THE LAB
Private command center for SKITZO LABS agent operations, skills, web app, and desktop app.
Route /Readiness 42%Persist project and integration records behind authenticated storage while preserving VDS secrets server-side.
SKITZO LABSVDS control centerGuarded actions
SKITZO LABS
NEON DESCENTPending
Project:NEON DESCENTPending
Step: Build Path
Step 1 of 8: Build Path
13%
Server
Online
Step 1/8
Build Path
A clean map of the build path. One step at a time, with locked actions clearly marked.
13%
Gated Actions Locked
Build path
Choose what to do next.
Start with one clear idea. THE LAB will turn it into a build plan.
Approval still protects providers, agent execution, deploy, wallet, desktop control, raw output, workspace reads, and secrets.
System SnapshotLive, local, and blocked counts. Open only when you need the status summary.Open
Live integrations
1
Only verified live surfaces count.
Local surfaces
3
Repo-backed or local-session only.
Blocked gates
7
Credentials, approval, or deployment setup.
Foundation RecordsProject, agent, workflow, skills, memory, vault, approvals, validation, deployment, and runbook records.Open
Project Switchboard
Primary operating surfaces and launch readiness.
Live
Agent Registry
Typed directory of THE LAB agent lanes, capabilities, memory scopes, and approvals.
Route /#agent-registryReadiness 54%Use /agents and the Automation Console as the operator-first automation surface, then persist agent action history.
THE LAB Desktop
Desktop companion shell for approved local automation, operator control, and saved connection profiles.
Route /desktopReadiness 48%Keep desktop profile consumers blocked until provider health, native automation, signing, and runtime audit approvals exist.
THE LAB Skills Library
Curated local and repo-owned Codex skills with validation metadata.
Route /#skills-libraryReadiness 44%Keep repo and control-plane skill records in sync, then expand validation, examples, and approval-gated publishing rules.
Agent Registry
Typed lanes, capabilities, runtimes, memory scopes, and approval gates.
Codex Orchestrator
orchestrator lane / codex / interactive
codebase inspectionworkflow orchestrationintegration triage
LocalFoundation Builder
builder lane / codex / interactive
frontend buildskill authoringmemory curation
LocalResearch Sentinel
research lane / manual / approval_gated
codebase inspectionintegration triage
Needs approvalDeployment Guardian
deployment lane / manual / approval_gated
deployment reviewintegration triage
Needs approvalAgent Autopilot
orchestrator lane / local_script / batch
workflow orchestrationdeployment reviewintegration triage
LocalDesktop Policy Sentinel
review lane / local_script / approval_gated
integration triagedeployment review
Needs approvalIntegration Status
Every provider is marked local, pending, credential gated, approval gated, broken, mocked, or live.
live
1
local
3
mocked
0
pending
3
broken
0
needs credentials
3
needs approval
1
Codex
agent
Available only through the active local Codex session.
Local session: Current Codex execution context.
Supabase
auth
Client/server helpers exist, but credentials are not present in the repo.
Credentials: NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY
Supabase helper: src/utils/supabase/server.ts
Groq
agent
Groq key intake is modeled for free-model routing, but no Groq endpoint is called and no runtime adapter is live.
Credentials: 12 credential names tracked in the vault inventory
Required key names: GROQ_API_KEY_01 through GROQ_API_KEY_12
ElevenLabs
agent
ElevenLabs key, agent, and voice values are encrypted in the VDS vault, but the replacement app does not load them or call ElevenLabs.
Credentials: 78 credential names tracked in the vault inventory
Secret preservation manifest: /root/the-lab-backups/latest-secret-config-manifest.txt
LiveKit
agent
LiveKit values are encrypted in the VDS vault. No realtime voice path is wired into THE LAB replacement app.
Credentials: LIVEKIT_API_KEY, LIVEKIT_API_SECRET, LIVEKIT_TOKEN_TTL_SECONDS, LIVEKIT_URL
Runtime secret manifest: /root/the-lab-backups/latest-secret-config-manifest.txt
Web Push VAPID
browser
VAPID values are encrypted in the VDS vault. Push is not wired in the new app.
Credentials: VAPID_CLAIMS_EMAIL, VAPID_PRIVATE_KEY, VAPID_PUBLIC_KEY
Runtime secret manifest: /root/the-lab-backups/latest-secret-config-manifest.txt
GitHub
repository
No remote or GitHub connector state is established in the repo.
Credentials: GITHUB_TOKEN
Git status: No commits yet on main.
VDS Host
deployment
Root SSH access is verified and nginx routes public root traffic to THE LAB Next production candidate. The legacy FastAPI app remains active for rollback.
Credentials: VDS_SSH_HOST, VDS_SSH_USER, VDS_SSH_PRIVATE_KEY
VDS host IP: VDS_SSH_HOST=95.111.231.21
Local Browser
browser
Can validate local UI after the dev server starts.
Dev script: package.json#scripts.dev
macOS Accessibility
desktop
GUI bridges require explicit macOS Accessibility approval.
Bridge docs: AGENT_HUB_README.md
THE LAB Desktop
desktop
Tauri v2 is selected, a minimal read-only native scaffold exists, and desktop credential profiles are redacted vault references only. Native builds, signing, notarization, runtime credential use, and automation remain pending or approval-gated.
Desktop runtime model: src/lib/desktop/runtime.ts
Workflow Canvas Foundation
A typed node graph for intake, routing, build, memory, approval, validation, and deployment.
input
Input Node
Captures the user prompt, project goal, files, brand rules, image references, video references, and product constraints before the pipeline is planned.
Local
planner_agent
Planner Agent
Breaks one idea into connected tasks, model tiers, parallel lanes, approval gates, and the best node-wire map for the product.
Local
research_agent
Research Agent
Gathers references, docs, trends, competitors, and source material only after external research approval exists.
Needs approval
image_agent
Image Agent
Plans visual assets, UI mockups, textures, icons, product images, and style frames from prompt and references. Generation is not wired live yet.
Needs approval
video_agent
Video Agent
Plans motion, trailers, b-roll, previews, and product walkthrough clips. Video generation remains approval-gated.
Needs approval
three_d_agent
3D Agent
Plans Three.js scenes, models, lighting, shaders, materials, and 3D interaction states. 3D execution remains gated.
Needs approval
code_agent
Code Agent
Builds frontend, backend, components, API routes, Three.js scenes, and integration scaffolds through the existing Build Mission and Review Lane controls.
Local
memory_skill
Memory / Skill Node
Captures reusable workflows, skills, decisions, and architecture notes after the run. Durable writes remain approval-gated.
Needs approval
approval
Human Approval Gate
Reviews risky actions before provider calls, generation runtimes, runner pickup, durable memory, desktop automation, wallets, or deployment mutation.
Needs approval
qa_agent
QA Agent
Tests design, responsiveness, bugs, performance, type safety, and build health. Failed checks route into Fix Agent.
Local
fix_agent
Fix Agent
Repairs failed steps, routes fixes back to Code Agent, and requires validation evidence before the deploy gate.
Local
deploy_agent
Deploy Agent
Ships through VDS/GitHub runbooks after validation and gates. Public root is live, but new deployment mutation remains separately controlled.
Live
intake to triage: request contexttriage to builder: implementation scopetriage to memory: skill memory capturebuilder to validation: source changesmemory to approval: write policy gatevalidation to deployment: passing checksapproval to deployment: release gatetriage to research: parallel research lanetriage to image-agent: parallel image asset lanetriage to video-agent: parallel video asset lanetriage to three-d-agent: parallel 3D asset laneresearch to builder: reference packimage-agent to builder: visual assetsvideo-agent to builder: motion assetsthree-d-agent to builder: 3D scene assetsvalidation to fix-agent: failed checks route to fixfix-agent to builder: repair loopfix-agent to validation: retest fixed outputdeployment to memory: ship notes and skill upgrades
Skills Library
Repo and plugin skill inventory with lifecycle state.
skitzo-labs-agent-system
repo / draft
Repo-owned operating skill is scaffolded locally; distribution and linting are not wired.
control-centeragent-systemcodex
.agents/skills/skitzo-labs-agent-system/SKILL.md
Skill file: .agents/skills/skitzo-labs-agent-system/SKILL.md
Ship-First Autonomy
repo / ready
Default shipping loop skill is local and ready for operator use; it pushes build-first execution, quick validation, blocker repair, and risk logging.
skillsshippingvalidationrisk-log
Depends on skitzo-labs-agent-system
skills/ship-first-autonomy.md
Skill file: skills/ship-first-autonomy.md
Model Router Autonomy
repo / ready
Default model routing skill is local and ready for operator use; it defines tiered model use, escalation rules, de-escalation, and safe parallel worker patterns.
skillsroutingtoken-budgetparallel-agents
Depends on ship-first-autonomy
skills/model-router-autonomy.md
Skill file: skills/model-router-autonomy.md
Skill Generator Autonomy
repo / ready
Automatic skill evolution guide is local and ready for operator use; it creates or upgrades skills, workflows, checklists, scripts, and routing rules when the impact score is high enough.
skillsautomationevolutionworkflows
Depends on ship-first-autonomy, model-router-autonomy
skills/skill-generator-autonomy.md
Skill file: skills/skill-generator-autonomy.md
Context Compression
repo / ready
Compression skill is local and ready for operator use; it turns long repo context, validation output, and handoffs into compact state vectors without hiding approvals, risks, or secrets policy.
skillstoken-budgethandoffsparallel-agents
Depends on model-router-autonomy, skill-generator-autonomy
skills/context-compression.md
Skill file: skills/context-compression.md
Parallel Agent Coordination
repo / ready
Coordination skill is local and ready for operator use; it splits large work into disjoint ownership lanes, worker briefs, review passes, and validation checkpoints without bypassing approval gates.
skillsparallel-agentshandoffsreview-lane
Depends on context-compression, model-router-autonomy
skills/parallel-agent-coordination.md
Skill file: skills/parallel-agent-coordination.md
Worklog Memory
repo / ready
Worklog memory skill is local and ready for operator use; it keeps concise repo-local build memory, risk routing, validation state, and next-step continuity without exposing secrets or enabling durable external memory writes.
skillsmemoryhandoffsworklog
Depends on context-compression, ship-first-autonomy
skills/worklog-memory.md
Skill file: skills/worklog-memory.md
Risk Log Management
repo / ready
Risk log management skill is local and ready for operator use; it classifies deferred issues, blocks critical risk deferral, links risks to release gates, and keeps approval or credential gates truthful.
skillsrisk-logvalidationrelease-gates
Depends on ship-first-autonomy, worklog-memory
skills/risk-log-management.md
Skill file: skills/risk-log-management.md
frontend-app-builder
plugin / ready
Available in the local Codex environment; not a production runtime dependency.
frontenduiverification
Build Web Apps plugin
Skill availability: Listed in current Codex skills.
Premium Studio Visual Polish
repo / ready
Repo-owned visual polish skill for THE LAB Studio; it enforces prompt-first creation, spacious canvas hierarchy, liquid-glass surfaces, clean Node/Visual toggles, and no redundant boxed dashboard clutter.
frontenduistudioliquid-glassstitch-style
Depends on ship-first-autonomy, model-router-autonomy, frontend-app-builder
skills/premium-studio-visual-polish.md
Skill file: skills/premium-studio-visual-polish.md
Skill Authoring Guidelines
repo / draft
Docs structure exists after scaffold; examples and lint rules are not complete.
skillsgovernance
Depends on skitzo-labs-agent-system
docs/skills/README.md
Skills docs: docs/skills/README.md
Deployment Review Skill
repo / draft
Planned but not scaffolded in this pass.
deploymentsapproval
Depends on skitzo-labs-agent-system
.agents/skills/deployment-review/SKILL.md
Backlog: Add after deployment model is persisted.
Integration Triage Skill
repo / draft
Planned but not scaffolded in this pass.
integrationscredentials
Depends on skitzo-labs-agent-system
.agents/skills/integration-triage/SKILL.md
Backlog: Add after provider credential map is approved.
Memory Model
Project, agent, workflow, integration, and deployment memory scopes.
Project Brief
project / manual_doc / project / internal
Decision Log
project / manual_doc / long_term / internal
Skills Index
agent / typescript_seed / project / internal
Workflow Blueprints
workflow / typescript_seed / project / internal
Deployment History
deployment / database / long_term / sensitive
Credential Vault Inventory
Server-side secret preservation without exposing values or pretending integrations are live.
THE LAB VDS Secret Backup
credential_manifest / server_side_only / not wired
Protected archive and manifest were created on the VDS. Secret values remain server-side and are not committed to this repo.
Keys: No key names required
Backup archive: /root/the-lab-backups/latest-secret-config.tar.gz
ElevenLabs API Keys
api_key / server_side_only / not wired
Key values were imported into the encrypted VDS control-plane vault after approval. THE LAB replacement app does not call ElevenLabs yet.
Keys: ELEVEN_KEY_ANTIGRAVITY, ELEVEN_KEY_CL_BREAKER, ELEVEN_KEY_CL_CHALLENGER + 23 more
Key manifest: /root/the-lab-backups/latest-secret-config-manifest.txt
ElevenLabs Agent IDs
agent_id / server_side_only / not wired
Agent ID values were imported into the encrypted VDS control-plane vault after approval. Agent runtime wiring is not live yet.
Keys: ELEVEN_AGENT_ANTIGRAVITY, ELEVEN_AGENT_CL_BREAKER, ELEVEN_AGENT_CL_CHALLENGER + 23 more
Agent manifest: /root/the-lab-backups/latest-secret-config-manifest.txt
ElevenLabs Voice IDs
voice_id / server_side_only / not wired
Voice ID values were imported into the encrypted VDS control-plane vault after approval. No voice synthesis integration is wired into THE LAB replacement app.
Keys: ELEVEN_VOICE_ANTIGRAVITY, ELEVEN_VOICE_CL_BREAKER, ELEVEN_VOICE_CL_CHALLENGER + 23 more
Voice manifest: /root/the-lab-backups/latest-secret-config-manifest.txt
Legacy Hub Runtime Config
service_config / server_side_only / not wired
Hub, LiveKit, and web push values were imported into the encrypted VDS control-plane vault after approval. Runtime integrations are not live yet.
Keys: HUB_ADMIN_PASSWORD, HUB_ANTIGRAVITY_MODE, HUB_CODEX_MODE + 21 more
Runtime manifest: /root/the-lab-backups/latest-secret-config-manifest.txt
VDS Connection Profile
connection / not_collected / not wired
Root SSH is verified from this machine, but the new app needs named deployment credentials in an approved vault before automated deploys.
Keys: VDS_SSH_HOST, VDS_SSH_USER, VDS_SSH_PRIVATE_KEY + 1 more
Required names: docs/deployment/VDS.md#required-credential-names
Groq API Key
api_key / not_collected / not wired
Groq is planned as a free-model provider with 12 key slots. Keys must be imported through Secure API Key Intake; no Groq runtime or health call is wired live.
Keys: GROQ_API_KEY_01, GROQ_API_KEY_02, GROQ_API_KEY_03 + 9 more
Required key names: GROQ_API_KEY_01 through GROQ_API_KEY_12
Approval Model
Human gates for deployments, memory, external research, and desktop automation.
Production Deploy Approval
approvedPublic release can expose unfinished local-only surfaces.
Domain Cutover Approval
approvedIncorrect DNS can break the public domain.
Runner Output Promotion Approval
needs approvalPromotion can move agent-written changes into the visible build. It must not expose raw output, raw workspace files, secrets, provider calls, wallet actions, desktop automation, or public deploy authority.
macOS Accessibility Approval
needs approvalDesktop automation can paste or operate local apps.
Secret Import Approval
approvedIncorrect import could expose, rotate, or misroute existing API keys, VPS connections, or voice IDs.
Orchestrator Execution Policy Approval
needs approvalUncontrolled execution could run provider calls, leak operational context, mutate production, or cross the wallet/provider/desktop boundaries.
Provider Generation Staging Approval
needs approvalProvider generation can spend credits, expose prompts or references to third parties, and return unsafe or unusable assets if not scoped to staging.
Desktop Build Approval
needs approvalDesktop packaging can create local binaries and artifacts; it must not silently enable automation permissions or secret storage.
Durable Memory Write Approval
pendingMemory records may contain sensitive operational context.
External Research Approval
pendingExternal requests may disclose intent or depend on unstable third-party state.
Validation Results
Validation model and commands that must run before promotion.
TypeScript project
npm run typecheck
Domain and scanner tests
npm test
Next app
npm run build
Root command center UI
npm run dev -- --hostname 127.0.0.1 --port 3000; curl http://127.0.0.1:3000
VDS staging deployment
npm run automation:vds:verify-staging
THE LAB automation runbooks
npm run automation:plan; npm run automation:validate; npm run automation:vds:deploy-staging; npm run automation:vds:verify-staging
Live integrations
manual credential audit
Deployment Tracking
Local, VDS staging, and VDS production tracks with promotion policies.
LOCAL
Next dev server
Local server only; not a public deployment.
Policy manual / Commit working-tree
STAGING
VDS staging slot
Replacement Next app is live on an isolated VDS staging route. Public root is now cut over to the production candidate.
Policy manual / Commit pending
PRODUCTION
skitzolabsagents.com
Approved production cutover is complete; nginx routes public root traffic to the Next production candidate and legacy service remains available for rollback.
Policy manual / Commit pending
Automation Runbooks
Safe automation is executable now; production, secret import, durable memory, and desktop control stay approval-gated.
Local Validation Pipeline
npm run automation:validate
Runs the local typecheck, test suite, and production build in sequence.
automaticautomatable
VDS Secret Preservation Backup
npm run automation:vds:backup
Creates a protected server-side archive and manifest without printing or copying secret values.
automaticautomatable
VDS Staging Deploy
npm run automation:vds:deploy-staging
Deploys the replacement Next app to the isolated VDS staging route without touching the production root app.
automaticautomatable
VDS Staging Verification
npm run automation:vds:verify-staging
Checks the staging health endpoint, THE LAB rendered route, current symlink, and public production cutover state.
automaticautomatable
VDS Control Plane Setup
npm run automation:vds:setup-control-plane
Installed and configured the VDS-hosted control plane for automation state. It does not import preserved secret values or cut over production.
automaticautomatable
Full Staging Orchestrator
npm run automation:staging
Runs the safe automation chain end to end for local validation, VDS backup, staging deploy, and staging verification.
automaticautomatable
VDS Production Preflight
npm run automation:vds:production-preflight
Read-only VDS preflight confirms production candidate health, nginx/TLS presence, and provider readiness metadata without changing DNS or services.
automaticautomatable
Production Cutover
npm run automation:vds:production-cutover
Approved cutover automation completed and nginx routes public root traffic to the Next production candidate.
approval gatedblocked
Secret Import
npm run automation:vds:import-secrets
Secret import ran after explicit approval and encrypted 102 values into the VDS control-plane vault. Secret values are never returned to the browser.
approval gatedblockedclient-side secret exposure
Desktop Native Scaffold Inspect
npm run desktop:native:inspect
Inspects the native scaffold without running a Tauri build, starting desktop automation, or reading secrets.
automaticautomatable
Desktop Automation
not implemented: approval-gated
Desktop runtime path is selected, but local automation remains blocked until explicit macOS Accessibility approval and a desktop audit policy exist.
approval gatedblockedmacOS Accessibility automationlocal GUI control
Durable Memory Persistence
not implemented: needs credentials
The schema and storage target still need credentials before automated writes can exist.
approval gatedblockeddurable writeslong-term memory mutation