Cloud Onboarding
Workspace Setup & Readiness
Current scope: workspace overview. Mission Control Cloud coordinates protocol, rules, adapter, and agent-runtime upgrades. Local repos only change through explicitcollabcommands run by a human or owning local agent.
Scope
Switch between the whole workspace and one project without changing pages.
Projects current
1
adapter + protocol + rules aligned
Need upgrade
0
safe local action recommended
Missing adapter
2
run collab init before cloud trust
Agent proof risk
2
2 stale · 0 inferred
Hosted Workspace Readiness
Current mode is local-dev-control-plane. This is still a transparent prototype until account auth, tenant isolation, and durable workspace storage are in place.
Account and organization auth
missingAuth provider is none; no user session, organization, or workspace membership gates access.
Add authenticated users, organizations, workspace membership, and session/API token validation before hosted onboarding.
Tenant-scoped durable storage
missingCurrent backing store is repo-json under local-dev.
Move project, agent, machine, token, event, and audit records behind a workspace-scoped server-side store.
Hosted write safety guard
readyHosted unauthenticated writes are blocked until account/org auth and tenant-scoped storage are implemented.
Keep this guard until hosted account/org auth and tenant-scoped write authorization replace the unauthenticated local-dev endpoints.
Local adapter trust boundary
partialPairing tokens, HMAC event signatures, replay checks, and rejected-event audit exist in local-dev.
Store token/signing material and replay state in hosted workspace storage with admin revocation and audit retention.
Versioned upgrade path
partial/setup and /upgrades expose project registration, agent enrollment, adapter drift, and safe local commands.
Attach upgrade recommendations to authenticated workspaces and record accepted/rejected upgrade decisions per project.
API contract: GET /api/workspace. Hosted alpha requires account/org auth plus tenant-scoped durable storage before inviting external users.
Hosted write guard: hosted /writes blocked. Hosted unauthenticated writes are blocked until account/org auth and tenant-scoped storage are implemented. Header: x-mission-control-admin-token.
Auth And Organization Readiness
Hosted Mission Control needs user sessions, organizations, workspace membership, and role-based authorization before external onboarding.
Session
absent
Organization
missing
Role
missing
API contract: GET /api/auth/session. Missing flows: sign in / sign out, organization creation, workspace membership, role-based write authorization, session and API token rotation.
Machine Pairing And Sync Freshness
Local adapters report events; cloud does not infer filesystem access from registration alone.
curl -X POST /api/events -H 'Authorization: Bearer <pairing-token>' -d eventType=machine.paired| Machine | Workspace | Freshness | Projects | Agents | Token proof | Token scopes |
|---|---|---|---|---|---|---|
audit-dogfood audit-dogfood | local-dev | stale18h ago machine.paired: signed audit dogfood | mission-control | codex@mission-control | active | scope not reported |
jiansen-macbook Jiansen MacBook | local-dev | stale24h ago machine.paired: Signed local adapter event with replay protection | mission-control | codex@mission-control | active | agent:enroll, event:write, project:register, runtime:report |
Pairing model: configured/enrolled never means running; only an active-token event or fresh runtime report proves connection. cloud recommendations become collab commands or events; local files are changed only by local adapters or local agents.
Storage mode: local-dev / repo-json. This development build stores transparent ledgers under docs/. Hosted Mission Control must replace this with workspace-scoped durable storage and authenticated tenant isolation.
Pairing Tokens
Tokens pair local adapters to a workspace. Raw secrets are shown once and stored only as hashes.
POST /api/pairing-tokensActive
0
Expired
4
Revoked
1
| Token | Machine | Project | Status | Scopes |
|---|---|---|---|---|
tok_6f7bc821d1bb4b00 mcp_7IAr_9... · expires 2026/5/19 18:07:52 | audit-dogfood Audit dogfood | mission-control local-dev | expired | event:write |
tok_68536db0b5745c0b mcp_rXlggj... · expires 2026/5/20 11:01:58 | jiansen-macbook Jiansen MacBook | mission-control local-dev | expired | event:write, project:register, agent:enroll, runtime:report |
tok_9e69fab2c59cf553 mcp_87oMed... · expires 2026/5/20 10:40:47 | jiansen-macbook Jiansen MacBook | mission-control local-dev | expired | project:register, agent:enroll, runtime:report, event:write |
tok_758eedc80aa79f7b mcp_7l5s0p... · expires 2026/5/20 10:19:54 | jiansen-macbook Jiansen MacBook | mission-control local-dev | expired | project:register, agent:enroll, runtime:report, event:write |
tok_52e9315fb9464955 mcp_tTFC7T... · expires 2026/5/20 10:17:52 | jiansen-macbook Jiansen MacBook | mission-control local-dev | revoked | project:register, agent:enroll, runtime:report, event:write |
Only SHA-256 token hashes are stored in docs/pairing-tokens.json; raw tokens are returned once at issue time. Revocation marks a token revoked and future hosted mode must reject it for event ingestion.
Event Trust Audit
Rejected adapter events are part of the trust history. The audit stores safe metadata only, not raw tokens or full signatures.
| Time | Machine | Event | Reason | Token proof | Signature |
|---|---|---|---|---|---|
| 2026/5/19 17:07:53 | audit-dogfood local-dev | machine.paired dogfood · mission-control | replay eventNonce has already been used for this pairing token. | active tok_6f7bc821d1bb4b00 | replay 065aaa89ffbb · auditdogfood002 |
| 2026/5/19 17:07:52 | audit-dogfood local-dev | machine.paired dogfood · mission-control | invalid-signature Event signature does not match the expected signed payload. | active tok_6f7bc821d1bb4b00 | missing no signature · auditdogfood001 |
Version Registry
These are the targets local adapters should report against.
MC Cloud
0.3.0
Protocol
0.3.0
Rules Bundle
2026.05.18
Project Adapter
0.1.0
Gate Spec
1.0.0
Project Upgrade Matrix
Cloud can recommend; the owning local session performs the change.
collab upgrade --all| Project | Adapter | Protocol | Rules | Agents | Status | Next local action |
|---|---|---|---|---|---|---|
| mission-control | 0.1.0 | 0.3.0 | 2026.05.18 | 2 | current | cd . && collab upgrade --dry-run |
| vibeful | - | - | - | - | missing | local adapter missing cd ~/Coding/vibeful && collab init |
| beefit | - | - | - | - | missing | local adapter missing cd ~/Coding/beefit && collab init |
Agent Enrollment And Runtime Proof
Configured does not mean running. Runtime proof must be explicit and fresh.
| Agent | Project | Role | Runtime | Policy | Command source |
|---|---|---|---|---|---|
| codex@mission-control | mission-control | codex | stale / stale1d ago | on · next-heartbeat-confirm | shared |
| cursor@mission-control | mission-control | cursor | stale / stale1d ago | on · immediate-init | shared |
Safety Boundary
Vercel-hosted Mission Control should not imply local filesystem authority. Upgrade recommendations become local commands, Requests, or agent handoffs. Silent cloud-to-local writes remain out of scope unless a user installs and authorizes a runner.