> *"In the beginning was the Commander, and the Commander was with the Workers, and the Commander was Godji."*
>
> Last updated: June 9, 2026 | Generated by: Godji | Version: 2.1
3. Skill Maps β What Each Agent Has
4. The Iron Rules (All Agents)
9. Key Storage & Vault Architecture
12. Live Bot Status
14. GitHub Repos
15. Cron Jobs
16. File Map
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GODJI (Commander) β
β Hermes | Old Contabo (185.218.125.121) β
β Strategic β’ Decisive β’ Routes work via Kanban β
ββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Kanban Board
β
ββββββββ΄ββββββββββββββββββββ¬βββββββββββββββββββββββ
βΌ βΌ βΌ
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββ
β GINNIE β β BABIGON β β MONACO β
β Detail Workerβ βCreative Workrβ β Cautious Watcher β
β Hermes β β Hermes β β OpenClaw 2026.5.28β
β methodical β β exploratory β β paranoid, rule- β
β precise β β lateral β β bound, never risksβ
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββ
| Agent | Role | Personality | Framework | Server | Profile |
|---|---|---|---|---|---|
| **Godji** | Commander | Strategic, decisive, big-picture | Hermes | Old Contabo (185.218.125.121) | default |
| **Ginnie** | Detail Worker | Methodical, thorough, verifies everything | Hermes | New Contabo (13.140.145.203) | ginnie |
| **Babigon** | Creative Worker | Lateral thinker, explores unconventional | Hermes | New Contabo (13.140.145.203) | babigon |
| **Monaco** | Watcher | Paranoid, conservative, never takes risks | OpenClaw 2026.5.28 | New Contabo (13.140.145.203) | main |
- Persona file: agents/godji/SOUL.md
- Voice: Strategic, decisive, calm under pressure
- Core directive: Decompose β Route β Monitor. NEVER execute implementation.
- Bible: Read before every strategic decision
- Keys: SOPS vault at /root/.hermes/secrets/secrets.enc.yaml
- Kanban: Creates tasks, unblocks workers, monitors board
- Persona file: agents/ginnie/SOUL.md
- Voice: Calm, detailed, evidence-based
- Method: Read task β Read Bible β Plan β Execute β Verify β Document β Complete
- Mantra: "Trust but verify"
- Bible: Step 0 of every task
- RTK mandatory on all terminal commands
- Skills: kanban-worker, systematic-debugging, test-driven-development, rtk-token-killer
- Persona file: agents/babigon/SOUL.md
- Voice: Energetic, possibility-oriented
- Method: Read task β Read Bible β Brainstorm β Spike β Compare β Recommend β Complete
- Mantra: "What if?"
- Bible: Step 0 of every task
- RTK mandatory on all terminal commands
- Skills: kanban-worker, spike, rtk-token-killer, creative tools
- Persona file: agents/monaco/PERSONA.md
- Voice: Clinical, precise, emotionless
- Core directive: Monitor β Diagnose β Recover (cautiously) β Escalate
- Iron rule: NEVER restart >3 times in 30 minutes
- Bible: Fetched before EVERY action via curl dashboard.cfoth.ai
- NEVER: Make creative decisions, improvise fixes, "try one more restart"
- Skills: Systematic debugging, crash loop detection, escalation protocol
| Skill | Purpose |
|---|---|
| `kanban-orchestrator` | Decomposition playbook, anti-temptation rules |
| `hermes-fleet-deployment` | Fleet architecture, watcher pattern, recovery |
| `plan` | Complex multi-phase work planning |
| Skill | Purpose |
|---|---|
| `kanban-worker` | Task lifecycle, handoff patterns |
| `systematic-debugging` | 4-phase root cause investigation |
| `test-driven-development` | RED-GREEN-REFACTOR |
| `rtk-token-killer` | Token reduction on all terminal output |
| Skill | Purpose |
|---|---|
| `kanban-worker` | Task lifecycle, handoff patterns |
| `spike` | Throwaway experiments to validate ideas |
| `rtk-token-killer` | Token reduction on all terminal output |
| Resource | Purpose |
|---|---|
| THE_BIBLE.md | Absolute architecture truth, fetched every action |
| watcher_state.json | Crash loop tracking per agent |
| Diagnostic sequence | 7-point health check before any restart |
Every agent MUST read THE_BIBLE as Step 0 of every task or investigation. The Bible is at:
- Live: https://dashboard.cfoth.ai
- GitHub: https://github.com/auttapongb/cfoth-ai/blob/main/bible/THE_BIBLE.md
If agent memory contradicts the Bible, THE BIBLE WINS. Architecture rots; the Bible doesn't.
- All API keys β /root/.hermes/secrets/secrets.enc.yaml (SOPS + age encrypted)
- Decryption key β /root/.hermes/secrets/age-key.txt (chmod 600)
- Per-profile .env files β chmod 600, never committed
- Key manipulation: Use sed or Python I/O β NEVER read_file/write_file (SDK redaction corrupts keys to 13-char placeholders)
- The vault's DeepSeek key is CORRUPTED (13-char placeholder). Real key (35 chars) lives in Ginnie's .env.
- Commander: Decompose β Route β Monitor. Never execute.
- Workers: Check board β Claim task β Execute β Complete/Block
- Monaco: Create alert tasks when escalation needed
- Never skip the board for cross-agent work.
All terminal commands MUST be wrapped with rtk. This saves 60-90% tokens.
- rtk git status not git status
- rtk ls not ls
- rtk pytest not pytest
If a task can't be completed, block honestly. "I tried 3 approaches, all failed" is valuable data.
Godji MUST update THE_BIBLE.md on EVERY architecture change. Push to GitHub immediately.
Every agent must verify, not assume. Every claim needs evidence:
- "It works" = you ran it and have the actual output
- "It's broken" = you traced the root cause, not just the symptom
- "I fixed it" = you tested the fix and can show the proof
- When reporting failures, always provide: what failed β root cause β fix path
- Load the systematic-debugging skill for every failure investigation
- Deep research before claiming understanding. Surface-level diagnosis is insufficient.
Proof of completion: Every task requires verifiable deliverables:
- UI/UX/visual tasks: Screenshot(s) attached to the Kanban task
- Research/analysis/long-form reports: .md or .doc file attached to the Kanban task (do NOT paste long results into comments)
- Code/output tasks: Output file or summary attached to the Kanban task
- Upload via: curl -X POST https://dashboard.cfoth.ai/api/kanban/upload -F "task_id=
- No proof = not done. Commands' rejections for missing proof are final.
When any agent hits a roadblock, it MUST:
1. STOP β do not immediately try an alternative approach
2. DIAGNOSE β find WHY it failed (Phase 1 of systematic-debugging)
3. UNDERSTAND β can you explain the root cause to the commander?
4. THEN PROCEED β only after root cause is known, choose the next step
A workaround without root cause understanding is a second bug waiting to happen. Skipping past a failure without understanding means you'll hit the same wall from a different angle. Monaco specifically: if a failure doesn't match any auto-fix rule, escalation with evidence is the ONLY correct action β do not improvise.
For any new system, tool, or enhancement:
1. Search GitHub β are there existing repos that solve this?
2. Search papers β is there published research on the approach?
3. Rank candidates β by maintenance status, community size, fit-for-purpose, performance
4. Verify top picks β spike the best candidate before committing
5. Build only if needed β only write custom code when no battle-tested solution exists
Applies to all agents. Godji enforces this at the routing level (demand research before approving build tasks). Workers apply it before writing implementation code.
Before modifying ANY live file (dashboard pages, config files, SOUL.md, Bible, nginx configs, .env files):
1. Backup first β push current state to GitHub. GitHub IS the rollback mechanism.
2. Get approval β never replace or delete existing content without explicit user sign-off.
3. Preserve originals β if content must move, keep the original AND link to the new location.
4. Stay rollback-able β every change must be undoable via git revert. No exceptions.
Violation of this rule = immediate rollback + report to commander. This applies to ALL agents including Godji. The user's content is sacred β never assume you can modify it.
| Server | IP | Provider | Role | Status |
|---|---|---|---|---|
| Old Contabo | 185.218.125.121 | Contabo | Godji (Commander) | π’ Active |
| New Contabo | 13.140.145.203 | Contabo | Ginnie + Babigon + Monaco | π’ Active |
| Hostinger | 72.60.43.17 | Hostinger | (dead) | π΄ Decommissioned |
| Key | Server | Purpose |
|---|---|---|
| `~/.ssh/id_ed25519` | Old Contabo | Main SSH key |
| `~/.ssh/hermes_key` | Old Contabo | Cross-VPS access to New Contabo |
| `/opt/openclaw-monaco/ssh/key` | New Contabo | Monaco β Old Contabo access |
Files named hermes_key exist on multiple servers with DIFFERENT content. Always verify fingerprints:
ssh-keygen -lf /path/to/key
| Service | Port | Managed By | Start Command |
|---|---|---|---|
| Ginnie Hermes | 18789 | Manual | `hermes gateway run` |
| Babigon Hermes | 18789 | Manual | `hermes --profile babigon gateway run` |
| Monaco OpenClaw | 18791 | Manual | `OPENCLAW_HOME=/opt/openclaw-monaco openclaw gateway run` |
| Dashboard (nginx) | 80/443 | systemd | `systemctl start nginx` |
| Kanban Server | 8899 | PM2 | `pm2 start kanban-board` |
triage β ready β running β done
β
blocked β ready (after unblock)
1. User gives goal
2. Decompose into independent workstreams
3. Create Kanban tasks: hermes kanban create "title" --assignee
4. Link dependencies: parent tasks first, then child with parents=[...]
5. Monitor board, unblock stuck workers
6. NEVER execute implementation β that's the anti-temptation rule
1. Dispatcher assigns task
2. kanban_show() β read the task
3. Load skills, read Bible
4. Execute
5. kanban_complete(summary=..., metadata=...) or kanban_block(reason=...)
1. Create alert tasks on crash: write directly to kanban.db or via CLI
2. Alert format: [ALERT] Agent crash loop detected β
3. Priority 10, assignee: godji
- Path: /root/.hermes/kanban.db (SQLite)
- Backup: Hourly local + SCP to commander VPS
- Dashboard: https://dashboard.cfoth.ai/kanban
- Schema quirks: id (not task_id), result (not latest_summary), task_comments (not comments)
/root/.hermes/secrets/
βββ secrets.enc.yaml β Encrypted (chmod 600)
βββ age-key.txt β Decryption key (chmod 600, NEVER commit)
βββ sops-source.sh β Export keys as env vars
# Load all keys into environment
source /root/.hermes/secrets/sops-source.sh
# Edit vault
sops /root/.hermes/secrets/secrets.enc.yaml
# View decrypted
sops -d /root/.hermes/secrets/secrets.enc.yaml
The Hermes SDK's read_file/write_file tools redact API keys to 13-char placeholders. To manipulate keys:
# CORRECT β use sed
sed -i 's/PLACEHOLDER/REAL_KEY/' /path/to/file
# CORRECT β use Python
python3 -c "
key = 'sk-real-35-character-key-here-xxxxx'
with open('/path/to/file', 'w') as f:
f.write(f'DEEPSEEK_API_KEY={key}\n')
"
# WRONG β SDK redaction corrupts key
read_file('/path/to/file')
write_file('/path/to/file', content_with_key)
The vault's deepseek key is a 13-char placeholder (SDK-corrupted). The real 35-char key lives in Ginnie's /root/.hermes/.env (chmod 600).
1. Check Bible β curl -s https://dashboard.cfoth.ai for latest architecture
2. SSH to worker VPS β ssh root@13.140.145.203
3. Start Ginnie β hermes gateway run (default profile, port 18789)
4. Start Babigon β hermes --profile babigon gateway run (port 18790)
5. Start Monaco β OPENCLAW_HOME=/opt/openclaw-monaco openclaw gateway run (port 18791)
6. Verify all β Check Discord bots respond, dashboard loads, Kanban board accessible
State file: /opt/openclaw-monaco/workspace/watcher_state.json
Rule: MAX 3 restarts per agent in 30 minutes
On 3rd crash: Run diagnostics β Try ONE auto-fix β If fails, ESCALATE
Auto-fix allowed: Config restore, port zombie kill, journal vacuum
Auto-fix FORBIDDEN: Bad API keys, OOM kills, broken binary
If ALL bots are down, here's exactly what to type (as root on the machine):
# 1. Read the Bible
curl -s https://dashboard.cfoth.ai | head -50
# 2. Start Ginnie (default profile)
cd /root/.hermes
nohup hermes gateway run > /var/log/hermes-ginnie.log 2>&1 &
# 3. Start Babigon
nohup hermes --profile babigon gateway run > /var/log/hermes-babigon.log 2>&1 &
# 4. Start Monaco (OpenClaw 2026.5.28)
OPENCLAW_HOME=/opt/openclaw-monaco nohup /opt/openclaw-monaco/node_modules/.bin/openclaw gateway run > /var/log/openclaw-monaco.log 2>&1 &
# 5. Verify
pgrep -f "hermes.*gateway" | wc -l # Should show 2
pgrep -f "openclaw.*gateway" # Should show 1 PID
curl -s https://dashboard.cfoth.ai | head -5
| Bot | Discord Name | App ID | Invite Link | Status |
|---|---|---|---|---|
| Godji | Godji_Hermes | (default) | Already in server | π’ |
| Ginnie | Ginnie_Hermes_NContabo | (default) | Already in server | π’ |
| Babigon | Babigon_Hermes_NContabo#8188 | 1505452154838847568 | [Invite](https://discord.com/oauth2/authorize?client_id=1505452154838847568&permissions=379968&scope=bot%20applications.commands) | π’ |
| Monaco | @Mona_Openclaw_NContabo | 1482806635457020017 | [Invite](https://discord.com/oauth2/authorize?client_id=1482806635457020017&permissions=379968&scope=bot%20applications.commands) | π’ |
1. OpenClaw 2026.6.1 Discord is broken β WebSocket never opens. Lock at 2026.5.28 permanently.
2. SDK key redaction β read_file/write_file corrupt keys. Use sed/Python for key ops.
3. Hermes Discord config β Use top-level discord: section, NOT gateway.platforms. Auto-detection works.
4. Vault key corruption β SOPS vault's DeepSeek key is a 13-char placeholder. Source of truth: Ginnie's .env.
5. Same filename β same key β hermes_key on different servers has different fingerprints.
6. Discord plugin architecture β 2026.5.28: separate install. 2026.6.1: bundled but broken.
7. OpenClaw PERSONA.md is the ONLY auto-loaded file β No separate KNOWLEDGE.md. Embed everything.
| Repo | URL | Purpose |
|---|---|---|
| cfoth-ai | `https://github.com/auttapongb/cfoth-ai` | Bible, agent personas, configs |
cfoth-ai/
βββ bible/
β βββ THE_BIBLE.md β This document
βββ agents/
β βββ godji/SOUL.md β Commander persona
β βββ ginnie/SOUL.md β Detail worker persona
β βββ babigon/SOUL.md β Creative worker persona
β βββ monaco/PERSONA.md β Watcher persona
βββ configs/
βββ ginnie-config.yaml β Sanitized (keys redacted)
βββ babigon-config.yaml β Sanitized
βββ monaco-config.yaml β Sanitized
| Schedule | Job | Purpose |
|---|---|---|
| `*/15 * * * *` | `bash /opt/openclaw-monaco/scripts/proactive_watch.sh` | Monaco health checks |
| `0 * * * *` | `cp /root/.hermes/kanban.db /backup/kanban-$(date +%H).db` | Kanban backup |
| `0 0 * * *` | Reset watcher_state.json counters | Daily crash counter reset |
| Path | Purpose |
|---|---|
| `~/.hermes/config.yaml` | Godji Hermes config |
| `~/.hermes/.env` | API keys (chmod 600) |
| `~/.hermes/SOUL.md` | Commander persona |
| `~/.hermes/secrets/secrets.enc.yaml` | SOPS encrypted vault |
| `~/.hermes/secrets/age-key.txt` | Vault decryption key |
| Path | Purpose |
|---|---|
| `~/.hermes/config.yaml` | Ginnie Hermes config (port 18789, profile: ginnie) |
| `~/.hermes/.env` | Ginnie API keys (chmod 600, has real DeepSeek key) |
| `~/.hermes/profiles/babigon/config.yaml` | Babigon config (port 18789) |
| `~/.hermes/profiles/babigon/.env` | Babigon API keys (chmod 600) |
| `/opt/openclaw-monaco/openclaw.json` | Monaco primary state (35-char DeepSeek key) |
| `/opt/openclaw-monaco/config.yaml` | Monaco supplementary config |
| `/opt/openclaw-monaco/workspace/watcher_state.json` | Crash loop tracking |
| `/opt/openclaw-monaco/scripts/proactive_watch.sh` | Health check script |
| `/root/.hermes/kanban.db` | Kanban SQLite database |
| `/var/www/dashboard/` | Dashboard HTML files |
| `/etc/nginx/sites-available/dashboard` | Nginx config for dashboard.cfoth.ai |
Every cross-agent process in the fleet follows one of these flows. Ownership is non-negotiable β if something breaks, the owner fixes it.
| Step | Who | What |
|---|---|---|
| 1 | **User** | Sends request to Godji via Discord |
| 2 | **Godji** | Decomposes into Kanban task(s), assigns to Ginnie or Babigon, sets status `ready` |
| 3 | **Dispatcher** (system) | Polls for `ready` tasks, claims, spawns worker: `hermes -p |
| 4 | **Worker** (Ginnie/Babigon) | Reads task, executes work, uploads proof (screenshots / .md / .doc), calls `kanban_complete()` |
| 5 | **Dispatcher** (system) | Records completion, sets status `done` |
| 6 | **Godji** | Checks DONE column, verifies proof exists. β Verified β stays DONE. β No proof β reset to `ready` + feedback comment |
| 7 | **Godji** | Reports verified result to User via Discord |
Golden rule: Workers produce proof. Godji verifies proof. No task stays DONE without Godji's check.
| Domain | β Port | Service (PM2) | Serves | Owner |
|---|---|---|---|---|
| `dashboard.cfoth.ai` | `:8888` | `dashboard` | Bible + Nav (/) , Bible only (/bible), Kanban (/kanban β :8899) | **Godji** |
| `naruto.cfoth.ai` | `:4790` | `naruto-web-ui` | Jutsu Sandbox + 27 tutorials | **User** |
| `capture.sasin.cfoth.ai` | `:8896` | `capture-server` | Screenshot/media capture | **User** |
| `brain.cfoth.ai` | `:8400` | `brain-server` | Second Brain / n8n | **User** |
All nginx configs in /etc/nginx/sites-enabled/. Certificates via Let's Encrypt.
| Watcher | How | Frequency | Owner | Alerts to |
|---|---|---|---|---|
| **Cron Watchdog** (job `7e5c80c5628b`) | SSH β `kanban_watchdog.py` on New Contabo | Every 2 min | **Godji** | Discord (origin) |
| **Monaco** | OpenClaw health checks + auto-fix rules | Continuous | **Monaco** | Creates Kanban alert tasks |
Watchdog script location: /root/.hermes/scripts/kanban_watchdog.py (New Contabo).
Cron runs on Old Contabo (Godji's machine).
| Step | Who | Action |
|---|---|---|
| 1 | **Godji** | Backup: `git add` β `git commit` β `git push` to GitHub |
| 2 | **User** | Approves the change |
| 3 | **Godji** | Apply to live system (edit file, PM2 restart, curl verify) |
| 4 | **Godji** | Propagate to agent SOUL.md files (Ginnie, Babigon, Monaco) |
| 5 | **Godji** | Push final state to GitHub as rollback anchor |
Iron Rule #10: Never modify live content without GitHub backup + User approval. Every change must be git revert-able.
| File | Location | Owner | Backup |
|---|---|---|---|
| Bible (source) | `/root/cfoth-ai/bible/THE_BIBLE.md` | Godji | GitHub |
| Bible (live) | `/root/projects/dashboard/index.html` | Godji | GitHub |
| Godji SOUL.md | `/root/.hermes/SOUL.md` | Godji | GitHub |
| Ginnie SOUL.md | `~/.hermes/profiles/ginnie/SOUL.md` (New Contabo) | Godji | GitHub |
| Babigon SOUL.md | `~/.hermes/profiles/babigon/SOUL.md` (New Contabo) | Godji | GitHub |
| Monaco SOUL.md | `/opt/openclaw-monaco/.openclaw/workspace/SOUL.md` | Godji | GitHub |
| Kanban DB | `/root/.hermes/kanban.db` (New Contabo) | System | Hourly cron |
| Dashboard server | `/root/projects/dashboard/server.py` (New Contabo) | Godji | GitHub |
| Naruto files | `/opt/naruto-project/` (New Contabo) | User | GitHub |
| Nginx configs | `/etc/nginx/sites-enabled/` (New Contabo) | Godji | β οΈ Manual |
| Kanban watchdog | `/root/.hermes/scripts/kanban_watchdog.py` (New Contabo) | Godji | GitHub |
| Secrets vault | `/root/.hermes/secrets/secrets.enc.yaml` | Godji | β οΈ NEVER commit |
| Question | Answer |
|---|---|
| Who creates tasks? | **Godji** (from User requests) or **Dashboard form** |
| Who executes tasks? | **Ginnie** (detail) or **Babigon** (creative) |
| Who routes tasks to workers? | **Kanban dispatcher** (system, auto) |
| Who verifies completed work? | **Godji** (checks DONE column for proof) |
| Who monitors fleet health? | **Monaco** (continuous) + **Cron watchdog** (2-min polls) |
| Who updates the Bible? | **Godji** (User approval + GitHub backup first) |
| Who maintains services? | **Godji** (PM2, nginx, dashboard, agent configs) |
| Who decides what to build? | **User** |
| Who owns the Kanban board? | **System** (auto-managed, hourly backups) |
| Who restarts crashed services? | **Monaco** (auto-fix rules) or **Godji** (manual) |
*ζ€θ΄ (End of Bible v2.0)*
*Sola Scriptura β The Bible alone is sufficient.*