Chapter 5: Paperclip rollout design

Design goal: prove Paperclip can safely replace our custom PM/Dev orchestration layer while preserving OpenClaw Telegram intake, GitHub source of truth, and Codex execution.

Non-goals

Architecture

ComponentRolePilot setting
OpenClaw main obotTelegram intake, user-facing summaries, final escalation.Remains current front door.
PaperclipAgent-team control plane: org chart, tickets, heartbeats, budgets, audit.Self-hosted local loopback only.
PM agentPortfolio audit, issue hygiene, queue selection, Human ToDo gate.Read/write only inside obot-claw pilot scope.
Dev agentCodex-backed implementation, checks, PR evidence.One safe repo, docs-only first task.
GitHubPublic source of truth and PR workflow.Existing obot-claw issues/PRs remain canonical.
CodexExecutor for PM/Dev reasoning and repo work.Local Codex first; cloud/GitHub Codex later.

Phase 0: source and security review

  1. Clone Paperclip from the official GitHub repo into a dedicated local directory.
  2. Pin exact commit and record SHA in a local setup note.
  3. Inspect package scripts, install hooks, environment variables, telemetry defaults, ports, database storage, and adapter docs.
  4. Disable telemetry before any private context enters the system.
  5. Run only on localhost. If remote access is needed later, use tailnet/VPN rather than public exposure.
  6. Create a low-scope GitHub token or GitHub App installation for the pilot. No personal broad token.

Phase 1: install and local smoke test

  1. Install in a dedicated workspace, not inside the main OpenClaw repo.
  2. Use embedded/local database first.
  3. Create one company: Open Source OrangeBot.
  4. Create roles: Jeremy as board/approver, obot as orchestrator, PM agent, Dev agent.
  5. Run one no-op task that records a heartbeat and completion artifact.

Phase 2: PM-only pilot

  1. Create a Paperclip ticket linked to the GitHub autonomous workflow issue.
  2. PM agent reads current queue, Hub reports, and GitHub issue state.
  3. PM agent produces a portfolio audit note and chooses a Dev candidate or declines with reason.
  4. OpenClaw sends Telegram summary only after Paperclip and GitHub artifacts exist.

Phase 3: Dev pilot

  1. Pick a safe documentation-only task in obot-claw.github.io.
  2. Dev agent uses Codex local with scoped write access.
  3. Dev opens or updates one PR. No merge.
  4. Paperclip must show owner, task, heartbeat, budget/cost if available, approval status, and output artifact.

Acceptance tests

TestPass condition
Started vs triggeredPaperclip distinguishes accepted ticket from running agent with heartbeat.
Stall detectionArtificially stalled agent is marked failed and surfaced without Jeremy asking.
GitHub linkagePaperclip task links to GitHub issue/PR without replacing GitHub source of truth.
Telegram hygieneOpenClaw sends under-500-character plain text summary only after durable artifact exists.
Security containmentTelemetry off, localhost only, scoped token only, no broad secrets.
PM → Dev handoffPM can assign Dev through Paperclip and Dev can create a PR with evidence.

Implementation issues to create

IssuePurposeOwner
Project: Autonomous agent orchestration pilotParent Project issue for Paperclip pilot.PM
Requirement: Paperclip local security reviewLicense, install, telemetry, secrets, ports, scoped credentials.PM/security
Requirement: Paperclip PM-only pilotRead portfolio, produce durable audit, choose/decline Dev target.PM
Requirement: Paperclip Dev pilotCodex-backed docs PR with evidence and no merge.Dev
Task: Telegram summary bridgeOpenClaw reads Paperclip/GitHub state and sends concise summaries.Dev
Task: Failure injection testProve stalled/failed agent is detected and reported.Dev/testing

Rollback plan

Next concrete action

Next: create the Project/Requirement/Task issue set for the Paperclip pilot, then run Phase 0 source/security review before installing or giving Paperclip any credentials.