Viewport Rebuild Plan
Company-as-Code · Slack-Controlled · Never-Amnesia

1 Master Model — Company-as-Code

Viewport Corporation is not managed through email, spreadsheets, or Notion. It is managed through code — specifically, a GitHub-grounded stack where every decision, task, agent, and infrastructure component has a canonical address. This section maps the full architecture.

Full Architecture Stack

┌─────────────────────────────────────────────────────────────────────────┐
│              COMMAND LAYER  (Human Interface & Intent)                  │
├────────────────────┬──────────────────────┬────────────────────────────┤
│  SLACK              │  Discord              │  Telegram / WhatsApp        │
│  Primary control   │  2nd power surface   │  Department channels        │
│  #ops-control-room │  Community / alerts  │  Field teams / clients      │
│  /cmd slash cmds   │  Bot integrations    │  Lightweight approvals      │
└────────────┬───────┴──────────────────────┴────────────────────────────┘
             │  intent + context
             ▼
┌─────────────────────────────────────────────────────────────────────────┐
│              HERMES  (Operator / Router — Per Tenant)                   │
│  Routes Slack/webhook events → packets → agent seat assignments         │
│  Maintains per-tenant context, approval gates, loop state               │
│  Runtime: OpenAI Codex ($100–200) · deployed on VPS · GitHub-backed    │
└───────────────────────────────┬─────────────────────────────────────────┘
                                │  structured task packets
                                ▼
┌─────────────────────────────────────────────────────────────────────────┐
│              GITHUB  (Truth + Brain + Actions Loop)                     │
│  viewport-os monorepo · issues = ledger · PRs = evidence                │
│  Actions: claude-code-action · codex-action · cron loops                │
│  Secrets vault · AGENTS.md per repo · brain markdown writeback          │
└───────────────────────────────┬─────────────────────────────────────────┘
                                │  agent tasks + verified outputs
                                ▼
┌─────────────────────────────────────────────────────────────────────────┐
│              OPENCLAW  (47-Seat Agent Fleet)                            │
│  Seats: research / code / review / write / qa / ops / legal / finance  │
│  Auth: API keys only (no subscription OAuth — see §4)                  │
│  Loops: cron-babysit-prs · nightly-deep-work · verify-and-merge        │
└───────────────────────────────┬─────────────────────────────────────────┘
                                │  deploy commands
                                ▼
┌─────────────────────────────────────────────────────────────────────────┐
│              VPS  (Disposable Runtime — 194.163.153.171)                │
│  Coolify · Traefik · Docker · Tailscale · Cloudflare                   │
│  Every service rebuildable from GitHub source in <20 min               │
│  Deploy via Coolify API only — never Docker daemon / iptables           │
└───────────────────────────────┬─────────────────────────────────────────┘
                                │  live evidence
                                ▼
┌─────────────────────────────────────────────────────────────────────────┐
│         /migration COMMAND CENTER  (viewport.llc/migration)             │
│  Live pages: Overview · Forensics · Transcript · Brain                  │
│  Rebuild Plan · Idea Bank · sourced from GitHub via Action deploy       │
└─────────────────────────────────────────────────────────────────────────┘

The Five-Layer Model

Target GitHub Namespace

The canonical namespace for Viewport Corporation on GitHub. Every repo has a purpose, an AGENTS.md, and a protection rule on main.

2 The Loop — Capture to Remember

Every unit of work in Viewport follows a closed loop: captured in Slack, routed through Hermes, executed by OpenClaw, verified, published as evidence, and written back to the brain. No loop exits without a proof artifact. No task ends in ambiguity.

Loop Stage Breakdown

Mapping to Sam's 10-Step Workflow

1. Capture intent in Slack

   Type a command or free-form request in #ops-control-room. Hermes listens, parses intent, and creates a structured GitHub issue within 30 seconds. No email, no Notion, no sticky notes.
2. Issue auto-labelled and routed

   n8n workflow reads the new issue event, applies a label from the taxonomy (type:code, type:research, type:content, etc.) and assigns it to the appropriate OpenClaw seat queue.
3. Task packet assembled

   Hermes injects context: AGENTS.md for the target repo, last-5-PRs from the relevant seat, the brain markdown for this domain, and any blocking dependencies. Agent receives a complete packet, not a bare prompt.
4. Seat picks up work

   The assigned OpenClaw seat (running Codex API or Claude Code CLI) begins execution. It runs in an isolated GitHub Actions runner, with tool access scoped to what AGENTS.md permits.
5. Agent opens a draft PR with live progress

   Rather than a single commit at the end, the agent pushes incremental progress to a branch and updates checkboxes in the PR description. Sam sees real-time state without polling.
6. CI + verification gates run

   Automated linting, tests, security scan, and the Verifier seat review the diff. Boris Cherny's finding: giving agents effective verification methods improves output quality 2–3x. [S4]
7. Reviewer seat LGTM or requests changes

   A second OpenClaw seat (Reviewer) independently reads the diff and leaves structured inline comments. If it finds issues, the Executor seat re-runs with the feedback appended to its context.
8. Sam approves (or auto-merges on low-risk paths)

   High-risk changes (prod deploy, secret rotation, billing changes) require a Slack approval from Sam. Low-risk paths (docs, minor refactors, brain writeback) auto-merge after CI passes.
9. Publish + deploy + heartbeat

   Merged PR triggers a GitHub Action that deploys via Coolify API, runs curl /health, and posts a Slack + Telegram heartbeat with the live URL and HTTP status code.
10. Brain writeback closes the loop

    The nightly brain agent reads all closed issues and merged PRs from the past 24 hours, distills them into a markdown entry, appends to MEMORY.md, and commits to the brain/ directory. No amnesia.

3 Slack as Top Layer

Slack is not a chat app for Viewport — it is the command plane. Every integration, automation, approval, and department communication routes through Slack. Discord is the second power surface for community and alerts. Telegram and WhatsApp handle department channels and field teams.

Slack Control-Room Channels

Slash Commands & Approval Flows

4 Models & Auth

Anthropic's April 2026 policy change cut off subscription-based OAuth authentication for all third-party agents including OpenClaw. This section documents the post-cutoff model strategy and the two durable authentication paths.

Post-Cutoff Authentication Architecture

claude-code-action Integration

The official anthropics/claude-code-action (7.9k stars, used by 16.8k projects as of June 2026) provides the durable GitHub Actions loop for Claude-powered automation. Key integration points:

5 Recovery Sequence — Phase 0 through 5

Six phases from stop-the-bleeding to a fully closed, daily-heartbeat loop. Phases are sequential — do not start Phase N+1 until Phase N has a passing health check. Each phase ends with a Slack heartbeat post.

1. Neutralize the 6-hour kill-cron

   The cron job that kills agent sessions after 6h must be identified and stopped or reconfigured. SSH to VPS: crontab -l | grep -i kill. Comment out the offending line. This is the #1 blocker for any recovery attempt.
2. Rotate and scope the PAT

   Generate a new GitHub PAT with minimum required scopes only. Revoke the old token immediately. Set pat_revoked=true in state.db. Store new token in /home/openclaw/.openclaw/.env on VPS only — never in code.
3. Flip model fallbacks off subscription

   Update openclaw.json fallback chains: remove any subscription OAuth paths. Primary: codex-mini-latest (API key). Secondary: claude-sonnet-4-6 (API key, not OAuth). Tertiary: LiteLLM px-* proxy. Validate with a test run.
4. Push a clean branch and verify CI green

   Push ops/openclaw-github-flow-44 to viewport-corp/viewport-ops. Confirm Actions trigger. Confirm no secret leaks in diff. This branch is the recovery ledger.

1. Restore 50 cron jobs from GitHub source

   All cron definitions must live in viewport-os/infra/crons/. Audit crontab -l on VPS against the repo. Missing crons get filed as GitHub issues with type:infra label and re-deployed via Coolify API. Never hand-edit crontab.
2. Restart the 7 Hermes loops

   Each Hermes instance (one per major tenant/domain) runs as a named Coolify service. Verify each with curl https://hermes-[tenant].veavor.com/health. Any failing instance gets redeployed from its GitHub-backed Dockerfile.
3. Reconnect GitHub → n8n → gateway

   Verify n8n webhooks are registered in GitHub org settings. Test with a synthetic issue creation. Confirm the event flows through: GitHub webhook → n8n trigger → route → gateway → OpenClaw seat. Log the round-trip time as a baseline metric.

1. Deploy brain markdown store

   Create viewport-corp/viewport-os/brain/ directory. Structure: brain/global/MEMORY.md, brain/tenant-[name]/MEMORY.md, brain/agents/[seat-name].md. Each file follows the handoff template from §7.
2. Install nightly writeback GitHub Action

   Schedule a nightly Action at 02:00 UTC. It reads all closed issues + merged PRs from the last 24h, distills insights, appends to brain/global/MEMORY.md, and opens a PR. On auto-merge, posts a Slack digest to #brain-updates.
3. Migrate existing MEMORY.md entries

   Copy the existing ~/.claude/claude-memory/MEMORY.md entries (21 entries as of June 2026) into brain/global/MEMORY.md. Each entry gets a GitHub issue backlink. This seeds the brain so the first writeback has continuity.

1. Initialise viewport-os monorepo

   Create the repo under viewport-corp/viewport-os. Push initial directory skeleton (products/ services/ agents/ skills/ mcps/ corp/ infra/ brain/). Add AGENTS.md at root. Enable branch protection on main: require PRs, require CI, no force-push.
2. Populate GitHub Secrets vault

   Add all service keys from VPS /home/openclaw/.openclaw/.env as GitHub org secrets (not repo secrets — org-level for cross-repo access). Naming convention: PROVIDER_PURPOSE_ENV e.g. ANTHROPIC_API_KEY_PROD.
3. Write AGENTS.md for each major repo

   Every repo in the viewport-corp org needs an AGENTS.md that defines: allowed tools, forbidden actions, verification requirements, handoff format, and which OpenClaw seats are authorised. This is the harness boundary.

1. Wire the publish Action

   GitHub Action on push to public/ directory: builds static HTML, deploys to Cloudflare Pages via CLOUDFLARE_API_TOKEN secret, runs curl https://viewport.llc/migration/restart/plan and asserts HTTP 200. Posts result to #deploy-log.
2. Set up Cloudflare Access for admin paths

   The /migration/ tree should be gated by Cloudflare Zero Trust. Only Sam's email gets access. Public paths (/migration/restart/plan) remain open. This prevents accidental indexing of internal forensics data.

1. Run the canonical smoke test

   Type /task Update brain with June 2026 recovery status in #ops-control-room. Confirm: issue created → seat assigned → agent opens PR → CI passes → Reviewer LGTM → Sam approves via Slack button → deploy fires → health check 200 → brain writeback commits. Full loop, documented.
2. Establish daily heartbeat

   Install a daily 09:00 UTC cron Action that posts a Slack + Telegram status block: active agent seats, VPS health, last brain writeback time, next scheduled tasks. If the heartbeat goes silent, that IS the alert.

6 First 10 Task Packets

These are the first ten concrete GitHub issues to open, in order, after the Phase 0 stop-the-bleeding actions are complete. Each packet includes a label, assigned seat, definition of done, and proof artifact.

7 Anti-Amnesia Protocol

The single biggest failure mode in agent-powered companies is knowledge loss: agents restart without context, sessions die, handoffs fail, the same bug is solved twice. This section defines the four pillars of anti-amnesia architecture.

Canonical Handoff Template

Every handoff must have all seven fields populated. Agents that receive a handoff with a missing field must file a needs-dod issue before proceeding.

Truth Labels — GitHub Issue Taxonomy

8 Security & Secret Rotation

The state.db audit found alarming numbers of raw credential strings across the OpenClaw workspace. These must be rotated, scoped, and routed through a redaction pipeline before any secret is written to GitHub, logs, or the brain store.

Secret Rotation Priority Queue

1. Admin:enterprise PAT → scope down immediately

   The current PAT has admin:enterprise scope. Revoke it. Generate a new PAT with only: repo, workflow, write:packages, read:org. Store in VPS .env only. No PAT in any repo, script, or log.
2. Rotate all 970 sk-* keys

   Audit which service each key belongs to (OpenAI, Anthropic, OpenRouter, etc.). Revoke all. Generate fresh keys. Update VPS .env. Test each service endpoint. The OpenRouter key leak from May 2026 was a previous example of this risk.
3. Rotate 138 ghp_* GitHub PATs

   All ghp_-prefixed tokens. Many are likely expired — run a batch check. Revoke all active ones. Generate replacements with fine-grained scopes. Update state.db references to point to new tokens.
4. Rotate 61 CF_API_KEY tokens

   Cloudflare API keys. Rotate in Cloudflare dashboard. Use scoped API tokens (not global API key) going forward. Scope per-service: DNS-only, Workers-deploy-only, Pages-deploy-only.
5. Rotate 276 Telegram bot tokens

   Use /revoke via BotFather for each bot. Generate new tokens. Update each Hermes Telegram adapter. Test incoming message routing. Note: Name.com API tokens also need rotation per the April 2026 exposure — partially safe due to IP lock to VPS but rotate within 30 days.
6. Install redaction pipeline for brain writeback

   Before any content from state.db, logs, or agent output is written to GitHub issues, PRs, or brain markdown — it must pass through a regex redaction filter. Patterns: /sk-[a-zA-Z0-9]{20,}/, /ghp_[a-zA-Z0-9]+/, /CF_[A-Z_]+=[a-zA-Z0-9]+/. Replace with [REDACTED:TYPE].

Permanent Security Posture

• All credentials in ONE file: /home/openclaw/.openclaw/.env on VPS — never anywhere else
• GitHub Secrets for CI/CD: org-level, named PROVIDER_PURPOSE_ENV — never in code
• No subscription OAuth tokens in any agent runtime — API keys only post-April 2026
• PAT scopes: minimum viable — repo + workflow only for most agents
• Cloudflare Zero Trust gates all /migration/ admin paths
• state.db: VPS-local only, never committed, nightly backup to encrypted S3-compatible store
• Secret expiry monitoring: GitHub Action checks for tokens approaching 90-day age and posts to #infra-alerts

9 Intellectual Grounding

This architecture is grounded in three living practitioners whose work has been verified against live sources (June 2026). Their frameworks directly shaped the design decisions in this plan.

Andrej Karpathy — Software 3.0 & Agentic Engineering

AI researcher, former OpenAI and Tesla. Coined context engineering (Dec 2025) and agentic engineering (Feb 2026). Presented Software 3.0 at the Sequoia Ascent Summit 2026. [S7, S8]

"Your programming now turns to prompting. And what's in the context window is over the interpreter, that is the LLM." — Andrej Karpathy, Sequoia Ascent 2026 (via philippdubach.com summary) [S8]

"You can outsource your thinking, but you can't outsource your understanding." — Andrej Karpathy, on human value in Software 3.0 [S8]

Boris Cherny — Harness Engineering & Verification-First

Creator of Claude Code at Anthropic. Ships 50–150 PRs/day from his phone. Has not written a line of code by hand since October 2025. His core insight: the engineer's job is to build the harness — not to write the code. [S3, S4]

"The engineer's job is to build the harness, not to write the code. The harness is the AGENTS.md files, the linters, the architectural constraints, the verification scripts, the test infrastructure." — Boris Cherny (via Towards AI, June 2026) [S4]

"Simply giving Claude effective verification methods typically improves final output quality by 2–3x." — Boris Cherny [S4]

Peter Steinberger — Architecture-First, Pragmatic Delegation

Co-founder of PSPDFKit (€100M exit 2021). Founded OpenClaw. Shipped 6,600 commits in January 2026 as a solo developer using AI agents. Featured on Pragmatic Engineer and Lex Fridman. [S9, S10]

"I am the architect." — Peter Steinberger, on his role in AI-native development (via sethserver.com) [S10]

"Most code is boring data transformation that AI can handle efficiently." — Peter Steinberger (paraphrased via sethserver.com analysis) [S10]

10 Sources

All external claims in this document are grounded in live sources retrieved June 2026. No claim is made from training-data memory alone.

• [S1] VentureBeat — "Anthropic cuts off the ability to use Claude subscriptions with OpenClaw and third-party AI agents" Auth cutoff
• [S2] VentureBeat — "Anthropic reinstates OpenClaw and third-party agent usage on Claude subscriptions — with a catch" Reinstatement + June 15 credit pool
• [S3] BigGo Finance — "Boris Cherny: Anthropic Engineer Writes 150 PRs a Day From His Phone, Zero Lines by Hand" 150 PRs/day
• [S4] Towards AI — "Claude Code's Creator Stopped Prompting Claude — He Writes Loops and Merges 150 PRs a Day From His Phone" Harness · verification 2–3x
• [S5] GitHub — anthropics/claude-code-action (7.9k stars · 16.8k projects) GitHub Actions integration
• [S6] OpenAI Developers — Codex Pricing ($1.50/1M in · $6/1M out for codex-mini-latest) Codex pricing
• [S7] AI Agents Simplified — "From Vibe Coding to Agentic Engineering: Andrej Karpathy's Vision" Karpathy · agentic engineering
• [S8] philippdubach.com — "Karpathy's Software 3.0 Playbook: 12 Lessons from Sequoia" Software 3.0 · Sequoia Ascent 2026
• [S9] The Wantrepreneur Show — "Peter Steinberger Built a $100M Dev Tool, Burned Out, Then Came Back to Code with AI Agents" Steinberger · background
• [S10] sethserver.com — "Two Schools of AI-Native Engineering: What Peter Steinberger Gets Right" Steinberger · architecture-first
• [S11] OpenAI — "Harness Engineering: Leveraging Codex in an Agent-First World" Harness engineering · Codex
• [S12] TechTimes — "Anthropic Ends Subscription Subsidy for Agents June 15: Credit Pool Replaces Flat-Rate Access" June 15 2026 credit pool change
• [S13] Pragmatic Engineer — "Building Claude Code with Boris Cherny" by Gergely Orosz Cherny · Claude Code origins