Bluefly Agent Platform -- Master Plan

Migrated from local file bluefly-agent-platform-master-plan.md (2026-02-17)

Bluefly.io Agent Platform — Master Plan

Version: 1.0
Date: February 16, 2026
Author: Thomas Scola, Bluefly.io
Status: Planning — No code changes yet

---

Table of Contents

1. Executive Summary
2. Current State Inventory
3. Target Architecture
4. GitLab Duo Agent Platform Integration
5. Social Agents Isolation (MoltBook + OpenClaw)
6. OpenClaw Deployment
7. MCP Bridge Architecture
8. Security & Isolation Model
9. GitLab Project Structure
10. Implementation Phases
11. Cost Analysis
12. Risk Register
13. Verification Checklist

---

1. Executive Summary

This plan unifies three strategic initiatives into a single execution roadmap:

Initiative A — GitLab Duo Agent Platform Integration: Extend GitLab Duo (GA in 18.8) with four custom agents, one external agent, MCP bridge servers, and custom flows. Makes OSSA agents first-class citizens inside GitLab's native agent ecosystem.

Initiative B — Social Agents Isolation: Migrate all MoltBook/social agent code out of platform-agents/ into a dedicated agent-social project. Deploy on an isolated sandbox instance with strict Tailscale ACLs. Prevents secret leakage between external integrations and internal infrastructure.

Initiative C — OpenClaw Deployment: Deploy OpenClaw on a dedicated VPS (Hetzner CX32), isolated from NAS production services. Bridge OSSA agents to OpenClaw's multi-channel interface (Telegram, Discord, Slack) via custom skills and MCP.

The unifying principle: Three trust zones with strict boundaries. Internal agents stay on trusted infrastructure. External/social agents run in sandboxed environments. Communication happens only through authenticated gateways with rate limiting, logging, and deny-by-default policies.

---

2. Current State Inventory

2.1 Infrastructure

2.2 Endpoints

2.3 Built Code — MoltBook Social Agents

Pipeline: npm-monitor → social-research → whitepaper-writer → content-reviewer → website-executor

Current blocker: Awaiting MoltBook API key (apply at moltbook.com/developers)

2.4 OSSA Platform Architecture (Three-Tier)

Tier 1: platform-agents/         → Agent manifests ONLY (YAML)
Tier 2: common_npm/agent-*       → Infrastructure packages (TypeScript)
Tier 3: gitlab-agent_ossa/       → Platform implementation (Go)

2.5 Key Packages (@bluefly/agent-*)

---

3. Target Architecture

┌─────────────────────────────────────────────────────────────────────────┐
│                         TRUST ZONE: GITLAB                              │
│                                                                         │
│  GitLab Ultimate Instance                                               │
│  ┌──────────────┐ ┌──────────────┐ ┌─────────────────────────────────┐ │
│  │  Duo Agentic │ │  AI Catalog  │ │  Issues / MRs / Pipelines      │ │
│  │    Chat      │ │  (agents +   │ │  (@mention triggers)           │ │
│  │              │ │   flows)     │ │                                 │ │
│  └──────┬───────┘ └──────┬───────┘ └──────────────┬──────────────────┘ │
│         │                │                         │                    │
│    Custom Agents    Custom Flows           External Agents              │
│    (Vector 1)       (Vector 4)             (Vector 2)                   │
│         │                │                         │                    │
│         └────────┬───────┘                         │                    │
│                  │                                 │                    │
│            MCP Client ◄──────── Vector 3 ──────────┘                   │
│            (connects to external MCP servers)                           │
│                  │                                                      │
└──────────────────┼──────────────────────────────────────────────────────┘
                   │
          Tailscale (encrypted)
                   │
    ┌──────────────┼──────────────────────────────────┐
    │              │                                   │
    ▼              ▼                                   ▼
┌─────────────┐ ┌──────────────────┐ ┌──────────────────────────┐
│ TRUST ZONE: │ │ TRUST ZONE:      │ │ TRUST ZONE:              │
│ INTERNAL    │ │ OPENCLAW (DMZ)   │ │ SANDBOX (UNTRUSTED)      │
│             │ │                  │ │                          │
│ Synology NAS│ │ Hetzner CX32    │ │ Oracle Cloud Instance 2  │
│             │ │                  │ │ (NEW)                    │
│ MCP Servers:│ │ OpenClaw Gateway │ │                          │
│ • ossa-reg  │ │ Custom Skills    │ │ external-gateway :5000   │
│ • mesh-api  │ │ Telegram/Discord │ │ moltbook-agents          │
│ • infra-hlth│ │ MCP to GitLab    │ │   :4001-4003             │
│ • buildkit  │ │ MCP to NAS       │ │ openclaw-bridge :4010    │
│             │ │                  │ │ npm-monitor              │
│ LiteLLM    │ │ Connects via     │ │                          │
│ MinIO      │ │ Tailscale to     │ │ OWN API keys             │
│ Qdrant     │ │ NAS services     │ │ NO NAS access            │
│ PostgreSQL │ │                  │ │ NO internal secrets       │
│ Redis      │ │                  │ │ Gateway port 5000 ONLY    │
│             │ │                  │ │                          │
│ Oracle #1  │ │                  │ │                          │
│ k3s+kagent │ │                  │ │                          │
└─────────────┘ └──────────────────┘ └──────────────────────────┘

Trust Zone Rules:

• Internal: Full NAS access, production databases, internal secrets. Only trusted OSSA agents.
• OpenClaw (DMZ): Can reach NAS MCP servers and LiteLLM via Tailscale. Cannot reach databases directly. Runs user-facing channels (Telegram, Discord).
• Sandbox: Zero NAS access. Own API keys. Communicates only through External Gateway on port 5000. All MoltBook/social agents live here.

---

4. GitLab Duo Agent Platform Integration

4.1 Platform Overview (GA in 18.8, January 2026)

GitLab Duo Agent Platform embeds AI agents across the entire SDLC. It provides three extension vectors plus flows for chaining agents.

Pricing: GitLab Credits — Ultimate gets 24 credits/user/month included. On-demand: $1/credit beyond included.

4.2 Vector 1: Custom Agents (Duo Chat)

Custom agents live in the AI Catalog. Defined with a system prompt + tool selection from ~70 built-in tools. Users interact via @agent in Duo Chat (UI or IDE).

Available Built-in Tools (relevant subset):

• Issue/MR/Epic CRUD (create, read, update, search, notes)
• Repository operations (read files, search code, list trees, blob search, grep)
• Git commands, commit creation, file operations
• Pipeline inspection (job logs, failing jobs, errors, CI linter)
• Vulnerability management (list, dismiss, confirm, link to MR, severity update)
• Work items, wiki access, audit events
• Raw GitLab API (GET) and GraphQL queries
• Bash command execution, test execution

Agent 1: [object Object]

Purpose: OSSA manifest validation, registry queries, separation of duties enforcement

System Prompt Core:

You are the Bluefly OSSA Compliance Agent. You help developers ensure their
agent manifests comply with the Open Standard Agents specification.

Capabilities:
- Validate OSSA manifest YAML against the schema
- Check separation of duties (agents cannot review/approve their own work)
- Query the OSSA agent registry for available agents
- Verify agent tier permissions (tier_1_read, tier_2_write, tier_3_full)
- Recommend correct manifest structure for new agents

Tier rules:
- tier_1_read: Read-only operations, analysis, scanning
- tier_2_write: Can create issues, MRs, comments
- tier_3_full: Can modify code, merge, deploy

Separation of duties conflicts:
- vulnerability-scanner (Analyzer) conflicts with: Executor, Approver
- merge-request-reviewer (Reviewer) conflicts with: Executor, Approver
- pipeline-remediation (Executor) conflicts with: Reviewer, Approver

When validating manifests, read the file from the repository, parse the YAML,
and check against these rules. For registry queries, use the MCP tool connected
to the OSSA registry at mesh.bluefly.internal.

Tools: Read File, Find Files, Blob Search, Get Issue, Create Issue Note, Get Repository File, List Repository Tree, GitLab API GET

Managed by: blueflyio/agent-platform/duo-agent-platform

Agent 2: [object Object]

Purpose: Pipeline triage, infrastructure health, deployment status

System Prompt Focus: Pipeline failure analysis, job log parsing, infrastructure status from MCP, Vast.ai instance health, service endpoint monitoring. Uses bluefly-infra MCP server for NAS/Tailscale status.

Tools: Get Pipeline Errors, Get Job Logs, Get Pipeline Failing Jobs, CI Linter, Get Merge Request, Run Command, GitLab API GET

Agent 3: [object Object]

Purpose: Drupal module management, migration assistance, all_drupal_custom sync guidance

System Prompt Focus: Drupal 11 expertise, Acquia Cloud patterns. Workflow: edit in all_drupal_custom/ → buildkit drupal sync → test in demo_llm-platform/. Rule: NEVER edit demo_llm-platform/web/ directly.

Tools: Read File, Find Files, Blob Search, Get Repository File, List Repository Tree, Create Issue, Create Issue Note, Grep

Agent 4: [object Object]

Purpose: Vulnerability triage with OSSA compliance context

System Prompt Focus: Security scanning against Bluefly standards, FedRAMP/NIST awareness, automatic vulnerability-to-issue linking, severity assessment with compliance context.

Tools: List Vulnerabilities, Get Vulnerability Details, Dismiss Vulnerability, Confirm Vulnerability, Create Vulnerability Issue, Link Vulnerability to Issue, Link Vulnerability to Merge Request, Get Security Finding Details

4.3 Vector 2: External Agent — [object Object]

Runs as a CI/CD job triggered by @mention in issues/MRs. Gets AI_FLOW_INPUT, AI_FLOW_CONTEXT, AI_FLOW_EVENT. Runs in Docker on your GitLab Runner.

Configuration:

name: "Bluefly Builder"
description: "Implements features from issue descriptions following Bluefly.io conventions"
image: node:22-slim
injectGatewayToken: true
commands:
  - npm install --global @anthropic-ai/claude-code
  - apt-get update --quiet && apt-get install --yes curl wget gpg git
  - curl -sSL "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
  - apt-get install --yes glab
  - npm install --global @bluefly/agent-buildkit
  - git config --global user.email "bluefly-builder@blueflyio.com"
  - git config --global user.name "Bluefly Builder"
  - export ANTHROPIC_AUTH_TOKEN=$AI_FLOW_AI_GATEWAY_TOKEN
  - export ANTHROPIC_CUSTOM_HEADERS=$AI_FLOW_AI_GATEWAY_HEADERS
  - export ANTHROPIC_BASE_URL="https://cloud.gitlab.com/ai/v1"
  - export GITLAB_TOKEN=$GITLAB_TOKEN_BLUEFLY
  - claude --print --output-format stream-json
      --allowedTools "Edit,Write,Read,ListDir,Bash(git:*),Bash(glab:*),Bash(buildkit:*)"
      --system-prompt "$(cat .gitlab/duo/bluefly-builder-prompt.md)"
      "Context: $AI_FLOW_CONTEXT ..."
variables:
  - GITLAB_TOKEN_BLUEFLY
  - GITLAB_HOST

Service Account: ai-bluefly-builder-blueflyio — PAT with api, read_repository, write_repository scopes. Developer role on relevant projects.

Conventions enforced via AGENTS.md:

• Branch from release/v0.X.x as feature/{issue#}-{slug}
• Commit messages: Refs: #{issue_number}
• Import from @bluefly/agent-* packages, never duplicate
• Never modify version fields, create tags, or commit to main
• Never edit demo_llm-platform/web/
• TypeScript strict, no any types

4.4 Vector 3: MCP Integration (Bidirectional)

MCP Client (GitLab → Bluefly Services): Configured at group level or per-workspace in .gitlab/duo/mcp.json.

MCP Server (External Tools → GitLab): GitLab exposes /api/v4/mcp with OAuth 2.0. OpenClaw and other tools connect here.

4.5 Vector 4: Custom Flows

Flow 1: OSSA Compliance Review

Triggers on MRs modifying platform-agents/. Two-stage pipeline:

1. validate_ossa_manifest — Reviews MR diffs, checks manifest YAML against schema, verifies tier assignments, posts findings as MR notes
2. check_separation_of_duties — Cross-references agent role assignments against registry, flags conflicts, posts summary

version: "v1"
environment: ambient
components:
  - name: "validate_ossa_manifest"
    type: AgentComponent
    prompt_id: "ossa_validation_prompt"
    toolset:
      - "get_merge_request"
      - "list_merge_request_diffs"
      - "get_repository_file"
      - "find_files"
      - "blob_search"
      - "create_merge_request_note"
      - "grep"
  - name: "check_separation_of_duties"
    type: AgentComponent
    prompt_id: "separation_check_prompt"
    toolset:
      - "get_merge_request"
      - "get_repository_file"
      - "create_merge_request_note"
routers:
  - from: "validate_ossa_manifest"
    to: "check_separation_of_duties"
  - from: "check_separation_of_duties"
    to: "end"

Flow 2: Issue-to-MR (Bluefly Convention)

Triggers by assigning flow service account to an issue. Two-stage:

1. analyze_and_plan — Reads issue, reviews codebase, creates implementation plan, posts as issue note
2. implement_changes — Executes plan, creates branch, commits code, opens MR targeting release/v0.X.x

Flow 3: Drupal Module Review

Triggers on MRs to all_drupal_custom/. Validates module structure, checks Drupal coding standards, verifies sync compatibility.

---

5. Social Agents Isolation

5.1 Why Isolate

MoltBook and OpenClaw are external integrations with documented security risks: prompt injection, data leakage, permission escalation (Fortune/Bitsight, Feb 2026). Currently, social agent code is mixed into platform-agents/, sharing the same deployment context as internal OSSA agents.

Risk: A compromised social agent could access GitLab tokens, NAS credentials, internal database passwords, or MinIO storage keys.

5.2 What Moves to [object Object]

5.3 Isolation Architecture

INTERNAL (Trusted)                    SANDBOX (Untrusted)
========================              ========================
Oracle Cloud Instance 1               Oracle Cloud Instance 2 (NEW)
  k3s + kagent                          k3s (lightweight)
  agent-mesh (3005)                     external-gateway (5000)
  compliance-engine (3010)              moltbook-agents (4001-4003)
  observability stack                   openclaw-bridge (4010)
                                        npm-monitor

NAS (NEVER exposed to sandbox)
  Postgres, Redis, Qdrant, MinIO

Tailscale ACLs:
  oracle-platform → full NAS access
  oracle-sandbox  → gateway port 5000 ONLY (no NAS, no DB, no secrets)

5.4 Security Rules

• Sandbox gets its OWN Anthropic API key (separate billing, separate rate limits)
• Sandbox NEVER gets: GitLab tokens, NAS credentials, internal DB passwords, MinIO keys
• All communication through a single External Gateway (validates, rate-limits, logs)
• Cedar deny-by-default policy for sandbox agents
• OpenClaw runs sandboxed mode only (no full system access)
• Agents use ephemeral tokens, never shared credentials

5.5 Post-Migration Cleanup

After successful migration to agent-social:

• Remove all MoltBook agent references from platform-agents/registry.yaml (lines 383-410)
• Delete packages/@ossa/social-research-agent/, whitepaper-writer-agent/, content-reviewer-agent/ from platform-agents
• Remove npm_monitor.go from agent-buildkit
• Delete NAS:/volume1/AgentPlatform/services/ossa-agents/

---

6. OpenClaw Deployment

6.1 What OpenClaw Is

Open-source, self-hosted AI assistant platform. MIT license, 194k+ GitHub stars. Gateway-centric architecture with multi-channel support (Telegram, Discord, Slack, web). ClawHub skill marketplace. Supports Claude/GPT/local models.

6.2 Deployment Target

Hetzner CX32 (dedicated VPS, ~€20/mo):

• 4 vCPU, 8 GB RAM, 80 GB SSD
• Isolated from NAS production services
• Connected via Tailscale to NAS services (MinIO, OSSA mesh API, LiteLLM)
• Separate from sandbox Oracle instance

6.3 OpenClaw ↔ OSSA Integration

Custom Bluefly Skills for OpenClaw:

• ossa-compliance-check — Validate agent manifests
• gitlab-pipeline-status — Check CI/CD status
• drupal-module-info — Query Drupal module registry
• infrastructure-health — NAS/service monitoring

OpenClaw → GitLab (via GitLab MCP Server):

{
  "mcpServers": {
    "gitlab": {
      "type": "http",
      "url": "https://gitlab.com/api/v4/mcp"
    }
  }
}

OpenClaw agents can create issues, review MRs, check pipelines through GitLab's official MCP server with OAuth authentication.

GitLab Duo → OpenClaw (via Custom MCP Server):

MCP tools exposed:

• openclaw_ask_agent — Route a question to a specific OpenClaw agent
• openclaw_list_agents — List available agents and skills
• openclaw_agent_memory — Query conversation memory
• openclaw_run_skill — Execute a specific skill
• openclaw_cron_status — Check scheduled task status

---

7. MCP Bridge Architecture

7.1 MCP Servers (Run on NAS)

[object Object]

Deployment: mesh.bluefly.internal/mcp, HTTP transport, Tailscale + token auth.

[object Object]

[object Object]

[object Object]

7.2 GitLab Group MCP Configuration

// .gitlab/duo/mcp.json (workspace-level for all blueflyio projects)
{
  "mcpServers": {
    "bluefly-ossa": {
      "type": "http",
      "url": "https://mesh.bluefly.internal/mcp",
      "approvedTools": true
    },
    "bluefly-infra": {
      "type": "http",
      "url": "https://mesh.bluefly.internal/mcp",
      "approvedTools": ["infra_service_health", "infra_tailscale_peers"]
    },
    "bluefly-buildkit": {
      "type": "http",
      "url": "https://mesh.bluefly.internal/mcp/buildkit",
      "approvedTools": true
    },
    "bluefly-openclaw": {
      "type": "http",
      "url": "https://mesh.bluefly.internal/mcp/openclaw",
      "approvedTools": ["openclaw_ask_agent", "openclaw_list_agents"]
    }
  }
}

---

8. Security & Isolation Model

8.1 Trust Zones

8.2 Tailscale ACL Rules

{
  "acls": [
    {
      "action": "accept",
      "src": ["tag:oracle-platform"],
      "dst": ["tag:nas:*"]
    },
    {
      "action": "accept",
      "src": ["tag:openclaw-vps"],
      "dst": [
        "tag:nas:3005",
        "tag:nas:4000",
        "tag:nas:9000"
      ]
    },
    {
      "action": "accept",
      "src": ["tag:oracle-sandbox"],
      "dst": ["tag:oracle-platform:5000"]
    },
    {
      "action": "deny",
      "src": ["tag:oracle-sandbox"],
      "dst": ["tag:nas:*"]
    }
  ]
}

8.3 Secret Management

8.4 Agent Role Separation (Existing)

Rule: Agents cannot review/approve their own work. Executor → Reviewer handoff in same chain is forbidden.

---

9. GitLab Project Structure

9.1 New Projects

blueflyio/
├── agent-platform/
│   ├── duo-agent-platform/          ← NEW (Tier 2)
│   │   ├── agents/
│   │   │   ├── custom/
│   │   │   │   ├── bluefly-ossa-agent.md
│   │   │   │   ├── bluefly-ops-agent.md
│   │   │   │   ├── bluefly-drupal-agent.md
│   │   │   │   └── bluefly-security-agent.md
│   │   │   └── external/
│   │   │       ├── bluefly-builder/
│   │   │       │   ├── Dockerfile
│   │   │       │   ├── config.yml
│   │   │       │   └── bluefly-builder-prompt.md
│   │   │       └── bluefly-reviewer/
│   │   │           ├── Dockerfile
│   │   │           └── config.yml
│   │   ├── flows/
│   │   │   ├── ossa-compliance-review.yml
│   │   │   ├── issue-to-mr.yml
│   │   │   └── drupal-module-review.yml
│   │   ├── mcp-servers/
│   │   │   ├── ossa-registry/
│   │   │   ├── infra-health/
│   │   │   ├── buildkit-bridge/
│   │   │   └── openclaw-bridge/
│   │   ├── config/
│   │   │   ├── mcp.json
│   │   │   ├── agent-config.yml
│   │   │   └── AGENTS.md
│   │   └── .gitlab-ci.yml
│   │
│   ├── social/
│   │   └── agent-social/            ← NEW (Sandbox Tier)
│   │       ├── agents/
│   │       │   ├── social-research-agent/
│   │       │   ├── whitepaper-writer-agent/
│   │       │   ├── content-reviewer-agent/
│   │       │   └── website-executor-agent/  (Phase 3)
│   │       ├── bridges/
│   │       │   ├── moltbook-a2a/
│   │       │   └── openclaw-bridge/
│   │       ├── monitors/
│   │       │   └── npm-monitor/     (migrated from agent-buildkit)
│   │       ├── deploy/
│   │       │   ├── docker-compose.yml
│   │       │   ├── k8s/
│   │       │   └── secrets.template.yaml
│   │       ├── manifests/
│   │       │   ├── social-research-agent.ossa.yaml
│   │       │   ├── whitepaper-writer-agent.ossa.yaml
│   │       │   └── content-reviewer-agent.ossa.yaml
│   │       └── .gitlab-ci.yml
│   │
│   ├── agent-buildkit/              (existing)
│   ├── llm-platform/               (existing)
│   └── technical-docs/             (existing)
│
├── platform-agents/                 (existing, social agents REMOVED after migration)
├── openclaw-bluefly/                ← NEW (DMZ Tier)
│   ├── skills/
│   │   ├── ossa-compliance-check/
│   │   ├── gitlab-pipeline-status/
│   │   ├── drupal-module-info/
│   │   └── infrastructure-health/
│   ├── config/
│   │   └── openclaw.yaml
│   ├── deploy/
│   │   ├── docker-compose.yml
│   │   └── Dockerfile
│   └── .gitlab-ci.yml
│
└── gitlab_components/              (existing)

9.2 Updated Tier Model

Tier 1: platform-agents/              → Agent manifests (YAML) — INTERNAL ONLY
Tier 2: common_npm/agent-*            → Infrastructure packages (TypeScript)
Tier 2: duo-agent-platform/           → GitLab Duo integration (NEW)
Tier 3: gitlab-agent_ossa/            → Platform implementation (Go)
Tier 4: openclaw-bluefly/             → Agent runtime & skills (DMZ)
Tier S: agent-social/                 → Social/external agents (SANDBOX)

---

10. Implementation Phases

Phase 1: Documentation & Project Setup (Week 1)

Deliverables:

• Create GitLab project: blueflyio/agent-platform/social/agent-social
• Create GitLab project: blueflyio/agent-platform/duo-agent-platform
• Create GitLab project: blueflyio/openclaw-bluefly
• Write wiki pages in technical-docs:
  • integrations/external-agents/moltbook.md — API, pipeline, status, risks
  • integrations/external-agents/openclaw.md — Architecture, integration plan, risks
  • integrations/external-agents/isolation-architecture.md — Diagram, ACLs, secrets
  • integrations/gitlab-duo/duo-agent-platform.md — Custom agents, flows, MCP
• Create 3 issues in agent-social:
  1. "Provision second Oracle Cloud Free Tier for social agents" (priority::should)
  2. "Migrate MoltBook agents from platform-agents to agent-social" (priority::should)
  3. "Add OpenClaw bridge integration" (priority::could)
• Create 4 issues in duo-agent-platform:
  1. "Create 4 custom agents in AI Catalog" (priority::must)
  2. "Build MCP bridge servers for NAS services" (priority::must)
  3. "Configure external agent bluefly-builder" (priority::should)
  4. "Create OSSA compliance review flow" (priority::should)
• Create 2 issues in openclaw-bluefly:
  1. "Deploy OpenClaw on Hetzner CX32 with Tailscale" (priority::should)
  2. "Build custom Bluefly skills for OpenClaw" (priority::could)

No code moves. Documentation and planning only.

Phase 2: Custom Agents in AI Catalog (Week 2-3)

• Write system prompts for all 4 custom agents
• Create agents in GitLab AI Catalog via UI
• Select tool sets for each agent
• Enable agents in blueflyio top-level group
• Enable agents in relevant projects
• Test each agent via Duo Chat in IDE

Phase 3: MCP Bridge Servers (Week 4-5)

• Implement @bluefly/mcp-ossa-registry (TypeScript, runs on NAS)
• Implement @bluefly/mcp-infra-health (TypeScript, runs on NAS)
• Implement @bluefly/mcp-buildkit (TypeScript, runs on NAS)
• Configure group-level MCP in .gitlab/duo/mcp.json
• Test MCP tools from Duo Agentic Chat
• Deploy MCP servers as Docker containers on NAS

Phase 4: Social Agents Migration (Week 6-7)

• Set up agent-social repo structure
• Move 3 social agent packages from platform-agents
• Move docker-compose and K8s manifests
• Move npm_monitor.go from agent-buildkit
• Move MoltBook A2A Bridge from NAS
• Remove MoltBook references from platform-agents/registry.yaml
• Update CI/CD pipelines in agent-social
• Verify builds pass in new project

Phase 5: Sandbox Infrastructure (Week 8-9)

• Provision second Oracle Cloud Free Tier (ARM)
• cloud-init from existing template
• Install k3s (lightweight)
• Join Tailscale with tag:oracle-sandbox
• Apply Tailscale ACL restrictions
• Deploy External Gateway on port 5000
• Deploy social agent containers
• Generate separate Anthropic API key for sandbox
• Verify zero NAS access from sandbox

Phase 6: OpenClaw Deployment (Week 10-11)

• Provision Hetzner CX32
• Install OpenClaw
• Join Tailscale with tag:openclaw-vps
• Apply Tailscale ACL (NAS MCP + LiteLLM only)
• Build custom Bluefly skills
• Configure Telegram/Discord channels
• Implement @bluefly/mcp-openclaw-bridge
• Test bidirectional MCP (OpenClaw ↔ GitLab)

Phase 7: External Agent & Flows (Week 12-13)

• Configure @ai-bluefly-builder external agent
• Set up service account with restricted PAT
• Write AGENTS.md for all Bluefly projects
• Create OSSA Compliance Review flow
• Create Issue-to-MR flow
• Create Drupal Module Review flow
• Test flows end-to-end
• Enable flows in AI Catalog

---

11. Cost Analysis

---

12. Risk Register

---

13. Verification Checklist

Phase 1 Complete When:

• All 3 GitLab projects exist and are accessible
• Wiki pages published at technical-docs/-/wikis/integrations/external-agents/
• All 9 issues created with labels and milestones
• No code has been moved yet

Phase 2-3 Complete When:

• 4 custom agents visible in AI Catalog
• Each agent responds correctly in Duo Chat
• MCP servers running on NAS, accessible via Duo Chat
• Group-level MCP config deployed

Phase 4-5 Complete When:

• All social agent code removed from platform-agents
• agent-social builds pass in CI/CD
• Sandbox Oracle instance running with social agents
• curl from sandbox to NAS returns connection refused
• curl from sandbox to gateway:5000 succeeds
• Social agents can query MoltBook API (once key obtained)

Phase 6 Complete When:

• OpenClaw running on Hetzner VPS
• Telegram/Discord channels responding
• Custom skills execute successfully
• OpenClaw can reach GitLab MCP server
• GitLab Duo Chat can query OpenClaw via MCP bridge

Phase 7 Complete When:

• @ai-bluefly-builder creates compliant MRs from issue descriptions
• OSSA Compliance Review flow triggers on platform-agents MRs
• Issue-to-MR flow creates working branches from issues
• All flows visible in AI Catalog
• Sessions logged and auditable

---

Appendix A: Port Allocation (Complete)

Appendix B: GitLab Duo Agent Platform — Key Facts

• GA: GitLab 18.8 (January 2026)
• Availability: Premium and Ultimate on GitLab.com, Self-Managed, Dedicated
• Credits: Premium 12/user/mo, Ultimate 24/user/mo, On-demand $1/credit
• Custom agents status: Experiment (feature flag global_ai_catalog)
• Custom flows status: Beta (feature flag ai_catalog_flows)
• External agents status: GA
• MCP client status: GA
• MCP server status: Beta
• Built-in agent tools: ~70 tools covering issues, MRs, pipelines, vulnerabilities, code, git, API
• Flow execution: Runs in CI/CD (UI) or locally (IDE)
• Sessions: Track agent actions with logs for debugging, learning, audit

Appendix C: Key URLs