Grotto Reference — Pantheon TG Group Lifecycle & Watchdogs

1 · Actors & identities

Actor	Telegram	UID	Container / seat	Role
HEPHAESTUS	@HermesGoldNet_bot	7845027880	hephaestus	PM — dispatch, lanes, tracker, deadlines
PROMETHEUS	@PrometheusGoldNet_bot	8834452529	prometheus	Backend / data / engineering (credential surfaces frozen per canon)
ATHENA	@AthenaGoldNet_bot	8997694628	athena	QA, ratification, blind-protocol audits
APOLLO	@ApolloGoldNet_bot	8569500490	apollo	Frontend / UX / sites
THEO	@TheoGoldNet_bot	8823863666	theo	Observability, outside-voice sanity watch
Cowork-Claude	@gaios_cowork_bot	8628974026	desktop orchestrator	Posts everything: briefs, roll-calls, dispatches, watchdog escalations
Conductor	@gaios_conductor	1700284889	MTProto userbot	Creates groups + invites/promotes bots. Nothing else.
Sabour	@SabAust	117517459	human principal	Word overrides everything; auto-invited to every grotto

2 · Grotto birth — the only sanctioned path

/opt/gaios/bin/grotto-suite.py create \
    --title "Project Name" \
    --ministers theo,hephaestus,athena,apollo,prometheus \
    --extras @SabAust \
    --brief "pinned brief text"

What the tool does, in order (v2 + 2026-06-05 additions):

1. Conductor creates the basic group + invites minister bots, cowork bot, Sabour, then promotes all bots to admin (single Telethon connection, 20s per-op watchdogs, 1.5s propagation sleeps).
2. Patches every minister's channels.telegram.groups.<chat_id>.allowFrom=["*"] via openclaw config patch and restarts each container. This is the slow phase — budget ≥900s.
3. HARD GATE: brief only posts when all patches succeeded — and it posts via the cowork bot (+pin), never the conductor.
4. NEW: watchdog auto-registration — the chat_id is appended to /var/lib/fleet-l5/groups.json, instantly covered by L5 + L6. No grotto is born unwatched.
5. Journal events written at every step (group_created, allowlists_patched, brief_posted, watchdog_registered, create_complete).

Partial-create recovery (roll-forward only — NEVER recreate)

Group exists but incomplete → conductor invite/promote → grotto-suite.py whitelist-only --chat-id <id> --ministers ... (also auto-registers watchdogs) → cowork bot posts brief manually.
Chat-id sign rule: basic groups use the negative of the raw id (raw 4944539405 → bot-API −4944539405).

3 · Comms rules (hard, canon-bound)

Conductor never posts content. It creates and invites; the fleet ignores userbot prose. (3 incidents before this became canon.)
Cowork bot posts everything — brief, roll-call, dispatch, chases, watchdog escalations.
Ministers wake only on a real @-mention of their bot handle (@HermesGoldNet_bot, not "Heph"). Bare names are dead tags.
Multi-paragraph messages land as ONE bubble; peers @-mention each other when handing work over.
Roll-call before dispatch: ≥4/5 ministers must ack READY.

4 · Dispatch lifecycle & the exact phrases L6 watches

pinned BRIEF → 🟢 ROLL-CALL (≥4/5 READY) → "TASK DISPATCH" to PM
  → PM: "DISPATCH CONFIRMED" + numbered lanes, each owner @-mentioned, each with deadline
  → hourly tracker posts while lanes open
  → render-gate v2 BOTH tiers on any web deliverable → gpt-5.5 critic gate
  → ATHENA: "RATIFIED" (8-field template) → dispatch closed

L6 marker contract (PMs MUST use these exact phrases):
OPEN markers: TASK DISPATCH · DISPATCH CONFIRMED
CLOSE markers: RATIFIED · BENCH COMPLETE · ALL LANES COMPLETE · PROJECT CLOSED · DISPATCH CLOSED
The open-flag is sticky across scans until a CLOSE marker appears. While open, silence is escalated (see L6).

5 · Watchdog stack L1–L6 (all ACTIVE)

Layer	Failure mode caught	Mechanism	Thresholds / action
L1	Container down	docker healthcheck	continuous
L2	openclaw unresponsive	gateway poll	continuous
L3	TG ingress hung	spool-handler health monitor	continuous
L4	text-without-tool-use (silent reply failure)	inbound parser + auto-recover	per message
L5	@-mention with no ack	`fleet_l5_watchdog.py` · 2-min timer · conductor MTProto scan (80 msgs/group)	ping @5m → `openclaw doctor` @10m → Sabour @20m
L5.5	run stalled/aborted mid-flight — incl. `spool handler timed out` + `surface_error` failover (widened 2026-06-05)	`fleet_l55_stall_watchdog.py` · scans container logs	sessions cleanup → report to the affected lane's group · per-session cooldown 60 min (2026-06-05, was 10 min)
L6	open dispatch + group silence (ack-then-dormant, dropped updates, dead PMs)	`fleet_l6_silence_watchdog.py` · 2-min timer · reads groups.json	tickle PM @30m → doctor + Sabour page @60m (cooldowns 30/60m)

Coverage: L5 + L6 read /var/lib/fleet-l5/groups.json each tick — auto-maintained by grotto-suite, so coverage = every grotto ever created from 2026-06-05 onward. L5.5 is container-wide (group-agnostic detection, lane-aware reporting).

History that built this: the DCA Bench stall (2026-06-05) went 4.8h unseen because the GROUPS list was hardcoded to two rooms, L5.5 grepped the wrong signature, and no silence layer existed. All three holes are closed; the incident is canon.

6 · Named failure modes (history-proven)

Mode	What it looks like	Caught by / cure
Ack-then-dormant PM	PM confirms dispatch, never posts the promised tracker	L6 silence escalation; hourly-tracker rule
Spool-timeout update drop	OpenClaw kills a 25-min handler, marks update FAILED, never redelivers — minister falls silent mid-task	L5.5 (widened signature) reports in-group; orchestrator re-tickles with fresh deadlines
Conductor-posted content	Fleet ignores briefs/dispatches posted by the userbot	Forbidden by canon; grotto-suite posts brief via cowork bot
Bare-name tag	"Heph please…" — nobody wakes	@bot-handle rule; L5 only tracks real mention entities
Unwatched grotto	New group, zero watchdog coverage	CLOSED — auto-registration at birth
HQ multi-step max-turns	Long fleet ops die at 30 agent turns / task timeout	Split atomic; grotto create budget ≥900s; prefer gaios_exec for VPS work
L5.5 ack-loop (false stall)	Long legit model call (bench/batch worker) trips OpenClaw's "stalled session" diagnostic every tick; minister has nothing to add, so the room fills with watchdog ping → ack → ping. PROM hit 5 cycles in DCOA before Rule 7 self-STOP.	CLOSED — 60-min per-session cooldown in L5.5. Triage rule: if workspace artefacts are growing (e.g. results .jsonl row count rising), the session is BUSY, not stalled — never abort on diagnostic say-so alone.

7 · Ops cheatsheet

# create a grotto (auto-registers watchdogs)
/opt/gaios/bin/grotto-suite.py create --title "X" --ministers theo,hephaestus,athena,apollo,prometheus --extras @SabAust --brief "..."

# repair / extend an existing grotto (also auto-registers)
/opt/gaios/bin/grotto-suite.py whitelist-only --chat-id -494... --ministers ...

# watchdog state at a glance
cat /var/lib/fleet-l5/groups.json          # coverage
cat /var/lib/fleet-l5/l6_state.json        # per-room silence / open-dispatch flags
tail -20 /var/log/fleet-l5/watchdog.log    # L5 actions
tail -20 /var/lib/fleet-l5/l6_silence.log  # L6 actions
systemctl list-timers | grep fleet         # all watchdog timers

# manual PM tickle (cowork bot)
TOKEN=$(vault cowork-bot-token)
curl -s "https://api.telegram.org/bot$TOKEN/sendMessage" -d chat_id=-494... \
     -d text="@HermesGoldNet_bot status update now — all lanes report one line."

# read a grotto transcript (conductor)
# Telethon: session /opt/gaios/secrets/gaios_conductor.session, env tg_conductor.env

8 · Files & configs

Path	What
`/opt/gaios/bin/grotto-suite.py`	Grotto lifecycle tool (create / whitelist-only / resume / manifest) + watchdog auto-registration
`/opt/gaios/fleet/MINISTERS.json`	Fleet topology SSOT (handles, tokens, containers, config paths)
`/var/lib/fleet-l5/groups.json`	Watchdog group coverage (auto-maintained)
`/opt/gaios/bin/fleet_l5_watchdog.py` + `.timer`	L5 mention→ack escalation
`/opt/gaios/bin/fleet_l55_stall_watchdog.py` + `.timer`	L5.5 stalled/aborted-run detector
`/opt/gaios/bin/fleet_l6_silence_watchdog.py` + `.timer`	L6 open-dispatch silence detector
`/opt/gaios/secrets/gaios_conductor.session·tg_conductor.env`	Conductor MTProto identity
`vault cowork-bot-token`	Cowork bot Bot-API token (vault alias)

9 · Canon index (authoritative cards)

grotto-lifecycle-sot-2026-06-05 — this document's source of truth
grotto-suite-tool-2026-05-30 · cowork-conductor-userbot-2026-05-30
rule-grotto-comms-conductor-creates-cowork-posts-2026-06-02 · lesson-orchestrator-must-at-mention-bot-handle-2026-06-02
rule-l5-watchdog-fleet-heartbeat-2026-06-04 · rule-l5-5-stalled-session-watchdog-2026-06-04
incident-dcabench-stall-watchdog-gaps-2026-06-05 — the incident that completed the stack
fact-fleet-report-back-forcing-function-2026-05-24 · rule-pm-ratification-gate-2026-06-02 · rule-no-hybrid-dispatch-2026-06-04