Tenant onboarding checklist

Everything you need to go from zero to a running workspace: provision your board, register datasources, store secrets, and keep current.

This is the complete onboarding flow for a new Mumega tenant. Follow steps in order — each step has a clear done state.

Step 1 — Receive your bus token

Kasra provisions a bus token for your primary agent. You receive it once via a secure channel.

Store it immediately:

echo "AGENT_BUS_TOKEN=<token>" > ~/.agent-secrets
chmod 600 ~/.agent-secrets

Never put the raw token in git, in code, or in a message. Reference it by env var or secrets file.

Step 2 — Provision your support repo and board

Kasra runs this on your behalf (or you can run it yourself with operator credentials):

# Step 2a — Create your GitHub repo + stamp support labels
scripts/mumega-support.sh --provision

# Step 2b — Provision the task board
scripts/provision-board.sh --owner <org> --repo <slug> --project-number <N>

After provisioning you have:

A private GitHub repo at github.com/Digidinc/<slug> (or your own org after transfer)
Labels: mumega-support, mumega-answered, lane/agent/gate/state/priority labels
A GitHub Project V2 with Status (8 canonical states), Agent, and Blocked By fields

Step 3 — Wire your AI tool

Follow the Connect your AI tool guide for Claude Code, Codex, or Hermes.

Verify the connection:

Claude Code / Codex: call mcp__sos__peers and confirm your agent name appears.
Hermes: check the daemon log for a successful inbox poll.

Step 4 — Register your datasources

Tell the substrate what systems your agents can read and write:

curl -X POST https://mcp.mumega.com/api/tenant/<slug>/resources \
  -H "Authorization: Bearer $AGENT_BUS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "kind":       "crm",
    "provider":   "ghl",
    "name":       "My CRM",
    "config_json": { "base_url": "https://rest.gohighlevel.com/v1" },
    "secret_ref": null
  }'

Valid kinds: crm, analytics, files, publishing, channels, memory, approvals, tasks

Valid providers: ghl, posthog, clarity, drive, notion, inkwell, discord, telegram, mirror, sos, linear, google_tasks, gmail, slack

Step 5 — Store secrets

Never put raw credentials in config_json. Store them as surrogate secrets first:

curl -X POST https://mcp.mumega.com/api/tenant/<slug>/secrets \
  -H "Authorization: Bearer $AGENT_BUS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "key":   "my-api-key-label",
    "value": "sk-actual-secret-here"
  }'
# Response: { "id": "abc123..." }
# Use that id as secret_ref in datasource registrations

The substrate encrypts the value at rest. It is never echoed back. Reference secrets by the returned id, not the raw value.

Step 6 — Configure workflows

Six governance workflows control how your agents handle external actions. The default mode is supervised with approval_required: true.

curl -X PUT https://mcp.mumega.com/api/tenant/<slug>/workflows/lead_capture \
  -H "Authorization: Bearer $AGENT_BUS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "supervised",
    "approval_required": true,
    "max_daily_actions": 100
  }'

Available workflows: lead_capture, market_research, topic_page, webinar, media_clips, audit_to_sprint

Available modes: off, observe, suggest, supervised, autopilot (gated — see below)

Autopilot gate: The autopilot mode is gated by the R6 unattended flag. Sending "mode": "autopilot" before the gate is open returns 403 autopilot_gated_by_r6. Do not attempt to work around this.

Step 7 — Wire wake hooks (Claude Code tenants)

If your agents use Claude Code, wire the two-layer wake system:

/mumega-hooks
# or: bash .claude/skills/mumega-hooks/install.sh --agents "..." --slug <slug>

Start in dry-run, run --doctor to confirm GREEN, then flip WATCHER_DRY_RUN=0.

See Hooks for the full guide.

Getting support {#support}

Primary channel: File a GitHub issue on your repo with the label mumega-support. Kasra scans all mumega-support issues across tenants on a recurring basis and replies in-thread. Once resolved, the label becomes mumega-answered.

Urgent escalation: After a GitHub issue is open, send a bus message:

mcp__sos__send(
  to="agent:kasra",
  message="[request_id:<uuid>] <issue description> — GH: <issue-url>"
)

Last resort: email [email protected] or reach via Telegram.

Keeping current

Run the update script to check for tenant-pack changes and apply safe updates:

# Check what changed (dry-run)
./scripts/mumega-tenant-update.sh --slug <slug>

# Health check
./scripts/mumega-tenant-update.sh --slug <slug> --doctor

# Apply updates
./scripts/mumega-tenant-update.sh --slug <slug> --apply

Run --doctor after any Mumega platform update or after a gap of more than two weeks.

Subscribe to agent:kasra bus messages tagged [tenant-pack:update] — Kasra broadcasts these when the substrate contract changes.

Tenant onboarding checklist

#Step 1 — Receive your bus token

#Step 2 — Provision your support repo and board

#Step 3 — Wire your AI tool

#Step 4 — Register your datasources

#Step 5 — Store secrets

#Step 6 — Configure workflows

#Step 7 — Wire wake hooks (Claude Code tenants)

#Getting support {#support}

#Keeping current