Command Center
Next Actions
The live task board for what is next and who owns it.
| Task | Lane | Owner | Priority | Status | Detail |
|---|---|---|---|---|---|
| Business name search | Legal/Business | User | P0 | Not started | Search SC business filings and USPTO for NyrA/Nyra Swarm/NyrA Little Buddy conflicts |
| Choose entity path | Legal/Business | User | P0 | SC LLC selected | SC LLC path saved as Porter Labs LLC in command center; formation evidence uploaded and filing remains in progress |
| File SC LLC if chosen | Legal/Business | User | P0 | In progress | Porter Labs LLC SC registration is in progress via uploaded ZenBusiness evidence; formation date still not issued |
| Get EIN | Legal/Business | User | P0 | Blocked on formation | Apply through IRS after the LLC formation date is issued; current evidence shows EIN not started |
| Open/confirm business bank | Finance | User | P0 | Blocked on entity/EIN | Separate revenue from personal money |
| Stripe identity/tax setup | Payments | User | P0 | Waiting on tax/pricing | Use Porter Labs LLC and porterlabz.com for Stripe identity after tax decision, price, portal, and legal review clear |
| Choose monthly price | Payments | User | P0 | Open | Pick first monthly SKU price using the Pricing Model page; model currently supports a $25 planning scenario with payment/provider/support reserves, but final price needs user approval |
| Choose hosted AI cap | Payments/Product | User | P0 | Open | Define included usage and over-cap behavior using the Pricing Model page; model currently calculates a hosted-message cap from token and margin assumptions because BYOK is later |
| Pricing and hosted AI cap model | Payments/Product | Codex | P0 | Ready | Pricing model script docs snapshot CSV and command-center Pricing page estimate Stripe fees provider token cost support/infra/refund reserves target margin minimum price and recommended hosted AI cap |
| Create Stripe product/price | Payments | Codex | P0 | Ready | Use billing:stripe-setup after price and Stripe key are ready |
| Configure Customer Portal | Payments | User/Codex | P0 | Open | Enable cancellation, invoices, payment methods |
| Billing live rehearsal | Payments/QA | Codex | P0 | Ready | Guarded preflight and rehearsal scripts plus command-center Billing Rehearsal page now check Stripe key mode, required webhook events, Customer Portal/support/legal blockers, HTTPS URLs, no repo secrets, and live-mode safety flag before checkout is exposed |
| Payment Launch Pack | Payments/QA | Codex | P0 | Ready | Payment Launch Pack now generates JSON CSV Markdown dashboard workbook Today Brief queue Stripe product/price setup sequence Customer Portal/webhook/backend/secret-store actions test rehearsal commands and live-payment no-go rules |
| Approve billing backend host and secrets | Payments/Cloud | User | P0 | Open | Choose container host and backend domain, create private secret values, choose an absolute mounted persistent entitlement path or managed database path, then provide webhook URL/secret through the dashboard without committing secrets |
| Deploy billing backend | Engineering | Codex | P0 | Ready | Standalone Node 24 billing backend deploy pack and Cloudflare Worker/D1 billing path are ready with manifests checklists health checks required secret lists route coverage storage probes entitlement writes idempotent webhook handling and test:billing-deploy/test:billing-storage/cloud:billing:check/test:cloud-billing-worker; actual hosted deployment still needs domain host or Worker URL D1 database ID secrets Stripe webhook Customer Portal price hosted AI cap support inbox and persistent managed storage |
| Cloud billing Worker/D1 | Payments/Cloud | Codex | P0 | Ready | Cloudflare Worker nyra-billing-api implements Stripe-hosted Checkout Customer Portal webhooks license status checkout-session claim device-scoped access tokens D1 entitlement/customer/event/device storage and local route tests; live use still needs Cloudflare account D1 database ID Worker URL Stripe test/live secrets price webhook endpoint support email legal URLs and dashboard origin |
| Wire desktop activation | Engineering | Codex | P0 | Ready | Settings license panel now supports checkout session activation, refresh, cached grace state, read-only customer ID, and device-token portal access |
| Production license auth model | Payments/Engineering | Codex | P0 | Ready | Checkout-session claim plus device-scoped access token flow is implemented locally; deploy backend and connect live Stripe webhooks before paid beta |
| Draft privacy policy | Legal/Privacy | Codex | P0 | Ready | Privacy draft now covers mic camera screen memory passive logs third-party AI billing support cloud dashboard provider flows export/delete consent and breach posture |
| Legal policy packet | Legal/Privacy | Codex | P0 | Ready | Privacy Terms EULA Refund/Cancellation Security and Legal Review Packet drafts now exist as repo files command-center pages and a Word review packet |
| Attorney review | Legal | User | P0 | Open | Review docs/policies drafts and NyrA_Legal_Review_Packet.docx before publishing policies or taking live payments |
| Create support inbox | Support | User | P0 | Open | Create/confirm nyrasupport@gmail.com or domain email |
| Support diagnostics and runbook | Support | Codex | P0 | Ready | Settings now exposes Export Support Diagnostics with redacted app runtime consent license provider and local-data-count metadata; support runbook covers intake ticket categories diagnostics billing/refund workflow canned replies and no-go conditions; live support still needs inbox ownership and ticket roundtrip |
| Buy domain | Marketing/Web | User | P0 | Domain saved | porterlabz.com is saved as the public product and policy domain; DNS and hosted deployment handoffs still pending |
| Landing page | Marketing/Web | Codex | P0 | Ready | Generated local launch site with safe claims, product screenshots, policy links, readiness blockers, and checkout disabled until price hosted AI cap domain support live Stripe and review gates are ready |
| Code signing | Release | User/Codex | P0 | Open | Release Trust Decision Form now maps direct signed installer Microsoft Store both-channel and hold-unsigned paths; user still must buy/verify signing certificate or choose Store trust before paid beta |
| Windows installer version | Release | Codex | P0 | Active | Internal alpha metadata is set to version 0.1.0-alpha.76, appId com.porter.nyra.swarm-little-buddy, product name NyrA Swarm Little Buddy; desktop evidence SHA256 1978e0e49e3776c3d9fb56192f2d9eb4a3be709afbbfc303db8d25698f143edf; Android 0.1.0-alpha.76 versionCode 76 SHA256 ea425cf64d0fb71331f64ff0a8e290f19f0f5fbc51ec3518ef149a20f882d99d; release notes known issues rollback manifest checksums installer rehearsal release-trust decision packet and release-candidate preflight are wired; current verdict is Internal Alpha Only until signed/store-trusted installer evidence and paid-beta handoffs clear |
| Release package evidence | Release | Codex | P0 | Ready | Release runbook release notes known issues rollback plan release-manifest and SHA256SUMS generation are wired into clean build; command center release package page renders manifest checksums signing status and blockers |
| Clean production build path | Release/QA | Codex | P0 | Ready | npm run build:clean copies the repo outside Google Drive, reinstalls dependencies, runs license/billing/production/cloud gates, builds G:/My Drive/AI Stuff/desktop-buddy/release/0.1.0-alpha.76/win-unpacked/NyrA Swarm Little Buddy.exe, refreshes release evidence, and syncs command-center release metadata for 0.1.0-alpha.76 |
| Paid feature entitlement gate | Payments/Engineering | Codex | P0 | Ready | Main-process IPC gate now blocks API swarm chat voice realtime screen capture computer control file/app control and developer terminal unless an active cached license remains inside offline grace; denied paid actions return NYRA_PRO_REQUIRED; checkout and activation stay reachable |
| Security gates | Engineering | Codex | P0 | Ready | Paid entitlement gate, OpenAI storage gate, terminal env gate, main-process high-impact approval enforcement, first-run consent/privacy gates, and typed IPC hardening now exist with static/runtime release gates |
| Typed IPC hardening | Engineering Security | Codex | P0 | Ready | Preload bridge now uses allowlisted invoke send and listen channels, store-key allowlist, payload shape and size validation, unsafe URL protocol blocking, and sanitized listener events; typed IPC static/runtime tests are wired into clean build |
| High-impact action approval gate | Engineering Security | Codex | P0 | Ready | Main-process gate returns NYRA_HIGH_IMPACT_APPROVAL_REQUIRED for payment credential account-changing destructive system-setting installer/script data-sharing and developer-terminal risks; normal runs show an Electron approval dialog and automated runs deny deterministically |
| Dependency security audit | Engineering Security | Codex | P0 | Ready | Upgraded Electron to 42.3.0, electron-builder to 26.8.1, Vite to 8.0.14, Vite React plugin to 6.0.2, and Vite Electron plugins to 1.0.0; clean build now reports 0 npm audit vulnerabilities |
| Consent and memory controls | Engineering | Codex | P0 | Ready | First-run consent step Settings Privacy & Consent panel NYRA_CONSENT_REQUIRED main-process enforcement local privacy export and memory/log deletion are implemented for mic camera screen computer control third-party AI local memory and passive context log |
| QA launch matrix | QA | Codex | P0 | Ready | QA launch matrix now maps command-center launch-site billing-deploy license billing paid-feature high-impact privacy-consent typed-IPC policy production cloud Windows package clean-build and targeted computer-use stop/realtime/camera gates; test:qa-launch-matrix verifies scripts docs and build-clean coverage |
| Demo video | Marketing | Codex | P1 | Active | Storyboards shot lists captions recording checklist and demo/ad scenes now exist; final recording waits for final UI pricing billing support policy URLs and screenshots |
| Visual asset readiness inventory | Visual Assets | Codex | P0 | Ready | npm run visuals:inventory now tracks 23 screenshots diagrams launch-site assets and video rows across JSON CSV Markdown and the Visuals dashboard, and it prefers the latest available Android evidence instead of alpha46-only pointers; final screenshots remain unapproved until UI billing support and consent flows are frozen |
| Ad campaign | Marketing | Codex | P1 | Ready | Campaign kit now includes beta invite email sequence social posts ad variants campaign calendar safe claims and publication rules; final publication waits for domain price hosted AI cap checkout URL policy URLs and screenshots |
| Daily command-center intake | Product Program | Codex | P0 | Active | Automation inventory now verifies required NyrA Codex automations are real and active; daily agents read the Today Command Brief, Decision Recommendations, Handoff Routing Rehearsal, Handoff Action Pack, Agent Dispatch Pack, Dashboard and Collaboration answers, uploads, notes, handoff readiness, deployability blockers, release-candidate status, cloud state, marketing kit, visual status, and route newly cleared work |
| Secret store setup pack | Command Center Intake | Codex | P0 | Ready | Secret Store Setup now generates JSON CSV Markdown dashboard and workbook rows for Stripe billing Worker license signing command-center bearer token local cloud sync variables safe placeholder-only commands verification commands and no-raw-secret rules |
| Dashboard collaboration workspace | Product Program | Codex | P0 | Ready | Dashboard now exposes saveable handoff fields, Launch Setup Wizard, Daily Agents page, cloud/app-version/visual state, and command-center collaboration checks so it can function as the shared workspace between user and Codex |
| Decision recommendations | Command Center Intake | Codex | P0 | Ready | Decision Defaults now generates JSON CSV Markdown dashboard and workbook rows with recommended price hosted AI cap entity path support cloud release signing app-version and visual defaults while explicitly not clearing legal Stripe support cloud signing tax or secret-store handoffs |
| Deployability preflight | Product Program | Codex | P0 | Ready | Single live-money go/no-go preflight now generates deployability-snapshot.json deployability-blockers.csv DEPLOYABILITY_PREFLIGHT.md dashboard page blocker table action queue and daily-agent evidence from command-center state and environment |
| Collaboration handoff console | Command Center Intake | Codex | P0 | Ready | Collaboration page renders the live deployability blocker queue as exact user handoffs with dashboard page field upload slot status and next action so decisions and files can be entered in one operating space |
| Intake readiness scanner | Command Center Intake | Codex | P0 | Ready | npm run intake:scan generates handoff-readiness.json handoff-readiness.csv HANDOFF_READINESS.md and the Handoff Readiness dashboard page from saved fields uploads secret-store presence and deployability blockers |
| Command-center state concurrency guard | Command Center Intake | Codex | P0 | Ready | Shared command-center JSON writes now use atomic replacement and a lock-backed update path; npm run test:command-center-concurrency verifies overlapping deployability and intake agent runs keep both dashboard status blocks valid |
| Cloud dashboard deployment | Cloud Platform | Codex | P0 | Ready | Worker API D1 schema R2 upload path cron marker hardened auth JSON/request limits browser cloud connection private Pages dashboard artifact CLI push/pull/scan/roundtrip sync and test harness exist locally; deploy after Cloudflare account/domain/auth approval |
| Cloud Deploy Pack | Cloud Platform | Codex | P0 | Ready | Cloud Deploy Pack now generates JSON CSV Markdown dashboard workbook Today Brief queue Cloudflare resource targets safe placeholder commands D1/R2/Worker/Pages setup sequence first cloud sync commands and no-secret rules from the cloud deploy preflight |
| Cloud command-center sync | Cloud Platform | Codex | P0 | Ready | Dashboard can store a Cloud Worker API URL/token in browser localStorage only, save/pull state through the Worker, upload through R2-backed API, scan handoffs, classify Source Of Truth Map routes, record intake runs, and CLI scripts can health/push/pull/source-truth/scan/roundtrip once NYRA_COMMAND_CENTER_API_URL and NYRA_COMMAND_CENTER_TOKEN are set; Worker now validates JSON and upload limits and Pages artifact excludes local uploads/raw state before cloud deployment |
| Cloud Pages deploy pack | Cloud Platform | Codex | P0 | Ready | cloud/command-center-pages now contains Wrangler Pages config README and a generated public artifact with command-center HTML assets Excel/legal/release links no-index/no-store headers publish manifest and exclusion checks for uploads raw state and local server files |
| Approve Cloudflare cloud handoff | Cloud Platform | User | P0 | Open | Confirm Cloudflare account domain/subdomain admin email Cloudflare Access preference and approval to create D1/R2 resources |
| App version roadmap | Release/Product | Codex | P0 | Ready | Maintain editable 0.1.0 alpha/beta, 0.2.0 reliability, 1.0.0 launch, and future mobile companion criteria from dashboard decisions; roadmap source doc dashboard board daily version-agent queue mobile boundary and clean-build check are implemented |
| Physical phone bridge self-test evidence review | QA/Mobile Bridge | User/Codex | P0 | Blocked on physical phone proof | Reviewed the ready-for-Codex phone self-test row again on 2026-06-13. The latest saved evidence is NO_PHONE_SELF_TEST_LOG with passed=false, physicalPhone=false, and phone-evidence has 0 uploaded files, so it does not clear the physical-phone gate; keep pages/cloud-mobile-bridge.html, mobileBridge.lastPhoneSelfTest, phone-evidence, and the real phone rerun step visible. |