTransport & logisticsGovernment/civic servicesNonprofits & communityTechnology/SaaSAI/model/tool R&D
Executive commandGitHub PMO / source-of-truthTenant operationsEngineering / productRuntime / SRE / DNSAI automation / agent factorySecurity / privacy / complianceResearch / intelligenceEvidence / data / knowledgeSales / CRMMarketing / content / Postiz/socialCustomer success / helpdeskProject delivery / operationsDocuments / contracts / legal/signFinance / accounting / procurementHR / training / agent readinessQuality / verification / auditR&D for cheaper AI compute/energy/hardware
Tenant/company setupWebsite/client portal/investor portalOdoo ERP/CRM/helpdesk/documents/accounting workflowsSlack/WhatsApp/Telegram command roomsGitHub task/PR/evidence operating systemRuntime/DNS/SSL/container operationsPostiz/social/content workflowEvidence vault/knowledgebaseAgent/watcher operationsApprovals/legal/finance gatesReporting/analytics/KPIsSecurity/privacy/complianceTraining/role onboardingAutomation connectors/MCP/toolsModel/provider/cost optimization
Modern Lao Group / Modern Lao Homes is the first full reference implementation: GitHub ops, Slack approvals/audit/support channels, Odoo CRM/project/helpdesk/documents/finance foundations, public/private portal separation, Postiz/social workflow, and Modern Manager-style agent coordination.
Viewport must research cheaper, lower-energy, lower-hardware AI operation: model routing, open/free models, local inference, workflow caching, agent specialization, evaluation, and provider fallback so high-class AI operations can become globally accessible rather than expensive enterprise-only tooling.
Already in place: live migration pages, Cloudflare deploy path, partial Odoo/Slack foundation, old OpenClaw agent/cron readout, VPS Docker visibility, task board. Not yet complete: remote GitHub source sync, RuntimeContracts for every service, enforced CompanyOS registry, production watcher system, full tenant isolation proof, full Odoo/Slack command-room automation, and global replication playbooks.
Sam supplied 60-80 reference diagrams. The useful pattern is consistent: company brain, Hermes orchestrator, department/specialist agents, GitHub source of truth, disposable runtime, evidence bundles, secrets isolation, observability, and approval gates. The migration page now records that as an executable operating model, not just a narrative.
Viewport Corp / Viewport OS holds strategy, entity registry, tenant map, rules, decisions, and durable memory. Chat is not the database.
Hermes routes, executes, verifies, and reports. It operates through GitHub branches, PRs, evidence bundles, and permission gates.
OpenClaw and subagents are specialized workers. They receive bounded tasks and return proof; they do not silently become source of truth.
Every service needs repo, owner, tenant, domain, env template, secret refs, healthcheck, backup, rollback, observability, and evidence.
Create a canonical migration control ledger before further autonomy.
Artifact: migration-control-plane/migration-control-ledger.yamlRotate and register exposed secrets before trusting automation.
Artifact: migration-control-plane/secrets-exposure-register.yamlDefine agent authority. DNS, domains, secrets, destructive work, and production changes require explicit Sam approval.
Artifact: migration-control-plane/agent-authority-matrix.yamlMake every migration/deploy produce evidence and rollback proof.
Artifacts: runtime-contract.schema.json and evidence-bundle.schema.jsonsteipete/agent-scripts confirms the shared-agent-rules pattern: canonical AGENTS file, skills, scripts, hooks, and validation.
Hermes memory should be layered: session/peer memory, working continuity with redaction, and long-term company graph.
Artifacts: entity/domain/service ledgers plus future memory stackThe iii worker model maps to one capability catalog instead of point-to-point integrations.
Company departments become graph nodes; workflows become named edges with owners and evidence.
Artifact: company-graph.yamlThese files are the start of the control plane. They are intentionally schemas, ledgers, and policies — not secrets and not runtime-only notes.
| Artifact | Purpose | Why it matters |
|---|---|---|
| migration-control-ledger.yaml | Single operational spine for services, tenants, runtime, evidence, and state. | Prevents another scattered Docker/chat/source-of-truth failure. |
| service-catalog.yaml | Service owner, runtime, health, backup, rollback, observability, acceptance fields. | No service is migrated by vibes. |
| entity-registry.yaml | Viewport Corp, Viewport OS, PlatformX, Modern Lao, BCCL, old OpenClaw records. | Separates legal/entity/product/tenant/archive concepts. |
| domain-registry.yaml | Domain ownership, audience, runtime target, approval policy, public/client separation. | Prevents Modern Lao-style public/client route mistakes. |
| secrets-exposure-register.yaml | Tracks exposed secret classes, rotation gates, and no-chat/no-git rules. | Historical credential exposure blocks trusted autonomy until rotated. |
| agent-authority-matrix.yaml | Defines Hermes, OpenClaw, subagents, deploy agents, and crons by authority class. | Agents get permissions, not unlimited power. |
| runtime-contract.schema.json | Machine-readable contract for deployable services. | GitHub truth can be reconciled against runtime reality. |
| evidence-bundle.schema.json | Machine-readable proof format for migration/deploy work. | Every action returns evidence, not promises. |
| rollback-dr-plan.md | Rollback and restore acceptance rules. | No service accepted without recoverability proof. |
| openclaw-quarantine.md | Legacy/specialized OpenClaw fence. | Keeps useful history without letting it silently mutate production. |
| control-room-spec.md | Mobile-first Control Room tab structure. | Turns this report into an operational dashboard plan. |
| observability-plan.md | Dashboards, trace fields, and alerts. | Makes runtime, agents, crons, DNS, cost, and backups visible. |
| 20-subagent-image-architecture-synthesis.md | Preserves the outcome of the 60-80 reference-image review. | Turns the image corpus into concrete Viewport OS artifacts instead of chat-only notes. |
| external-reference-agent-scripts-memory-runtime-graph.md | Captures steipete/agent-scripts, Hermes 3-layer memory, iii shared runtime, and company-graph references. | Converts the new references into concrete Viewport adoption rules. |
| worker-capability-catalog.yaml | Worker * Function * Trigger catalog for discoverable runtime capabilities. | Prevents point-to-point worker integration spaghetti. |
| company-graph.yaml | Business graph of departments, agents, edges, owners, and evidence loops. | Lets agents optimize named company components instead of vague tasks. |
| new-reference-intake-rule.md | Workflow for every repo/link/article/image/video Sam shares. | Prevents useful references from staying as chat-only inspiration. |
| openclaw-access-activation-plan.md | Explains why OpenClaw is idle and how to activate it safely. | Turns OpenClaw from sandboxed reviewer into a GitHub-governed worker. |
| openclaw-access-contract.yaml | Machine-readable access classes for OpenClaw, Hermes bridge, runtime mounts, and gated actions. | Keeps permissions explicit before fresh Docker/runtime escalation. |
This is the report's main diagram layer. It shows the intended migration path, the company stack, and the separation rules that Hermes/OpenClaw/Codex must follow before doing more work.
viewport-os, public-viewport-*, infra-*viewport.llc and corporate domains onlyinternal-*, upstream-fork-*, infra-*veavor.com subdomains mapped one by onepartner-modernlao, tenant-mlg, future tenant-*imports/ index or archived repo, never silent Downloads-only truthThis is the complete operating chart Sam is asking for. It separates what failed, what must become canonical, where each business lane belongs, and what Hermes must read before it acts.
Your migration plan is not "move files to a new container." It is a company operating-system rebuild where GitHub owns truth and the VPS only runs reproducible services.
Hermes becomes the operator shell after it can read mounted migration evidence, route tasks into GitHub, run checks, and write proof back. It should not act from chat memory alone.
The current Hermes container must be rebuilt or updated to mount /srv/viewport/migration as /opt/data/migration, then prove it can read the synthesis and lane files.
Every major conclusion is tied to a source class, verification status, and operational consequence. Raw exports remain local because they contain sensitive material.
Both bots were exported to raw JSON and Markdown with media.
Evidence: Migration/imports/telegram-bot-history/EXPORT-MANIFEST.jsonSecurity scan found critical token/password/PAT exposure in historical reports and Telegram artifacts.
Evidence: security lane, local rg scan, redacted inventoryThis HTML is rebuilt from a generator so future audits can update it deterministically.
Evidence: Migration/scripts/audit/build_migration_report.pyPrimary long-running history from 2026-02-08 to 2026-05-16.
Top themes: Hermes/OpenClaw, runtime Docker, failure blockers, GitHub SOT.Focused history from 2026-05-08 to 2026-05-18.
Top themes: Hermes runtime, Modern/Cameron, GitHub, Telegram PoolTimeout.BCCL, PoolTimeout production path, GitHub hardening, engine.veavor.com, and bccl.la remain open.
Evidence: deterministic extractor + specialist lanes.It has Coolify, Traefik, Modern, Odoo, OpenWebUI, AnythingLLM, n8n, Coder, OpenHands, OpenClaw, and tenant services.
Evidence: root Docker inventory on 194.163.153.171.Separate daemon, root, bridge, and socket. Current purpose: isolated Hermes lane, not production fleet yet.
Evidence: /var/run/docker-viewport.sock and /etc/docker/daemon-viewport.json.The historical docker-viewport audit is evidence, not current truth. Current runtime status must be checked before any autonomy claim.
Evidence: docker-viewport audit lane; current check required.host, control, assistant, performer, origin, flow, drive, ai, llm, dock, code, desktop and related names route the operating platform.
Evidence: domain lane and proxy configs.Modern Lao, BCCL, LaoWise, Saathi, and future tenant work must not collapse into the core ops domain.
Evidence: domain portfolio docs and DNS records.Registrar ownership/NS flip is the remaining domain migration blocker.
Evidence: Migration domain status lane.CLI, Telegram, Discord and other surfaces persist into state and JSONL session records.
Evidence: Hermes source lane.OpenClaw should be fenced as imported state and specialized runtime, not exposed as the company operating interface.
Evidence: Migration STATE + OpenClaw lane.Long builds and production fixes must use GitHub issues/PRs and background runbooks, not chat-only foreground loops.
Evidence: PoolTimeout incident and failure pattern.Across both bots, 252 images were OCRed, 61 readable attachments were compact-extracted or listed, and 552 per-bot unique URLs were fetched or classified. Audio was inventoried, but exact transcripts are blocked until a working transcription path exists.
Evidence: MEDIA-LINK-COMPLETION-SYNTHESIS.md.Rotation cannot be completed by publishing a report. It needs owner action against GitHub, Telegram, providers, and passwords.
Status: High risk until rotated.Some services are known, some are residue. No destructive cleanup should happen until owners and GitHub homes are assigned.
Status: Sam-gated.The Mac disk is not the durable workspace. Redacted migration narratives and service-catalog seed were mirrored to /srv/viewport/migration and should be mounted into Hermes at /opt/data/migration.
Evidence: VPS-MIGRATION-README.md and service-catalog.tsv.This tab is written for Sam first. It explains the full migration story in plain categories so you can read it without digging through Telegram, VPS logs, GitHub branches, Docker audits, or old OpenClaw files.
Viewport must become an AI company operating system: GitHub holds truth, Hermes operates, OpenClaw/VIEWPORT reviews and delegates, VPS runs disposable services, and every agent leaves proof.
Plans, decisions, fixes, secrets, Docker state, bot state, and agent memory were scattered across Telegram, Mac files, VPS folders, old Docker, OpenClaw sessions, and partial GitHub work.
Telegram can start work. GitHub must hold the issue, branch, PR, runtime contract, evidence, rollback, and final status. VPS should be rebuildable from GitHub-controlled artifacts.
| Area | What the evidence says | Why it mattered | What must change now |
|---|---|---|---|
| Day-one problem | Sam repeatedly asked agents to read everything, remember everything, and execute; agents answered with partial memory, partial plans, and unfinished follow-through. | This created the feeling of paying for motion instead of a working company system. | Every serious request becomes a GitHub task packet with owner, reviewer, evidence, and next action. |
| Telegram history | The migration report indexed 9,450 messages across TheViewportBot and Hermes_Viewport_Bot, plus media, documents, links, screenshots, and voice/audio inventory. | The history proves the architecture was not new: GitHub-first, VPS runtime, OpenClaw workforce, Viewport orchestrator, and tenant lanes were discussed many times. | Use Telegram as command/status only; promote important facts into GitHub knowledgebase and evidence pages. |
| Old OpenClaw agent company | Old OpenClaw backup currently verifies 24 configured agent seats, 25 workspace role folders, 50 legacy crons, and VIEWPORT as CEO/master orchestrator. Older notes said 26/48; that discrepancy is now tracked explicitly instead of hidden. The roster included engineering, research, QA, ops, finance, legal, sales, marketing, analytics, crisis/media/content-style functions, and tenant-related roles. | The old system already had the company-department idea. The failure was runtime drift, unsafe scheduling, unclear source of truth, and weak proof loops — not lack of vision. | Convert the 26 old agents into a clean GitHub agent registry and department workflow. VIEWPORT routes; specialists do micro-jobs; reviewers verify. |
| Hermes role | Hermes is the active Telegram-facing operator with tools, memory, GitHub access, terminal/VPS path, skills, cron, delegation, and MCP support. | Hermes should not become one overloaded super-bot. That repeats context rot and hidden work. | Hermes becomes the hands/operator: creates issues, runs checks, writes commits, collects evidence, asks specialists, reports short status. |
| VIEWPORT role | Old VIEWPORT rules said it should never do all work itself. It should route, delegate, quality-gate, log decisions, and escalate only real blockers to Sam. | This is exactly how a company works: CEO/orchestrator does not write every line of code, check every DNS record, and design every ad alone. | Rebuild VIEWPORT as the orchestrator/reviewer over specialist agents and task queues. |
| GitHubOps | Prior council/harness work established GitHub as source of truth: issues, branches, PRs, council rounds, task files, state files, evidence, runbooks, and commits. | Without GitHub, agents forget, duplicate, overclaim, and cannot roll back or prove what changed. | Every code/config/runtime/domain/agent change must start with GitHub issue -> branch -> committed artifact -> review -> apply -> verify. |
| VPS runtime | The migration report says the VPS is runtime plus evidence host, not source of truth. Old Docker had many mixed containers and hidden ownership. | When the server becomes the truth, nobody knows what is production, what is old, what is broken, or what is safe to delete. | Use RuntimeContracts: repo, image/commit, compose project, ports, healthcheck, secrets, backup, rollback, owner, evidence. |
| Old Docker | Audit evidence showed a large old Docker estate with production/reference/experiment services mixed together. It must not be randomly repaired, deleted, or copied. | Old Docker contains useful proof and maybe live services, but also residue and risk. | Keep old Docker read-only unless Sam approves a specific bounded inspection or mutation. Rebuild clean services from GitHub contracts. |
| Scheduler / cron failure | Evidence found OpenClaw scheduler jobs plus host cron patterns that could kill Claude/OpenClaw processes and delete session/lock files. | This explains why 24/7 agents could collapse: the scheduler itself could destroy active work. | Cron must trigger bounded jobs only. It must not kill sessions, delete active state, or act as the supervisor. Watchers start observe-only. |
| Watchers / self-healing | The correct watcher model is detect -> classify -> issue -> branch -> staging -> tests -> verifier -> approval gate if needed -> deploy -> re-verify. | Blind self-healing can break production faster. Controlled self-healing makes agents useful without losing safety. | Start with 12 watchers: GitHub PR, VPS health, Hermes gateway, OpenClaw runtime, domains, cost, backups, tenant SLA, secrets, rules, skills, briefing. |
| Multi-tenant system | Modern Lao, BCCL, Saathi, LaoDomains, Agarwood, Viewport/PlatformX, and other lanes were mixed in conversation and runtime evidence. | Mixing tenant/client/product/core work creates wrong edits, wrong domains, wrong repo assumptions, and client-scope mistakes. | Each tenant needs separate repo/fork, cloned source, runtime, ports, bot/env, knowledge scope, issue/PR/evidence, and watcher. |
| Domains / DNS | The page records active domains, ghost zones, Cloudflare state, bccl.la blocker, and business/domain clusters. | DNS is business ownership, not only technical routing. Wrong domain changes can damage client/business trust. | Create domain manager workflow: domain inventory, registrar, Cloudflare, DNS records, SSL, email, service owner, rollback, approval gates. |
| Security / secrets | Historical material included many credential/security references. Public report must redact raw values and only show categories and paths. | Agents cannot be trusted with automation if old exposed credentials remain valid and scattered. | Secrets stay runtime-only. Rotate exposed tokens. GitHub stores secret names/contracts, never values. |
| GitHub PR/review process | Previous work often ended at plans or runtime edits. Sam specifically wants GitHub evidence and checking agents that verify other agents followed rules. | A company needs makers, reviewers, deployers, auditors, and managers — not one agent saying “done.” | Split every workstream: planner, implementer, verifier, deployer, watcher, auditor. Each leaves GitHub evidence. |
| Research and learning | Sam sends links, videos, images, tools, docs, and ideas; many were analyzed in chat but not promoted into durable skills/runbooks/KB. | That wastes context and money because the same lessons must be rediscovered. | Create research agents and skill-learning agents: research -> classify -> KB note -> skill/runbook/script/MCP candidate -> reviewer -> GitHub commit. |
| What is not done | Raw Telegram exports are still not fully mounted into current Hermes runtime; Mac source access is still a blocker; some runtime facts are evidence-freeze, not current live truth. | Claiming 100% understanding would be dishonest until raw sources and live checks are accessible. | Mount/import raw evidence privately, verify current runtime live, and update this Evidence tab with timestamped proof. |
Sam request, Telegram message, GitHub issue, webhook, or watcher alert comes in. It is classified by tenant, risk, department, and approval need.
VIEWPORT/Atlas creates the task packet: what to do, what not to touch, files, owner, reviewer, tests, rollback, evidence.
Specialist agent does the micro-job only: research, code, QA, domain audit, deploy, copy, design, finance, legal, support, or content.
Different agent checks the work. Tests, screenshots, healthchecks, links, logs, commit SHA, and rollback proof are required.
Performer/Hermes deploys only from GitHub-controlled artifacts and only to the approved runtime target.
Eye/watchers check GitHub, VPS, gateway, OpenClaw, domains, costs, tenant SLAs, backups, and rule compliance.
Repeated work becomes a skill, runbook, script, CLI command, MCP tool, or checklist — committed to GitHub.
Sam gets short plain status: done/progress/blocker, evidence link, next action, approval needed. No raw log dumps unless asked.
| Department | Old OpenClaw agent seed | Micro-jobs it should own | Reviewer / proof |
|---|---|---|---|
| CEO / Orchestration | VIEWPORT | Triage, route, delegate, log, quality gate, daily briefing, escalate real blockers. | Auditor checks routing log, task packet, and missing proof. |
| Engineering | CodeX, Atlas, Verify | PRDs, architecture, branches, code, tests, CI, bug fixes, API/backend/frontend work. | Verify checks tests; Auditor checks evidence; Eye checks runtime. |
| Runtime / DevOps | Performer, Eye, Crisis | Docker, deploys, rollbacks, backups, healthchecks, incidents, runtime contracts. | Eye watches; Crisis handles P0; Sam approves Tier-0/prod/DNS/secrets. |
| Research | Scout, Sentinel | Official docs, releases, competitor research, tools, new tech, market intelligence. | Quill/Atlas convert into KB/decision; Auditor checks citations. |
| Growth | Forge, Closer, Amplify, Palette | Partnerships, leads, CRM, outreach, campaigns, OmniBrand workflows. | Ledger/Prism check revenue/cost metrics; Shield checks legal risk. |
| Content / Media | Quill, Canvas | Docs, pages, blogs, proposals, decks, visuals, website assets. | Verify checks public page, mobile, copy, broken links, screenshots. |
| Finance / Legal | Ledger, Shield | Spend, invoices, Stripe/Odoo, contracts, privacy, trademark, risk review. | Sam approval for financial/legal commitments. |
| Customer / Tenant | Advocate, c-modernlao, future tenant agents | Onboarding, support, client health, tenant-specific operations. | Tenant watcher checks SLA; scope guard prevents cross-tenant mistakes. |
| Analytics / Quality | Prism, Metric, Auditor, Mentor, Recruiter | KPIs, agent scoring, benchmark, skill gaps, training, new agent specs, audits. | Weekly performance/evidence report and stale-agent cleanup proposal. |
Company-style departments, not one mega-agent. GitHub-first, not chat-first. Watchers with gates, not blind self-healing.
The next source-of-truth file should map every old OpenClaw agent into department, trigger, allowed tools, forbidden actions, outputs, reviewer, and watcher.
Before claiming complete day-one understanding, Hermes must access the raw Telegram exports/private evidence or receive a verified private import.
This report is not meant to replace the raw evidence. It is the public-safe index that tells Hermes, OpenClaw, Codex, and future agents where the full source files live and what each source is allowed to prove.
| Evidence lane | Local artifact | Coverage | What it proves | Limit / next audit |
|---|---|---|---|---|
| ViewportBot full chat | Migration/imports/telegram-bot-history/TheViewportBot/TheViewportBot-full-history.raw.json and .md | 6,990 messages, 2026-02-08 to 2026-05-16 | Early OpenClaw, ViewportBot, business-model, failure, token, research, product-sprawl, and GitHub-source-of-truth discussions. | Raw values stay local; public report can summarize categories and message IDs only. |
| ViewportBot 10-lane deep read | Migration/audit-runs/20260518T-viewportbot-deepread/SYNTHESIS.md plus lane-01 through lane-10 | All 6,990 ViewportBot message texts split into 10 evidence lanes | Proves the old chat pattern: repeated demands for full reading/execution, bot overclaims, runtime/model/account failures, secret-hygiene issues, business/product/domain plans, and the emergence of GitHub-as-truth/VPS-as-runtime doctrine. | Message text read is complete; media/link follow-up is tracked in MEDIA-LINK-SYNTHESIS.md. |
| Hermes full chat | Migration/imports/telegram-bot-history/Hermes_Viewport_Bot/Hermes_Viewport_Bot-full-history.raw.json and .md | 2,460 messages, 2026-05-08 to 2026-05-18 | Hermes runtime, docker-viewport, Modern/BCCL/domain work, PoolTimeout incidents, and current migration pressure. | Must not expose Telegram session or bot credentials. |
| Telegram forensic index | Migration/audit-runs/20260518T-telegram-forensic/telegram-forensic-index.json | 9,450 messages categorized into runtime, failure, docs, security, domains, business, and GitHub lanes | Transforms chat into backlog categories and source counts instead of relying on memory. | Future pass can add OCR/vision on media and full semantic clustering. |
| ViewportBot media/link pass | Migration/audit-runs/20260518T-viewportbot-deepread/MEDIA-LINK-SYNTHESIS.md | 271 media files inventoried; 177 image OCR attempts; 43 readable document extractions; 50 audio files / 572.33s inventoried; 358 unique URLs fetched or classified | Uploaded screenshots, PDFs, DOCX, markdown files, voice notes, and external links were processed into an auditable source layer instead of being left as vague "media". | Exact audio transcripts remain blocked by missing local Whisper tooling and invalid/unavailable transcription API credentials; full webpage mirrors and full text dumps were avoided because disk was critically low. |
| Hermes media/link pass | Migration/audit-runs/20260518T-hermes-media-link-pass/MEDIA-LINK-SYNTHESIS.md | 95 media files inventoried; 75 image OCR attempts; 18 document/ZIP/patch extractions or listings; 2 audio files / 33.43s inventoried; 194 unique URLs fetched or classified | Hermes-side screenshots, Markdown plans, patch/ZIP evidence, MP3 tests, and external links were compact-indexed so the new operating-direction chat is not treated as text-only. | Exact audio transcripts share the same blocker: no local Whisper stack and invalid/unavailable transcription API credentials. |
| Combined Telegram media/link synthesis | Migration/audit-runs/20260518T-telegram-forensic/MEDIA-LINK-COMPLETION-SYNTHESIS.md | 366 media files inventoried; 252 images OCRed; 61 readable attachments compact-extracted/listed; 52 audio files / 605.76s inventoried; 552 per-bot unique URLs processed | Public-safe master summary for what has now been processed across both bot exports. | Audio speech-to-text remains the only hard blocker in this media/link lane. |
| Business and hardship narrative | Migration/audit-runs/20260519T-business-plan-extraction/MASTER-MIGRATION-PLAN-NARRATIVE.md | ViewportBot-first history plus Hermes-new-doctrine written as a migration plan narrative | Converts the chat evidence into Sam's actual plan: company structure, business lanes, hardship trail, GitHubOps, VPS runtime, old Docker classification, and proof gates. | Must be promoted into canonical GitHub repo/docs after source-library import. |
| Hermes new runtime target | Migration/audit-runs/20260519T-business-plan-extraction/HERMES-NEW-RUNTIME-TARGET-ARCHITECTURE.md and VPS /srv/viewport/migration/ | Dedicated service-container model, VPS storage layout, Hermes mounts, service-catalog seed with 15 lanes | Defines the industry-level target Sam requested: GitHub owns source/config; VPS owns runtime/evidence; Hermes reads mounted server evidence and operates dedicated containers. | Next step is mounting /srv/viewport/migration into Hermes, validating current health live, and replacing seed rows only after GitHub-owned runtime contracts exist. |
| OpenClaw/Hermes 10-lane deep scan | Migration/audit-runs/20260519T-openclaw-hermes-deep-scan/OPENCLAW-HERMES-DEEP-SCAN-SYNTHESIS.md plus lane-01 through lane-10 | OpenClaw config/agents, workspace instructions, 51 scheduler jobs, Docker topology, logs, skills/security, Hermes mounts, domain/proxy mapping, memory/source-truth storage, final architecture evaluation | Proves why the old 24x7 agent company failed: roster drift, duplicated role instructions, host cron killing/deleting sessions, mixed Docker ownership, weak functional health checks, unsafe tool posture, unmapped domains, and runtime memory treated as truth. | Conclusion: new Hermes dedicated-container plan is correct only as a gated migration program; immediate blocker is mounting /srv/viewport/migration into Hermes and removing unsafe scheduler patterns. |
| Telegram media raw store | Migration/imports/telegram-bot-history/*/media/ | 366 files, about 110M across both bots | Full raw screenshots, voice notes, PDFs, markdown files, and research reports remain locally preserved for private agent work. | Public report publishes only redacted summaries and paths, not raw credential-shaped content. |
| Cloudflare live audit | Migration/domains/audit/live-cloudflare-crosscheck-20260518/crosscheck.md | 62 destination zones, 1 source zone, 54 expected active domains, 0 expected missing | Confirms LaoDomains folder vs live Cloudflare instead of guessing from old docs. | bccl.la is still double/pending; ghost zones require approved cleanup. |
| Domain portfolio | Migration/domains/portfolio-chart.md, STATE.md, HANDOFF.md | 54 owned active + 3 expired + 8 ghost Cloudflare zones | Maps domains into personal, Agarwood, BCCL, Modern Lao, Viewport, Veavor, Capital ABC, Think That, people, unknown, Lao services. | Several entity ownership decisions still need Sam confirmation. |
| Old Docker | Migration/audit-runs/20260518T-telegram-forensic/old-docker-ps.jsonl and srv-viewport-file-slice.tsv | 82 containers total, 79 running during audit | Old VPS is live/reference evidence with Coolify, proxy, data, LLM, automation, client, and unknown service families. | No delete/prune/replace until owner, backup, repo, route, and rollback exist. |
| New docker-viewport | Migration/audit-runs/20260518T-telegram-forensic/docker-viewport-ps.jsonl | 1 isolated Hermes container captured during historical audit | New runtime isolation evidence exists, but current health must be verified live before autonomy claims. | Live health, queue proof, and rollback proof required before calling 24/7 autonomy live. |
| Legacy broad-file audit | Restored older evidence wave in this report | 93,566 files inventoried, 79,449 text-like files, 110 JSONL session/chat files, 7,410,981 extract lines scanned | Earlier local/VPS/docs sweep was valuable and must remain part of the migration record. | Some older claims were stale and have been updated by live Cloudflare/Worker checks. |
| Downloads + Viewport scan | /Users/Office/Downloads and /Users/Office/Viewport targeted Markdown/HTML/text scan | 154 high-signal Downloads Markdown/HTML candidates from agent scan; 5,117 broader local path/content candidates from targeted shell scan | Found missing source families: viewport-kb 15-project spec, Castle International, Saathi, Glanzal Realty, Modern Intelligence Platform, BCCL/LAOWISE, Odoo onboarding, OmniBridge, Origin. | Ambiguous brands must go to confirmation queue instead of being silently treated as core. |
| Backup/archive scan | /Users/Office/Downloads/_ORIGINALS, Archives-Backups, Origin, Projects/GSD-Project-Backup, Chat-Histories, PlatformX/Projects/Omni and TelegramSuite | Backup folders, master setup docs, OpenClaw/OmniBridge universal packs, Origin frontend/backend, memory backups, VPS logs, and legacy project state files. | Proves there are additional plan/source families beyond Telegram and Migration. These should be reorganized into governed import buckets before being used for builds. | Do not expose credential/status files publicly; import with redaction flags and owner classification. |
The page can publish counts, decisions, paths, categories, and redacted summaries. It must not publish raw tokens, passwords, session files, personal phone codes, provider auth dumps, or reconstructable credential fragments.
Hermes and OpenClaw should use this page as a table of contents, then read the local artifacts directly when doing private work. The public page is not the full database.
A conclusion is trusted only when it points to a source lane, local file, live check, or repo artifact. Anything else is hypothesis and should be labeled that way.
The latest broad path cross-check surfaced 32,257 matching document/project paths across Downloads, Viewport, PlatformX, backup, archive, Origin, Omni, Castle, Saathi, Modern, BCCL, LaoWise, Odoo, VPS, Docker, migration, and domain keywords. They should be treated as evidence to classify and import, not as a permanent source of truth in Downloads.
| Folder / pack | What was found | Why it matters | How it should be reorganized |
|---|---|---|---|
| /Users/Office/Downloads/viewport-kb | Master spec, 15 project specs, workflow registry, agent templates, OMNIBRAND, GitHub SoT, MCP registry, semantic search, ClawHub, observability. | This is closest to a canonical product roadmap outside Migration. | Import selected files into Migration/imports/viewport-kb/ with an index and mark which specs are current, superseded, or idea-only. |
| /Users/Office/Downloads/_ORIGINALS | OmniBridge universal archive, desktop chat/history material, master setup docs, OpenClaw setup, memories, revenue-hunting, bootstraps, identity docs. | Contains the old operating-system attempt and many reasons the old model failed. | Create Migration/imports/legacy-originals/ manifest with redaction flags; keep credentials/status docs private. |
| /Users/Office/Downloads/Archives-Backups | OmniBridge backups, duplicated docs, package indexes, architecture, security, deployment, testing, command center and founder playbooks. | Large inherited product family; useful pieces should be mined, but not confused with current source of truth. | Classify as archive-omnibridge; extract reusable patterns into GitHub issues instead of copying the whole pile into runtime. |
| /Users/Office/Downloads/Origin | Origin backend/frontend, scraper, RAG, publisher, dashboard routes, memory backups, skills, session state, migration plan, fixes, Vercel notes. | Origin/OmniBridge is a real codebase and may contain reusable automation and dashboard work. | Assign one repo owner decision: revive product, archive evidence, or mine components for PlatformX. |
| /Users/Office/Downloads/Projects/GSD-Project-Backup | REAL_STATUS, live state, manifest and backup status files. | Potentially another legacy execution/project lane not yet represented in the business map. | Add to confirmation queue; do not build until Sam identifies owner and business value. |
| /Users/Office/Downloads/Chat-Histories | SERVER-VPS log and OMNIBRIDGE development log. | May contain root-cause evidence for old VPS/Docker and OmniBridge failures. | Import as private evidence summaries; redact any credentials before public reporting. |
| /Users/Office/Viewport/PlatformX/Projects/Omni and TelegramSuite | OmniOS UI, trading/bot/signal pages, backend services, OmniBridge Elite V2 code, sessions, AI processors, Telegram scanner, RAG and publishing code. | This is too large for a one-paragraph mention and directly affects OmniBridge/Origin decisions. | Separate deep audit required: repo status, secrets risk, build status, domain usage, database/session status, and reusable components. |
| Castle / Saathi / Glanzal / Modern / BCCL files | Individual HTML/Markdown proposals and plans in Downloads and project folders. | These represent active or potential client/partner/venture lanes, not random docs. | Move into classified intake buckets after owner confirmation: tenant-*, partner-*, product-*, or archive-*. |
Downloads is intake, not truth. Anything still useful must be copied into a governed import folder or GitHub repo with a source index, owner, and redaction status.
The report now uses a fixed command menu and named sections so agents can jump to exact lanes instead of scrolling through one giant article.
When a project name is found but not safely classified, it goes to the confirmation table. It is not ignored and not silently merged into Viewport core.
The user correctly flagged that the report was still missing project files outside the Telegram/Migration folder. This intake adds the newly scanned local source families and explains how each changes the migration plan.
| Source family | Key local files | What it adds to the plan | Migration implication | Status |
|---|---|---|---|---|
| VIEWPORT Knowledgebase | /Users/Office/Downloads/viewport-kb/MASTER_SPEC.md and 15 project SPEC.md files | Defines the 15-project order: Hermes CLI, VIEWPORT orchestrator, prompt linter, GitHub SoT, MCP registry, semantic search, Brand DNA, Trading Council, Media Network, OMNIBRAND, Autonomous SDR, Finance Agent, ClawHub Council, Observability, and the KB itself. | Report now treats this as a missing canonical roadmap lane: Wave 1 foundation, Wave 2 infrastructure, Wave 3 revenue agents. GitHub SoT + ClawHub gates are not optional extras. | Confirmed source |
| Castle International Holding | /Users/Office/Downloads/Castle_International_Briefing_Rev02.html | Internal briefing for Mr. Pradeesh Paraprath: four business ideas, with cross-border healthcare payments infrastructure identified as the only empire-scale path; PlatformX positioned as the operating-system unlock. | Castle is not just Saathi. It is a separate strategic client/business lane requiring proposal discipline, compliance review, private handling, and likely its own tenant/project namespace if approved. | Confirmed source |
| Saathi / Castle venture | /Users/Office/Downloads/saathi-proposal.html and /Users/Office/Viewport/PlatformX/LLM/saathi.asia/Saathi-repo/PRD.md | Investor-grade Saathi proposal plus locked portal PRD: vernacular voice-first emotional/predictive wellness, professional B2B wedge, later B2C companion, investor concierge, no paid third-party services unless approved. | Saathi should be tracked as a serious product/tenant lane, not a misc domain. It needs strict legal/medical-risk language, private investor portal hardening, and self-hosted infrastructure discipline. | Confirmed source |
| Glanzal Realty | /Users/Office/Downloads/glanzal_realty_battleplan.html | 30-day Tricity real-estate operating plan for Glanzal Realty: glanzal.com/realty, CRM, n8n, NocoDB/Twenty CRM, WhatsApp, Apify lead sourcing, AI scoring, Discord pipeline, revenue target. | Potential client/project lane with a fast revenue factory pattern. Needs Sam confirmation before it becomes tenant-* or partner-*; otherwise keep as opportunity/intake evidence. | Needs confirmation |
| Modern Intelligence Platform | /Users/Office/Downloads/MLG-Proposal-Modern-Intelligence-Platform-April2026.html | Modern Lao Group AI operating system proposal: Odoo Enterprise as central nervous system, Modern Manager Agent Network, WhatsApp/business workflow, 30-50 role replacement, 7 MLG divisions. | Strengthens the Modern Lao lane: not only a site/portal, but a partner operating platform with Odoo, agents, CRM, content, and governance. | Confirmed source |
| BCCL / LAOWISE | /Users/Office/Downloads/Laowise (BOT)/BCCL_LAOWISE_Corporate_Profile_Business_Plan_PRD.md and Smart_Start_Business_Plan.html | Build-ready BCCL/LAOWISE business enablement plan: public-data-only research, human approval, Smart-Start packages, Odoo/CRM fields, compliance controls, 90-day roadmap. | Confirms BCCL/LaoWise as a real revenue workflow, not just a domain cluster. It needs tenant isolation, CRM/Odoo, package pricing, legal/accounting partner review, and controlled outreach. | Confirmed source |
| Odoo onboarding audit | /Users/Office/Downloads/ODOO-ONBOARDING-AUDIT-PROMPT.md | Client onboarding architecture: separate Odoo database per client, OpenClaw agent per client, domain routing, n8n workflows, client docs, channels, LiteLLM keys, Traefik routes, DNS checks. | Promotes Odoo from “old Docker service” to the intended tenant factory backbone. Needs official-doc verified implementation before runtime mutation. | Confirmed source |
| OmniBridge / Origin / Omni | /Users/Office/Downloads/_ORIGINALS/OmniBridge-Universal-Archive, /Users/Office/Downloads/Origin, /Users/Office/Viewport/PlatformX/Projects/TelegramSuite, Projects/Origin, Projects/Omni, Docs/omnibridge | Large archive of OmniBridge PRDs, bug hunts, architecture recovery, dashboard/workflow fixes, Origin scraper/backend/frontend/RAG/publishing system, and Omni/OmniOS artifacts. | Needs a separate deep archive pass. For this report, it is a major inherited project family and should be represented as legacy/revenue/automation evidence, not ignored. | Deep pass pending |
| Dong Dok Castle / Cameron | /Users/Office/Viewport/PlatformX/Modern/mlh-clients-portal and Modern/MLH-Research | Modern Lao client portal model: public website -> client portal -> client file -> proposal/sign/payment. Cameron/Dong Dok Castle is one private client file, not the whole portal. | Confirms the client-portal taxonomy and mobile/design-quality requirements. This should stay under Modern Lao partner lane. | Confirmed source |
The report now explicitly acknowledges sources outside Migration: Downloads, viewport-kb, LLM/saathi.asia, Modern client portal, OmniBridge/Origin archives, and project folders.
Search found Castle International Holding and Saathi/Castle, plus Dong Dok Castle in Modern. It did not find a separate file named Castle Planets; that name is now in the confirmation queue.
Related but ambiguous projects are listed for Sam confirmation. They should not be silently merged into Viewport core or dropped from the report.
The pattern is clear: real progress happened, but the old mode mixed runtime fixes, bot identity, secrets, Docker, domains, and business planning into chat. The new mode separates evidence, GitHub truth, runtime, and approval gates.
OpenClaw, ViewportBot identity, token optimization, gateway work, and early product attempts. Major issue: repeated overclaims before verification.
6,990-message historyViewport Store, Omnibridge, Mission Control, knowledgebase, model-routing experiments, and many docs. Major issue: too many runtime promises without durable GitHub state.
Scope driftCouncil, source-of-truth rules, GitHub org/fork strategy, tenant boundaries, and VPS disposable-runtime thinking become explicit.
Doctrine acceptedHermes Telegram/CLI runtime, OpenAI Codex auth, host access, imports, and GitHub-first migration become active operational work.
Hermes historyClient portals, OpenClaw guardrails, subdomains, proxy/DNS corrections, and domain portfolio work expose the need for a real control plane.
Mixed runtimeBoth Telegram histories exported, Docker/VPS audited, domains mapped, secret exposure identified, and this public-safe report generated.
Current reportThe attached structure image is converted here into an operating diagram: corporate ownership, product/control layer, agent workforce, GitHub truth, and disposable VPS runtime.
Operating system for the parent company. Namespaces, rules, handoffs, and governance.
Multi-tenant SaaS and control plane product layer.
AI operating workforce: Hermes, OpenClaw, Codex, Claude, automation workers.
Source of truth, operating control plane, issue/PR/audit trail.
Disposable execution target rebuilt from Git + IaC.
Old Docker remains production and reference. docker-viewport is a separate isolated runtime with only Hermes. Migration must classify before moving or deleting anything.
| Service family | Observed examples | Current owner | Risk | Migration action | Evidence source |
|---|---|---|---|---|---|
| Proxy / deploy | Coolify, Traefik, existing proxy routes, host.veavor.com | PlatformX ops | High-risk proxy | Preserve until all routes are mapped; no ad hoc edits outside deploy runbook. | Old Docker, /data/coolify/proxy/dynamic |
| Modern Lao sites | clients.modernlaohomes.com, apps.modernlao.com, Modern portals | Modern Lao client lane | Client boundary | Keep live; move source, deploy proof, assets, and client docs into GitHub repos. | Hermes chat, Modern memory, live smoke tests |
| Automation | n8n, flows, Telegram/Discord bots, cron workers | Viewport OS | Hidden automation | Inventory triggers, tokens, and owners; convert long jobs to GitHub issues/PRs/runbooks. | Docker inventory, Telegram PoolTimeout evidence |
| LLM stack | OpenWebUI, AnythingLLM, LiteLLM, Langfuse, Qdrant, Neo4j | Agent platform | Needs owner | Keep as reference; re-home durable config to repos before rebuild. | Old Docker and OpenClaw docs |
| Business data | Odoo, Postgres, Nextcloud, tenant databases | Business/tenant owners | Migration-critical | Backup, schema-map, owner-map, and recovery test before any move. | Old Docker, domain lanes |
| Hermes isolated runtime | docker-viewport: hermes, image viewport-corp/hermes-agent:v0.12.0 | Viewport OS agents | Unhealthy | Fix healthcheck/provider/session state; keep separated from old production daemon. | docker-viewport ps |
| OpenClaw legacy | root/user state, auth profiles, sandboxes, desktop.veavor.com | Specialized runtime | Reference only | Import memory/skills/state into Hermes/GitHub where useful; do not expose as client shell. | OpenClaw docs and memory |
| Residue / unknown | Services without clear repo, owner, or current purpose | Unassigned | Needs owner | Create owner ticket, classify, then preserve/retire/migrate by evidence. | Old Docker slice |
The old Docker host is not stupid junk; it is an ungoverned operating archive. The right migration is to classify each family, preserve what matters, and rebuild from GitHub/IaC only after the replacement has proof.
| Old service family | Why it existed | Why it failed / became risky | New setup alternative | Do not proceed until |
|---|---|---|---|---|
| Coolify / Traefik / proxy edge | Fast app hosting, reverse proxy, TLS, deploy hooks, many subdomains on veavor.com and client domains. | Proxy owns critical ports; health drift and hidden dynamic routes make random replacement dangerous. | GitHub-owned infra repo with Cloudflare DNS matrix, explicit routes, deploy runbook, and either repaired Coolify or simpler Caddy/Traefik setup per lane. | Every domain/subdomain has route, service, owner, rollback, and smoke test. |
| Odoo / business data | CRM, ERP, invoicing, client/business operations, future subscription foundation. | Data and tenant ownership are not cleanly mapped; moving blindly risks business records. | Tenant-aware Odoo foundation with backups, DB ownership, module list, user policy, and repo-managed config. | Backup restore is tested and tenant/entity owner is assigned. |
| n8n / automation workers | Business workflows, webhooks, notifications, Telegram/Discord/Slack style automation. | Credentials/triggers can fire silently; no clear tenant routing or GitHub issue proof. | Workflow repos plus n8n export files, secret vault/env separation, test webhooks, per-tenant permission model. | Each workflow has owner, trigger, secret source, rollback, and audit log. |
| LLM stack: LiteLLM, OpenWebUI, AnythingLLM, Langfuse, Qdrant, Neo4j | Model routing, memory, dashboards, logging, RAG/graph experiments, local AI control. | Good pieces, but scattered; auth/provider configs and data stores can become unowned runtime state. | Agent-platform repo family with provider policy, memory policy, observability, and import/export scripts. | State export, provider-token rotation, and clean owner map exist. |
| OpenHands / Coder / dev sandboxes | Browser/IDE/dev-worker execution from server. | Powerful but risky if connected to wrong home, repo, or credentials; can mutate without clear PR path. | Ephemeral worker runtimes launched from GitHub issues/branches with scoped tokens and logs. | Write scope and secret scope are restricted before worker start. |
| Nextcloud / file stores / media | Document and asset storage for proposals, clients, evidence, and media. | File truth can split from GitHub and reports; uploads can contain secrets or private client material. | GitHub for source/docs/code, private object storage or Nextcloud for large/private assets, indexed by manifest. | Manifest records owner, privacy, source, and usage status. |
| Hermes / bot containers | Telegram/CLI operator runtime and autonomous agent shell. | Current isolated Hermes is unhealthy; older bot paths mixed session/auth/runtime assumptions. | docker-viewport isolated runtime rebuilt from GitHub, with health, queue, logs, and status dashboard. | Healthcheck passes and a Telegram-to-GitHub-to-worker loop is proven. |
| Unknown containers/volumes | Experiments, legacy apps, old attempts, or parked services. | Unknown owner means unknown business value and unknown deletion risk. | Quarantine inventory: KEEP, MIGRATE, ARCHIVE, DELETE-LATER with backup references. | Sam approves the classification after evidence is visible. |
Old Docker is reference/prod residue. GitHub is the durable plan. VPS is rebuilt runtime. A live service is not migrated until the repo, env, backup, domain route, smoke test, and rollback all exist.
The server became the source of truth. That made completion claims impossible to verify, mixed tenants together, hid automation, and tied business continuity to one fragile host state.
Before any agent changes runtime, it must have an issue, branch, owner, expected files, test command, output artifact, and rollback note. Runtime-only fixes are emergency exceptions.
The target is a global autonomous company, not a single app. GitHub holds the durable company operating system; agents, dashboards, Odoo, Slack, WhatsApp, Telegram, Discord, and runtime workers consume that truth.
platformx-* core PlatformX products; tenant-* isolated client/associate work; partner-* Modern Lao and partner lanes; internal-* private tooling; public-* public sites; infra-* runtime/IaC; upstream-fork-* controlled OSS forks.
PR-time ClawHub gate verifies scope, secrets, tests, review, and deploy proof. Runtime Watcher gate blocks scope leaks, tenant leaks, and infra actions that do not match the approved lane.
The release standard is not "the VPS works today." The standard is quarterly rebuild from GitHub + backups, with route smoke tests and recovery evidence proving the server is cattle, not a pet.
| Workflow | Old intended design | Reality gap | New operating rule |
|---|---|---|---|
| Founder approval | Sam approves high-stakes items through Telegram/WhatsApp/dashboard while agents work 24/7. | Chat became the work surface itself, causing lost state and timeout failure. | Chat creates/updates GitHub work items; approval comments unblock branches or runtime jobs. |
| Mission Control | Dashboards show tasks, approvals, costs, docs, heartbeats, and agent status. | Large parts remained documented-only or scattered across Discord and old dashboards. | Dashboard reads GitHub, logs, Docker health, DNS status, and tenant status as evidence feeds. |
| Odoo / CRM / payments | Finance, contracts, onboarding, renewals, upsells, and retention connect to Odoo/CRM/payment hooks. | Business automation existed mostly as docs/agent shells, not reliable pipelines. | Each business workflow gets repo, webhook, owner, secret policy, and testable integration. |
| Comms channels | Telegram, WhatsApp, Discord, Slack, web UI, and cron all route into agent operations. | Discord became a reporting sink; channel policy drifted from real workflows. | Hermes is the operator shell; every channel maps to queue, tenant, permission, and audit log. |
| Client delivery | Research, qualification, auto-build, proposal, outreach, contract, onboarding, and support agents. | Tenant/client boundaries were not clean enough for safe autonomous execution. | tenant-* repos isolate client work; partner-* and associate work remain separate from ops. |
Domains express the company structure. The ops namespace must be separate from client/associate/product namespaces so proxy, email, and tenant routing do not collapse into one fragile bucket.
| Domain group | Status | Known issue | Decision |
|---|---|---|---|
| viewport.llc | Live | Migration page is public control report. | Keep as parent/system report surface. |
| veavor.com | Ops namespace | Many subdomains route old runtime services. | Map every subdomain to repo, service, owner, proxy, and proof. |
| modernlaohomes.com | Client live | Asset/mobile and portal hardening history. | Keep client boundary; source and deploy proof in Modern repos. |
| bccl.la | Registrar unknown | Remaining 44/45 domain migration blocker. | Resolve registrar/NS before claiming BCCL migration complete. |
| Ghost Cloudflare zones | Cleanup pending | Old zones create confusion and possible route drift. | Delete only after matching registrar/domain evidence. |
| Expired domains | Decision pending | ourlao.com / ourlaos.com and others may be brand-relevant. | Renew or retire explicitly; no silent loss. |
This section upgrades the older migration report instead of replacing it: the earlier deep-document/domain wave remains part of the evidence model, and the current live Cloudflare API state is now cross-checked against local LaoDomains and Migration domain files.
All 54 locally expected active domains are present in destination Cloudflare.
0 missingDestination Cloudflare has 54 expected active zones plus 8 ghost zones that local state already marks for deletion.
8 extrasOnly bccl.la remains in the source Cloudflare account, and it also exists in destination Cloudflare.
The old LaoGrow CSV is historical context, not current Cloudflare ownership. 15 of those names are now in destination Cloudflare.
history preserved| Check | Result | Action |
|---|---|---|
| Expected active missing from destination CF | None | Local 54-domain expected-active set matches destination Cloudflare coverage. |
| Expected active missing from both CF accounts | None | No owned active domain is absent from Cloudflare based on local state. |
| Ghost zones still in destination CF | 8 zones | Delete only after final owner confirmation: creativeviewport.com, jholmall.com, myselftoday.com, photobasket.org, viewportexportimport.com, viewportstudio.com, viewportstudio.info, yourdrive.org. |
| Expired domains in destination CF | None | ourlao.com, ourlaos.com, and gavranghee.com are not live destination CF zones. |
| bccl.la | source active + destination pending | Registrar/NS discovery remains the real blocker. Do not claim BCCL domain migration complete yet. |
| viewport.llc Worker routes | 4 routes live | viewport.llc and www.viewport.llc root/migration routes point to Cloudflare Worker viewport-migration-report. |
Migration/domains/audit/live-cloudflare-crosscheck-20260518/crosscheck.md Migration/domains/audit/live-cloudflare-crosscheck-20260518/live-cloudflare-zones.json Counts: local expected active: 54 live destination Cloudflare zones: 62 live source Cloudflare zones: 1 missing expected active domains: 0 extra destination zones: 8 ghost zones remaining source/destination duplicate: bccl.la
The previous live report had valuable broad-file audit sections. This version keeps the new Telegram/VPS forensic layer while restoring those earlier conclusions as additive evidence, not replacing them.
The prior report recorded 93,566 files inventoried, 79,449 text-like files flagged, 110 JSONL session/chat files indexed, and 7,410,981 raw extract lines scanned.
The earlier deep wave scanned 15,622 document/code/web candidates, string-scanned 749 PDFs, counted 9,154 markdown-family files, 197 Office files, 4,367 web files, 50,432 code/config files, 3,124 media/design files, and seeded 350 domains.
Historian addendum, trust/visibility postmortem, BCCL tenant-isolation case study, veavor.com sensitive hostname matrix, viewport.llc future subdomain plan, PlatformX/Coolify/Cloudflare incident hypothesis, and known evidence gaps remain part of the migration evidence model.
This is the missing center of the migration: Viewport is not only moving servers. It is converting many discussed ideas into a governed company operating system where every business line has a domain, repo, runtime lane, agent workflow, approval gate, and revenue model.
| Area | What was discussed | Business intent | Migration implication | Evidence |
|---|---|---|---|---|
| Viewport Corporation | Permanent parent / holding layer with 4 owned groups, Modern Lao partner, and BCCL associate. | Parent company controlling IP, GitHub org, domains, agents, and approval policy. | One control plane, strict namespaces, no mixing partner/client/private work. | Corporate structure image, Viewport-Corporation-Structure.md, VC-PlatformX-GitHub-Master.md |
| Viewport OS | Company operating system: rules, entity map, agents, handoffs, approvals, memory, governance. | Make Sam's companies run through durable operating rules instead of chat-only execution. | GitHub repos + docs + issues + status pages become the durable OS. | COMPANY-OS.md, Migration council docs, Telegram export |
| PlatformX | Multi-tenant SaaS/control plane for state, rules, tasks, handoffs, integrations, agents, analytics, cost tracking. | Sell managed digital employees and AI-powered business delivery, not just chatbots. | Requires platformx-* repos, tenant registry, billing, Odoo/CRM, integrations, and isolated tenant data. | PLATFORMX-COMPLETE-VISION.md, PLATFORMX-FULL-SPECIFICATION.md |
| Global autonomous brand delivery agency | AI finds businesses/domains, researches target, creates proposal/page/mockups/social proof, then Sam approves purchase/outreach. | Domain is the hook; subscription/monthly services are the real revenue. | Needs research agents, domain availability API, proposal generator, media pipeline, CRM, payment/contracts, onboarding, retention workflows. | PLATFORMX-BUSINESS-MODELS.md, Telegram business messages |
| LaoDomains | GoDaddy + Shopify + Yelp for Laos: Lao-language domains, websites, email, booking, CRM, directory, payments. | Own local digital-presence category for Lao SMBs with low-cost packages and recurring revenue. | Needs LaoDomains repo/product lane, laodomain(s) domain decision, Cloudflare stack, directory, payment/BCEL/LaoQR roadmap. | LaoDomains_Master_Context.md, LaoGrow spreadsheets, domain chart |
| BCCL / LaoWise / Phonemala | Buddha Corporation holding, Phonemala profile/trust, LaoWise as practical operating service for company registration, investor visa, compliance, market entry. | Lao business setup/advisory brand with trust signals, package pricing, WhatsApp/Telegram/Messenger conversion. | tenant-bccl repo/runtime, BCCL corporate site, LaoWise conversion site, Phonemala profile, clean bot/env/domain boundaries. | BCCL_LaoWise_Phonemala_Agent_Brief.md, Projects/BCCL docs, Telegram Hermes history |
| Modern Lao / MLH | Partner/client lane: public credibility site, client portal, Cameron private file, investor/proposal pages, premium design quality. | Professional real-estate/building partner presence, not mixed with Viewport core ops. | partner-modernlao or tenant-mlg repo structure; public/private client portal boundaries; asset/proof QA. | Modern repo/docs, Hermes messages, live clients.modernlaohomes.com |
| Agarwood vertical | Marketplace, seller/supplier directory, escrow/exchange, token/coin, geo funnels for Laos/Asia/Dubai. | Vertical monopoly around agarwood trade and supplier/buyer capture. | Veavor-owned domain family, marketplace repo, trust/verification/content strategy, future payment/escrow lane. | agarwood-business-brief.md, portfolio-chart.md |
| Castle International Holding | Strategic briefing for healthcare payments infrastructure, medical tourism, overseas office, and gold-business comparison; Saathi investor proposal also carries Castle venture identity. | High-stakes external/associate opportunity lane where PlatformX is positioned as operating-system leverage for a small founding team. | Needs private tenant/opportunity classification, legal/compliance review, and source-safe proposal workflow before any public or partner circulation. | Castle_International_Briefing_Rev02.html, saathi-proposal.html |
| Saathi | Voice-first vernacular AI companion / professional practice SaaS / investor portal, tied to Castle International Holding and self-hosted PlatformX delivery. | Major product opportunity in emotional/predictive wellness; requires compliance, privacy, consent, and investor-grade execution. | tenant-saathi or product-saathi lane with private portal, self-hosted LiteLLM, no paid services without approval, and medical-risk wording controls. | saathi-proposal.html, LLM/saathi.asia/Saathi-repo/PRD.md |
| Glanzal Realty | Chandigarh Tricity/NRI real-estate revenue plan using CRM, WhatsApp, Apify, AI scoring, and content/flyer pipeline. | Fast revenue/client delivery pattern that resembles PlatformX agency automation. | Needs Sam confirmation: client project, partner project, test case, or archive-only opportunity. | glanzal_realty_battleplan.html |
| Capital ABC | Co-Founder, Business Minister, Your Drive, SeaLand. | SaaS/product group, still mostly pre-domain. | Needs product decision and domain acquisition/repo mapping before build. | Corporate structure image and Viewport-Corporation-Structure.md |
| Think That Group | Locator, Near Bar, Vendor Stock, Manushya. | Idea/product group, still zero confirmed live domains. | Needs product/domain strategy, no runtime work until mapped. | Corporate structure image and domain portfolio chart |
| Veavor Group | Skill Whales/SKill Wahles, Veavor creative/agency, future products, Wassup Asia/social, Agarwood. | Commercial engine and creative/agency/product umbrella. | vv-/veavor or group repo namespace, veavor.com operations freeze plan, product split from Viewport parent. | INFRASTRUCTURE-MAP.md, portfolio-chart.md |
Domains must mirror business ownership. The old failure was using veavor.com as a catch-all operations namespace without enough separation. The new rule: every domain has entity, purpose, repo prefix, runtime lane, DNS owner, and approval gate.
| Entity / lane | Domains | Repo namespace | Runtime lane | Decision state |
|---|---|---|---|---|
| Parent / Viewport OS | viewport.llc, viewportcorporation.com, viewport.asia, viewportconsultancy.com | viewport-os, infra-*, public-viewport-* | Cloudflare Worker/Pages for reports; VPS only when service needs runtime. | viewport.llc live; future app/api/docs/status agents subdomains must be gated. |
| Ops legacy / Veavor control estate | veavor.com plus host, control, assistant, performer, origin, flow, drive, ai, llm, dock, code, desktop, council, engine, saathi | infra-*, internal-*, upstream-fork-* | Current old Docker/Coolify/Traefik residue; freeze and classify. | Do not blindly repoint veavor.com; map every host to owner/service/repo first. |
| Modern Lao partner | modernlao.com, modernlaohomes.com, clients.modernlaohomes.com, clients.modernlao.com | partner-modernlao, tenant-mlg, public-modernlao-* | Separate public site and private portal; client files under portal, not mixed with homepage. | Live but needs ownership/repo consolidation and asset QA discipline. |
| BCCL associate | bccl.la, buddhacorporation.com, buddhacorporation.la, laowise.la, laoevents.com, ourlaos.la, Phonemala profile domain | tenant-bccl, bccl-*, public-bccl-* | Separate bot, runtime, env, KB, logs, network, ports, secrets. | bccl.la registrar/NS still unresolved; do not call BCCL complete. |
| LaoDomains / Lao services | laodomains.com, laodomain.com, laodental.com, laodoctors.com, laolegal.com, laomanpower.com, laoworkpermit.com, etc. | product-laodomains, tenant-own/lao-services | Cloudflare-first directory/landing pages; later CRM/Odoo/payment runtime. | Need owner/entity decision: BCCL, Veavor, Viewport, or new LaoDomains product company. |
| Veavor / Agarwood | agarwood.la, asiaagarwood.com, asianagarwood.com, dubaiagarwood.com, laoagarwood.com, laosagarwood.com, agarwoodseller.com, agarwoodsupplier.com, agarwoodexchange.com, agarwoodcoin.com | veavor-agarwood, product-agarwood-* | Marketplace/content/proposal pages first; transactional runtime later. | Vision clear; build TBD. |
| People / trust profiles | vishalchavan.com, chavan.info, lahsiv.in, vishal.asia, vinaypatil.info, garylynnsnider.com, phonemala.com | public-person-*, private-profile-* where needed | Static/Cloudflare-first unless login/private content needed. | Some ownership reasons still need one-line confirmation. |
| Ghost / no longer owned | creativeviewport.com, jholmall.com, myselftoday.com, photobasket.org, viewportexportimport.com, viewportstudio.com, viewportstudio.info, yourdrive.org | none | None. | Still in destination Cloudflare; delete only after final owner confirmation. |
This is the domain segregation the migration must use. The report now keeps local LaoDomains context, live Cloudflare state, and business ownership in the same view so no domain disappears into generic DNS work.
| Cluster | Domains | Business meaning | Cloudflare / registrar reality | Required next step |
|---|---|---|---|---|
| Personal - Sam | 1987.vc, vishalchavan.com, chavan.info, lahsiv.in, vishal.asia | Personal brand, family/life archive, future earn-and-learn/VC brand, possible public/private login content. | Part of active 54-domain set; 1987.vc custom registrar still needs API access for full automation. | Separate personal-public repos from Viewport Corp repos; never mix personal auth with company ops. |
| Agarwood - Veavor | agarwood.la, asiaagarwood.com, asianagarwood.com, dubaiagarwood.com, laoagarwood.com, laosagarwood.com, agarwoodseller.com, agarwoodsupplier.com, agarwoodcoin.com, agarwoodexchange.com | Vertical monopoly strategy: marketplace, seller/supplier capture, geo funnels, exchange/escrow/token route. | Live Cloudflare coverage present; build status is concept/brief, not product complete. | Create product-agarwood repo, landing/content stack, marketplace roadmap, supplier intake, proof assets. |
| BCCL associate | bccl.la, buddhacorporation.com, buddhacorporation.la, laoevents.com, laowise.la, ourlaos.la, ourlao.com expired, ourlaos.com expired, phonemala.com | Laos-rooted associate tenant around Buddha Corporation, LaoWise services, events/community/cultural thesis, Phonemala trust profile. | bccl.la is active in source Cloudflare and pending in destination; registrar/NS remains unresolved. ourlao.com and ourlaos.com expired. | Resolve bccl.la registrar/NS, decide renewal of expired BCCL-family domains, create BCCL/LaoWise trust and package sites under tenant isolation. |
| Modern Lao partner | modernlao.com, modernlaohomes.com | Partner/client operating lane for Modern Lao Group and Modern Lao Homes. | Active Cloudflare zones; live public/private site work exists but must remain separate from Viewport core. | Keep public site, client portal, proposals, and Gary/Sam assets in partner-modernlao/tenant-mlg structure. |
| Viewport Group | viewportcorporation.com, viewport.llc, viewport.asia, viewportconsultancy.com; ghost: viewportstudio.com, viewportstudio.info, viewportexportimport.com, creativeviewport.com | Corporate parent/group presence plus consulting and operating-company namespace. | viewport.llc live via Worker routes; four Viewport-ish zones are ghosts no longer owned at registrar. | Use viewport.llc for control/report surface; delete ghost CF zones only after final confirmation; acquire/reassign missing group domains only if business demands it. |
| Veavor Group | veavor.com, veavorglobal.com, skillwhales.com, wassupasia.com, wassup.social plus Agarwood family | Commercial/creative/product umbrella and current ops namespace residue. | veavor.com has active ops subdomains and old runtime/proxy dependencies; cannot be casually replaced. | Freeze and map every veavor.com subdomain to service/repo/owner before moving; define Skill Wahles and Wassup product briefs. |
| Capital ABC | Ghost: yourdrive.org. No live owned domains for Co-Founder, Business Minister, SeaLand, Your Drive. | Product group named in corporate structure but not yet domain-backed. | yourdrive.org is ghost in Cloudflare; no active registrar ownership. | Do not build until product intent and domains are confirmed; remove ghost DNS after approval. |
| Think That Group | No current owned domains found for Locator, Near Bar, Vendor Stock, Manushya. | Idea/product group from corporate chart. | No live domain evidence in current active inventory. | Leave as concept lane until domains/product specs exist. |
| Lao services vertical | laodental.com, laodoctors.com, laodress.com, laoinvestors.com, laojewellers.com, laolegal.com, laomanpower.com, laopets.com, laorecruitment.com, laorental.com, laotrading.com, laoworkpermit.com | Potential Lao-services marketplace/directory/SaaS family, likely related to LaoDomains or BCCL/local services. | All expected active domains exist in Cloudflare; many have zero DNS records and are not productized. | Decide one platform vs 12 standalone verticals vs SEO holding; assign owning entity before build. |
| Unknown / misc | nocub.com, benllo.com, benlloconsultants.com, saathi.asia, olsoy.com | Unclassified business/personal/sale/service domains. | Active zones exist; olsoy appears sale-oriented in local chart; saathi has separate deployment history. | Classify or mark sell/park/retire; do not route production blindly. |
BCCL thesis, Lao services ownership, viewport.llc purpose, laodomain/laodomains entity, Skill Wahles product, Wassup product, Capital ABC intent, Think That domain status, people-domain purpose, unknown bucket, expired renewals, ghost-zone deletion, 1987.vc API.
Cloudflare zone alone is not enough. Each domain needs repo, service, runtime, DNS owner, email owner, secret owner, smoke test, rollback, and business lane.
The earlier mistake was replacing the domain story with a thin DNS status. The correct report keeps business segregation, live Cloudflare proof, and unresolved decisions together.
These are the business/product lines that should not disappear into generic migration language. Each needs a repo, owner, domain lane, agent workflow, and proof of current status.
| Product / engine | Concrete definition | Revenue logic | Status / caution | Evidence files |
|---|---|---|---|---|
| PlatformX Core | Tenant registry, dispatch, usage logging, billing skeleton, rules/state/task/agent/integration surfaces. | SaaS/control plane for own businesses, partners, associates, and future external clients. | Needs platformx-core repo, tenant registry, billing, dispatch, and proof-first GitHub workflow. | phase-1-core.md, PLATFORMX-FULL-SPECIFICATION.md |
| Mission Control | Internal autonomous workboard for agents: heartbeats, approvals, tasks, costs, dashboard. | Operational visibility and control layer so Sam approves instead of manually coordinating. | Specified strongly, but deployed/live reality remains incomplete and must be tied to GitHub/status evidence. | MISSION-CONTROL-COMPLETE-SPEC.md, Mission_Control_x_OpenClaw_Complete_Spec.docx.md |
| VIEWPORT / OpenClaw | Always-on orchestrator/reviewer/workforce layer with agents and cron/status loops. | Internal execution workforce for all Viewport businesses. | Do not expose as public client shell; fence old state, verify fresh loop, stop Sam-as-relay. | viewport-agent-files-redacted.md, OpenClaw docs, live-baseline |
| Hermes | Technical operator shell: Telegram/CLI/session persistence/provider routing/VPS tools. | Hands-on operator for GitHub/VPS/domain/client work under approval gates. | Current isolated docker-viewport Hermes is running but unhealthy; fix before trusting 24/7 work. | Hermes docs/source lane, docker-viewport audit |
| LaoWise | AI company registration + business management product: formation, banking, branding, domain, hosting, ERP, CRM, payments, ongoing ops. | Starter-to-Ultimate packages plus recurring management and compliance/support. | Best immediate BCCL revenue engine; needs clean BCCL/LaoWise domain and trust profile implementation. | BCCL_LaoWise_Phonemala_Agent_Brief.md, Projects/BCCL/LaoWise PRD |
| LaoDomains | Lao-language domains + website + directory + email + booking + CRM + payments for SMBs. | Domain hook becomes $15-$25/month digital presence subscription; vertical directory upsells. | Attribution conflict: older docs tie laodomains to Modern Lao; dedicated project treats it as standalone business. | LaoDomains_Master_Context.md, portfolio-chart.md |
| Modern Lao client lane | Public credibility site + private client portal + individual client files/proposals. | Partner/client work, proof-driven premium design and project intake. | Should be partner-modernlao/tenant-mlg, not generic PlatformX or personal repo sprawl. | Modern docs, Hermes messages, live client portal |
| Modern Intelligence Platform | Modern Lao Group operating system: Odoo Enterprise, agent network, WhatsApp lead qualification, documents, proposals, invoicing, multi-division workflows. | Partner platform that can become a sellable Modern Lao Tech / PlatformX proof case. | Needs Odoo/agent/domain/workflow proof and partner approval; keep separate from Viewport core. | MLG-Proposal-Modern-Intelligence-Platform-April2026.html |
| Agarwood vertical | Marketplace + supplier directory + escrow exchange + token/settlement layer. | Trade/lead generation, directory, transaction fees, future token/escrow products. | Domain family is strong; product build not started. | agarwood-business-brief.md, portfolio-chart.md |
| Castle International / cross-border healthcare payments | Regulated healthcare payment/escrow infrastructure path sequenced from healthcare into education and trade. | Empire-scale opportunity if funded, compliant, and run by a serious autonomous operating layer. | High-risk strategic lane; must remain private and compliance-reviewed until explicitly approved. | Castle_International_Briefing_Rev02.html |
| Saathi | Vernacular voice-first emotional/predictive wellness platform and investor portal, with professional B2B wedge and later consumer companion. | Product/venture lane with data moat, professional network, investor-facing portal, and self-hosted cost controls. | Needs strict privacy, medical/mental-health risk controls, consent architecture, and no hidden paid dependencies. | saathi-proposal.html, Saathi-repo/PRD.md |
| Glanzal Realty | Real-estate CRM/lead/content plan for Glanzal Realty, Tricity/NRI segment. | Client revenue automation model: lead sourcing, AI scoring, WhatsApp, CRM, proposals, daily pipeline. | Awaiting Sam confirmation before creating tenant or partner lane. | glanzal_realty_battleplan.html |
| OmniBridge | Branded content/publishing and Telegram/automation product with MVP ticket set. | Automation/publishing engine that can plug into PlatformX. | Needs clear repo ownership and integration boundary; not the same as PlatformX core. | OMNIBRIDGE-MVP-TICKETS.md, old chat logs |
| OmniBrand / brand delivery | AI researches target, produces live proposal, mockups, social proof, contract/onboarding pathway. | Low-ticket/high-volume recurring agency replacement model; domain is the entry hook. | Concept is clear, standalone spec less mature; requires media/content factory and CRM/payment workflows. | PLATFORMX-BUSINESS-MODELS.md, Full System Wiring Plan |
The chats are the strongest source for what was asked, what was promised, what failed, and what still needs to be done. This section converts both bot histories into operating categories without exposing secrets.
| Bot history | Category | Count | What it means for migration | GitHub label / lane |
|---|---|---|---|---|
| TheViewportBot | Hermes / OpenClaw / agents | 3,126 | Agent identity, OpenClaw setup, model routing, runtime access, gateway/status loops, and the repeated need for reliable operator boundaries. | agent-runtime, hermes, openclaw |
| TheViewportBot | Not done / request | 2,075 | Large unresolved backlog and repeated requests to stop asking and execute with proof. | backlog, sam-request |
| TheViewportBot | Failure / blocker | 2,019 | Rate limits, wrong commands, deployment failures, false completion claims, format/design failures, and trust repair evidence. | incident, blocker, verification |
| TheViewportBot | Runtime / VPS / Docker | 1,893 | Old server, Docker services, proxy, ports, data stores, root access, and why old Docker cannot be treated as disposable yet. | runtime, old-docker |
| TheViewportBot | Docs / uploads / references | 1,794 | Markdown files, PDFs, screenshots, voice notes, and external links form the business and technical evidence set. | docs, evidence |
| TheViewportBot | GitHub source of truth | 1,032 | GitHub org, repos, PRs, branch policy, durable handoffs, and source-of-truth thinking emerged repeatedly. | github-sot |
| TheViewportBot | Security / credentials | 859 | Historical exposure risk means migration cannot be trusted until secrets are rotated and reports stay redacted. | security, rotate |
| TheViewportBot | Business operating model | 465 | Domain-hook agency, subscriptions, client delivery, brand factory, and always-on company vision. | business-model |
| TheViewportBot | Domains / DNS | 398 | Early domain and routing discussions that now must be turned into Cloudflare/GitHub-backed infrastructure. | domains, dns |
| Hermes_Viewport_Bot | Runtime / VPS / Docker | 919 | Current Hermes and docker-viewport state, production host work, and the need for isolated runtime health proof. | runtime, hermes-health |
| Hermes_Viewport_Bot | Hermes / OpenClaw / agents | 833 | Operator-shell activation, provider routing, auth repair, Telegram/CLI integration, and OpenClaw boundary decisions. | hermes, agent-runtime |
| Hermes_Viewport_Bot | Docs / references | 623 | Modern, BCCL, migration, screenshots, and imported documents used to build the current plan. | docs, imports |
| Hermes_Viewport_Bot | Not done / request | 607 | Current user pressure around incomplete report, missing chat read, old Docker, domains, and business plan extraction. | backlog, urgent |
| Hermes_Viewport_Bot | Security / credentials | High-signal subset | Phone codes, sessions, API keys, provider auth paths, and bot credentials require private handling. | security, private |
TheViewportBot repeatedly referenced performer.veavor.com, github.com, control.veavor.com, viewport-knowledgebase.vercel.app, veavor.com, modernlao.com, assistant.veavor.com, api.telegram.org, docs.openclaw.ai, vercel.com, localhost, and VPS addresses. These are not random links; they map the old operating surface.
The same pattern recurs: agent says complete, user asks whether every link/doc/file was actually read, evidence is missing, report/site is thin, then work has to restart. The new rule is evidence before completion.
Every meaningful Telegram request should become a GitHub issue, label, branch, artifact, and status update. Telegram stays the command surface; GitHub holds truth and proof.
The Telegram histories are not a single topic. They are the raw operating memory for the company. These categories should become GitHub labels, docs folders, and migration backlog lanes.
Provider auth, Codex OAuth, OpenClaw health, Hermes Telegram, full host/Docker access, model routing, cron, memory, skills, MCPs, bot identity.
Repo strategy, viewport-corp org, fork strategy, PRs, branch protection, issue queues, council checks, GitHub Actions, durable handoffs.
Cloudflare migrations, Namecheap/Name.com/Porkbun, veavor.com subdomains, viewport.llc Worker, bccl.la blocker, ghost zones, client domains.
Coolify, Traefik, Odoo, n8n, Qdrant, Langfuse, LiteLLM, OpenWebUI, OpenHands, Coder, Nextcloud, tenant containers, backups.
Autonomous brand agency, domain hook, subscription retention, low-ticket volume, reports/invoicing/marketing/CRM, client negotiation AI.
Modern Lao Homes public site, private client portal, Cameron file, proposal pages, image/video quality, premium design standards.
Phonemala, company registration, investor visa, LaoWise packages, trust profile, BCCL corporate story, tenant isolation.
False completion claims, unread links, wrong images, wrong repo naming, foreground Telegram loops, incomplete verification, secret exposure.
These uploaded Markdown/PDF/media files are not attachments to ignore. They define the product, company, migration, business model, and failure history. Raw files stay local; public report summarizes them safely.
| Document family | Files observed | What they contribute |
|---|---|---|
| PlatformX product | PLATFORMX-COMPLETE-VISION.md, PLATFORMX-FULL-SPECIFICATION.md, PLATFORMX-UNIFIED-PLAN.md, VC-PlatformX-GitHub-Master.md | Feature list, UI flows, pricing, tenant model, GitHub org/repo strategy, platform architecture. |
| Mission Control / OpenClaw | MISSION-CONTROL-COMPLETE-SPEC.md, Mission_Control_x_OpenClaw_Complete_Spec.docx.md, OPENCLAW_OPTIMIZATION_RESEARCH_REPORT.md | Dashboard, approvals, heartbeats, multi-channel comms, OpenClaw optimization and token strategy. |
| BCCL / LaoWise | BCCL_LaoWise_Phonemala_Agent_Brief.md, Projects/BCCL/DOMAIN-STATUS.md | BCCL holding story, LaoWise packages, Phonemala profile, competitor landscape, trust-building priorities. |
| Business model | PLATFORMX-BUSINESS-MODELS.md, olsoy-sales-plan.md, domain portfolio docs | Domain hook, subscription model, proposal/onboarding system, recurring value, cost/credit concern. |
| Migration / governance | VIEWPORT-COUNCIL-INSTRUCTIONS*.md, Migration docs, older live-baseline report | Sam gates, council verification, source-of-truth policy, old Docker protection, what not to do. |
| Client assets and media | Modern Lao PDFs/photos/videos, OpenClaw PDFs, voice notes, screenshots | Evidence reservoir for client portals/proposals; not fully OCR/vision-complete yet. |
These source families are related enough to appear in the migration report, but they should not be silently absorbed into Viewport core. They need one-line owner/scope decisions before repos, domains, agents, or runtime lanes are created.
| Item | What was found | Why it matters | Confirmation needed |
|---|---|---|---|
| Castle Planets / Castle Planet naming | No separate local file/folder matched this exact name. Related hits: Castle International Holding, Saathi as Castle venture, and Dong Dok Castle in Modern. | User mentioned “castle planets”; this may be a spelling/brand/folder name not captured by keyword scan. | Confirm exact spelling/path or whether Castle Planets means Castle International + Saathi + related ventures. |
| Castle International Holding | Internal briefing for Pradeesh Paraprath and four-business comparison with healthcare payments infrastructure as the empire path. | Potential client/venture lane with high compliance and confidentiality requirements. | Is Castle a client, partner, associate, or external proposal archive? |
| Saathi | Castle-linked Saathi proposal and local Saathi PRD under LLM/saathi.asia. | Looks like a serious product/venture, not just a proposal. | Should Saathi be under Veavor, Viewport, Castle, separate company, or client work? |
| Glanzal Realty | glanzal.com/realty plan with CRM, n8n, NocoDB/Twenty CRM, WhatsApp, Apify, AI scoring, and revenue target. | Could become a repeatable PlatformX real-estate automation case. | Is Glanzal an active client, friend/associate, test proposal, or archive? |
| OmniBridge / Origin archive | Large number of docs, PRDs, bug audits, dashboards, system-fixed archives, and OmniOS/TelegramSuite files. | Too large to compress into one paragraph; it likely contains major lessons and reusable product pieces. | Should OmniBridge be revived as product, archived as evidence, or mined for parts into PlatformX? |
| GSD project backup | /Users/Office/Downloads/Projects/GSD-Project-Backup contains REAL_STATUS, 02-LIVE-STATE, and GSD_MANIFEST. | Related backup/project evidence found during source-library scan, but business meaning is not yet clear. | Confirm what GSD means, whether it is active, archive-only, or part of another product/client lane. |
| Master setup / OpenClaw legacy docs | _ORIGINALS/Master-Setup-Docs contains OpenClaw setup, optimization reports, revenue-hunting, memory, identity, bootstraps, phase docs. | These are strong historical operating-system attempts and should inform failure/avoidance rules. | Approve import as private legacy evidence with redaction flags, or mark as archive-only. |
| Chat-Histories folder | SERVER-VPS-Log.md and OMNIBRIDGE-Development-Log.md were found in Downloads. | Could improve Docker/VPS and OmniBridge forensic accuracy. | Confirm whether these logs may be imported into Migration private evidence and summarized publicly after redaction. |
| Odoo tenant factory | Prompt describes separate Odoo DB per client, client agent, docs workspace, domain routing, n8n, channel integrations, and LiteLLM keys. | This is central to the actual SaaS onboarding plan. | Confirm Odoo per-client separate database remains the locked architecture. |
| Downloads as source of truth | Downloads contains many canonical-looking docs and duplicates of Migration source-docs. | Downloads is not durable enough for source of truth, but contains missing historical plans. | Decide whether to import selected docs into Migration/imports with index, or leave Downloads as external evidence path. |
This section must be read as the execution backlog. Nothing here should be called done until there is a proof artifact, live test, repo state, or owner decision.
| Backlog item | Current issue | Why it matters | Proof required |
|---|---|---|---|
| Hermes to ViewportBot autonomous loop | Manual/partial relay and chat use; no final durable queue owned by GitHub. | Sam must not be the clipboard/message bus. | Issue queue, bot-to-bot protocol, cron/background worker logs, Telegram smoke test. |
| Old Docker classification | Old daemon still has production/reference services and unknown owners. | Deletion or migration without owner map can destroy business state. | KEEP/MIGRATE/ARCHIVE/DELETE-LATER matrix with backups and Sam approval. |
| Domain/subdomain system | Cloudflare zones exist, but not every host has repo/service/owner/proof. | Domain sprawl caused proxy confusion and broken trust. | Full DNS matrix with route, service, repo, owner, rollback. |
| BCCL completion | bccl.la registrar/NS unresolved and BCCL business thesis still needs final confirmation. | BCCL is associate tenant and cannot be treated as generic Viewport work. | Registrar proof, NS flip, BCCL repo/runtime/domain plan, LaoWise/Phonemala site decisions. |
| Odoo/CRM/payment foundation | Odoo exists on old runtime, but no tenant-ready productized workflow. | Subscription business needs invoicing, CRM, onboarding, contracts, retention. | Tenant Odoo DB strategy, CRM pipeline, payment package, integration tests. |
| Slack/Discord/WhatsApp/Telegram | Multi-channel vision exists, but routing policy drifted and Discord became sink. | Agents need reliable comms per tenant with approval and audit trail. | Channel map, permissions, webhooks, tenant routing, test messages. |
| Image/video/social factory | Paid credits/resources not producing continuous assets while Sam sleeps. | Business plan depends on premium proposals, mockups, social proof, media. | Content queue, output folders, generator contracts, review gates, published examples. |
| GitHub repo hygiene | Some work still lives on Mac/VPS/chat; repo names and ownership have drifted. | GitHub as source of truth fails if repos are missing/wrongly named. | Org/repo catalog, branch protection, PR templates, issue labels, migration commits. |
| Monitoring dashboard | No final trusted dashboard for Docker, domains, agents, GitHub tasks, tenant status. | 24/7 company needs visibility without watching chats. | Dashboard reads Cloudflare, Docker, GitHub, bot health, queue status. |
The failure was not one broken container. It was a control-plane failure: chat, servers, secrets, domains, docs, and product ideas were mixed without durable ownership and verification.
The same mistakes should not be allowed to repeat. This is the operating correction layer for every agent and human touching Viewport work.
| Failure pattern | Why it happened | How it could have been avoided | Permanent rule going forward |
|---|---|---|---|
| Thin report after huge evidence request | Summary was written before all source families were indexed into the final page. | Freeze evidence first, build source index, then write conclusions from artifacts. | Every strategic report starts with an evidence table and ends with proof checks. |
| Unread links/docs suspicion | Prior agents claimed they read everything without showing path, count, or source coverage. | Report exact filenames, counts, and what each file proved before conclusions. | No "read everything" claim without source index and gaps section. |
| Sam as message bus | Hermes, ViewportBot, OpenClaw, and humans relayed state through chat instead of durable queue. | Use GitHub issues/PR comments/status files as machine-readable queue. | Telegram is command surface; GitHub is state surface. |
| False done / incomplete proof | Health checks, pages, domains, and reports were considered complete from partial smoke checks. | Define completion proof before work begins: curl, DNS, Docker health, screenshot, tests, artifact paths. | No proof means in progress, even when something appears to work. |
| Domain sprawl confusion | Business, personal, partner, associate, and ops domains were mixed under broad "domain work". | Map every domain to entity, business purpose, repo, runtime, DNS owner, email owner, and approval gate. | DNS changes require domain matrix row first. |
| Old Docker fear and risk | Server held business data and runtime truth without enough owner/repo labels. | Create KEEP/MIGRATE/ARCHIVE/DELETE-LATER matrix before any mutation. | No old Docker deletion/prune/replace without owner map, backup, route test, and Sam approval. |
| Secret pollution | Credentials were pasted into chats/reports during urgent access and auth repair. | Use env files, vaults, masked command output, and redacted reports. | Rotate historical exposed secrets and never publish raw auth material. |
| Paid resource underuse | Credits/models/tools existed but were not connected to governed queues and output contracts. | Define work queues, agent roles, cost caps, deliverable folders, and daily proof reports. | Autonomy means scheduled verified outputs, not random chat promises. |
| 24x7 agent company collapse | OpenClaw had 51 scheduler jobs mostly targeting one main session, while host cron killed Claude/OpenClaw and deleted session/lock files. | Partition schedules by service lane, remove broad kill/delete jobs, and use queue/lock/retention rules with observable last-success state. | No always-on claim until the scheduler, session, memory, provider, and Telegram path pass a sustained reliability proof. |
| Hermes cannot read the plan | /srv/viewport/migration exists on the VPS, but hermes-bccl only mounts /srv/viewport/runtime/hermes-bccl to /opt/data. | Recreate Hermes with /srv/viewport/migration mounted and verify read access from inside the container. | Hermes must read /opt/data/migration before migration actions; chat/session memory is not source of truth. |
| Domain/proxy drift | Routes are split across Coolify, Traefik dynamic files, manual rules, container labels, and old assumptions. | Create a domain catalog: FQDN, route source, upstream container, repo, owner, TLS source, health URL, rollback. | Every DNS/proxy change requires a domain-catalog row and proof. |
The security lane found critical historical exposure. Values are intentionally omitted here. The required action is rotation and cleanup, not copying secrets into another report.
| Credential class | Risk | Observed storage class | Required action | HTML rule |
|---|---|---|---|---|
| Webhook bearer tokens | Critical | Historical reports, imported Telegram media docs | Revoke/regenerate and audit webhook consumers. | Never include values. |
| Plaintext passwords | Critical | Reports and imported chat artifacts | Reset passwords, invalidate sessions, review access. | Never include values or hints. |
| GitHub PAT/API tokens | Critical | Telegram exports and media reports | Revoke all referenced PATs; use fine-grained short-expiry tokens. | Never include prefixes that help reconstruction. |
| Telegram bot/user sessions | High | Bot token references, Telethon session artifact path | Rotate bot tokens; revoke unneeded Telegram sessions; protect session files. | Never expose token, chat IDs tied to privileged routing, or session data. |
| Provider auth profiles | High | OpenClaw/Hermes auth paths and backups | Inspect and rotate provider tokens; scrub unsafe backup docs. | Never include auth-profile dumps. |
| Placeholder env schemas | Medium | Deployment docs | Keep names only; ensure real values are not adjacent. | Names safe, values forbidden. |
This is the actionable plan. The rule is simple: no phase is complete until the proof column is satisfied and the proof is stored in GitHub or a named evidence artifact.
| Phase | Objective | Owner | Blocker | Proof required | Status | Next action |
|---|---|---|---|---|---|---|
| 0 Evidence freeze | Preserve Telegram, docs, VPS, Docker, domain evidence. | Viewport OS | Binary OCR still optional. | Export manifest, forensic index, public redacted report. | In progress | Keep raw evidence local; publish redacted command report. |
| 1 Secret rotation | Remove trust poison from historical artifacts. | Sam + operators | Credential-owner action required. | Rotation log with revoked token/password/session checklist. | Critical | Rotate webhook, passwords, PATs, bot tokens, provider sessions. |
| 2 GitHub truth cleanup | Make GitHub the only durable source of truth. | Viewport Corp | P3 hardening and council tag not complete. | Org/repos/branches/issues/PR templates/protection rules. | Open | Finish P3 GitHub hardening and create repo ownership map. |
| 3 Runtime isolation | Keep old Docker stable while moving agents to isolated runtime. | Infra | Hermes unhealthy, old Docker still production. | Health checks, backups, route map, restore test. | Open | Fix Hermes health and classify old containers by owner. |
| 4 Domain/proxy foundation | Map every domain and subdomain to repo/service/owner/proxy. | Domain ops | bccl.la unresolved; ghost zones pending. | DNS matrix, Cloudflare/registrar proof, route smoke tests. | Open | Resolve bccl.la, delete verified ghost zones, document mail routes. |
| 5 Tenant factory | Create repeatable client/associate/project lanes. | PlatformX | Old tenant residue and unclear repo boundaries. | tenant-* repo pattern, deploy template, secrets policy, runbook. | Not started | Define tenant template for Modern, BCCL, Saathi, LaoWise. |
| 6 Autonomous company loop | Make agents work 24/7 from GitHub tasks with proof. | Hermes + agents | Chat-only execution and provider instability. | Issue queue, background workers, dashboards, daily evidence commits. | Not started | Route Telegram requests into GitHub tasks and verified worker runs. |
This is the readable version of Hermes' Telegram discussion and research. It is formatted to match the existing migration report: cards, tabs, tables, proof notes, and clear review sections for Sam and OpenClaw.
https://viewport.llc/migration stays the working command center until source and deploy are moved to GitHub/VPS properly.control.viewport.llc can become the cleaner entry point later, but it should still be one control surface, not many subdomains.The right UX is one control center with departments, categories, sections, filters, and review tabs.
Decision: keep this inside /migration now; optionally rename to control.viewport.llc later.Agents, Docker, DNS, Evidence, Security, Runbooks, and Decisions are menu sections.
Subdomains should be reserved for real products/tools/tenants.The evidence/control/handoff layer must be correct before destructive runtime work.
Old Docker/OpenClaw/Hermes evidence remains protected.The paths are known, but the files are on Mac and are not mounted into Hermes/VPS yet.
Truthful status: summaries were read; full raw exports still need import/access.Hermes read/extracted viewport.llc/migration and www.viewport.llc/migration.
VPS mirror exists at /srv/viewport/migration/ and was copied to /tmp/vps_migration_mirror/ for reading.
Hermes read narratives, handoffs, evidence-index lane files, and the seed service catalog.
Seed lanes include Hermes, PlatformX, source-library, OpenClaw, Modern, BCCL, Odoo, n8n, qdrant, langfuse, litellm, ingress-proxy.Available summaries reference 6,990 ViewportBot messages, 2,460 Hermes messages, 9,450 categorized messages, 366 media files, and 252 OCRed images.
These are summary claims until raw files are imported and parsed again./Users/Office/Viewport/PlatformX/Migration/imports/telegram-bot-history/EXPORT-MANIFEST.json /Users/Office/Viewport/PlatformX/Migration/imports/telegram-bot-history/TheViewportBot/TheViewportBot-full-history.raw.json /Users/Office/Viewport/PlatformX/Migration/imports/telegram-bot-history/TheViewportBot/TheViewportBot-full-history.md /Users/Office/Viewport/PlatformX/Migration/imports/telegram-bot-history/Hermes_Viewport_Bot/Hermes_Viewport_Bot-full-history.raw.json /Users/Office/Viewport/PlatformX/Migration/imports/telegram-bot-history/Hermes_Viewport_Bot/Hermes_Viewport_Bot-full-history.md
weshall-1 / 100.87.138.47 timed out on SSH.
weshall-7 / 100.101.66.38 is reachable on SSH port 22.
SSH authentication is denied for Office, theplatformxyz, and root.
Authorize VPS/Hermes SSH key on Mac, allow Tailscale SSH policy, or copy the full Migration folder to VPS private evidence storage.
| Menu | Purpose | Required proof/content |
|---|---|---|
| Home | Current command summary. | Status, blockers, safe/unsafe actions, last verified time. |
| Setup | Prepare GitHub/VPS/source-library before migration. | VPS layout, mounts, access checks, acceptance gates. |
| GitHub | Canonical source and change history. | Repos, PRs, branch protection, catalogs, ADRs, changelog. |
| VPS / Runtime | Live runtime and evidence workspace. | Paths, containers, logs, backups, deploy method, health checks. |
| Docker | Old Docker classification and new runtime lanes. | Inventory, owner, repo, route, backup, rollback, delete gate. |
| Domains / DNS | Every domain/subdomain mapped to service and owner. | FQDN, DNS provider, route source, TLS, smoke status, rollback. |
| Agents | Hermes/OpenClaw/Codex/Claude/future workers. | Role, permissions, queue, handoff, approval policy, proof links. |
| Evidence Library | Private source material and public-safe summaries. | Telegram exports, media, OCR/STT, manifests, secret scan. |
| Runbooks | Repeatable operating procedures. | DNS, Docker, evidence import, backup/restore, incident response. |
| Decisions | Sam confirmations and unknowns. | Business classification, delete approvals, security approvals. |
| Proof Dashboard | Reality checks. | Health, screenshots, logs, GitHub proof, backup/restore proof. |
docker ps, docker inspect, docker logs --tail, volume/network/image inspect, docker stats --no-stream.
stop, restart, remove, prune, compose up/down, proxy edits, volume deletion, container upgrades.
Destructive actions need explicit approval and rollback.Discovered → classified owner/family → keep/migrate/archive/delete-later → repo/env/domain/backup/rollback → replacement proof.
Only then cutover/delete decisions.Strong later as service catalog/internal portal, but not first. Catalog truth must exist before installing portal tooling.
Risk: stale portal theater if data is wrong.Good immediate path for readable docs generated from source-controlled data.
Fast, simple, Git-friendly.GitHub should define intended state, but live state still needs verification and drift detection.
Do not pretend Git equals reality.DNSControl/octoDNS/Terraform are useful after current zones are inventoried.
Do not automate unknown DNS.Portainer/Coolify/Dokploy are useful for new runtime lanes, not for mutating old Docker first.
Old Docker must stay read-only until classified.Tools need registry, trust tier, scopes, approval policy, audit log, and kill switch.
Do not expose broad ambient credentials.OpenClaw Review of Hermes Plan 1. What Hermes got right 2. What Hermes got wrong 3. What evidence OpenClaw already has that Hermes has not read 4. What must be imported from Mac first 5. What should be added to /migration menu 6. What should be private only 7. What should be public-safe 8. Final agreed first action
Copy the full Mac Migration folder to VPS private evidence storage or authorize Mac SSH.
Without this, raw Telegram verification remains blocked.Create/move source into viewport-corp/viewport-ops with generator, catalogs, templates, manifests, runbooks, and changelog.
Keep publishing this page as the public-safe readable dashboard.
Public dashboard hides secrets, raw logs, private clients, internal paths, and sensitive business data.This section captures the OpenClaw/VIEWPORT review that happened in Telegram after Hermes Plan was added. It is written as a readable page section so Sam, Hermes, OpenClaw, Codex, Claude, and future agents can compare the reasoning without copying long Telegram messages.
GitHub becomes the source of truth. VPS becomes runtime/evidence host. Mac must be removed from the chain. Old Docker remains read-only until catalog, backup, rollback, and approval gates exist.
Status: accepted direction.Hermes suggested control.viewport.llc as a possible future cleaner entry point. OpenClaw recommends starting with viewport.llc/control or continuing viewport.llc/migration until source/deploy are clean, because Sam strongly prefers one domain/control panel with menus.
It is a strong forensic dump and doctrine page, but too dense, partially stale, and too public-sensitive. It must become a structured command center with public/private split.
Do not delete it. Freeze/archive the current version as evidence.Make /srv/viewport/migration the live migration workspace, move/generate page source there, put safe source in GitHub, and publish a cleaner viewport.llc/migration or viewport.llc/control page with proper menus.
Sam rejected many operational subdomains. The requirement is one visual control center where GitHub, VPS, Docker, agents, domains, evidence, rules, and setup can be understood from one place.
This is not only a migration. It is setup, implementation, Docker/runtime, GitHub, agent handoff, control room, knowledgebase, and permanent company operating architecture.
Read the /migration page, the Telegram exports from day one, Hermes/OpenClaw evidence, Docker/service details, links, files, and every section/category before claiming final certainty.
Mac must not remain required. All source/generator/Worker/data/evidence needed for ongoing operation must move to VPS and GitHub. Future access should work through VPS/GitHub/CLI/mobile terminal.
Hermes verified that the deploy source is on Mac, the VPS mirror is only an evidence/handoff input layer, current Hermes does not have /opt/data/migration mounted, and the live page is served by Cloudflare Worker from generated report artifacts.
OpenClaw answered: Hermes is right. Correct standard is GitHub source of truth, VPS runtime/evidence storage, website visual/readable dashboard, Mac removed from chain.
Sam could not use the Telegram wall of text and asked for an OpenClaw Plan section like Hermes Plan, preserving the exact flow so Hermes and Sam can compare properly on the page.
The deploy source is not the VPS mirror. The source/generator/Worker JS currently referenced by the migration report lives on Mac paths and must be imported.
Known source paths includeMigration/scripts/audit/build_migration_report.py, generated index.html, Worker JS, and live baseline./srv/viewport/migration currently holds evidence/handoff/input material, not the full Worker deploy source.
The page must distinguish target doctrine from current verified state; mark stale audit facts; fix health wording; add source/deploy metadata; and add a formal update workflow.
Login redirect is not the same as true application health.The current page exposes too much topology/business/private context. Sensitive paths, IPs, hostnames, private people/client details, ownership percentages, strategic plans, and security details must move to private evidence.
Public page should be sanitized.If a future entry point is needed, use one control surface. Start with viewport.llc/migration cleanup or viewport.llc/control. Do not create separate operational subdomains for every menu.
| Layer | Role | What belongs there | What must not belong there |
|---|---|---|---|
| GitHub | Canonical source and history. | Generator source, templates, catalogs, schemas, agent profiles, runbooks, decisions, changelog, CI validation, public-safe manifests. | Secrets, raw credentials, session files, private keys, unredacted Docker env/inspect, private client docs, bulky raw evidence unless protected/approved. |
| VPS | Runtime and evidence host. | Runtime clone, private evidence, generated output, logs, backups, service data, mounted workspace for Hermes/OpenClaw/Codex. | Untracked one-off truth, random manual edits, hidden source not mirrored to GitHub. |
| Website | Readable dashboard. | Public-safe command center, menus, status, proof links, sanitized catalogs, changelog, Hermes/OpenClaw plan sections. | Raw secrets, private topology, private client docs, sensitive security details. |
| Mac | Temporary import source only. | Original source/evidence until copied and verified. | Permanent source of truth or required runtime dependency. |
| Telegram | Command surface. | Sam instructions, quick reports, approvals, short summaries. | Only copy of decisions, long-term state, deploy source, proof archive. |
| Section | Must show | Reason |
|---|---|---|
| Sam Dashboard | Current status, blockers, next action, safe/unsafe operations, last verified timestamp. | Sam needs clarity fast. |
| Setup | VPS storage layout, GitHub repo layout, Hermes mount requirements, source-library placement, acceptance gates. | Start from the start. |
| GitHub Source of Truth | Repos, branch protection, PR workflow, issues, service contract files, changelog. | Permanent source and audit trail. |
| Runtime / Docker | Old Docker inventory, new runtime lanes, service classification, unknowns, delete gates. | No destructive cleanup without proof. |
| Domains / DNS | FQDN catalog, DNS provider, service mapping, repo mapping, TLS, smoke status, rollback, approval gate. | Prevent domain sprawl and ghost routes. |
| Agents | Hermes, OpenClaw/VIEWPORT, Codex, Claude, future agents, roles, permissions, queues, handoffs, approval policy. | Stop identity/authority confusion. |
| Business / Tenants | Viewport Corp, Viewport OS, PlatformX, Veavor, Modern Lao, BCCL/LaoWise/Phonemala, LaoDomains, Saathi, Glanzal, Agarwood, OmniBridge/Origin, archive/unknown. | Each business lane needs owner/source/runtime/domain separation. |
| Evidence Index | Telegram exports, migration docs, screenshots/media, Docker inventories, Cloudflare audits, GitHub PRs/issues, VPS evidence, local imports, private/public status. | 100% handoff requires index and proof. |
| Decision Queue | Sam confirmations, business classifications, domain decisions, deletion approvals, rebuild approvals, secret rotation approvals. | Humans approve risky/ambiguous choices. |
| Current Phase Plan | Phase 0 evidence freeze, Phase 1 secrets rotation, Phase 2 GitHub source, Phase 3 runtime isolation, Phase 4 domain/proxy, Phase 5 tenant factory, Phase 6 autonomous company loop. | Readable roadmap with gates. |
| Changelog | Every update, who changed it, when, what changed, proof link, GitHub commit/PR. | No random manual page edits. |
/srv/viewport/migration/
README.md
CURRENT_STATUS.md
START_HERE.md
CHANGELOG.md
public/
index.html
viewport-migration-report.worker.js
assets/
public-summary.json
private/
evidence/
telegram/
docker/
domains/
security/
clients/
raw-imports/
handoffs/
HERMES.md
OPENCLAW.md
CODEX.md
CLAUDE.md
FUTURE-AGENTS.md
profiles/
hermes.profile.md
openclaw.profile.md
codex.profile.md
claude.profile.md
manifests/
service-catalog.tsv
domain-matrix.tsv
container-inventory.tsv
repo-catalog.tsv
email-routing.tsv
evidence-index.tsv
narratives/
master-migration-plan.md
business-map.md
runtime-architecture.md
generator/
build_migration_report.py
templates/
data/Agent starts from /srv/viewport/migration/START_HERE.md and the relevant handoff/profile file.
Work must be represented in GitHub as issue, branch, PR, or decision record where appropriate.
Update service catalog, domain matrix, evidence index, status, decision queue, changelog, or runbook — not random paragraphs.
Run the generator from GitHub/VPS source, not Mac-only source.
Publish sanitized public output and store source/deploy metadata: generator path, build timestamp, artifact hash, Worker JS hash, live baseline hash, publish timestamp.
Attach proof: commit SHA, PR, health check, screenshot, logs, route check, backup/restore proof, or named evidence artifact.
Short Telegram summary with proof and blockers only.
Deletion requires owner classification, backup, repo/source, route map, rollback, replacement proof, no live traffic, and Sam approval.
First fix the handoff/control/evidence layer, otherwise the same confusion repeats.
Domain catalog, route map, smoke status, and rollback plan must exist first.
100% handoff means 100% indexed and available to authorized agents, not 100% public.
GitHub must hold canonical source/history; VPS builds/runs/mirrors; Mac exits the chain.
Telegram is command surface. GitHub + VPS evidence + generated dashboard are state surfaces.
This report is not just for humans. It is the operating instruction layer for agents that need to understand Viewport without repeating the old failure pattern.
Read the evidence dashboard, phase tracker, domain map, and security section. If a request touches live VPS, DNS, secrets, clients, or production proxy, create an evidence-backed GitHub issue/branch/PR path first.
Use background execution, logs, and named artifacts. Do not run long production fixes only through Telegram. Keep raw secrets out of reports, prompts, commits, screenshots, and public pages.
Attach proof: test output, curl status, healthcheck, screenshot where visual, Docker state, DNS lookup, PR link, or file path. No proof means status is in progress, not done.
old-docker: 82 containers total, 79 running, still production/reference docker-viewport: 1 container, hermes, running but unhealthy live-routes-smoke: host.veavor.com 200, clients.modernlaohomes.com 200, apps.modernlao.com 200, saathi health 200, ai 200, drive 200 known-broken: engine.veavor.com returned 502 during audit domain-gap: bccl.la registrar/NS unresolved security-gap: historical secrets require rotation before trusted automation
Slack operating room for MLG + MLH approvals, agent control, Odoo status, website/client intake, and Viewport escalations.
All active agents in the Viewport stack. Hermes is the operator shell. OpenClaw is the autonomous executor.
All major AI CLI tools available. We run Claude Code as primary.
All companies, associates, products, and partners. Full detail at /migration/partners.
All live numbers fetched from status.json at page load (static 2026-06-08 snapshot shown until then). ADD-ONLY: full original 31-section content preserved at anchors and at /migration/restart.
Restored 2026-06-10: the full June-5 forensic content (37 sections — company tree, master diagram, evidence, plans) renders in full in the Restored Archive; every anchor on this page resolves to real content.