Odoo: Documents / project document folder
Flow: Document needed → Odoo document folder → Slack approval if legal/signature → sign only after approval.
This page is now corrected against current integration reality. It is a living operating plan, not a done claim: Cloudflare serves the pages, Odoo/Slack has a safe foundation, old OpenClaw roles/crons were read, but GitHub source-of-truth, VPS RuntimeContracts, CompanyOS enforcement, watcher execution, and tenant isolation are still unfinished work.
This section is intentionally pinned near the top so humans and agents can immediately see where documents, support, and finance work should go.
Odoo: Documents / project document folder
Flow: Document needed → Odoo document folder → Slack approval if legal/signature → sign only after approval.
Slack: #mlh-warranty-support, #mlh-legacy-issues
Odoo: Helpdesk
Flow: MLH issue → Slack issue thread → Odoo helpdesk ticket → evidence attached → agent suggests next action → approval if legal/financial/customer-facing.
Slack: #mlg-finance-review
Odoo: Accounting / Invoicing / Expenses
Flow: Draft invoice/payment/expense → Slack finance review → Odoo record → approval before sending/payment/customer-facing action.
Mode: GitHub issue → branch → artifact → validator → evidence → live status. VPS runtime remains read-only/reconciliation until RuntimeContracts, backups, rollback, and approval gates exist.
Move real business/runtime work through visible GitHub issues and acceptance criteria.
Create branch, artifacts, validator, evidence path, and rollback boundary before touching runtime.
Run the smallest safe action, verify with tests or live proof, diagnose failures, then repeat.
Issue #196 · status JSON · viewport-company-os/workflows/gsd-ralphloop-operating-contract.yaml
evidence/modern-lao-deep-read-20260602/manifest.jsonl, text-index.jsonl, summary.json, skipped-sensitive-or-generated.jsonl.evidence/migration-plan-self-audit-20260603.md; evidence/odoo/mlg-mlh-odoo-slack-operating-model-20260603.md; evidence/modern-lao-deep-read-20260602/evidence-ingestion-website-client-investor-plan.md; evidence/github-vps-companyos-control-plane-executable-plan-20260603.md; evidence/department-segment-agent-operating-template-20260603.md; evidence/global-research-synthesis-migration-plan-20260603.md.MLH-COMMS-VAULT, MLH-FB-extracted, MLH-Research, MLH - Clients Chats, mlh-clients-portal, mlh-clients-portal-clean, modernlaohomes-site, MLG Website, _repo-staging/modern-lao-investor-site, docs/contracts, handoffs, plans.Viewport LLC / parent governancePlatformX / multi-tenant AI business OSCompanyOS / rules + roles + workflowsHermes operator shellOpenClaw legacy role libraryGitHub source-of-truthVPS/cloud runtimeOdoo business recordSlack command room
Each company, tenant, client, associate, or partner gets an isolated package: GitHub repo/labels/issues, Slack channels, Odoo company/context/apps, runtime namespace, domain map, knowledgebase, approval matrix, agent roster, watchers, reports, onboarding, rollback, and offboarding.
Real estate & constructionFinance & accountingLegal & complianceHealthcare & wellnessEducation & trainingRetail & commerceManufacturing & supply chainHospitality & tourismMedia & entertainmentAgriculture & foodEnergy & utilitiesTransport & logisticsGovernment/civic servicesNonprofits & communityTechnology/SaaSAI/model/tool R&D
Executive commandGitHub PMO / source-of-truthTenant operationsEngineering / productRuntime / SRE / DNSAI automation / agent factorySecurity / privacy / complianceResearch / intelligenceEvidence / data / knowledgeSales / CRMMarketing / content / Postiz/socialCustomer success / helpdeskProject delivery / operationsDocuments / contracts / legal/signFinance / accounting / procurementHR / training / agent readinessQuality / verification / auditR&D for cheaper AI compute/energy/hardware
Tenant/company setupWebsite/client portal/investor portalOdoo ERP/CRM/helpdesk/documents/accounting workflowsSlack/WhatsApp/Telegram command roomsGitHub task/PR/evidence operating systemRuntime/DNS/SSL/container operationsPostiz/social/content workflowEvidence vault/knowledgebaseAgent/watcher operationsApprovals/legal/finance gatesReporting/analytics/KPIsSecurity/privacy/complianceTraining/role onboardingAutomation connectors/MCP/toolsModel/provider/cost optimization
Modern Lao Group / Modern Lao Homes is the first full reference implementation: GitHub ops, Slack approvals/audit/support channels, Odoo CRM/project/helpdesk/documents/finance foundations, public/private portal separation, Postiz/social workflow, and Modern Manager-style agent coordination.
Viewport must research cheaper, lower-energy, lower-hardware AI operation: model routing, open/free models, local inference, workflow caching, agent specialization, evaluation, and provider fallback so high-class AI operations can become globally accessible rather than expensive enterprise-only tooling.
Already in place: live migration pages, Cloudflare deploy path, partial Odoo/Slack foundation, old OpenClaw agent/cron readout, VPS Docker visibility, task board. Not yet complete: remote GitHub source sync, RuntimeContracts for every service, enforced CompanyOS registry, production watcher system, full tenant isolation proof, full Odoo/Slack command-room automation, and global replication playbooks.
Issues, task packets, branches, PRs, checks, evidence paths, runtime contracts, skills, approval records, rollback plans.
Slash commands, buttons, modals, approvals, threads, audit posts, escalation, agent status, operating rhythm.
Contacts, CRM, projects, helpdesk, documents, knowledge, invoices, expenses, purchases, inventory, sign, activities, reporting.
Runtime is replaceable. Nothing on VPS is trusted as source of truth unless mapped to GitHub and backed by RuntimeContract.
Every role has a seat, lease, readiness level, tools, approval class, verifier, evidence output, and handoff rules.
Finance, legal, customer-facing, DNS, destructive runtime, billing, payroll, and security-sensitive work require explicit gates.
All 37 phases (00–36) below, grouped into seven stages for readability — numbering and full text preserved. Every phase carries the same close gate: GitHub issue/task packet, evidence path, verifier, Slack summary, approval class, and rollback/abort rule must be present before close. The source plan defines gates, not per-phase completion status — live state comes from the reality audit above and status.json; the only phase explicitly promoted to immediate blocker is the Runtime Source-of-Truth phase (04A).
Command reset: freeze random fixes, use this page as living master draft, create master GitHub issue and evidence index links.
Research ledger lock: commit the deep-read manifest, text index, self-audit, specialist artifacts, and source-to-finding matrix.
GitHub Ops foundation: expand issue templates, PR template, labels, task-packet schema, branch rules, no-secret checks, evidence checks.
Agent lease system: one active executor per task, heartbeat, expiry, backup takeover, reviewer/verifier separation, handoff format.
Runtime inventory snapshot: collect read-only Docker/Dokploy/Coolify/Traefik/ports/domains/volumes/secrets-names/backups/healthchecks.
RuntimeContract queue: create contracts for migration worker, Slack/Odoo bot, Modern Lao sites, client portals, investor vault, auth gates, proxies.
Domain and auth map: classify public, client, investor, admin, API, Odoo, Slack connector, and tenant domains; define Cloudflare/DNS approval gates.
Evidence vault schema: canonical evidence IDs, source path/hash, owner, client/case/project link, privacy class, publication class, Odoo target.
Evidence ingestion MVP: ingest manifests/CSV ledgers first; no raw secrets; no public publishing; create client/case/document candidates.
MLG/MLH tenant model: define tenant metadata, channels, Odoo company/context, GitHub labels, runtime namespace, evidence vault rules.
Department factory implementation: instantiate 17 departments with charters, roles, tools, KPIs, Slack/Odoo/GitHub inputs and outputs.
Agent role library: define lead/worker/reviewer/verifier/router/operator/watcher/evidence-auditor skills and readiness levels.
Odoo live model export: export installed modules, models, fields, stages, permissions, record counts, current safe records, and risky-zero records.
Odoo write policy matrix: every app/model/action gets L0 read, L1 draft, L2 approval packet, L3 execute-after-approval, or HOLD.
Slack production app spec: slash commands, interactivity, events, modals, signature verification, idempotency, retries, rate limits, audit logs.
Slack channel architecture: create or verify command, approvals, audit, sales, project, docs/sign, finance, procurement, support, marketing, incident channels.
Approval packet standard: Odoo record, Slack thread, GitHub issue, evidence IDs, risk class, decision buttons, expiry, reviewer, final action.
Lead intake workflow: website/client/WhatsApp/Facebook/manual lead → CRM draft → Slack thread → agent recommendation → approved next activity.
MLH warranty/legacy workflow: evidence → helpdesk ticket draft → missing-evidence check → legal/customer/finance gate → approved response.
Project delivery workflow: approved CRM/quote → project template → tasks/stages/site visits/material requests/QA/punch list/handover.
Documents/sign workflow: folder/tag/access model, contract template registry, draft signature packet, legal/Sam approval before Sign request.
Finance/accounting workflow: chart/taxes/bank/payment terms review; draft invoices/expenses/vendor bills; posting/payment/refund held.
Procurement/inventory workflow: vendor registry, material request, RFQ/PO draft, receipt evidence; PO/vendor bill approval gates.
HR/planning/timesheets workflow: roster, crew planning, skills, timesheets, capacity; payroll/paid users held behind approval.
Marketing/public content workflow: claims evidence, website copy, social/email/WhatsApp drafts; customer/investor-facing publication gate.
Website/portal QA: public MLH, client portals, investor vault, auth gates, mobile/tablet/desktop, no public/private leakage.
Comms vault publication: investor/auth-gated summaries only; raw evidence privacy classification; missing media and dispute indexes.
GSD/Ralph loop CI: Goal→Setup→Do→Verify→Diagnose→Fix→Repeat→Evidence encoded into GitHub checks and Slack status.
Watcher/reporting MVP: GitHub stale work, runtime health, DNS/SSL, Odoo/Slack health, evidence drift, agent silence, backup status.
Dashboard V2: show phases, issues, PRs, runtime contracts, Odoo/Slack health, evidence coverage, approvals, blockers, next decisions.
Skills/training creation: Odoo app map, Slack control flows, Mac evidence ingestion, client portal QA, comms vault, runtime contracts, tenant template.
MLG/MLH pilot execution: run low-risk read/draft workflows end-to-end with no customer-facing or finance/legal execution.
Approval-controlled writes: enable specific L3 writes only after phase proof, rollback, verifier, and Sam approval.
Tenant template extraction: repo layout, Slack channel map, Odoo app matrix, runtime contracts, agent roster, approval policy, onboarding checklist.
Replication pilot: onboard one safe associate/client using minimal template, prove isolation, reporting, rollback, and handoff.
Operating rhythm: daily Slack digest, weekly GitHub/Odoo report, monthly tenant audit, quarterly skills/agent readiness review.
Continuous improvement: plan can change 10–20 times; every change must cite evidence, impact, phase/gate deltas, and reviewer verdict.
Every tenant starts with a department package. Each department gets Slack channels, Odoo apps/models, GitHub queues, agent roles, approval gates, KPIs, and evidence outputs.
Sam/owner decisions, approvals, priorities, escalation, audit.
task packets, PRs, workflows, evidence, issue hygiene.
tenant onboarding, templates, channel/app/runtime namespace.
global/local research, legal/regulatory scan, citations.
public sites, client portals, investor surfaces, forms, QA.
connectors, APIs, bot backends, agent tools, tests.
VPS, containers, deploys, health, SSL, backups.
secrets, auth, privacy classes, agent permissions, reviews.
vaults, indexes, dashboards, SOPs, KPIs.
leads, qualification, quotes, proposals, follow-up.
site visits, design, tasks, materials, QA.
support tickets, legacy issues, customer updates.
folders, contracts, legal review, signing gates.
invoices, expenses, POs, vendors, cost reports.
claims, content, campaigns, investor updates.
roles, skill training, readiness, performance audit.
models, MCP tools, cost/compute R&D, tool acquisition.
Department LeadWorkerReviewerVerifierApproval RouterApproved OperatorWatcherEvidence Auditor
R0 proposedR1 read-onlyR2 draft-onlyR3 approved writeR4 deploy operatorR5 privileged emergency only
No agent gets broad power because it sounds smart. Every agent must have scope, tools, skills, task packet, lease, reviewer, verifier, evidence output, and approval policy.
ContactsCRMSalesProjectHelpdeskDocumentsKnowledgeSignAccountingInvoicingExpensesPurchaseInventoryPlanningTimesheetsEmployeesCalendarAppointmentsWebsiteMarketingSocialWhatsAppDashboardsStudio
Slack must be the operating cockpit, not a notification dump.
#mlg-command-center#mlg-odoo-approvals#mlg-odoo-audit#mlg-agent-control#mlg-sales-crm#mlg-projects-delivery#mlg-documents-sign#mlg-finance-review#mlh-warranty-support#mlh-legacy-issues
MLG + MLH is the first complete tenant. Future clients/associates/partners receive the same package:
Own Modern Lao daily execution: receive work, classify tenant/client/risk, open GitHub task packets, coordinate agents, draft Odoo/Slack actions, request approvals, verify completion, and report blockers.
HermesOpenClawSlackWhatsAppTelegramOdooGitHubVPS
Modern Manager handles Modern Lao work only. Other tenants get their own manager agent from the tenant template.
Read Slack/Odoo/GitHub queuesCheck WhatsApp/Telegram intakeClassify riskOpen/update task packetsAssign agentsCreate approval packetsVerify evidencePost daily digest
Customer-facing sendInvoice posting/payment/refundContract/sign requestPO/vendor billDNS/runtime destructiveSecrets/user permissionsPublic investor/legal claims
Implementation artifact: evidence/agents/modern-manager-agent-design-20260603.md.
Every Odoo function must be mapped to Modern Lao business use, agent skills, allowed functions, blocked functions, Slack approval path, GitHub evidence path, and training. Agents must become Odoo experts before write permissions.
L0 read observe/export/summarize; L1 draft create drafts/placeholders; L2 approval packet prepare decision with evidence; L3 approved execute execute after explicit approval; HOLD blocked until design/legal/finance approval.evidence/odoo/mlg-mlh-odoo-feature-automation-agent-skill-matrix-20260603.md — 616-line app/function matrix.Slack must use every relevant automation surface as the Modern Lao control room, but never as the system of record. Slack commands trigger workflows; Odoo/GitHub hold truth; approvals are logged.
Implementation artifact: evidence/slack/mlg-mlh-slack-control-room-automation-matrix-20260603.md — 760-line control-room matrix.
Status: Current OpenRouter API access is verified, but previous council review was partial and unstable. Do not treat council feedback as complete until each provider/model run has a timestamped status, raw output, failure mode, and task mapping.
openrouter/free — audit completed, verdict medium.z-ai/glm-4.5-air:free — audit completed, verdict weak/executable detail missing.nvidia/nemotron-3-super-120b-a12b:free — smoke passed, audit run unstable.openai/gpt-oss-20b:free — smoke passed, audit had invalid tool-call output.qwen/qwen3-coder:free, meta-llama/llama-3.3-70b-instruct:free, google/gemma-4-31b-it:free — upstream rate-limited/blocked.Artifacts: evidence/llm-council/openrouter_free-migration-plan-audit-20260603.md, evidence/llm-council/z-ai_glm-4.5-air_free-migration-plan-audit-20260603.md, evidence/llm-council/free-model-council-attempts-20260603.md.
Status: promoted to immediate blocker after the legal.modernlaohomes.com routing incident. The plan is no longer just a migration narrative; it is the operating checklist that must turn every live domain into a verifiable contract before Codex/Hermes/other agents are allowed to mutate production.
Agents are currently blocked because live truth is split across Cloudflare DNS, Dokploy Traefik dynamic files, old Docker containers, nginx configs inside containers, local Mac staging repos, and GitHub. The legal portal proved the risk: the domain was live only after mapping Cloudflare plus Dokploy Traefik to modernlao-site, while Dokploy DB did not show a clean application row for that exact portal.
modernlaohomes.com / www.modernlaohomes.com → public siteclients.modernlaohomes.com → private client portallegal.modernlaohomes.com → legal consultation portal, currently routed to modernlao-sitesign.modernlaohomes.com → signing/docuseal routeinvestor.modernlao.com → investor/vault surfacemodernlao.odoo.com → Odoo SaaS sourceNo agent gets to say “done” on a domain/app until the contract row exists, the live route is verified from public DNS, and the rollback file is named. If the row says Dokploy but the serving path is old Docker/nginx, the row must say that honestly and mark the cleanup target.
evidence/runtime/domain-service-map-20260603.md with the first MLH domain rows.Phase-label theaterERP big bangSlack as databaseMagic agentsTenant-blind tasksEvidence dumpingRuntime mutation without contractFake-complete claimsCustomer sends without approvalFinance/legal automation without gate
Updated 2026-06-05. Reality-audited V3: corrected against current GitHub/VPS/OpenClaw/Odoo/Slack state. Local artifacts exist, but GitHub remote source sync is still blocked until write/auth is repaired.
reports/migration-redesign/src/plan.html.