Viewport · migration
MENU
Main
Command Center GitHub Plan Tasks Audit Status Slack Odoo
Restart suite
Restart hub Forensics Transcript Brain Ideas Rebuild Plan
Audit
Audit History Comms
Telegram
OpenClaw Chats Hermes Chats
Research
Claude Research
Data
status.json
Company
Partners · Modern Lao MLG + MLH Dossier Architecture Diagrams Tools Registry
Company architecture update · trillion-scale structure explicit · not a done claim

Viewport Migration
Task Board

This board now includes the target architecture for Sam's global all-industry AI-operated company: parent governance, PlatformX multi-tenant OS, CompanyOS roles/workflows, industry/service catalogs, tenant/client/associate replication, and AI R&D for lower compute/cost/energy/hardware dependence. Reality boundary remains: GitHub source sync, runtime contracts, enforced agents, tenant isolation, and watchers are still active tasks.

139 tasks · NOW:58 NEXT:73 BLOCKED:4 DONE:1 (live) Company structure now explicit on /migration and /plan Target architecture, not completed company GitHub source sync still blocked RuntimeContracts still missing for all services

Board status

HermesONLINE v0.15.2
VPSvmi3130827 · 72 containers, 3 unhealthy
Last audit2026-06-05 · PASS:2 FAIL:10 UNKNOWN:1
TasksNOW:58 NEXT:73 BLOCKED:4 DONE:1 WATCH:3
Data/migration/status.json
Board generated2026-06-04T21:19:52+00:00
Status fetched2026-06-09
Live task board data from status.json (fetched 2026-06-09): NOW: 58 · NEXT: 73 · BLOCKED: 4 · DONE: 1 · Total: 139 · VPS: 72 containers (3 unhealthy) · Hermes: ONLINE v0.15.2 · Audit: PASS:2 FAIL:10 UNKNOWN:1
Summary · column distribution

139 tasks, one verified done

Every figure below is computed from the board's own task data (generated 2026-06-04, status.json fetched 2026-06-09). Throughput ≈ 0: the only DONE item fixed a stale claim on this very board.

139tasks total on the live execution board
58NOW / DO FIRST — unlock other work
73NEXT — ready after NOW or evidence exists
4BLOCKED — access, approval or source-of-truth missing
3WATCH — keep separate, do not mix scopes
1DONE / VERIFIED — T-054 only
Blockers · read before picking up work

4 BLOCKED tasks — what is actually in the way

Each needs access, approval, or a missing source-of-truth before execution. The same four cards appear in the BLOCKED column below; they are surfaced here because they gate everything else.

T-002BLOCKEDPhase 02 · GitHub Ops
Fix GitHub write access for viewport-corp/viewport-ops

Blocker · evidence/state

fatal 403 Write access to repository not granted

Owner

Viewport GitHub admin · source: git push failed after fbd75bc

Acceptance to unblock

Hermes can push branch/commit and create/update issues without using secrets in chat.

T-122BLOCKEDPhase 02 · GitHub Ops
Repair GitHub source-of-truth push/write access for viewport-ops

Blocker · evidence/state

Local branch ops/openclaw-github-flow-44 ahead 4; push/write not verified/fixed

Owner

GitHub auth agent · source: Live Worker deployed but branch remains ahead locally

Acceptance to unblock

GitHub auth verified with least privilege; branch pushed or PR opened; live deploy commit traceable to GitHub; no tokens printed.

T-018KBLOCKEDPhase 04 · Runtime / Old Docker / Cleanup
Create old Docker do-not-delete-yet cleanup queue with approval gates

Blocker · evidence/state

Many active/exited legacy containers; cleanup risk high

Owner

Runtime/SRE + Sam approval · source: Old Docker contains useful building blocks; no stop/delete/prune without Sam approval

Acceptance to unblock

Every cleanup candidate has backup proof, restore test, replacement contract, blast-radius assessment, explicit Sam approval placeholder; inventory alone cannot mark done.

T-024BLOCKEDPhase 11 · Agents / Centralized System
Create/verify Modern Manager bot/agent identity across Hermes/OpenClaw/Slack/Odoo/GitHub/VPS

Blocker · evidence/state

Design artifact exists; live identity not verified

Owner

Modern Manager owner · source: Plan section 11 says Modern Manager required

Acceptance to unblock

Modern Manager has documented identity, scopes, channel, task queue, daily loop, and no-write gates.

Use rules

How to read the columns

NOW

Unlocks other work or prevents agents from repeating old mistakes.

NEXT

Ready after NOW tasks or required evidence exists.

BLOCKED

Needs access, approval, or missing source-of-truth before execution.

WATCH

Keep separate / monitor / do not mix scopes.

Hard rule

Do not claim trillion-scale autonomy until GitHub/Odoo/Slack/runtime/watchers enforce the loop, not just describe it.

MLG / MLH operating rails + active execution loop

Slack + Odoo approval flows · GSD + RalphLoop

Pinned so humans and agents can immediately see where documents, support, and finance work should go. GSD + RalphLoop is active for GitHub Ops and VPS Runtime — mode: GitHub issue → branch → artifact → validator → evidence → live status. VPS runtime remains read-only/reconciliation until RuntimeContracts, backups, rollback, and approval gates exist.

Documents

Odoo: Documents / project document folder

Flow: Document needed → Odoo document folder → Slack approval if legal/signature → sign only after approval.

Helpdesk / warranty / legacy issues

Slack: #mlh-warranty-support, #mlh-legacy-issues

Odoo: Helpdesk

Flow: MLH issue → Slack issue thread → Odoo helpdesk ticket → evidence attached → agent suggests next action → approval if legal/financial/customer-facing.

Finance review

Slack: #mlg-finance-review

Odoo: Accounting / Invoicing / Expenses

Flow: Draft invoice/payment/expense → Slack finance review → Odoo record → approval before sending/payment/customer-facing action.

Goal

Move real business/runtime work through visible GitHub issues and acceptance criteria.

Setup

Create branch, artifacts, validator, evidence path, and rollback boundary before touching runtime.

Do / Verify / Fix

Run the smallest safe action, verify with tests or live proof, diagnose failures, then repeat.

Evidence

Issue #196 · status JSON · viewport-company-os/workflows/gsd-ralphloop-operating-contract.yaml

Company architecture

Trillion-scale company architecture — target structure, not a done claim

This board includes the target architecture for Sam's global all-industry AI-operated company. Reality boundary remains: GitHub source sync, runtime contracts, enforced agents, tenant isolation, and watchers are still active tasks.

Ambition: Viewport is being designed as an AI-operated global company that can serve every country and every industry — an all-country/all-industry operating architecture — through reusable tenant/company operating systems. This is not yet fully built. The live reality audit above shows the missing rails: GitHub source-of-truth, RuntimeContracts, CompanyOS enforcement, tenant isolation, and watcher execution.

Core company stack

Viewport LLC / parent governancePlatformX / multi-tenant AI business OSCompanyOS / rules + roles + workflowsHermes operator shellOpenClaw legacy role libraryGitHub source-of-truthVPS/cloud runtimeOdoo business recordSlack command room

Global replication model

Each company, tenant, client, associate, or partner gets an isolated package: GitHub repo/labels/issues, Slack channels, Odoo company/context/apps, runtime namespace, domain map, knowledgebase, approval matrix, agent roster, watchers, reports, onboarding, rollback, and offboarding.

Industries to support

Real estate & constructionFinance & accountingLegal & complianceHealthcare & wellnessEducation & trainingRetail & commerceManufacturing & supply chainHospitality & tourismMedia & entertainmentAgriculture & foodEnergy & utilitiesTransport & logisticsGovernment/civic servicesNonprofits & communityTechnology/SaaSAI/model/tool R&D

Departments every serious tenant can receive

Executive commandGitHub PMO / source-of-truthTenant operationsEngineering / productRuntime / SRE / DNSAI automation / agent factorySecurity / privacy / complianceResearch / intelligenceEvidence / data / knowledgeSales / CRMMarketing / content / Postiz/socialCustomer success / helpdeskProject delivery / operationsDocuments / contracts / legal/signFinance / accounting / procurementHR / training / agent readinessQuality / verification / auditR&D for cheaper AI compute/energy/hardware

Reusable service catalog

Tenant/company setupWebsite/client portal/investor portalOdoo ERP/CRM/helpdesk/documents/accounting workflowsSlack/WhatsApp/Telegram command roomsGitHub task/PR/evidence operating systemRuntime/DNS/SSL/container operationsPostiz/social/content workflowEvidence vault/knowledgebaseAgent/watcher operationsApprovals/legal/finance gatesReporting/analytics/KPIsSecurity/privacy/complianceTraining/role onboardingAutomation connectors/MCP/toolsModel/provider/cost optimization

MLG / MLH as first proof tenant

Modern Lao Group / Modern Lao Homes is the first full reference implementation: GitHub ops, Slack approvals/audit/support channels, Odoo CRM/project/helpdesk/documents/finance foundations, public/private portal separation, Postiz/social workflow, and Modern Manager-style agent coordination.

AI R&D mandate

Viewport must research cheaper, lower-energy, lower-hardware AI operation: model routing, open/free models, local inference, workflow caching, agent specialization, evaluation, and provider fallback so high-class AI operations can become globally accessible rather than expensive enterprise-only tooling.

Reality boundary

Already in place: live migration pages, Cloudflare deploy path, partial Odoo/Slack foundation, old OpenClaw agent/cron readout, VPS Docker visibility, task board. Not yet complete: remote GitHub source sync, RuntimeContracts for every service, enforced CompanyOS registry, production watcher system, full tenant isolation proof, full Odoo/Slack command-room automation, and global replication playbooks.

Breakdown · 33 phases · 51 categories

Where the 139 tasks live

Phase distribution charted below; the full category list (every family, every count) is in the collapsible table.

By category

All 51 categories · 139 tasks
CategoryTasks
AI R&D / Global Accessibility1
Agents / Centralized System10
Command Reset / Control Plane2
Company Boundaries / Kitty / BCCL2
CompanyOS / Agent Enforcement1
CompanyOS Schemas1
Dashboards / Reporting5
Evidence / Privacy / Compliance1
GitHub Ops5
GitHub Ops / Handoffs1
GitHub Ops / Runtime1
GitHub Ops / Security1
GitHub Ops / Source-of-Truth Blocker1
GitHub Ops / Tenant Boundaries1
Governance / Planning1
Governance / Risk Register1
LLM Council / Model Access Reality1
Marketing / Postiz / Social Automation4
Migration Routes / Link Contract1
Modern Manager2
Observability / SLO / Incident Response1
Obsidian / Knowledgebase / Evidence7
Odoo + Slack Pilot / Approval-Controlled Writes1
Odoo + Slack Reality1
Odoo + Slack Validation1
Odoo Automation19
OpenClaw Legacy Crons / Watcher Factory2
OpenClaw Legacy Fleet / Role Registry4
Operating Rhythm / Reporting1
Postiz / Social Automation Reality1
Reality Audit / Page Truth1
Runtime / Business Apps1
Runtime / DNS / Cloudflare3
Runtime / Dokploy / Old Docker10
Runtime / Edge / Proxies1
Runtime / Health / Incidents1
Runtime / Legacy AI Tools1
Runtime / Old Docker / Cleanup1
Runtime / Security1
Runtime / VPS / Backup1
Runtime / VPS Reality1
Runtime / Verification1
Runtime / Watchers1
Slack Control Room11
Task Board / Validation4
Tenant / Associate Operations Reality1
Tenant / Client / Associate Template11
Trillion-Scale Company Architecture2
Watchers / Old Cron Revival1
Websites / Subdomains3
Websites / Subdomains / Privacy1
Execution board · all 139 tasks · full text preserved

The board

Each column is collapsible. Every task keeps its full source record: ID, phase, size, category, owner, source, evidence/state, and acceptance criteria. Nothing was shortened or dropped.

139 / 139 tasks shown
NOW / DO FIRST58 tasks

Unlocks other work or prevents agents from repeating old mistakes.

T-000NOWPhase 00 · size M

Create this live Kanban task page as the execution handoff

CategoryCommand Reset / Control Plane
OwnerHermes operator
SourceSam request 2026-06-03; /migration/plan immediate backlog
Evidence / state/migration/task live page + worker marker
AcceptanceTask page shows category-wise + phase-wise work list, blockers, evidence, and next actions.
T-001NOWPhase 00 · size M

Create master migration GitHub issue and evidence index

CategoryCommand Reset / Control Plane
OwnerHermes + GitHub PMO
SourcePlan Phase 00; LLM council issue #1 recommendation
Evidence / stateGitHub issue missing; GitHub push token currently 403
AcceptanceMaster issue links /migration, /migration/plan, /migration/task, evidence folder, runtime map, and active blockers.
T-103NOWPhase 00 · size M

Create single canonical task-board source and sync validator

CategoryTask Board / Validation
OwnerTask board maintainer
SourceGoal-level file audit found source drift: HTML/JSON/self-audit/markdown/deploy evidence/generator disagreed after Postiz add
Evidence / statepublic/migration/task/index.html said 93; self-audit/deploy evidence still said 92; scripts/generate_migration_tasks_page.py had only 45 hard-coded tasks
AcceptanceOne canonical JSON/YAML source generates HTML, markdown, self-audit, deploy evidence, and worker; CI/local validator fails on count/id/source drift.
T-104NOWPhase 00 · size M

Create source-to-task ledger schema with chunk/line refs and confidence

CategoryTask Board / Validation
OwnerEvidence coverage verifier
SourceGlobal synthesis and Sam required chunk-by-chunk proof, not vague summaries
Evidence / stateevidence/global-research-synthesis-migration-plan-20260603.md source-to-plan ledger requirement; file audit flagged missing concrete schema
Acceptancesource-to-task-ledger.schema plus populated ledger maps source file/url/session, chunk/line/message id, finding, confidence, task ids, acceptance, hash.
T-105NOWPhase 00 · size M

Create 20-day session-search coverage ledger and timeout recovery pass

CategoryTask Board / Validation
OwnerSession evidence auditor
SourceGoal-level session subagent timed out after 28 API calls; partial session searches found plan/council/tenant/Postiz/social items
Evidence / statedelegate_task timeout for session auditor; session_search hits around message ids 28780, 29255, 29257, 29259 and associate result saved to /tmp/hermes-results
AcceptanceLedger records every query, sessions searched, hits, misses, timeouts, retry strategy, and task mappings; no 100% claim unless all relevant sessions are represented.
T-137NOWPhase 00 · size M

Keep /migration, /migration/plan, and /migration/task aligned with verified integration reality

CategoryReality Audit / Page Truth
OwnerHermes reality auditor
SourceSam asked to audit against the claim that operating rails are incomplete and update all three pages
Evidence / stateevidence/reality-audits/integration-reality-audit-20260605.md/json
AcceptanceAll three live pages show current verified state: Cloudflare live display works; GitHub source-of-truth blocked; VPS runtime unreconciled; OpenClaw roles/crons read but not active CompanyOS; Odoo/Slack partial foundation only.
T-146NOWPhase 00 · size L

Make the trillion-scale all-industry company structure explicit on migration pages

CategoryTrillion-Scale Company Architecture
OwnerCompanyOS architect + Sam
SourceSam asked whether anyone reading the pages can understand the full trillion USD company structure with all industries, departments, services, tenants, clients, and associates
Evidence / statetrillion-scale-company-structure-audit-20260605 found prior pages had GitHub/VPS/Odoo/Slack/OpenClaw detail but zero explicit trillion/all-industry/country framing
Acceptance/migration and /migration/plan include target company stack, industry coverage, department factory, service catalog, tenant replication model, MLG/MLH first proof tenant, AI R&D mandate, and an honest not-done boundary.
T-018FNOWPhase 02 · size L

Reconcile every live container/domain to GitHub repo/source/branch/commit

CategoryGitHub Ops / Runtime
OwnerGitHub PMO + runtime agent
SourceGitHub must be control plane; runtime contracts need repo/artifact/commit
Evidence / stateSome containers have repo labels; many old/manual services source unknown
AcceptanceEvery service row is known repo, compose-only, image-only, local path, SaaS, unknown, or orphan; unknowns create recovery/archive tasks.
T-018GNOWPhase 02 · size L

Inventory GitHub org/repo/account boundaries for Viewport, Modern Lao, BCCL, clients and associates

CategoryGitHub Ops / Tenant Boundaries
OwnerGitHub PMO + tenant security
SourceSam requires separate clients/associates repos/accounts where appropriate
Evidence / stateviewport-corp/viewport-ops write blocked; tenant repo/account boundary not fully mapped
AcceptanceEach repo has owner org/user, tenant, purpose, services, branch protection, issue/PR gates, CODEOWNERS, secret location names only, archive policy.
T-125NOWPhase 02 · size M

Verify PAT revocation and council state gate before more council runs

CategoryGitHub Ops / Security
OwnerSecurity/GitHub PMO
SourceCouncil docs require leaked PAT revocation gate
Evidence / stateMigration/council/AGENTS.md refers to STATE.md pat_revoked false examples; latest validation only checks no PAT embedded in remote URL
AcceptanceSTATE.md/current evidence records PAT revoked true or explicit blocked status; council runs blocked if false/missing; no secret values exposed.
T-138NOWPhase 02 · size L

Repair GitHub push/write and remote source-of-truth sync for migration pages

CategoryGitHub Ops / Source-of-Truth Blocker
OwnerGitHub PMO
SourceReality audit found local branch ahead and GitHub branch/path not readable via MCP
Evidence / stateLocal branch ahead 6 commits; gh CLI missing; GitHub MCP get_file_contents for ops/openclaw-github-flow-44 public/migration/task/index.html returned Not Found
AcceptanceRemote GitHub branch contains current migration pages, ledger, evidence; PR/issue exists; CI validates task/page counts; Cloudflare deploy source references the committed GitHub artifact.
T-020NOWPhase 03 · size L

Decide and document agent architecture: Hermes centralized system vs OpenClaw legacy reuse

CategoryAgents / Centralized System
OwnerHermes architect
SourceSam asked if OpenClaw same agents will be in Hermes
Evidence / statePlan says agents=seats; OpenClaw runtime exists but not trusted as source of truth
AcceptanceDocument states which agents live in Hermes, which OpenClaw agents are reference-only, how tasks route, and what is verified.
T-021NOWPhase 03 · size L

Create active agent roster and readiness levels

CategoryAgents / Centralized System
OwnerAgent systems engineer
SourcePlan Phase 11 and Modern Manager requirement
Evidence / stateNo verified active roster page yet
AcceptanceRoster lists Department Lead, Worker, Reviewer, Verifier, Approval Router, Operator, Watcher, Evidence Auditor with R0-R5 readiness.
T-026NOWPhase 03 · size L

Create canonical Role/Seat/Lease registry for Hermes + OpenClaw

CategoryAgents / Centralized System
OwnerAgent systems architect
SourceSam asked if OpenClaw same agents will be in Hermes; CompanyOS says roles/seats/leases
Evidence / stateCurrent board has roster but no canonical registry proving role != runtime seat
AcceptanceRegistry defines role_id, runtime seats, readiness, tools, approval authority, current lease, reviewer/verifier, last verified evidence; one executor per task.
T-109NOWPhase 03 · size L

Create Modern Manager config package: role, seat, routing, authority, bootstrap

CategoryModern Manager
OwnerModern Manager architect
SourceFile audit found Modern Manager is under-modeled as identity only
Evidence / stateevidence/agents/modern-manager-agent-design-20260603.md requires roles/modern-manager.yaml, seats, channel routing, authority file, bootstrap task packet
AcceptanceConfig files define Modern-only scope, runtime seats, Slack/Odoo/GitHub/VPS tools, authority classes, escalation, bootstrap task packet, readiness test.
T-115NOWPhase 03 · size L

Upgrade task-packet, task-lease, and runtime-seat schemas to match board acceptance rules

CategoryCompanyOS Schemas
OwnerCompanyOS schema engineer
SourceFile audit found schemas are thinner than board requirements
Evidence / stateviewport-company-os/tasks/task-packet.schema.yaml, task-lease.schema.yaml, agents/runtime-seats.schema.yaml lack reviewer/verifier/tests/rollback/approvals/source refs/dependencies/backup seat
AcceptanceSchemas include tenant, department, evidence refs, owner/executor/reviewer/verifier, approvals, files/routes, tests, rollback, dependencies, heartbeat, takeover, backup seat, authority/readiness/tool scope.
T-131NOWPhase 03 · size L

Reconcile old OpenClaw fleet counts and preserve full role roster

CategoryOpenClaw Legacy Fleet / Role Registry
OwnerLegacy OpenClaw archivist + CompanyOS architect
SourceSam explicitly required reading old OpenClaw agents, roles, and crons; verified backup differs from memory count
Evidence / stateopenclaw-legacy-agents-crons-audit-20260605: 24 configured agent seats, 25 workspace-doc folders, 50 legacy cron jobs; prior memory said 26/48
AcceptanceProduce canonical roster explaining 24 vs 25 vs 26 and 50 vs 48, with source paths, role names, departments, workspaces, heartbeat channels, and disposition: keep role / merge / retire / needs review.
T-132NOWPhase 03 · size XL

Map every old OpenClaw agent into CompanyOS role → runtime seat model

CategoryOpenClaw Legacy Fleet / Role Registry
OwnerAgent factory architect
SourceOld fleet readout shows a real company-like roster, not generic agent ideas
Evidence / stateConfig seats include VIEWPORT, CodeX, Scout, Atlas, Verify, Eye, Performer, Forge, Ledger, Closer, Amplify, Shield, Advocate, Prism, Sentinel, Mentor, Auditor, Recruiter, Catalyst, Palette, Quill, Canvas, Hypothesis, Metric; workspace docs also include Crisis and others
AcceptanceEach old agent gets CompanyOS department, role archetype, authority class, tools/skills, readiness target, Hermes/OpenClaw/future runtime seats, reviewer/verifier pairing, approval gates, and first task packet.
T-140NOWPhase 03 · size XL

Turn old OpenClaw roles into enforced GitHub/Odoo/Slack/GSD operating rails

CategoryCompanyOS / Agent Enforcement
OwnerCompanyOS architect
SourceReality audit confirms roles/crons existed but were not centralized under current operating rails
Evidence / state24 config seats, 25 role folders, 50 legacy crons; fresh OpenClaw has 1 cron; gsd-ralph-loop.yaml exists but enforcement not proven
AcceptanceAgent registry, queue assignment, task lease, watcher specs, GSD/Ralph check, Slack/Odoo/GitHub evidence output, reviewer/verifier pairing, and pause/override controls are enforced for at least MLG/MLH pilot.
T-010NOWPhase 04 · size L

Take full read-only VPS runtime inventory snapshot

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime/SRE agent
SourcePlan Phase 04; Sam old Docker migration concern
Evidence / statePartial docker ps observed; full JSON snapshot missing
AcceptanceEvidence file records Docker containers/images/networks/ports/volumes/health, Dokploy DB apps/composes, Traefik dynamic configs, no secret values.
T-011NOWPhase 04 · size L

Classify every live container: KEEP / MIGRATE / ARCHIVE / DELETE-LATER / UNKNOWN / DO-NOT-TOUCH

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime/SRE agent
SourcePlan GitHub+VPS model
Evidence / stateContainers observed: modernlao-site, mlh-api-handler, mlg-auth-gate, mlh-client-portal, dokploy, openclaw, hermes-bccl, odoo, etc.
AcceptanceEach container has service owner, domain/path, repo/source, current risk, and migration decision.
T-012NOWPhase 04 · size L

Build Runtime Source-of-Truth rows for every MLH/MLG domain

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime/SRE agent
SourceRuntime Source-of-Truth Phase
Evidence / stateOnly legal.modernlaohomes.com has detailed row
AcceptanceRows exist for modernlaohomes.com, www, clients.modernlaohomes.com, legal, sign, investor, clients.modernlao.com, modernlao.com, Odoo, migration worker.
T-018ANOWPhase 04 · size L

Audit edge/proxy ownership conflict: Dokploy Traefik vs Coolify Traefik vs NPM vs Cloudflare

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime/SRE agent
Sourceold Docker service scan; legal route incident; active Dokploy/Coolify/Traefik/NPM concerns
Evidence / stateDokploy and Coolify both live; manual Traefik dynamic config controls important routes
AcceptanceMatrix declares primary edge owner and rollback owner per domain; conflicts and unhealthy proxy paths documented read-only.
T-018BNOWPhase 04 · size L

Export Dokploy app/domain inventory and reconcile with Traefik dynamic config

CategoryRuntime / Dokploy / Old Docker
OwnerDokploy/runtime agent
Sourcelegal route not clean in Dokploy DB; dynamic config file owns route
Evidence / stateevidence/runtime/domain-service-map-20260603.md
AcceptanceDokploy apps/composes/domains/build sources/status exported with env redacted; dynamic routes classified keep/migrate/archive/unknown.
T-018DNOWPhase 04 · size M

Audit Docker socket, privileged containers, host mounts, and admin UIs

CategoryRuntime / Security
OwnerSecurity/runtime agent
SourceOpenClaw and platform tools have powerful host mounts; old Docker scan flagged Docker socket exposure
Evidence / stateOpenClaw has docker.sock and broad mounts; other admin surfaces need inventory
AcceptanceList all high-privilege containers with tenant, purpose, exposure, auth boundary, risk, recommended action; no permission changes.
T-018ENOWPhase 04 · size M

Run VPS disk/volume/backup audit before any cleanup

CategoryRuntime / VPS / Backup
OwnerBackup/runtime agent
Sourceold Docker cleanup cannot happen before backup/restore proof
Evidence / stateDocker volumes/images/services numerous; no prune/delete approved
Acceptancedf, volume list, image/container sizes, largest volumes, backup locations, restore-test status and cleanup candidates recorded; destructive tasks blocked.
T-116NOWPhase 04 · size XL

Turn current Docker snapshot into per-container task rows and RuntimeContract stubs

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime inventory agent
SourceGoal-level runtime audit listed live/exited containers and compose labels
Evidence / stateRead-only docker ps found modernlao-site, mlh-comms-vault-api, openclaw, mlg-auth-gate, mlh-client-portal, dokploy, coolify, mlh-api-handler, hermes-bccl, docuseal, saathi, n8n, mem0, portainer, odoo, langfuse, nextcloud, openhands, openwebui, council, etc.
AcceptanceEvery container/group has KEEP/MIGRATE/ARCHIVE/DELETE-LATER/UNKNOWN/DO-NOT-TOUCH, repo/source, domain/port, health, network, volume, backup, rollback, owner, approval class.
T-117NOWPhase 04 · size M

Investigate unhealthy legacy services without stopping them

CategoryRuntime / Health / Incidents
OwnerSRE agent
SourceRuntime audit found unhealthy containers
Evidence / statesaathi-app-1 unhealthy; origin-backend unhealthy; platformx-nextcloud unhealthy; others healthy/up
AcceptanceRead-only health logs/status summary captured, tenant/business relevance classified, fix/archive/migrate recommendation created; no restart/stop/delete without approval.
T-118NOWPhase 04 · size L

Map active edge/proxy stack conflicts with exact container/route ownership

CategoryRuntime / Edge / Proxies
OwnerEdge/proxy SRE
SourceRuntime audit confirmed Dokploy Traefik, Coolify, and platformx-nginx/NPM all exist
Evidence / statedokploy-traefik binds 80/443; coolify runs 8000; platformx-nginx runs NPM on internal 80/443/81; Cloudflare Worker serves viewport.llc/migration
AcceptancePer-domain route declares edge owner, internal proxy owner, config file/database, route priority, auth, rollback, and conflict/removal plan.
T-139NOWPhase 04 · size XL

Convert current 72-container VPS reality into RuntimeContracts

CategoryRuntime / VPS Reality
OwnerRuntime/SRE lead
SourceReality audit verified current Docker state differs from older report metrics
Evidence / stateRead-only VPS check: 72 total containers, 65 running, 3 unhealthy: saathi-app-1, origin-backend, platformx-nextcloud; Dokploy, Coolify, Traefik, and NPM coexist
AcceptanceEach current container has status, owner, tenant, repo/source, domain/route, proxy owner, healthcheck, backup, rollback, keep/migrate/archive/unknown disposition, and mutation approval class.
T-018CNOWPhase 05 · size XL

Create per-service RuntimeContract backlog for old Docker useful services

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime/SRE agent
Sourceold Docker scan found many useful live services; Sam says old Docker reference migration never finished
Evidence / stateLive containers include Modern Lao, Odoo, OpenClaw, Hermes BCCL, n8n, Nextcloud, AI/memory/observability and legacy product services
AcceptanceOne stub/card per service group with containers, domains/ports, tenant, source, volumes, networks, health, backup, rollback, owner, classification, approval class.
T-018NOWPhase 06 · size M

Complete Cloudflare account/contact/access audit for new Viewport email

CategoryRuntime / DNS / Cloudflare
OwnerDNS/runtime agent
SourceSam update: Cloudflare email changed to contactviewport@gmail.com; domain registry requires Cloudflare zone/account data
Evidence / stateOld iam@vishalchavan.com auth failed; new account email not yet verified safely
AcceptanceRead-only proof records account/contact owner, zones, DNS provider, registrar, SSL mode, token owner class by name only, no secrets; mutations remain approval-gated.
T-019NOWPhase 06 · size L

Build complete Cloudflare DNS record inventory for all active domains/subdomains

CategoryRuntime / DNS / Cloudflare
OwnerDNS/runtime agent
Sourcedomain-registry.yaml incomplete; domain-service-map only detailed legal.modernlaohomes.com
Evidence / stateMissing record IDs for MLH/MLG/Viewport/BCCL routes
AcceptanceEach zone/record has name,type,target,proxied,TTL,audience,auth,tenant,rollback,last verified,DNS+HTTPS verification command; no secrets.
T-121NOWPhase 06 · size M

Export Cloudflare Worker/routes/DNS inventory into evidence with no secrets

CategoryRuntime / DNS / Cloudflare
OwnerCloudflare/DNS agent
SourceCloudflare was fixed with new email but full inventory still not recorded
Evidence / stateAccount auth with contactviewport@gmail.com works; worker routes include viewport-migration-report for viewport.llc/migration*; zone DNS not fully catalogued
AcceptanceEvidence lists zones, worker scripts, routes, DNS record names/targets/proxy status, SSL mode, account id prefix only, last verified; no token/key values.
T-030NOWPhase 07 · size M

Decide and document Obsidian vault strategy for Viewport Knowledgebase

CategoryObsidian / Knowledgebase / Evidence
OwnerKnowledgebase agent
SourceSam asked Obsidian vault add to Viewport Knowledgebase or create something else
Evidence / stateObsidian skill loaded; vault path/structure not verified
AcceptanceDecision doc states vault path, repo sync model, what goes in Obsidian vs GitHub vs live migration page.
T-034NOWPhase 07 · size M

Define Obsidian/GitHub/Odoo/Slack source-of-truth boundaries

CategoryObsidian / Knowledgebase / Evidence
OwnerKnowledgebase architect
SourceSam asked whether Obsidian becomes Viewport Knowledgebase or something else
Evidence / stateCurrent board only says decide vault strategy
AcceptanceBoundary doc: GitHub tasks/contracts/evidence, Odoo business records, Slack approvals, Obsidian curated brain; Obsidian not sole source for approvals/tasks/secrets/customer evidence.
T-040NOWPhase 12 · size L

Export live Odoo installed modules/models/fields/stages/permissions/record counts

CategoryOdoo Automation
OwnerOdoo functional agent
SourcePlan Phase 12; LLM council trust requirement
Evidence / stateValidation script verifies some Odoo state; full model export missing
AcceptanceVersioned CSV/JSON export with no secrets; risky records checked; app coverage mapped.
T-090NOWPhase 13 · size M

Create Odoo Contacts/master-data/dedupe/import policy

CategoryOdoo Automation
OwnerOdoo data steward
SourceOdoo matrix global rules and CRM dedupe requirements
Evidence / stateLead/vendor/customer workflows unsafe without master-data policy
AcceptancePolicy defines tags, MLG/MLH lane, source attribution, dedupe keys, import rehearsal, owner, privacy class, blocked deletes; duplicate clicks do not create duplicates.
T-113NOWPhase 13 · size L

Generate Odoo write-policy.yaml from live model export and feature matrix

CategoryOdoo Automation
OwnerOdoo policy engineer
SourceFile audit found Odoo policy-as-code missing
Evidence / stateodoo feature automation matrix global rules, finance/sales/CRM/website/inventory/purchase controls; live model export task exists but policy generator missing
AcceptanceYAML maps each app/model/action to L0/L1/L2/L3/HOLD with risk, Slack approval path, GitHub evidence path, rollback, and test cases.
T-050NOWPhase 14 · size L

Create production Slack app spec from matrix

CategorySlack Control Room
OwnerSlack app engineer
SourcePlan Phase 14; Slack matrix 760 lines
Evidence / stateChannels and bot auth validated; production app endpoints not verified
AcceptanceManifest/scopes/commands/events/interactivity/modals/app-home/workflow steps defined with signing, retries, idempotency, rate limits.
T-111NOWPhase 14 · size L

Convert Slack control-room matrix into manifest, slash-command, modal, action, event schemas

CategorySlack Control Room
OwnerSlack app engineer
SourceFile audit found broad Slack task too thin for 760-line matrix
Evidence / stateevidence/slack/mlg-mlh-slack-control-room-automation-matrix-20260603.md channel, slash-command, message action, modal, workflow sections
AcceptanceRepo has Slack manifest, slash command schemas, modal payload schemas, action routing map, event subscription/scopes register, idempotency store spec, sandbox tests.
T-051NOWPhase 15 · size M

Verify all required Slack channels, topics, bot membership, and purpose

CategorySlack Control Room
OwnerSlack ops agent
SourcePlan Phase 15
Evidence / stateOdoo/Slack validator currently passes 15/0 after worker marker fix
AcceptanceChannel IDs/evidence file current, bot member where needed, approval/audit/control channels documented.
T-055NOWPhase 15 · size M

Define Gary/team Slack access and approver-role roster

CategorySlack Control Room
OwnerSlack ops + Sam
SourceSam wants Gary/team access through Slack connected to Odoo
Evidence / stateBot/channel validation exists; human access/approver mapping not proven
AcceptanceMatrix lists person/role, Slack user ID, allowed channels, approval authority, Odoo role/company lane, privacy tier, offboarding; Sam approves membership/authority.
T-106NOWPhase 24 · size M

Map Postiz automation package to GitHub repo/source-of-truth

CategoryMarketing / Postiz / Social Automation
OwnerGitHub PMO + marketing automation
SourceSam explicitly asked to include Postiz GitHub repo; GitHub public search found no matching public repo
Evidence / stateGitHub search for "MLH Postiz Automation Handoff" and "postiz-automation" returned 0 public results; local evidence has package under modern-lao-deep-read
AcceptanceRecord actual GitHub org/repo/path/branch or create task to publish private repo; link README/HANDOFF/config/workflows/prompts/examples; no secrets committed.
T-016NOWPhase 25 · size L

Run public/client/investor/legal subdomain QA across desktop/tablet/mobile

CategoryWebsites / Subdomains
OwnerWebsite QA agent
SourceSam launch-critical QA standard
Evidence / stateLegal route works; full matrix not complete
AcceptanceQA matrix covers auth gates, redirects, page load, Hypothesis if required, public/private leakage, mobile/tablet/desktop.
T-018HNOWPhase 25 · size L

Complete domain/subdomain source-of-truth rows for MLH/MLG/Viewport/BCCL

CategoryWebsites / Subdomains
OwnerWebsite/runtime QA agent
SourceSam says subdomains never got fixed/created/managed; runtime map only detailed legal route
Evidence / statemodernlaohomes.com, www, clients, legal, sign, investor, modernlao.com, Odoo, migration, BCCL routes need rows
AcceptanceEach row includes audience, auth/noindex expectation, serving app/container, proxy owner, Cloudflare record, repo/source, healthcheck, rollback, approval class, last verified.
T-018INOWPhase 25 · size L

Run public/private/auth/noindex leakage verification matrix

CategoryWebsites / Subdomains / Privacy
OwnerWebsite QA + privacy verifier
SourceMLH public site and client/private/investor/legal routes must not mix
Evidence / stateMemory and domain registry warn public-site/client-portal separation
AcceptanceEvery route has HTTP→HTTPS, auth, robots/noindex, anonymous leakage, status/redirect/final title, mobile/tablet/desktop evidence; leakage opens incident.
T-123NOWPhase 26 · size L

Create evidence/privacy compliance control map

CategoryEvidence / Privacy / Compliance
OwnerPrivacy/compliance agent
SourceLLM council and file audit flagged GDPR/CCPA/NIST/OWASP controls missing as explicit tasks
Evidence / stateopenrouter council review, global synthesis privacy warnings, tenant isolation/privacy risks
AcceptanceMap GDPR/CCPA/NIST AI RMF/OWASP LLM controls to evidence vault fields, Odoo records, Slack approvals, retention, DSAR/export/delete-hold, public publishing validator.
T-133NOWPhase 28 · size XL

Convert all 50 old OpenClaw cron jobs into GitHub-first watcher archetypes

CategoryOpenClaw Legacy Crons / Watcher Factory
OwnerWatcher factory engineer
SourceLegacy cron roster read from /home/openclaw/.openclaw.bak.delivery/cron_jobs.json
Evidence / state50 enabled crons: morning brief, QA, strategy, health, cost, arxiv, GitHub releases, social/competitor/tool scans, self-improvement, skill discovery, sales/content/marketing/bizdev/customer/legal/hiring/training/analytics/media/ops/innovation/experiments/benchmarks/backup/Mac-VPS sync
AcceptanceEvery old cron becomes one watcher spec with purpose, schedule, owner role, inputs, outputs, approval class, destination, safe read-only mode, GitHub issue/evidence path, and disabled/observe-only status until approved.
T-134NOWPhase 28 · size M

Explain fresh OpenClaw cron gap: legacy 50 crons vs current fresh 1 cron

CategoryOpenClaw Legacy Crons / Watcher Factory
OwnerFresh OpenClaw runtime auditor
SourceRead current fresh cron dir after legacy audit
Evidence / stateLegacy backup has 50 jobs; `/srv/viewport/runtime/openclaw-fresh/config/cron/jobs.json` has 1 current job
AcceptanceReport what was intentionally left behind, what should be rebuilt as CompanyOS watchers, what should never be revived, and what must wait for GitHub/source/approval.
T-144NOWPhase 28 · size XL

Rebuild 50 legacy OpenClaw crons as observe-only CompanyOS watchers before enabling autonomy

CategoryWatchers / Old Cron Revival
OwnerWatcher factory engineer
SourceSam asked why agents/crons did not finish work; audit confirms crons existed but current fresh runtime only has 1 cron
Evidence / stateopenclaw-legacy-agents-crons-audit-20260605: 50 enabled legacy cron definitions; fresh OpenClaw cron count 1
AcceptanceEach legacy cron becomes a safe watcher with read-only inputs, GitHub issue/evidence output, Slack/Odoo destination, tenant scope, error handling, pause switch, and approval class; no blind self-healing.
T-080NOWPhase 29 · size M

Make /migration/task the active handoff board

CategoryDashboards / Reporting
OwnerDashboard agent
SourceSam explicit request
Evidence / stateLive URL pending deployment in this run
AcceptancePublic page renders tasks grouped by column, phase, category, and shows blockers and evidence.
T-126NOWPhase 29 · size S

Normalize migration page route/link contract for Slack/Odoo exports

CategoryMigration Routes / Link Contract
OwnerRoute validator
SourceFile audit found local static paths and Worker public routes disagree
Evidence / stateNav uses /migration/public/slack and /migration/public/odoo; local tree has public/migration/slack/index.html and public/migration/odoo/index.html; live public routes returned 200
AcceptanceCanonical routes documented; Worker/local/nav/evidence agree; validator checks /migration/slack, /migration/odoo, /migration/public/slack, /migration/public/odoo behavior.
T-060NOWPhase 33 · size L

Define tenant template with separate GitHub repo/account/runtime rules

CategoryTenant / Client / Associate Template
OwnerTenant factory agent
SourceSam said separate clients/associates need separate GitHub accounts and repos
Evidence / stateTenant template exists conceptually; client/associate runtime installs not verified
AcceptanceTemplate defines repo/fork, GitHub account/org, runtime home, container, ports, Slack/Odoo mapping, DNS ownership, secrets boundary, onboarding/offboarding.
T-064NOWPhase 33 · size L

Create canonical tenant.yaml templates for Viewport, MLG, and MLH

CategoryTenant / Client / Associate Template
OwnerTenant factory agent
SourceDepartment template says tenant configs are first-class; current board generic
Evidence / stateNo verified tenant instance files for viewport/mlg/mlh
AcceptanceConfigs include tenant type, brands, domains, Slack prefixes, Odoo mapping, GitHub org/repo, runtime seats, evidence root, privacy tier, approval authorities.
T-066NOWPhase 33 · size L

Create tenant architecture decision matrix for clients/associates/partners

CategoryTenant / Client / Associate Template
OwnerTenant security + business architect
SourceSam wants separate GitHub accounts/repos but policy must decide when
Evidence / stateCurrent board implies separation but not decision logic
AcceptanceMatrix covers internal, portfolio company, client, associate, partner; GitHub/Odoo/Slack/runtime/Cloudflare/billing/offboarding/approval choices.
T-130NOWPhase 34 · size L

Prove technical tenant/client/associate isolation mechanisms, not just policy

CategoryTenant / Client / Associate Template
OwnerTenant isolation verifier
SourceCouncil reviews flagged tenant isolation guarantees missing
Evidence / stateBoard has tenant template but not concrete Docker/Odoo/Slack/GitHub/Cloudflare isolation mechanisms/tests
AcceptanceTests prove separate tenant cannot access other tenant GitHub paths, Slack channels, Odoo records, runtime env, DNS zones, evidence files, agent memories; offboarding/export/destruction-hold paths verified.
T-100NOWPhase 36 · size M

Create formal risk register and dependency graph for migration

CategoryGovernance / Risk Register
OwnerRisk/reviewer agent
SourceLLM council repeated gaps: risk, dependencies, rollback, timeline, owners
Evidence / statePlan lists gaps but no formal register verified
AcceptanceRegister has risk, likelihood, impact, owner, mitigation, rollback trigger, dependencies, status, evidence path; dependency graph links phases/tasks.
NEXT73 tasks

Ready after NOW tasks or required evidence exists.

T-003NEXTPhase 02 · size M

Create task packet template with required fields

CategoryGitHub Ops
OwnerGitHub PMO agent
SourcePlan task packet doctrine
Evidence / stateCurrent plan says task packet fields but no enforced template verified
AcceptanceTemplate includes tenant, department, goal, evidence, owner, lease, risk, approvals, routes/files, tests, rollback, verifier.
T-004NEXTPhase 02 · size M

Create PR gate checklist and no-secret/evidence/runtime-contract checks

CategoryGitHub Ops
OwnerGitHub PMO agent
SourcePlan PR gate + LLM council
Evidence / stateNo verified branch protection/check workflow yet
AcceptancePR template/checklist requires issue, task packet, validation output, no-secret scan, runtime contract if runtime touched, approval class.
T-005NEXTPhase 02 · size L

Create automated migration/task validator

CategoryGitHub Ops
OwnerGitHub PMO + CI agent
SourceCurrent Odoo/Slack validator pattern
Evidence / statescripts/validate_odoo_slack_integration.py exists; task-page validator missing
AcceptanceCI/local script verifies /migration/task contains all phase categories, blocked items, and source/evidence links.
T-124NEXTPhase 02 · size M

Create migration handoff and micro-job schemas/templates

CategoryGitHub Ops / Handoffs
OwnerGitHub PMO
SourceControl-plane docs require handoff/micro-job templates but board did not model them explicitly
Evidence / statemigration-control-plane plans mention tasks/micro-job.template.yaml, tasks/handoff.template.yaml/schema; Migration/council/handoff/template.md thin
AcceptanceSchemas/templates define goal, source evidence, owner, executor, dependencies, approvals, files/routes, tests, rollback, verifier, handoff path; lease validator requires valid handoff.
T-022NEXTPhase 03 · size L

Create durable Kanban/agent dispatch board for migration work

CategoryAgents / Centralized System
OwnerHermes/Kanban operator
SourceSam requested Kanban handoff + autonomous corporate structure
Evidence / stateThis static task page exists; durable Hermes Kanban board not verified for this migration
AcceptanceHermes Kanban board contains cards matching this page, assigned profiles, dependencies, and visible dashboard/status.
T-027NEXTPhase 03 · size M

Convert OpenClaw 26-agent map into CompanyOS role proposals, not live agents

CategoryAgents / Centralized System
OwnerLegacy OpenClaw archivist
SourceOpenClaw legacy has useful agents but not trusted as healthy source-of-truth
Evidence / stateOpenClaw runtime healthy but powerful; legacy instructions may be unsafe/broad
AcceptanceEach legacy agent marked reuse_as_role/reference_only/retire/needs_review; unsafe legacy instructions quarantined; no live agent without readiness/authority gates.
T-028NEXTPhase 03 · size M

Define Hermes/OpenClaw coordination protocol and fallback inbox

CategoryAgents / Centralized System
OwnerHermes/OpenClaw bridge engineer
SourceNeed centralized agent system with durable task handoff
Evidence / stateGitHub, Telegram, OpenClaw, Hermes paths exist but coordination protocol incomplete
AcceptanceProtocol defines GitHub issue/comment, visible ops update, request/response file, Hermes bridge, fallback webhook/GitHub Action intake if a runtime seat is unavailable.
T-029NEXTPhase 03 · size M

Implement task lease validator and duplicate-work guard

CategoryAgents / Centralized System
OwnerGitHub PMO + CI agent
SourceAgent lease system promised; avoid multiple agents silently doing same task
Evidence / statetask-lease schema exists but board does not enforce it
AcceptanceCI/local validator rejects duplicate active leases; timeout/takeover rules documented; issue/board shows owner and backup seat.
T-110NEXTPhase 03 · size M

Implement Modern Manager intake/routing schema for WhatsApp/Telegram/Slack

CategoryModern Manager
OwnerModern Manager integration engineer
SourceDesign requires inbound edge schema and risk classification
Evidence / statemodern-manager-agent-design lines specify conversation_id, message id, sender_hash, tenant_id, privacy_tier, risk_class, evidence_path
AcceptanceEvery inbound message becomes structured intake with privacy/risk/tenant, evidence path, Slack thread, Odoo/GitHub linkage; approvals mirrored across systems.
T-135NEXTPhase 03 · size L

Read and extract each old workspace SOUL/AGENTS/TOOLS/MEMORY into reusable role profiles

CategoryOpenClaw Legacy Fleet / Role Registry
OwnerAgent training lead + Mentor role
SourceWorkspace docs contain much richer role instructions than current board captured
Evidence / state25 workspace folders each contain SOUL/AGENTS/IDENTITY/TOOLS/MEMORY/BOOTSTRAP-style docs; audit JSON stores headings/job extracts
AcceptanceFor each role, extract mission, red lines, tools, skills, collaboration partners, delivery protocol, crons, memory laws, and outdated/unsafe assumptions; save as CompanyOS role profile without secrets.
T-136NEXTPhase 03 · size M

Use old OpenClaw role design to upgrade MLG/MLH and tenant/associate department templates

CategoryOpenClaw Legacy Fleet / Role Registry
OwnerBusiness operating-model architect
SourceOld OpenClaw already modeled many enterprise functions Sam expects not to waste
Evidence / stateOld roles span CEO, Engineering, Revenue, Finance, Marketing, Legal, CS, Ops, Intelligence, Training, Hiring, Innovation, Brand, Content, Media, Experiments, Benchmarking
AcceptanceDepartment template for MLG/MLH/client/associate maps old role lessons into modern GitHub/Odoo/Slack/RuntimeContract structure while separating legacy PlatformX assumptions from current Viewport/Modern Lao needs.
T-013NEXTPhase 05 · size L

Create RuntimeContract schema and registry

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime/SRE + GitHub PMO
SourcePlan Phase 05; LLM council repeated gap
Evidence / stateNo runtime_contracts.yaml verified
AcceptanceGit-tracked registry lists service, domain/path, container, deploy method, repo, healthcheck, ports, volumes, secret names only, backup, rollback, owner, status.
T-014NEXTPhase 05 · size M

Migrate legal portal route from manual Traefik dynamic route to clean Dokploy app/compose contract

CategoryRuntime / Dokploy / Old Docker
OwnerRuntime/SRE agent
SourceLegal domain incident
Evidence / state/etc/dokploy/traefik/dynamic/modernlao-transition.yml backup exists
AcceptanceDokploy app/compose record cleanly owns legal.modernlaohomes.com or contract honestly states why it remains dynamic.
T-119NEXTPhase 05 · size L

Inventory legacy AI/tooling containers for reuse vs archive

CategoryRuntime / Legacy AI Tools
OwnerAI tools migration agent
SourceRuntime audit revealed many PlatformX AI/tool containers still live
Evidence / stateanythingllm, litellm, mem0, neo4j, qdrant, langfuse, openhands, openwebui, pipelines, coder, claude-memory, council services
AcceptanceEach tool classified useful-for-CompanyOS, tenant-bound, duplicate, risky, archive candidate, or unknown; access/auth/source/backup recorded.
T-120NEXTPhase 05 · size L

Inventory legacy business/product containers for tenant/client/associate relevance

CategoryRuntime / Business Apps
OwnerBusiness apps migration agent
SourceRuntime audit revealed product/business containers outside MLH/MLG
Evidence / statesaathi, origin, performer, mission-control, docuseal, nextcloud, n8n, fileserver, platformx discord bot, jacam/crusher APIs
AcceptanceEach app mapped to Viewport/MLG/MLH/BCCL/client/associate/unknown, current user/audience, repo/source, health, value, risk, and migration/archive task.
T-015NEXTPhase 06 · size M

Create Cloudflare DNS/auth map

CategoryRuntime / Dokploy / Old Docker
OwnerDNS/runtime agent
SourcePlan Phase 06; subdomain confusion
Evidence / statelegal DNS added; other record IDs not cataloged
AcceptanceEach domain has zone, record type, proxied state, target, owner, approval class, and verification command.
T-031NEXTPhase 07 · size L

Create Viewport Company Brain structure

CategoryObsidian / Knowledgebase / Evidence
OwnerKnowledgebase agent
SourceHermes+Obsidian shared brain X post
Evidence / stateNo verified vault folders for this migration yet
AcceptanceFolders/notes exist for CompanyOS, Runtime Maps, Modern Lao, BCCL/Kitty, Odoo, Slack, GitHub tasks, agent handoffs, evidence ledger.
T-032NEXTPhase 07 · size M

Create source-to-finding-to-task matrix

CategoryObsidian / Knowledgebase / Evidence
OwnerEvidence auditor
SourcePlan says evidence claims need traceability
Evidence / stateDeep-read artifacts exist but task linkage incomplete
AcceptanceEvery high-signal evidence artifact maps to findings, implications, task IDs, and acceptance criteria.
T-035NEXTPhase 07 · size M

Create Obsidian privacy-tier and publishing guardrails before vault population

CategoryObsidian / Knowledgebase / Evidence
OwnerSecurity/privacy + KB agent
SourceEvidence/privacy and tenant isolation risks
Evidence / stateCompany Brain folders unsafe before privacy rules
AcceptanceNote template includes tenant_id, privacy_tier, source_ref, system_of_record, redaction_status, last_verified_at; raw secrets/PII/legal conclusions/cross-tenant leaks blocked.
T-033NEXTPhase 08 · size L

Build evidence ingestion MVP against manifests/CSV ledgers only

CategoryObsidian / Knowledgebase / Evidence
OwnerEvidence ingestion agent
SourcePlan Phase 08
Evidence / stateDeep-read manifest/index exists; ingestion MVP not verified
AcceptanceNo raw secrets; manifest rows become searchable records with privacy class and Odoo/GitHub/task links.
T-036NEXTPhase 08 · size M

Build stale-note and sync-conflict detector for Viewport Knowledgebase

CategoryObsidian / Knowledgebase / Evidence
OwnerKnowledgebase live-docs librarian
SourceObsidian can drift from GitHub/Odoo/Slack truth
Evidence / stateNo live stale-note detector verified
AcceptanceReport flags notes missing source refs, stale verification dates, or conflicting task status; creates update tasks instead of overwriting truth.
T-142NEXTPhase 09 · size XL

Prove MLG/MLH tenant isolation before cloning to clients/associates

CategoryTenant / Associate Operations Reality
OwnerTenant operating-model PM
SourceSam challenged tenant/client/associate specialist-agent operations; audit found template planned but not proven
Evidence / statePlan/task board include tenant template, but per-tenant GitHub repo/account, Slack channels, Odoo context, runtime namespace, agents, rules, approvals, and isolation tests remain unproven
AcceptanceMLG/MLH has isolation proof package and one associate/client pilot checklist with repo, Slack, Odoo, runtime, agent scopes, approval rules, secrets policy, and offboarding/rollback.
T-147NEXTPhase 09 · size XL

Convert company architecture into machine-readable tenant/department/service catalog

CategoryTrillion-Scale Company Architecture
OwnerTenant template PM + department leads
SourceReadable pages are not enough; agents need source-controlled catalogs to instantiate companies consistently
Evidence / statePages now describe industries/departments/services; machine-readable canonical YAML/JSON catalog not yet created or enforced
AcceptanceCreate catalogs for industries, departments, roles, services, Odoo apps, Slack channels, GitHub queues, runtime namespaces, approval gates, KPIs, watchers, onboarding/offboarding, and replication classes.
T-023NEXTPhase 11 · size L

Create required skills for Odoo, Slack, runtime contracts, client portal QA, evidence ingestion, tenant template

CategoryAgents / Centralized System
OwnerAgent skills/training lead
SourcePlan Phase 30; skill audit discussion
Evidence / stateSome generic skills exist; tenant-specific skills not all authored
AcceptanceSkills installed/loaded with trigger conditions, exact commands, pitfalls, verification steps, approval gates.
T-025NEXTPhase 11 · size M

Audit Hermes enabled skills/tools and create profile-specific tool policy

CategoryAgents / Centralized System
OwnerHermes operator
SourceX Hermes skills audit image; Sam asked Agents Skills must be used perfectly
Evidence / stateTools list inspected; many non-migration tools enabled
AcceptancePolicy says migration ops keep terminal/file/web/browser/github/session_search/skills; disable or profile-gate low-signal tools for ops sessions.
T-141NEXTPhase 12 · size L

Promote Odoo/Slack foundation from safe records to production command-room workflows

CategoryOdoo + Slack Reality
OwnerModern Lao Odoo/Slack operator
SourceReality audit distinguishes 15/15 validation from full company operations
Evidence / statevalidate_odoo_slack_integration.py passes 15/15, but production slash commands, modals, workflows, App Home, typed approvals, Odoo write-policy automation and all department loops are not complete
AcceptanceAt least one MLG/MLH workflow runs end-to-end in draft/approval mode: intake → Slack thread → Odoo record → GitHub task/evidence → approval decision → verified status update.
T-041NEXTPhase 13 · size L

Generate Odoo write-policy matrix L0/L1/L2/L3/HOLD by app/model/action

CategoryOdoo Automation
OwnerOdoo policy agent
SourcePlan Phase 13; Odoo feature matrix
Evidence / stateFeature matrix exists; live model-aligned policy file missing
AcceptancePolicy-as-code file defines allowed draft/read/write/hold actions and approval route for every covered model.
T-114NEXTPhase 13 · size M

Create Odoo safe-write dry-run tests for each L1/L2 workflow

CategoryOdoo Automation
OwnerOdoo test engineer
SourceCouncil/file audit found execution gates without concrete tests
Evidence / stateOdoo operating model says read/draft now and approval before execution; latest validation only checks docs, not dry-runs
AcceptanceDry-run tests prove CRM draft, helpdesk draft, document placeholder, project note, approval packet generation; no posted invoice/payment/sign/send occurs.
T-056NEXTPhase 14 · size M

Build Slack App Home operator console

CategorySlack Control Room
OwnerSlack app engineer
SourceSlack matrix App Home design
Evidence / stateProduction app spec broad; App Home task missing
AcceptanceApp Home shows approvals, tasks/leases, company status, quick actions, rules/runbooks, agent roster without secrets/private leakage.
T-057NEXTPhase 14 · size S

Specify Slack Workflow Builder no-code forms for low-risk intake

CategorySlack Control Room
OwnerSlack workflow agent
SourceOperating model workflow-builder candidates
Evidence / stateBoard jumps to production app spec, no low-risk no-code path
AcceptanceLead, warranty, approval request, incident report, standup, weekly approval aging forms post structured packets without risky Odoo writes.
T-058NEXTPhase 14 · size M

Implement Slack message actions, shortcuts, and file-evidence workflow

CategorySlack Control Room
OwnerSlack evidence workflow agent
SourceSlack matrix message actions/file evidence routing
Evidence / stateCommands covered, right-click/file evidence conversion missing
AcceptanceActions route messages/files to CRM/helpdesk/project/approval/evidence with privacy class; no secrets/private evidence reposted broadly.
T-059NEXTPhase 14 · size S

Create Slack OAuth scopes, user groups, invite-scope remediation register

CategorySlack Control Room
OwnerSlack security agent
SourceSlack matrix least-privilege scope policy; validation user_probe notes missing invite scopes
Evidence / stateScope justification not documented as task
AcceptanceManifest/scope register lists each scope, reason, owner, date, rollback/revocation; private/file/admin scopes off unless approved.
T-112NEXTPhase 14 · size M

Implement typed-confirmation and approver identity validator for Slack approval buttons

CategorySlack Control Room
OwnerSlack approval security agent
SourceApproval packet standard needs safe legal/finance/customer-facing decisions
Evidence / stateSlack matrix interactive buttons + global approval gates
AcceptanceApproval actions verify requester, approver role, channel, task id, Odoo record/GitHub issue, typed confirmation for high-risk actions, expiry, and immutable audit post.
T-052NEXTPhase 16 · size M

Build approval packet standard in Slack + GitHub + Odoo

CategorySlack Control Room
OwnerApproval router agent
SourcePlan Phase 16
Evidence / stateApproval concept exists; production buttons/expiry/idempotency not verified
AcceptanceApproval packet links Odoo record, Slack thread, GitHub issue, evidence IDs, risk class, expiry, reviewer, final action.
T-091NEXTPhase 16 · size M

Backfill Odoo record ↔ Slack thread permalink linking standard

CategoryOdoo Automation
OwnerOdoo/Slack connector agent
SourceOperating model requires Odoo record links to Slack threads and Slack IDs on records
Evidence / stateCross-linking not explicit in board
AcceptanceCRM/helpdesk/project/docs drafts include Slack references; Slack thread receives Odoo link; one source thread maps to one record/action.
T-042NEXTPhase 17 · size M

Implement lead intake draft workflow

CategoryOdoo Automation
OwnerSales/CRM agent
SourcePlan Phase 17
Evidence / stateSlack/Odoo model documented; production connector not verified
AcceptanceWebsite/client/WhatsApp/Facebook/manual lead creates CRM draft + Slack thread + GitHub audit without customer-facing send.
T-092NEXTPhase 17 · size M

Implement Sales quote/change-order approval subworkflow

CategoryOdoo Automation
OwnerSales/commercial agent
SourceOperating model quote/change-order commands; internal quote templates validated
Evidence / stateLead/project tasks too broad for pricing/scope/change-order gate
AcceptancePacket includes CRM/sale draft, scope, price/discount/payment terms, evidence, risk, rollback, approver; no send/confirm/sign/payment requirement without approval.
T-043NEXTPhase 18 · size M

Implement MLH warranty/legacy issue draft workflow

CategoryOdoo Automation
OwnerHelpdesk agent
SourcePlan Phase 18; Sam provided channels #mlh-warranty-support and #mlh-legacy-issues
Evidence / stateHelpdesk teams/stages verified in Odoo validation; end-to-end Slack/Odoo ticket flow missing
AcceptanceIssue thread creates helpdesk ticket draft, evidence attached, next action suggested, legal/financial/customer-facing gate enforced.
T-096NEXTPhase 18 · size L

Create MLH comms-vault / WhatsApp / Facebook evidence-to-Odoo workflow

CategoryOdoo Automation
OwnerMLH evidence/helpdesk agent
SourceMLH comms vault, FB, WhatsApp, client chats, warranty/legacy workflows
Evidence / stateHelpdesk draft task lacks chain-of-custody, consent, redaction, customer reply approval
AcceptanceInbound item creates redacted Slack packet, Odoo draft, Documents pointer, privacy class, source hash/path, and reply approval packet; no outbound response without approval.
T-046NEXTPhase 19 · size M

Implement approved CRM/quote to project delivery template workflow

CategoryOdoo Automation
OwnerProject delivery agent
SourcePlan Phase 19
Evidence / stateProject handoff controls artifact exists; live end-to-end not verified
AcceptanceApproved quote/project creates tasks/stages/site visit/material request/QA/punch list/handover draft structure.
T-095NEXTPhase 19 · size S

Add Calendar/Appointments/site-visit/customer-scheduling gate

CategoryOdoo Automation
OwnerScheduling/project agent
SourceOdoo Calendar/Appointments/Field Service matrix
Evidence / stateSite visits mentioned but external scheduling gate missing
AcceptanceInternal site-visit draft allowed; customer-visible appointment/invite/crew dispatch/reschedule/cancel blocked until approval.
T-044NEXTPhase 20 · size M

Implement documents/sign approval workflow

CategoryOdoo Automation
OwnerDocuments/Legal agent
SourceSam provided Documents flow; Plan Phase 20
Evidence / stateDocument tags/control artifacts exist; Sign request execution held
AcceptanceDocument folder/tag created, legal/signature items create Slack approval packet, no sign request sent before approval.
T-093NEXTPhase 20 · size M

Create Odoo Documents privacy/access/retention matrix

CategoryOdoo Automation
OwnerDocuments/legal/security agent
SourceDocuments/sign and evidence privacy requirements
Evidence / stateDocs/sign task lacks folder access/legal hold/retention detail
AcceptanceFolder/tag/access matrix for MLG setup, MLH legacy, clients, contracts, accounting, vendors, helpdesk, SOPs, archive with privacy tier and legal-hold rules.
T-045NEXTPhase 21 · size M

Implement finance/accounting draft workflow

CategoryOdoo Automation
OwnerFinance agent
SourceSam provided finance flow; Plan Phase 21
Evidence / stateRisky records zero validated; posting/payment blocked
AcceptanceDraft invoice/payment/expense/vendor bill flows create approval packet; posting/payment/refund blocked until approval.
T-047NEXTPhase 22 · size M

Implement procurement/inventory draft workflow

CategoryOdoo Automation
OwnerProcurement agent
SourcePlan Phase 22
Evidence / stateVendor controls artifact exists; PO/vendor bill write held
AcceptanceMaterial request/RFQ/PO draft route with vendor registry and approval gates.
T-048NEXTPhase 23 · size M

Implement HR / Planning / Timesheets draft workflow gate

CategoryOdoo Automation
OwnerHR/planning agent
SourcePlan Phase 23; Odoo feature matrix HR/Planning/Timesheets
Evidence / stateCurrent board skips roster/crew/timesheet/payroll hold
AcceptanceDraft-only roster/crew planning/timesheet workflow; payroll, paid users, approvals, customer dispatch blocked until Sam/HR/finance approval.
T-049NEXTPhase 24 · size M

Implement marketing/public content/WhatsApp/social approval gate

CategoryOdoo Automation
OwnerMarketing/content agent
SourcePlan Phase 24; Odoo marketing/social/WhatsApp matrix
Evidence / stateCustomer/public publication workflows not explicit enough
AcceptanceDraft content checks evidence/consent and creates Slack approval packet; no website/social/email/WhatsApp/customer/investor publish/send without approval.
T-102NEXTPhase 24 · size M

Add MLH Postiz/social-media automation handoff into migration task system

CategoryMarketing / Postiz / Social Automation
OwnerMarketing automation + approval router
SourceDeep-read evidence found postiz-automation README/HANDOFF/workflows/config; Sam explicitly mentioned Postiz GitHub repo coverage check
Evidence / stateevidence/modern-lao-deep-read-20260602/text-index.jsonl lines around postiz-automation; not explicit on task board before this correction
AcceptanceTask links Postiz repo/package, content calendar, image-generation rules, QA checklist, Postiz draft workflow, approval gate, no blind scheduling rule, social/WhatsApp/customer-facing publish approval.
T-107NEXTPhase 24 · size M

Split Postiz package into production subtasks: background generation, brand frame, drafts, QA, calendar

CategoryMarketing / Postiz / Social Automation
OwnerCreative automation verifier
SourceFile audit showed Postiz package contains full workflows, not one broad task
Evidence / statepostiz-automation/HANDOFF.md, workflows/01-generate-backgrounds.md, 02-apply-brand-frame.md, 03-postiz-drafts.md, 04-qa-checklist.md, examples/content-calendar.csv
AcceptanceSeparate cards or checklist for source inventory, brand-frame config, env handling, generation log, draft-only API, QA reject rules, content calendar status, approval packet, audit trail.
T-108NEXTPhase 24 · size M

Enforce no-blind-schedule social publishing approval gate

CategoryMarketing / Postiz / Social Automation
OwnerMarketing approval router
SourcePostiz workflow says drafts first; Sam requires legal/customer/public-facing approvals
Evidence / statepostiz-automation/workflows/03-postiz-drafts.md and 04-qa-checklist.md; Odoo/Slack marketing/public content phases
AcceptanceGenerated asset cannot be scheduled/published until Slack approval packet includes caption, platform, image hash, prompt/model log, claims evidence, reviewer, and Sam/customer-facing approval class.
T-143NEXTPhase 24 · size M

Map Postiz/social automation into GitHub/Odoo/Slack approval flow before any scheduling

CategoryPostiz / Social Automation Reality
OwnerMarketing automation lead
SourceReality audit confirmed Postiz is identified but not integrated
Evidence / stateTask board includes Postiz tasks; no verified Postiz repo-to-runtime/control-flow integration completed
AcceptancePostiz repo/source, runtime or SaaS target, credential ownership, brand rules, draft review, approval gate, calendar, rollback/delete policy, and audit evidence path are documented before any public post.
T-017NEXTPhase 25 · size S

Fix /consulation/ redirect to HTTPS /consultation/

CategoryWebsites / Subdomains
OwnerWebsite agent
SourceLegal verification noted http redirect
Evidence / statedomain-service-map notes typo redirect points to http
Acceptancehttps://legal.modernlaohomes.com/consulation/ redirects to https://legal.modernlaohomes.com/consultation/.
T-018LNEXTPhase 28 · size M

Implement observe-only watchers for DNS/SSL/proxy/container/disk/backup drift

CategoryRuntime / Watchers
OwnerWatcher agent
SourceGitHub/VPS plan calls for domain-dns-ssl, vps-health, backup-restore, security-secrets, evidence-drift watchers
Evidence / stateCurrent daily digest task is too broad
AcceptanceWatchers report only; no auto-fix. Reports cover DNS/SSL, HTTP status, proxy route drift, container health, disk, backup, stale contracts with no secrets.
T-053NEXTPhase 28 · size M

Create daily Slack digest and agent silence watcher

CategorySlack Control Room
OwnerWatcher agent
SourcePlan Phase 28/35
Evidence / stateHermes cron concepts exist; migration-specific watcher not verified
AcceptanceDigest reports GitHub stale work, runtime health, DNS/SSL, Odoo/Slack health, evidence drift, backup status, and blocked agents.
T-128NEXTPhase 28 · size L

Create monitoring, SLO, error-budget, and incident playbook backlog

CategoryObservability / SLO / Incident Response
OwnerSRE/observability agent
SourceCouncil reviews flagged missing monitoring/alerting/SLA/incident response
Evidence / stateRuntime has live business/AI tools; watchers are broad but no SLO/incident task detail
AcceptanceRuntimeContracts include SLO/RTO/RPO/healthcheck/log source/alert route; incident runbooks for DNS, proxy, app down, Odoo/Slack failure, data leak, disk, backup restore.
T-018JNEXTPhase 29 · size M

Add exact verification commands to every runtime/domain task

CategoryRuntime / Verification
OwnerTask-board verifier
SourcePlans currently prose-heavy; Sam wants no fake done
Evidence / stateTask acceptance lacks uniform DNS/HTTPS/container/proxy/repo/backup commands
AcceptanceValidator fails runtime cards missing DNS, HTTPS, container health, proxy lookup, repo/source, backup/rollback and evidence path commands.
T-081NEXTPhase 29 · size L

Add live filters/status counts and machine-readable task JSON export

CategoryDashboards / Reporting
OwnerDashboard agent
SourceKanban-style requirement
Evidence / stateStatic HTML page first; JSON export missing until implemented
Acceptance/migration/task.json or embedded JSON available for agents; filters by status/category/phase work.
T-094NEXTPhase 29 · size M

Create Odoo dashboard/KPI/reporting and Studio HOLD policy

CategoryOdoo Automation
OwnerOdoo analytics agent
SourceOdoo matrix Dashboards/Spreadsheet/Studio/AI section
Evidence / stateNo task covers KPIs or Studio structural-change hold
AcceptanceKPI spec exists for sales,warranty,projects,procurement,finance holds,approvals,evidence,agent KPIs; Studio/model changes blocked without task packet/test/rollback/approval.
T-098NEXTPhase 29 · size M

Create CompanyOS readiness dashboard schema

CategoryDashboards / Reporting
OwnerDashboard + HR/readiness agent
SourceNeed visible departments/agents/readiness, not just task cards
Evidence / stateRole readiness partially seeded; no full dashboard
AcceptanceSchema shows tenants, departments, roles, runtime seats, readiness, leases, blockers, approvals, stale evidence, last verified timestamp.
T-099NEXTPhase 29 · size S

Add coverage validator for Sam’s exact agent/tenant/KB questions

CategoryDashboards / Reporting
OwnerTask board verifier
SourceSecond-pass critique; Sam warned missing work wastes months
Evidence / stateGeneric validator could pass while missing OpenClaw/Hermes/Obsidian/tenant questions
AcceptanceValidator fails unless board covers OpenClaw vs Hermes role-seat model, Modern Manager, departments, leases, Obsidian boundaries, tenant matrix, isolation tests, first pilot proof.
T-101NEXTPhase 29 · size M

Create source coverage validator for every high-signal evidence file

CategoryTask Board / Validation
OwnerTask board verifier
SourceRepo/evidence auditor: hard-coded board not externally validated against evidence coverage
Evidence / stateNo tool proves every evidence file has task coverage
AcceptanceValidator reports each high-signal source file and whether it has tasks; fails on unrepresented backlog sections.
T-148NEXTPhase 30 · size L

Add AI compute/cost/energy/hardware reduction program to CompanyOS backlog

CategoryAI R&D / Global Accessibility
OwnerAI R&D lead + cost/performance agents
SourceSam wants Viewport to make top-class AI globally accessible by lowering compute, cost, energy, and hardware dependence
Evidence / stateUser profile and company ambition; prior migration pages lacked explicit R&D service line despite mentioning models/council
AcceptanceBacklog includes model routing, local/open/free model evaluation, inference/caching strategy, workload specialization, hardware planning, energy/cost metrics, benchmarks, and provider fallback rules tied to CompanyOS agents.
T-097NEXTPhase 31 · size L

Run MLG/MLH whole-business low-risk pilot before any L3 writes

CategoryOdoo + Slack Pilot / Approval-Controlled Writes
OwnerPilot verifier + Sam
SourcePlan Phases 31–32; Odoo/Slack matrices acceptance criteria
Evidence / stateBuild tasks exist but no end-to-end pilot gate
AcceptanceLead→CRM draft→approval packet→project/helpdesk/docs links works with safe drafts only; no risky records/sends; narrow L3 write only after separate approval, rollback, verifier.
T-062NEXTPhase 33 · size M

Define tenant isolation controls for GitHub/Odoo/Slack/VPS/Cloudflare

CategoryTenant / Client / Associate Template
OwnerTenant security agent
SourceLLM council gap: tenant isolation guarantees
Evidence / stateNo complete policy-as-code isolation control verified
AcceptanceControls define access boundaries, network namespace, secrets, Odoo company/context, Slack channels, GitHub labels/repos, Cloudflare ownership.
T-063NEXTPhase 33 · size M

Create copyable tenant onboarding checklist

CategoryTenant / Client / Associate Template
OwnerTemplate docs agent
SourcePlan multi-tenant replication template
Evidence / stateChecklist not verified in live task page before now
AcceptanceChecklist covers metadata, repo, Slack, Odoo, RuntimeContract, evidence vault, agent roster, approval gates, dashboards, rollback.
T-065NEXTPhase 33 · size XL

Instantiate MLG/MLH department packages D00–D16

CategoryTenant / Client / Associate Template
OwnerDepartment factory operator
Sourcedepartment-segment-agent-operating-template D00-D16
Evidence / stateDepartment architecture documented but not materialized
AcceptanceMLG and MLH department YAMLs for all 17 departments with roles, Slack, Odoo, GitHub paths, KPIs, gates, readiness.
T-067NEXTPhase 33 · size M

Add tenant cost/budget and agent job-spawn limits

CategoryTenant / Client / Associate Template
OwnerCost watcher + security agent
SourceAutonomous agents can run away on cost/tools; tenant template missing budget controls
Evidence / stateNo current cost/runaway task
AcceptanceTenant config includes budget class, model/tool spend, max concurrent jobs, escalation threshold, weekly cost report, paid-tool approval block.
T-061NEXTPhase 34 · size L

Select and onboard first associate/company pilot using template

CategoryTenant / Client / Associate Template
OwnerTenant factory agent
SourceSam said first associate company template is very important
Evidence / stateNo selected pilot contract verified
AcceptancePilot has isolated repo/runtime/Slack/Odoo channel map, task page, rollback, and proof of isolation.
T-068NEXTPhase 34 · size M

Define tenant offboarding, export, and destruction-hold process

CategoryTenant / Client / Associate Template
OwnerTenant Ops + Legal/Security
SourceTenant isolation lifecycle incomplete
Evidence / stateNo task covers safe client/associate removal/export
AcceptanceChecklist covers export, repo transfer/archive, Slack/Odoo access removal, DNS/runtime shutdown, evidence retention/legal hold, secret revocation, backup retention, Sam/legal destructive approval.
T-069NEXTPhase 34 · size L

Prove first tenant isolation with automated tests before pilot goes live

CategoryTenant / Client / Associate Template
OwnerTenant QA verifier
SourceFirst associate/company pilot must prove isolation
Evidence / statePolicy exists, isolation tests not proven
AcceptanceTests prove pilot tenant cannot see other tenant GitHub paths, Slack channels, Odoo records, runtime env, secret names, Cloudflare zones, Obsidian private notes.
T-071NEXTPhase 34 · size M

Create BCCL/Laowise/Phonemala runtime boundary inventory

CategoryCompany Boundaries / Kitty / BCCL
OwnerBCCL agent
SourceEarlier service contract issue #74; memory
Evidence / statehermes-bccl container observed; full inventory missing
AcceptanceDomains/repos/containers/bots/KBs mapped with no secrets and separate from Modern Lao.
T-129NEXTPhase 35 · size M

Implement daily/weekly/monthly operating rhythm with source-backed digest

CategoryOperating Rhythm / Reporting
OwnerOps reporting agent
SourcePlan Phase 35 and Sam wants command visibility
Evidence / stateTask board has watchers/reporting but no concrete report templates cadence
AcceptanceDaily Slack/Telegram digest, weekly GitHub/Odoo report, monthly tenant audit, quarterly skills/agent readiness review all cite sources and changed tasks only.
T-127NEXTPhase 36 · size M

Add workload, dependency, timeline, and resource model to task board

CategoryGovernance / Planning
OwnerProgram manager
SourceMultiple council reviews said plan lacks schedule, dependencies, resource allocation, cost/budget
Evidence / stateOpenRouter/free and other council reviews in session hits; migration plan contains phases but not durations/resource model
AcceptanceEach task has dependency ids, rough size/duration, owner role, reviewer/verifier, start condition, block condition, cost/tool impact, approval class.
BLOCKED4 tasks

All four need access, approval, or a missing source-of-truth before execution.

T-002BLOCKEDPhase 02 · size S

Fix GitHub write access for viewport-corp/viewport-ops

CategoryGitHub Ops
OwnerViewport GitHub admin
Sourcegit push failed after fbd75bc
Evidence / statefatal 403 Write access to repository not granted
AcceptanceHermes can push branch/commit and create/update issues without using secrets in chat.
T-122BLOCKEDPhase 02 · size M

Repair GitHub source-of-truth push/write access for viewport-ops

CategoryGitHub Ops
OwnerGitHub auth agent
SourceLive Worker deployed but branch remains ahead locally
Evidence / stateLocal branch ops/openclaw-github-flow-44 ahead 4; push/write not verified/fixed
AcceptanceGitHub auth verified with least privilege; branch pushed or PR opened; live deploy commit traceable to GitHub; no tokens printed.
T-018KBLOCKEDPhase 04 · size M

Create old Docker do-not-delete-yet cleanup queue with approval gates

CategoryRuntime / Old Docker / Cleanup
OwnerRuntime/SRE + Sam approval
SourceOld Docker contains useful building blocks; no stop/delete/prune without Sam approval
Evidence / stateMany active/exited legacy containers; cleanup risk high
AcceptanceEvery cleanup candidate has backup proof, restore test, replacement contract, blast-radius assessment, explicit Sam approval placeholder; inventory alone cannot mark done.
T-024BLOCKEDPhase 11 · size M

Create/verify Modern Manager bot/agent identity across Hermes/OpenClaw/Slack/Odoo/GitHub/VPS

CategoryAgents / Centralized System
OwnerModern Manager owner
SourcePlan section 11 says Modern Manager required
Evidence / stateDesign artifact exists; live identity not verified
AcceptanceModern Manager has documented identity, scopes, channel, task queue, daily loop, and no-write gates.
WATCH / KEEP SEPARATE3 tasks

Keep separate / monitor / do not mix scopes.

T-070WATCHPhase 09 · size M

Lock Kitty/BCCL boundary separately from Modern Lao

CategoryCompany Boundaries / Kitty / BCCL
OwnerTenant routing agent
SourceSam corrected scope around Kitty
Evidence / stateMemory has BCCL/Kitty boundary; service contract history exists
AcceptanceTask page and KB state Kitty scope: Buddha Corp/BCCL/Laowise/Phonemala GitHub-only by default; no MLH/MLG mixing.
T-145WATCHPhase 14 · size M

Re-run model council only after recording current provider auth and unstable-model limits

CategoryLLM Council / Model Access Reality
OwnerCouncil/research operator
SourcePlan page overclaimed council status in places; reality audit found current OpenRouter API works but previous council outputs were partial/unstable
Evidence / stateOpenRouter key present and /models returned HTTP 200; prior NVIDIA/openai-free/qwen/llama/gemma runs were unstable/rate-limited/blocked
AcceptanceCouncil status file records provider, model, auth state, prompt, raw output, failure mode, confidence, and whether the finding updates /plan or /task.
T-082WATCHPhase 36 · size M

Create monthly/weekly review loop for plan changes

CategoryDashboards / Reporting
OwnerReviewer/verifier agent
SourcePlan Phase 36; skill audit monthly idea
Evidence / stateNo operating rhythm cron proven for this board
AcceptanceEvery plan/task change cites evidence, impact, phase/gate delta, reviewer verdict, and next task.
DONE / VERIFIED1 tasks

Verified with evidence that board, deploy evidence and validation output agree.

T-054DONEPhase 29 · size S

Verify Odoo/Slack dashboard-source validation freshness after 15/0 rerun

CategoryOdoo + Slack Validation
OwnerDashboard/validation agent
Sourceevidence/odoo/odoo-slack-validation-latest.json shows 13 pass / 2 fail
Evidence / stateevidence/odoo/odoo-slack-validation-latest.json now shows pass 15 / fail 0; previous 13/2 claim was stale
AcceptanceBoard, deploy evidence, self-audit, and validation output agree; recurrence task remains to prevent stale claims.
Generated 2026-06-04T21:19:52+00:00. Company structure audit: evidence/reality-audits/trillion-scale-company-structure-audit-20260605.md.
Source: /migration/task (139-task execution board, declared the active handoff board — T-080, Sam's explicit request) · data island #task-data · status: status.json · redaction report.
Content preservation guarantee: this page keeps the full researched source content — all 139 tasks, blockers, evidence and acceptance criteria. UI, navigation, and mobile behavior are upgraded without shortening sections. Every page is public-readable, evidence-linked, and designed for both Sam and future agents. If content appears missing, compare against Git history and restore before changing style.
Viewport · migration · unified shell v1 (2026-06-10) · Data: /migration/status.json · Source: viewport-corp/viewport-os
Viewport · migration · unified shell v1 (2026-06-10) · Data: /migration/status.json · Source: viewport-corp/viewport-os
Viewport · migration · unified shell v1 (2026-06-10) · Data: /migration/status.json · Source: viewport-corp/viewport-os