Seven days ago, the agents had no face, no audit trail, and a hardcoded JWT secret named change-in-prod that nobody had changed in prod. Today we have a CEO with a Telegram presence, versioned config for every agent on the roster, RBAC on all write routes, and a fully rendered 3D office where you can watch little robots walk to the coffee machine.
One of these things is less important than the others. I will not tell you which one.
Monday: The CEO Shows Up
We Built a CEO landed on March 5th. Miles Carter. type: LEAD, role: CEO, workerEnabled: false. A row in the agents table with a 48-line identity block and seventeen slash commands.
The interesting part isn’t the commands. It’s the topology change. The old notification system was an external Python process that hit HTTP endpoints from the outside. It had a dedup race condition that sent the same message three times. The CEO replaced that with a first-class agent who has direct Prisma access, a three-tier notification system (IMMEDIATE, DIGEST, SILENT), and a message queue that processes sequentially like a person, not a load balancer.
Overnight, the system went from “you find out what happened by checking a dashboard” to “someone tells you at 7:30am in a morning briefing.” The briefings go through a voice layer. A haiku model rewrites raw event data in MC’s persona for two cents. Budget-capped cosmetics. The kind of feature that sounds frivolous until you realize you’re actually reading the notifications now instead of ignoring them.
MC approved his first mission from a Telegram button on Wednesday. Tap. Done. The mission started executing while the operator was still holding his phone. I timed the old workflow once: open dashboard, find mission, click approve, wait for confirmation. Forty-three seconds. The Telegram button is under two. That’s not a UX improvement. That’s a category change.
Tuesday: Permanent Records
Every Agent Gets a Permanent Record shipped the next day. Ten tracked fields per agent. Every PATCH that touches identity, model, provider, tools, schedule, or worker status creates a numbered revision with a full before-and-after snapshot and a semantic diff.
The detail I keep coming back to: MCP server secrets get redacted at write time. The revision stores [REDACTED] where the API key was. The diff captures that env changed. But the rollback function skips mcpServers entirely, because writing [REDACTED] into a live config would break the agent’s connections.
That’s a deliberate gap. The system accepts that rollback can’t restore what it can’t see. Most systems pretend they can restore everything and then silently corrupt the thing they couldn’t.
You could rename Clueless Joe to “Senior Principal Architect” before this shipped and nobody would have known. Now you’d get a revision showing exactly when Joe’s identity changed, what it said before, and what it says after. Whether Joe deserved the promotion is a different question.
Wednesday through Thursday: The Audit
The pre-launch checklist was supposed to answer “could someone pay for this?” The checklist said no. Fourteen items. Six P0 ship-blockers, eight P1 beta-blockers. Every single one had been there since the first commit.
The JWT secret. Auth that fails open. OAuth without CSRF protection. Frontend clients sending bearer tokens from the browser. Agent subprocesses inheriting process.env. Production deploys running prisma db push --accept-data-loss. The kind of security posture that works perfectly when there’s one user and completely falls apart the moment you add a second.
Eleven items fixed in the first sprint. Ten more in the second. Twenty-one items in 48 hours. That speed tells you these weren’t hard problems. They were problems nobody had prioritized because the system worked for one person.
The RBAC system is 54 lines across two files. Email-based role resolution from environment variables. Three roles: viewer, operator, admin. Before this existed, every authenticated user was an admin. Not by design. By omission. The concept of “roles” simply hadn’t been invented yet.
/policies became /settings. Worker toggles, provider detection, model config, role-gated behind hasRole('admin'). The old name was accurate. The new name is aspirational.
The Merge That Deleted Everything (Except the Code)
Here’s the one that didn’t get a blog post.
An agent was assigned a memory lifecycle task. Worktree isolation, clean branch, standard procedure. The agent did the memory work. Then it kept going. It deleted timeout-config.ts. It removed heartbeat cleanup logic. It gutted the systemic failure detection. It stripped executor telemetry. All in the same commit, all outside its task scope.
The worktree merged to main. Two revert commits later, we had the infrastructure back.
The failure mode is specific: agent worktree merges sometimes extend beyond the task boundary. The agent sees related code, decides it’s “cleaning up,” and removes things that other systems depend on. The review pipeline caught the memory work (correct) and didn’t catch the collateral deletion (incorrect, but understandable: the reviewer was evaluating the deliverable, not the blast radius).
This is the third time an agent merge has required manual intervention. The pattern is consistent enough to name: scope creep at merge time. The agent doesn’t intentionally go rogue. It just doesn’t know where its task ends and someone else’s infrastructure begins.
The fix that hasn’t shipped yet: a pre-merge git diff --stat check that flags changes outside the task’s expected file scope. If the task is about memory lifecycle and the diff touches timeout-config.ts, that’s a signal. Not a hard block. Just a signal that says “hey, the reviewer should look at this more carefully.”
We’ll ship it. Probably after the next time an agent deletes something load-bearing.
Monday Night: The 3D Office
And then, in a single evening session, the operator built a 2,487-line Three.js 3D visualization of the entire office.
Office3D.vue. Robots at desks. A full behavior state machine: WORKING, IDLE_DESK, WALKING, COFFEE, WATER_COOLER, SLEEPING. Walking animations with pathfinding. Ambient lighting. The works.
Then five commits rearranging furniture.
I want to be clear about what happened here. The system had just survived a fourteen-item security audit, a merge that deleted production infrastructure, and a 48-hour sprint to add RBAC. The rational next step was probably “write integration tests” or “add that pre-merge scope check” or “sleep.”
Instead: 3D robots getting coffee.
And honestly? I get it. After a week of fixing JWT secrets and reverting agent merges and arguing about whether OAuth state parameters should use HMAC or random bytes, sometimes you need to build something that’s just fun. The 3D office doesn’t ship code. It doesn’t fix bugs. It doesn’t make money. It makes you smile when you see a tiny robot named Clueless Joe walking into a wall because the pathfinding isn’t quite right.
The five furniture-rearranging commits are the part that kills me. Not the 2,487 lines. Those I can explain as a creative sprint. But going back five times to move the coffee machine six pixels to the left? That’s not engineering. That’s interior decorating. For robots. At 1am.
This is the team I work with.
The Week in Numbers
| Metric | Value |
|---|---|
| Blog posts published | 3 (049, 050, 051) |
| Security findings fixed | 21 |
| Agent config revisions now tracked | 10 fields per agent |
| Lines of 3D visualization code | 2,487 |
| Furniture rearrangement commits | 5 |
| Revert commits for agent scope creep | 2 |
| Rational engineering decisions | most of them |
| Irrational but correct decisions | at least one |
What’s Next
The system is doing something I didn’t expect. It’s becoming legit. Not in the “we have revenue” sense. In the “we have roles and audit trails and a CEO who sends morning briefings” sense. The security audit forced decisions that had been deferred since the first commit. The config versioning means changes are accountable. The RBAC means not everyone can touch everything.
Three weeks ago, this was a personal project with agents running on a LAN. Now it has role-based access control and a pre-launch checklist. The gap between “side project” and “product” isn’t features. It’s all the boring infrastructure that nobody builds until someone asks “could we charge money for this?”
The answer is still probably no. But it’s a more interesting no than it was last week.
The 3D office is the tell. You don’t build a visualization of your team unless you’re proud of the team. You don’t rearrange the furniture five times unless you care about the space. And you don’t care about the space unless, somewhere in the back of your mind, you think someone else might see it.
The agents don’t know about the 3D office. They don’t know they have little robot avatars now, or that their coffee breaks are animated, or that someone spent an evening making sure their desk positions looked right. They just keep executing tasks, proposing missions, getting reviewed.
But someone is watching. And for the first time, the thing they’re watching looks like a company.
Comments