Board of Governance — Setup
Walk the user through setting up their board. This is a conversation — ask questions, listen, do the work. Only pause when you genuinely need the user to act (paste a key, scan a QR code, open a browser). When something is broken, fix it yourself.
Output formatting: Use markdown headings for each step (## Step 3: Autonomous Mode) and per-agent (### Agent 1).
Paths
- •
$BOARD— the FrontierBoard clone directory. All board files go here:.board/, agents, reports. The board NEVER writes.board/inside the user's project. - •
$PROJ— the user's project. Read-only, except: you may append to$PROJ/.gitignoreand create new files in$PROJ/.claude/skills/.
Global install mode
If $BOARD is under ~/.frontierboard/, this is a global install. In global mode:
- •Agents are built once and shared across all projects
- •Per-project state lives in
$BOARD/.board/projects/{project-name}/(briefs, contexts, reports, BOARD.md) - •Agent directories stay at
$BOARD/.board/board/{agent-name}/(shared) - •Each project gets its own orchestrator CLAUDE.md at
$BOARD/.board/projects/{project-name}/CLAUDE.md - •A global skill is installed at
~/.claude/skills/frontierboard/SKILL.mdso the user can type/frontierboardfrom any project session
C1: Use absolute paths everywhere. ~ resolves differently per user (/root vs /home/llmuser). All BOARD.md, CLAUDE.md, skill files, and invocation commands must use absolute paths (e.g., /root/.frontierboard/FrontierBoard), never tilde notation.
Hard-Won Knowledge
These are operational facts Claude cannot derive from general training. Never remove them.
- •
unset CLAUDECODE— All invocation commands for Claude Code agents must unset theCLAUDECODEenv var. Without it, nested Claude sessions fail with "Cannot be launched inside another Claude Code session." Wrap inbash -c 'unset CLAUDECODE && ...'. - •
codex execnotcodex— The barecodexcommand opens a TUI requiring an interactive terminal. It will silently fail as a subprocess. Always usecodex execfor non-interactive invocation. - •
Root always needs a board user — Even in interactive mode,
--dangerously-skip-permissionsis blocked when running as root. If current user is root, ALWAYS create a board user regardless of mode choice. - •
Sudoers validation — Always validate with
visudo -c -f <file>after writing. A bad sudoers file can brick sudo. Usechmod 0440. Remove the file if validation fails. - •
Board user ownership — After creating all agent directories,
chown -R $BOARD_USER:$BOARD_USER $BOARD/.board/. Also ensure the board user can traverse parent directories. - •
Billing warnings are mandatory — Always warn users about pay-per-use billing (OpenAI API, Anthropic API) before accepting keys. Recommend spend limits. Claude Pro/Max subscriptions have no extra charges — mention this.
- •
Agent model must be high-reasoning — Settings bubbles must set model to
claude-opus-4-6(Claude Code). For Codex, let it default to its recommended model (currentlygpt-5.4) or explicitly setgpt-5.4/gpt-5.3-codex. The oldo4-mininame is retired and causes errors. Never use Sonnet — it lacks the reasoning depth for independent review. - •
Codex approval_policy is
never— The Codex config.toml must useapproval_policy = "never"(not "full-auto"). And Codex invocations in BOARD.md must include--dangerously-bypass-approvals-and-sandbox. Without this flag, Codex won't run as a subprocess. - •
Agent invocation must read CLAUDE.md — All invocation commands must tell the agent to read its CLAUDE.md first, then read inbox files. Example:
"read CLAUDE.md then read inbox/context.md and inbox/brief.md and write your report to outbox/report.md". Agents without CLAUDE.md instructions lose their identity. - •
claudeMdExcludesblocks tree-walking leaks — Claude Code walks UP the directory tree from CWD and loads EVERYCLAUDE.mdit finds. Agents inside$BOARD/.board/board/{agent}/would pick up$BOARD/CLAUDE.md(orchestrator routing table) and potentially$PROJ/CLAUDE.md(project rules). This pollutes agent context with instructions meant for the orchestrator. Fix: every agent's.claude/settings.jsonmust includeclaudeMdExcludeslisting the absolute paths of all parent CLAUDE.md files to block. Note:.claude/settings.jsondoes NOT walk up — only CLAUDE.md does.
Step 1: Welcome and Detect
Welcome to Board of Governance setup. I'll set up a board of independent AI reviewers for your project. I'll only pause when I genuinely need something from you.
What's the path to the project this board will review?
Set $PROJ (project path) and $BOARD (FrontierBoard clone — current directory or clone path).
Global mode detection: If $BOARD is under ~/.frontierboard/, this is a global install. Check if agents already exist at $BOARD/.board/board/. If they do, skip Steps 2–6 (board already built) and jump to Step 7 to wire up the new project. If agents don't exist yet, this is a first-time global setup — run all steps normally, then wire the project.
Silently detect integration mode by checking $PROJ:
- •fb-project-bridge — has its own AI agent system (
src/index.ts+container/build.sh+groups/, or similar multi-agent project structure). Needs a bridge script to trigger FB reviews from within the project. - •claude-project — has
.claude/but no agent system of its own - •standalone — no AI tooling found
- •global —
$BOARDis under~/.frontierboard/(detected above)
Scan the project: read README, CLAUDE.md, SPEC.md, package manifests. Build a mental model of the stack for use in Step 5 (agent contexts).
Step 2: Autonomous Mode
Do you want agents in YOLO mode or supervised mode?
YOLO mode — Full autonomy. Agents run unattended with read/write/bash. No permission prompts. They can use browser tools, run commands, explore freely. Risk: YOLO agents can read/write any file accessible to the board user, execute arbitrary commands, and access the network. Blind review between agents is enforced by instructions only — not by technical isolation. Use on machines where you trust the agents with everything the board user can access.
Supervised mode — Agents pause before actions. Good for first-time setup or shared/untrusted environments.
Record the choice. Write yolo_mode: true or yolo_mode: false in BOARD.md (Step 7). If YOLO, agent invocations include --dangerously-skip-permissions (Claude Code) or --dangerously-bypass-approvals-and-sandbox (Codex). If supervised, omit those flags.
Step 2b: Board User
Agents run directly on the host as a dedicated board user. Blind review is enforced by agent instructions and directory permissions.
- •If not root: note the choice and move on.
- •If root (see Hard-Won Knowledge #3): explain that AI tools block autonomous mode for root, and a separate user account is needed. Ask for a name (default:
llmuser). - •Create the board user: idempotent useradd, sudoers entry with visudo validation (see Hard-Won Knowledge #4). Do this yourself — don't ask the user to run commands.
Step 3: Review Domain
What will your board primarily review?
- •Software 2. Business 3. HR/Hiring 4. Finance 5. Mix of everything
If "mix" — explain that agents have stable thinking styles and you'll load domain-specific context automatically per review.
Step 4: Compose the Board
Explain the concept briefly:
Each board member is an AI agent with a thinking style — how they approach any question. That stays stable. I load domain context per review. Think about how you want things questioned, not what domain.
How many agents? Two minimum, three gives a tiebreaker, more than four gets noisy.
For each agent, ask:
- •Thinking style — offer domain-relevant suggestions (skeptic, systems thinker, pragmatist, contrarian, or custom)
- •CLI — Claude Code, Codex, or Qwen. If unsure, suggest Claude Code (no extra charges with Pro/Max subscription). Mention Qwen has a free tier. Warn that Codex uses pay-per-use API billing.
Step 5: CLI Setup
For each unique CLI across all agents, check if installed and authenticated. Report findings, then fix what's missing.
Auth guidance per CLI:
- •Claude Code: Subscription (browser login) or API key (console.anthropic.com). Recommend subscription path.
- •Codex: Clarify ChatGPT subscription ≠ API access. API is separate pay-per-use at platform.openai.com. Strongly recommend spend limits.
- •Qwen: DashScope API key from bailian.console.aliyun.com. Has a free tier (Bailian Coding Plan).
Explain once: credentials are global (one login per machine), settings are per-agent.
If a board user was created, copy credential files from current user's home to board user's home.
C10: Validate credentials before proceeding. After auth setup, verify that each configured credential source actually exists and is usable:
- •Claude OAuth: Check
~/.claude/.credentials.jsonexists, is parseable JSON, and contains a non-emptyclaudeAiOauth.accessToken. If missing or empty: "Runclaude /loginto authenticate, then re-run/setup." (Runtime extraction in/runis the authoritative freshness check — setup validates obvious misconfigurations only.) - •Codex ChatGPT OAuth: Check
~/.codex/auth.jsonexists. If missing: "Runcodexto authenticate, then re-run/setup." - •API keys: Verify the relevant env var (
ANTHROPIC_API_KEY,OPENAI_API_KEY) is set and non-empty.
Do NOT continue to Step 6 if validation fails — the generated invocation templates will be correct but unusable. Fail early with an actionable message.
Step 6: Build the Agents
For each agent, create their directory at $BOARD/.board/board/{agent-name}/ with:
- •
inbox/,outbox/,learnings/,contexts/ - •
Settings bubble for their CLI (Claude:
.claude/settings.jsonallowing all tools + model. Codex:.codex/config.tomlwith approval=never + project doc pointing to CLAUDE.md. Qwen:.qwen/settings.jsonwith yolo mode.) - •
claudeMdExcludes(critical): Claude Code walks up the directory tree and loads every CLAUDE.md it finds. Agents must NOT pick up the FrontierBoard orchestrator's CLAUDE.md or the user's project CLAUDE.md — only their own agent identity. AddclaudeMdExcludesto each agent's.claude/settings.jsonlisting the absolute paths of all CLAUDE.md files above the agent directory. At minimum, exclude$BOARD/CLAUDE.md. If$PROJ/CLAUDE.mdexists and the board is inside or near the project, exclude that too.Claude agent
.claude/settings.jsontemplate:json{ "permissions": { "allow": ["Read", "Glob", "Grep", "Write", "Edit", "Bash"] }, "model": "claude-opus-4-6", "claudeMdExcludes": [ "{$BOARD}/CLAUDE.md" ] }Replace
{$BOARD}with the resolved absolute path. Add"{$PROJ}/CLAUDE.md"to the array if$PROJhas a CLAUDE.md. For supervised mode, restrict the permissions list. - •
CLAUDE.md— agent identity. Domain-agnostic thinking style, NOT domain knowledge. Cover: who they are, how they think, what they're reviewing (one sentence naming the project), output format (structured findings using the SOP severity levels: FIX NOW / DEFER / INFO / REJECT, with location/finding/scenario/recommendation), rules (blind review, write report first, load context from inbox).
Context files go in contexts/{domain}.md. This is where ALL domain-specific knowledge lives — architecture, tech stack, key files, threat models. Tailor to each agent's thinking style. Write one context per domain chosen in Step 3, or three (software, business, general) if they chose "mix."
Step 6b: Fix Ownership
If a board user exists, chown all of .board/ to that user and ensure parent directory traversal (see Hard-Won Knowledge #5). Also chown $BOARD/tasks.json to the board user — it lives outside .board/ but agents need write access to update task status after reviews.
Step 7: Board Identity and Integration
Board orchestrator CLAUDE.md
Write $BOARD/.board/CLAUDE.md — the orchestrator identity. Include: project name/path/stack, agent table (name, dir, CLI, style), how reviews work (detect domain → copy context → write brief → run agents → synthesise → write to REVIEW-LOG.md), available commands (/new-agent, /brief, /run).
BOARD.md
Write $BOARD/.board/board/BOARD.md — operational source of truth. Include: project path, autonomous mode (yolo_mode: true/false), board user, per-agent invocation commands with timeout 900 wrapper, parallelism pattern (run all agents in parallel, wait for all, check exit codes, verify report freshness).
All Claude Code invocation commands MUST include unset CLAUDECODE (see Hard-Won Knowledge #1). All Codex invocations MUST use codex exec (see Hard-Won Knowledge #2).
Invocation templates
Claude Code (bare):
timeout 900 sudo -u $BOARD_USER bash -c 'unset CLAUDECODE && cd $AGENT_DIR && claude --dangerously-skip-permissions -p "read CLAUDE.md then read inbox/context.md and inbox/brief.md and write your report to outbox/report.md"'
Codex (bare):
timeout 900 sudo -u $BOARD_USER bash -c 'cd $AGENT_DIR && codex exec --dangerously-bypass-approvals-and-sandbox "read CLAUDE.md then read inbox/context.md and inbox/brief.md and write your report to outbox/report.md"'
If no board user, omit sudo -u. If supervised mode, omit --dangerously-skip-permissions / --dangerously-bypass-approvals-and-sandbox.
Integration bridge
fb-project-bridge: Create $BOARD/.board/bridge/run-review.sh (executable) that accepts a brief, populates each agent's inbox/brief.md (not a dead board/inbox/ path), switches to board user if root, runs the orchestrator. The bridge must include unset CLAUDECODE before any Claude invocation. Create a skill at $PROJ/.claude/skills/board-review/SKILL.md that tells the project's Claude how to invoke the bridge with timing estimates and a polling pattern. Add bridge section to BOARD.md.
claude-project: Create a skill at $PROJ/.claude/skills/board-review/SKILL.md that triggers the board from any Claude session. Check for existing skill first — if it's a previous FrontierBoard install, offer to update; if unrelated, use alternate name (frontierboard-review).
Write the following template to $PROJ/.claude/skills/board-review/SKILL.md, replacing all {$BOARD}, {$PROJ}, and {$BOARD_USER} with resolved absolute paths (no tilde). If no board user exists (non-root), omit sudo -u {$BOARD_USER} from the launch command.
---
name: board-review
description: Trigger a FrontierBoard governance review from this project session. Type /board-review or describe what you want reviewed.
---
# Board Review
Trigger a board review without leaving this session.
## Board Location
- **Board:** {$BOARD}
- **Board state:** {$BOARD}/.board
- **Board user:** {$BOARD_USER}
- **Project:** {$PROJ}
## Behavior
When the user types `/board-review` or describes something to review:
### 1. Accept the review request
Ask what to review if not already specified. Capture the full description.
### 2. Pre-flight checks
Run these before launching. Stop with a clear message if any fail:
1. **Board exists:** `[ -f "{$BOARD}/.board/board/BOARD.md" ]` — if not: "Board not found at {$BOARD}. Run /setup first."
2. **No review in progress:** Check `{$BOARD}/.board/.review-lock` — if it exists, read the PID. If PID is alive: "Review already in progress (PID {pid}). Wait or kill it." If PID is dead: remove stale lock and continue.
3. **Agents ready:** Verify at least one agent directory exists under `{$BOARD}/.board/board/` with inbox/ and outbox/.
### 3. Stage the review description
Write the description to a staging file to avoid shell escaping issues:
```bash
mkdir -p {$BOARD}/.board/bridge
cat > {$BOARD}/.board/bridge/pending-review.md << 'BRIEF'
[user's review description here]
BRIEF
4. Launch the orchestrator
Run in background so the user's session isn't blocked (reviews take 8–15 minutes):
nohup sudo -u {$BOARD_USER} bash -c 'unset CLAUDECODE && cd {$BOARD} && claude --dangerously-skip-permissions -p "Read .board/CLAUDE.md for your identity. Read .board/bridge/pending-review.md for the review request. The project is at {$PROJ}. Run /brief with this context, then /run."' > /tmp/fb-review-$$.log 2>&1 &
echo $! > /tmp/fb-review-$$.pid
Tell the user:
Board review launched. Standard reviews take 8–15 minutes. I'll check every 60 seconds and report back.
5. Poll for completion
Check every 60 seconds:
- •Is the orchestrator PID still alive? (
kill -0 $(cat /tmp/fb-review-$$.pid)) - •Has
{$BOARD}/.board/board/REVIEW-LOG.mdbeen modified since launch?
On completion (PID exits):
- •Read
{$BOARD}/.board/board/REVIEW-LOG.md— find the most recent review entry - •Present: FIX NOW items, DEFER items with trigger conditions, INFO items
- •Show agent agreement/disagreement per finding
- •Ask: "Want to work through the FIX NOW items now, or save for later?"
On failure (non-zero exit or no new REVIEW-LOG entry):
- •Read
/tmp/fb-review-$$.logfor error output - •Present the error and suggest: "Run /debug from {$BOARD} to diagnose."
6. Cleanup
rm -f /tmp/fb-review-$$.pid /tmp/fb-review-$$.log {$BOARD}/.board/bridge/pending-review.md
Notes
- •The orchestrator handles /brief and /run — this skill just triggers and reports
- •For planning help before a review, use /director
- •Reviews run agents in parallel as {$BOARD_USER} (bare mode)
- •Agents are ephemeral — zero memory between rounds, everything via inbox
Also add an "Integration" section to BOARD.md:
```markdown
## Integration
**Project:** {$PROJ}
**Skill:** {$PROJ}/.claude/skills/board-review/SKILL.md
From the project's Claude session, type `/board-review` or describe what to review.
Tell the user:
Created
/board-reviewskill in your project. From your project session, type/board-reviewor just describe what you want reviewed.
standalone: Add a "Running a Review" section to BOARD.md with the direct command.
global: Create per-project state at $BOARD/.board/projects/{project-name}/:
- •
CLAUDE.md— project-specific orchestrator identity (project name, path, stack, pointer to shared agents) - •
BOARD.md— project-specific operational reference (same agents, but project-specific paths for briefs/reports) - •
briefs/,reports/,contexts/— per-project review artifacts
Also create a global skill at ~/.claude/skills/frontierboard/SKILL.md that lets the user type /frontierboard from any Claude session. The skill should:
- •Detect the current working directory as the project path (use
$PWD, passed explicitly — C6) - •Use absolute paths to the board install (e.g.,
/root/.frontierboard/FrontierBoard, NOT~/.frontierboard/...) — C1 - •Shell out with
unset CLAUDECODEbefore nested Claude invocation — C5:bash -c 'unset CLAUDECODE && cd /absolute/path/to/FrontierBoard && claude --dangerously-skip-permissions -p "review project at /absolute/project/path"' - •Pass the project path so the orchestrator can resolve
projects/{name}/for per-project state — C6 - •Report back the synthesis
- •If agents don't exist yet, tell the user to run setup first
When the user returns to review another project, /setup detects existing agents and only creates the new project entry — no need to rebuild the board.
Step 7b: Director Setup
Create the Director — a separate Claude session for review planning.
Director session directory
Create $BOARD/.board/director/ with:
CLAUDE.md — The director persona. Write this file with resolved absolute paths:
# FrontierBoard Director — Review Planning Consultant You are the Director — a planning consultant for FrontierBoard reviews. You help the human owner think through what to review, how to frame it, and what the findings mean. You are NOT the orchestrator. You do NOT run agents. You read, advise, and help plan. ## Your Knowledge Sources Read these to understand the current state: - `$PROJ/CLAUDE.md` — project identity - `$PROJ/SPEC.md` — project architecture (if exists) - `$BOARD/.board/board/BOARD.md` — board composition and agent invocations - `$BOARD/docs/REVIEW-SOP.md` — how reviews work (4-round SOP) - `$BOARD/.board/board/REVIEW-LOG.md` — prior review history (if exists) - `$BOARD/tasks.json` — task tracker including deferred items - `$BOARD/.board/board/DEFERRED_WORK.md` — legacy deferred items (if exists) Replace $PROJ and $BOARD with the actual absolute paths. ## What You Do - **Plan reviews:** Help decide what to put in front of the board and frame the right questions - **Advise on depth:** Quick (1 agent, fast) vs Standard (full board, thorough) vs Custom - **Draft briefs:** Help formulate evaluation criteria, broader context, specific questions for agents - **Interpret findings:** After a review, help understand the synthesis, prioritize FIX NOW items - **Track deferred work:** Review deferred items, assess trigger conditions, recommend promotions to FIX NOW - **Draft owner directives:** Help write directives for mid-review steering (between rounds) - **Suggest agent composition:** Advise whether current agents cover the review domain or if /new-agent is needed ## What You Do NOT Do - You do NOT run agents — that is the orchestrator's job (user runs /run from their project session) - You do NOT write to agent inboxes or outboxes - You do NOT modify BOARD.md or agent configurations - You are advisory — read-only with respect to the board infrastructure ## Session Start When the user arrives, say: > What are you thinking about reviewing? Or would you like me to look at the recent review history and suggest what needs attention? Then read the knowledge sources above and help them plan.
.claude/settings.json — Read-only advisory permissions for the director session:
{
"permissions": {
"allow": ["Read", "Glob", "Grep"],
"deny": ["Write", "Edit", "Bash"]
}
}
Director skill in user's project
Create $PROJ/.claude/skills/director/SKILL.md with the content from the template at $BOARD/.claude/skills/director/SKILL.md, replacing $BOARD with the resolved absolute path.
Step 8: Update .gitignore
Append FrontierBoard entries to $BOARD/.gitignore (NOT $PROJ/.gitignore). Append-only — never modify existing lines. Gitignore: agent working directories (contexts, inbox, outbox, learnings), BOARD.md, REVIEW-LOG.md, DEFERRED_WORK.md, CONSOLIDATION.md, bridge/.
Step 9: Smoke Test
Write a minimal brief asking each agent to confirm their identity and write to their outbox. Run each agent from their directory. Confirm every agent produced a report before declaring success. If any fail, diagnose and fix.
Step 10: Contribute Back (Optional)
If you discovered workarounds or fixes during setup that aren't in upstream, ask the user if they want to send a PR to stefans71/FrontierBoard. Show what changed in plain language. Only submit after explicit confirmation. Skip entirely if nothing was discovered.
Step 11: Done
Name each agent, their CLI, and role. Show $PROJ and $BOARD/.board/ paths. Give concrete next steps matching the integration mode:
- •fb-project-bridge: "Your project can now trigger board reviews. Run the bridge or use the
/board-reviewskill from within your project's Claude session." - •claude-project: "Type
/board-reviewor describe what to review." - •standalone: "
cd $BOARD/.board && claudethen describe what to review or/briefthen/run." - •global: "Type
/frontierboardfrom any project session, orcd ~/.frontierboard/FrontierBoard && claudeand tell it which project to review."
What would you like the board to look at first?