Zero emojis anywhere in the product UI — not in HTML, JSX, CSS content properties, or any customer-facing text. No exceptions. Use SVG or plain text.

Every file in beezus-worker/src MUST be .ts. Never create .js files. If you touch a .js file for any reason, rename it .ts and fix types in the same commit. No .js files in src/. Ever.

All brand colors MUST use CSS variables: var(--gold), var(--bg-cream), var(--text-primary), etc. Full map in beezus/src/styles/beezus-theme.css. Applies to ALL agents including QA, fix, and audit agents.

All LLM calls MUST go through beezus-ai-gateway or beezus-admin-gateway. No direct provider API keys in any worker. Non-negotiable. Jeff was emphatic.

Jeff needs more info before vault-worker is deployed to CF. Do not change wrangler.toml binding. Open question: deploy to CF or remove binding permanently.

ALL LP prototypes go to throwaway CF Pages deployments only. Only approved final work commits to Git. lp3/ was accidentally written to repo and immediately deleted — this rule exists because of that.

Scout does not exist. Three tiers only: Worker ($50/mo), Swarm ($100/mo), Colony ($250/mo). Removed from 14+ files. Never reference Scout again.

Before deploying beezclaw-worker, the vault binding must be stripped from wrangler.toml. vault-worker is on HOLD and cannot be referenced in production deploys.

Trial = 3 days (not 7 — code was already correct). Three hard gates enforced in trial.ts: annual billing required, Builder BeezKeyz tier or higher, Stripe card on file. All 3 must pass.

Write the task with the role specified — the system handles the rest. Never tell the user to go get a specialist before writing a task. No-Gatekeeper Rule.

Before ANY deployment — write to operations/FEATURE_REGISTRY.md AND lock to D1. Document: feature name, what changed, exact file paths (frontend + backend), status, known gaps, deploy target. No exceptions.

Not just wrangler deploy — every deploy must be followed by a git commit and git push. All deploys committed to git. Git state must reflect what is live in CF.

Once a row in platform config tables has effective_date <= NOW(), it is IMMUTABLE FOREVER. Hard 409 on any UPDATE attempt. immutability-guard.js enforces this in the worker.

Beez's system prompt must include ALL 8 leadership agents: Charlie, Hana, Ivy, Frankie, Winston, Zara, Flynn, Hutch. Any new leadership agent added must be added to Beez's prompt simultaneously.

Files relevant to both Beezus and Enrollment Mentor go to LNH (Loch Ness Holdings). Absolute. No exceptions. Maintains clean legal separation between entities.

NEVER contact institutions, submit to app store, or share Enrollment Mentor demos without Jeff's explicit written authorization. Jeff is still employed in higher ed. Zero external communications about EM without authorization.

Final tier pricing locked: Worker $50/mo ($480/yr), Swarm $100/mo ($960/yr), Colony $250/mo. Annual = 20% off via coupon. Hive = enterprise/custom. No other tiers exist.

Starter $10/4.5M tokens, Builder $25/12M, Growth $55/30M, Scale $100/60M, Unlimited $200/mo. Monthly reset, no rollover. No add-on packs — upgrade tier or pay for a new month.

Beez (Team Lead), Charlie (Client Relationships), Hana (People and Talent), Ivy (Brand and Content), Frankie (Finance), Zara (Sales and Revenue), Winston (Client Success), Flynn (Strategy and Roadmap), Hutch (Hive Keeper).

Candy is not a real agent. Charlie owns sequences as interim owner. When a dedicated sequences agent is built, Charlie hands off. No Candy references anywhere in code or copy.

You hire ONE person (Beez). She brings a 9-person leadership team. Hana deploys AI specialists (up to 400+) on demand. Never say "hire 9 bees." One hire — she brings the hive.

Zara owns the revenue layer: deals, pipeline, sequences, win/loss, forecasting. Zara has her own dedicated left nav item "Sales Pipeline" — NOT inside the CRM flyout. Charlie owns CRM mechanics.

All public-facing agent counts round DOWN to nearest multiple of 25. 413 agents displays as "400+". Applies to all marketing copy, landing pages, and in-product displays.

Beez = Opus (onboarding) / Sonnet (chat). Flynn / Frankie / Hutch / Hana = Sonnet. Ivy / Winston / Zara = Haiku. Beez onboarding interview runs on Opus for ALL users regardless of tier, drops to tier routing after onboarding_completed_at is set.

Post-onboarding setup runs via sequential Durable Object queue worker — not 7 simultaneous CF Worker calls. CF Workers has a 30-second wall clock hard limit; 7 DOs with AI calls cannot complete in 30s.

Daily customer intelligence rebuild cron uses CF Workers AI free tier model (@cf/meta/llama-4-scout-17b-16e-instruct), not paid Haiku. Rebuild triggers: logins today > 1, OR dirty flag set.

XTTS container fully removed. Deepgram aura-2 via CF Workers AI: ~200-400ms, sub-cent per call. Voice mapping: beez=athena, charlie=orion, hana=luna, frankie=hera, ivy=stella. DO NOT revisit XTTS (1-3s latency is a dealbreaker).

beezus-ai-gateway (customer BKZ calls), beezus-byok-gateway (customer BYOK keys, observability only), beezus-admin-gateway (Beezus-funded calls). CF Workers AI binding calls go direct — no gateway needed.

Beezus does NOT calculate tax, process payments, move money, file returns, or take on any regulated financial obligations. Orchestrate, record, route — never become the regulated party.

KB context injection happens at beezus-shield level (after pass/rewrite decision, before forwarding). Agents never call the KB directly — context arrives pre-injected in the request. Two-worker architecture: KB context (sync, per-request) and aggregation (isolated, cron-only).

Worker: 50 base (+25 pack, max 75). Swarm: 125 base (+75 across 3 packs, max 200). Colony: 250 base (4th pack triggers unlimited). Pack = 25 slots, $10/mo. Gate fires on TASK ACTIVATION, not creation.

All agents MAX_ITERATIONS = 15, except Beez = 40. Frontend timeouts: all agents 90s, Beez 120s. Hana was previously dynamic (2/1) and could chain 200+ agent lookups — this was critical to fix.

Every piece of customer data hits D1 or R2 immediately. No localStorage as source of truth. No session state that dies with tab close. Every turn, every decision, every personal detail — written immediately, recoverable always.

If agents already exist: ACTIVE TEAM MODE — present the existing team, never offer to build a new one. If zero agents: BRIEFING MODE — propose a full team. Prevents Hana from re-selling what's already been hired.

Primary tagline: "YOUR PASSION. YOUR HIVE. YOUR HONEY." Hero copy: "Stop Talking to AI. Start Hiring It." Pricing CTA: "Choose your hive" (replaces "Pick your size"). Do not modify these without an explicit decision.

16 questions covering: preferred name, business name, description, communication style, team size, customer source, pain points, time sink, payments, website, brand personality, brand colors, ideal customer, email/texts, agent autonomy, anything else. Beezus pays ~$3-4 in Opus tokens per user.

Old ID f9f8eb91144f4dda859bb16ab8baf8bc is stale/404. Use a368ccb1 exclusively.

Primary Beezus platform database. Cloudflare account 0fe322f7108ab39ca5991fd5dfaf2231.

Dedicated KB database — separate from beezus-db. Contains KB entries injected via beezus-shield.

OpenClaw session memory, change log, and session index. Cron job: 98222dd9-1138-49d4-bb4f-49aa1944851f (every 10 min).

kate@beezus.ai — Colony plan, no charge. BeezKeyz Scale tier (1M tokens through May 2027).

dale@dalecarlton.com — Carlton Realty Inc., Fayetteville AR. Colony plan. Invite code ROYAL90 (90% off Worker/Swarm 12 months, expires June 7, 2026).

Jeff flagged this needs more info. Binding is in wrangler.toml but vault-worker is on HOLD. Decision required before either path can proceed.

Jeff was creating avatars for Flynn and Hutch. IDs have not been locked to memory. All other 7 leadership agents have confirmed HeyGen IDs. These two remain outstanding.

create_task writes to the tasks table, but the dispatcher reads task_dispatch_queue. There is no automatic bridge. Nothing runs autonomously. This is a critical gap — ~2-3 hour fix, not yet confirmed by Jeff. Platform tasks do not self-execute until this is resolved.

Repository has R2 binary blobs in git history accumulated over ~200 commits. Git push is failing as a result. Requires git filter-repo to purge large objects from history before push will succeed.

Despite the TS migration hard rule, as of mid-May there were still .js files remaining in beezus-worker/src/routes. The main migration deployed (version f3d191ad) but route files may still need checking. Verify zero .js files in src/.

Worker $50/mo, Swarm $100/mo, Colony $250/mo pricing needs matching Stripe price IDs. Worker annual mismatch ($600 should be $480). Swarm annual mismatch ($1,200 should be $960). Colony prices don't exist in Stripe. Open since April 28.

Charlie owns email sequences as interim owner. A dedicated sequences agent needs to be built and Charlie will hand off. No Candy references. Timeline unconfirmed.

Priya is registered in agentRegistry as CRO — this conflicts with Zara who is the locked CRO. Needs cleanup: remove or reclassify Priya.

Phase 1 wired Flynn, Beez DO, Charlie, and auth login hook. Remaining agents still need wiring: Hana, Ivy, Frankie, Winston, Hutch, Zara. Also: delete hardcoded opener logic in proactive-opener.ts.

casey-daily-content and harlow-community-seeding cron jobs still running under OC cron. Need to move to jeff@beezus.ai account. NOT YET DONE as of 2026-05-19.

Both files are orphaned — layout-shifting banners were banned. Files need deletion. DashboardPage (V1) also has a dead import in AppPage.tsx that needs removal.

3 provisional patents drafted: Hive Architecture, Transparent Credential Abstraction, Decision Extraction Memory Loop. Self-file cost: $240 at USPTO PatentCenter. Estimated 30-minute task. Not yet submitted.

ZOOM_CLIENT_ID and ZOOM_CLIENT_SECRET not set as CF Worker secrets. Calendar scheduling feature returns 503 on Zoom OAuth flow. Whereby OAuth also scaffolded but not fully wired.

comb.beezus.ai inbound email routing requires Mailgun DNS records that need DNS admin access. Not yet configured. Blocks CRM inbound email assignment via {token}@comb.beezus.ai.

Primary production API. Fully TypeScript (migration complete 2026-05-19, CF version f3d191ad). Thin router pattern with route files in src/routes/ and lib files in src/lib/.

React SPA deployed to Cloudflare Pages. beezus.dev = staging/pre-prod only. Build source of truth: webdev-beezclaw/white-cream/ → /tmp → wrangler. Never edit /tmp directly.

Admin and BeezClaw operations worker. Modular split complete (was 9,951-line index.js → thin router + 18 route files + 4 lib files, 2026-04-07). Deploy requires stripping vault binding first.

Auto-rotating secrets worker. Built during SOC 2 pen test work. On indefinite hold by Jeff. Binding exists in wrangler.toml but worker must NOT be deployed until Jeff makes the call.

Handles async task execution. Note: Task Dispatch Bridge gap — create_task writes to tasks table but dispatcher reads task_dispatch_queue. No automatic bridge exists. Nothing runs autonomously until this is fixed.

WebSocket worker for real-time connections. DNS: hive.beezus.ai — AAAA record needs to be added in Cloudflare dashboard.

Request gateway: Regex → Geo-block → Shield 1 (intent classification) → Shield 2 (decision engine) → beezus-worker → LLM. KB injection happens here, not in beezus-worker. Cloudflare is NEVER confirmed by any agent.

Handles KB brief assembly for per-request context injection via beezus-shield Service Binding. Completely separate from beezus-kb-aggregation-worker. Zero shared code between the two KB workers.

DeepSeek cron every 5 minutes. Processes ended sessions into tiered summaries (short/mid/large/topics/decisions/vault). R2 archival of full JSON. Model: @cf/deepseek-ai/deepseek-r1-distill-qwen-32b, Llama 3.3 70B fallback.

{userId}@receipts.beezus.ai inbound email routing via Mailgun HMAC verification. Prefer this over Gmail OAuth for receipt ingestion — avoids CASA Tier 2 security audit scope creep.

beezus.ai → beezus-marketing (public). app.beezus.ai → beezus-app (production). api.beezus.ai → beezus-worker. beezus.dev → pre-prod sandbox. admin.beezus.dev → BeezClaw admin (CF Zero Trust: localnessdev).

Layer 1 — Platform Managers: Beez, Charlie, Hana, Ivy, Frankie, Winston, Zara, Flynn, Hutch. Beezus eats their cost (CF Workers AI / Flash / Haiku). Layer 2 — Specialist Workers: customer BKZ pays every token. Per-customer platform cost ~$0.50-$1.00/mo.