This summarizes engineering lessons from implementing Bronze -> Platinum tiers.
- A simple folder state machine (
Pending_Approval,Approved,Rejected,Done) is auditable and understandable. - It reduces accidental side effects compared to direct autonomous API actions.
- Explicit cloud/local ownership (
AGENT_ROLE,STRICT_WORK_ZONES) prevents mixed responsibility. - Cloud draft-only mode significantly reduces blast radius for always-on automation.
- Moving files into
In_Progress/<agent>is an effective lock primitive on a shared vault. - It avoids duplicate execution without central coordination infrastructure.
- Centralizing external actions through MCP servers simplifies policy enforcement.
DRY_RUNand rate limiting are easier to apply consistently at this boundary.
- Social/web actions (Facebook/LinkedIn/WhatsApp) need session-capture workflow and clear operator tooling.
- Headless-only assumptions are fragile during setup and auth refresh.
- Heartbeats, structured logs, and daily summaries are required for trust in unattended runs.
- Without clear logs, debugging multi-step failures is expensive.
- HTTPS, backups, health checks, and PM2 restarts are not optional at Platinum.
- Deferring them causes reliability regressions late in integration.
- As architecture evolves, integration tests can silently become legacy.
- Keeping tests aligned with current contracts is as important as adding new tests.
- Add explicit dashboard session-capture actions for social channels.
- Add stricter dashboard auth/CSRF/session controls.
- Add continuous compliance checks that validate tier requirements from source checklist.