Do not touch
- old Docker/OpenClaw live services without Sam approval
- secrets/raw Telegram sessions
- DNS/billing/legal/destructive changes without explicit approval
Plain English: The safe GitHubOps foundation tasks P0-0 through P0-8 are complete. This does not mean risky runtime changes are applied; those still need approval.
Generated: 2026-06-05T15:14:57.178090+00:00 · status.json · GitHub #196 · Live data fetched 2026-06-09
Safe migration foundation complete. The safe GitHubOps foundation is complete. Actual runtime/Hermes/Slack/Odoo production changes remain approval-gated.
Live counts from the task_board object. Numbers below update at page load from /migration/status.json; baked-in values are the committed snapshot.
Hermes, VPS runtime, GitHub control plane, Cloudflare zones and the last audit run — from system_health.
| System | Status | Detail |
|---|---|---|
| Hermes | ONLINE | v0.15.2 · gateway restart still needed for live Telegram intake hook |
| VPS (vmi3130827) | 72 containers | 65 running · 3 unhealthy (saathi-app-1, origin-backend, platformx-nextcloud) · 56 without repo |
| GitHub | Write OK | org: viewport-corp · PAT expiry: unknown |
| Cloudflare | 61 zones | 21 ghost zones · bccl.la: UNKNOWN |
| Audit | PASS:2 FAIL:10 | Last audit 2026-06-05 · 13 sections · 36 redacted evidence files · 1187 total redactions |
The machine contract ships a handoff pack for every fresh agent session. Read the three sources below in order before touching anything.
Viewport MLG/MLH BCCL
GitHub org: viewport-corp
VPS: 194.163.153.171
This section is intentionally pinned near the top so humans and agents can immediately see where documents, support, and finance work should go.
Odoo: Documents / project document folder
Flow: Document needed → Odoo document folder → Slack approval if legal/signature → sign only after approval.
Slack: #mlh-warranty-support, #mlh-legacy-issues
Odoo: Helpdesk
Flow: MLH issue → Slack issue thread → Odoo helpdesk ticket → evidence attached → agent suggests next action → approval if legal/financial/customer-facing.
Slack: #mlg-finance-review
Odoo: Accounting / Invoicing / Expenses
Flow: Draft invoice/payment/expense → Slack finance review → Odoo record → approval before sending/payment/customer-facing action.
Mode: GitHub issue → branch → artifact → validator → evidence → live status. VPS runtime remains read-only/reconciliation until RuntimeContracts, backups, rollback, and approval gates exist.
Move real business/runtime work through visible GitHub issues and acceptance criteria.
Create branch, artifacts, validator, evidence path, and rollback boundary before touching runtime.
Run the smallest safe action, verify with tests or live proof, diagnose failures, then repeat.
Issue #196 · status JSON · viewport-company-os/workflows/gsd-ralphloop-operating-contract.yaml
Three priorities currently in flight, with state chips from the machine contract.
Owner: Sam UI + Hermes data · Data endpoint: /migration/status.json
Owner: Hermes · State: live
Owner: Hermes · Blocker: gateway restart approval was blocked by smart approval
The three task ids in the contract’s active_tasks array — two pending on the same gateway-restart blocker, one ready.
setup4PENDINGOwner: Hermes
Blocker: gateway restart required to load plugin
acceptPENDINGOwner: Hermes
Blocker: same gateway restart blocker
status-reactREADYOwner: Sam + Hermes
Blocker: —
Items waiting on access or approval, with evidence links.
Reason: Hermes gateway restart blocked by smart approval · Evidence: Issue #2
What broke recently, whether it is resolved, and the fix applied or still needed.
Fix: Switched to lightweight Worker proxying committed GitHub files
Fix: Needs allowed restart window / approval
Verified completions with evidence links.
Evidence: redaction-report.json · Issue: #195
The foundation being complete does not unlock runtime. Every card below is an explicit decision Sam has not yet approved.
migration_execution.approval_gates (status.json)migration_execution.current_blockers (status.json)hermes-migration-mountAPPROVAL_REQUIREDFact: /srv/viewport/migration exists on VPS; /opt/data/migration missing in active Hermes · Unsafe without approval: mount/restart can kill running agents
runtime-mutationBLOCKED_UNTIL_CONTRACTSFact: VPS runtime has 72 containers, 65 running, 3 unhealthy · Unsafe without approval: no restart/stop/delete/prune until RuntimeContracts exist
secret-trustREGISTER_ROTATION_REQUIREDFact: historical secret-pattern exposure exists · Unsafe without approval: no broad autonomy until registered/rotated/scoped
All nine P0 foundation phases, executed in order — complete (safe foundation only; gates above remain).
The six committed foundation artifacts produced by P0-3 through P0-8.
viewport-company-os/runtime/p0-3-runtimecontracts-complete-pass.yamlviewport-company-os/agents/agent-authority-matrix.yamlviewport-company-os/agents/centralized-agent-registry.yamlviewport-company-os/enforcement/companyos-enforcement-gates.yamlviewport-company-os/integrations/slack-odoo-command-room-policy.yamlviewport-company-os/watchers/plain-english-update-loop.yamlviewport-status-v1, generated 2026-06-05T15:14:57Z, fetched 2026-06-09) · rebuilt 2026-06-10 in the unified migration design system.