Pre-Seeded Permanent Teams
The Teams module comes with three pre-configured permanent teams for Dan's infrastructure. These teams are loaded automatically on startup and provide continuous monitoring and on-demand services.
Active Permanent Teams
| Team | Members | Heartbeat | Purpose |
|---|---|---|---|
| Security Posture Monitor | 3 | Every 3 hours | Continuous security monitoring and alerting |
| Content Production Team | 3 | None (on-demand) | YouTube content creation when requested |
| Company Security Audit Team | 4 | Every 3 hours | Vulnerability scanning and compliance review |
1. Security Posture Monitor
Team ID: 4b7eaf5a-7980-4e74-8677-2c73e8fd5145
Mission: Continuous security posture monitoring and alerting for dLAN infrastructure. Monitor UniFi IDS/IPS/firewall events, detect unknown devices on the network, review SSH access patterns, and identify potential security threats.
Members
| Name | Persona | Skill | Default Task |
|---|---|---|---|
| Network Watchdog | researcher | network-engineer | Check UniFi controller for new/unknown devices. Review IDS/IPS alerts from last 3 hours. Report suspicious activity. |
| Security Sentinel | auditor | security-red-teamer | Review SSH authentication logs across all servers. Check for failed login attempts, brute force patterns. |
| Firewall Analyst | analyst | security-red-teamer | Analyze UniFi firewall rules and traffic logs. Check for blocked connection attempts, port scans. Verify CSF rules. |
Alert Thresholds
| Condition | Action |
|---|---|
| Unknown device on network | IMMEDIATE ALERT |
| >10 failed SSH logins from single IP | ALERT |
| Blocked port scan detected | LOG for review |
| Firewall rule changes | ALERT |
Heartbeat Output
Every 3 hours, the team produces a synthesized security posture report including:
- New/unknown devices detected
- SSH authentication anomalies
- Firewall/IDS event summary
- Recommended actions
2. Content Production Team
Team ID: be24b204-8c7a-4c07-9c48-522b1ed78850
Mission: On-demand content creation team for YouTube videos, scripts, thumbnails, and video production. Called upon when Dan has a video idea or content request.
Members
| Name | Persona | Skill | Default Task |
|---|---|---|---|
| Topic Researcher | researcher | content-research | (none) |
| Script Writer | contributor | script-writing | (none) |
| Thumbnail Designer | contributor | image-design | (none) |
Workflow
Dan: "I want to make a video about Go concurrency patterns"
↓
Nikki → TeamManager: "Have Content Production Team create this video"
↓
TeamManager:
1. tm_assign_task(researcher, "Research Go concurrency...")
2. tm_assign_task(writer, "Write script based on findings")
3. tm_assign_task(designer, "Create thumbnail")
↓
Deliverables: Research notes, Script, Thumbnail
Note
This team has NO default tasks and will not be woken by heartbeat. It only activates when explicitly called upon.
3. Company Security Audit Team
Team ID: ba29819b-130b-40b0-a9c2-dc77e122467e
Mission: Regular security audits for all company infrastructure and services. Perform vulnerability assessments, patch compliance checks, and security best practice reviews.
Members
| Name | Persona | Skill | Default Task |
|---|---|---|---|
| Vulnerability Scanner | auditor | security-red-teamer | CVE scans on Proxmox, Pelican, cPanel, WordPress. Generate severity-ranked report. |
| Patch Analyst | analyst | system-admin | Check security updates on all servers. Track patch compliance percentage. |
| Compliance Reviewer | reviewer | security-compliance | Review SSH hardening, CSF rules, SSL/TLS configs against best practices. |
| Web App Auditor | auditor | security-red-teamer | Web app security checks: SQL injection, XSS, authentication, exposed admin panels. |
Severity Classifications
| Level | Criteria | Action Timeline |
|---|---|---|
| 🚨 CRITICAL | Immediate exploitation possible | Patch within 24 hours |
| ⚠️ HIGH | Significant risk | Patch within 7 days |
| ⚡ MEDIUM | Moderate risk | Patch within 30 days |
| 📋 LOW | Minor risk | Next maintenance window |
Audit Scope
- dLAN Infrastructure (gadgetzan, Proxmox, Pelican)
- Sysafe servers
- London-Hosting fleet
- All WordPress installations
- Custom web applications
Heartbeat Output
Every 3 hours, the team produces:
- CVE vulnerability report (ranked by severity)
- Patch compliance percentage
- Configuration drift report
- Web app security findings
Managing Pre-Seeded Teams
Viewing Teams
# Via Mission Control API
curl http://localhost:9999/api/mc/teams
# Via TeamManager agent
"Show me all permanent teams"
Triggering On-Demand
# Security Posture Monitor (will run on heartbeat, but can be triggered manually)
"Run a security posture check now"
# Content Production Team
"Create a video about [topic]"
# Company Security Audit Team
"Run a full security audit"
Modifying Teams
Teams can be modified via TeamManager tools:
tm_add_member— Add new memberstm_assign_task— Assign specific taskstm_monitor_team— Check current statustm_disband_team— Archive (permanent teams)
File Locations
teams/dan/
├── 4b7eaf5a-7980-4e74-8677-2c73e8fd5145/ # Security Posture Monitor
│ └── team.json
├── be24b204-8c7a-4c07-9c48-522b1ed78850/ # Content Production Team
│ └── team.json
└── ba29819b-130b-40b0-a9c2-dc77e122467e/ # Company Security Audit Team
└── team.json
Heartbeat Schedule
Both security teams run on the same heartbeat interval:
┌─────────────────────────────────────────────────────┐
│ System Heartbeat (Every 3 Hours) │
├─────────────────────────────────────────────────────┤
│ triggerTeamHeartbeat() │
│ ├─→ Security Posture Monitor │
│ │ ├─→ Network Watchdog: UniFi check │
│ │ ├─→ Security Sentinel: SSH logs │
│ │ └─→ Firewall Analyst: Firewall rules │
│ │ │
│ └─→ Company Security Audit Team │
│ ├─→ Vulnerability Scanner: CVE scans │
│ ├─→ Patch Analyst: Update check │
│ ├─→ Compliance Reviewer: Config audit │
│ └─→ Web App Auditor: Web security │
│ │
│ Content Production Team: SKIPPED (no default tasks) │
└─────────────────────────────────────────────────────┘
See Also
- Teams Module — Architecture overview
- Agent Index — Team member personas
- TEAMS.md — Full design document