Current Automation Snapshot¶
Last audited: 2026-05-23
This page describes what is actually scheduled or enabled on Aegis right now. If this conflicts with older planning docs, treat this page as the operational source of truth until the next audit.
For the detailed registry of active, dormant, and trigger-based automation surfaces, see Automation Catalog.
Sources used for this snapshot:
- Live user crontab on
aegis-ts - User systemd service inventory
- Running Docker containers and the Aegis scheduler modules
- Hermes cron job store
- Claude and Claude Code configuration files
Secrets and bearer tokens are intentionally redacted.
Host Cron¶
These jobs run from the agent user crontab. Logs land under /home/agent/logs unless noted otherwise.
| Schedule | Job | What it does | Log |
|---|---|---|---|
0 21 * * * |
scripts/market_collect_news.py --days 3 |
Collects recent market news. | market-news.log |
0 2 * * * |
aegis.memory.consolidation.run_maintenance_consolidation() |
Consolidates memory using local PostgreSQL and FalkorDB. This overlaps with scheduler-managed memory work. | memory-consolidation.log |
0 3 * * 0 |
scripts/market_weekly_fundamentals.py |
Weekly market fundamentals refresh. | market-weekly.log |
0 */4 * * * |
scripts/check_feed_health.py --no-alert |
Feed-health check with alerts suppressed. | feed-health.log |
0 6 * * 6 |
scripts/market_daily_update.py |
Saturday market update. | market-daily.log |
30 22 * * 1-5 |
scripts/market_daily_update.py |
Weekday evening market update. | market-daily.log |
30 0,6,12,18 * * * |
scripts/market_daily_update.py --screening-only |
Four-times-daily market screening pass. | market-screening.log |
0 * * * * |
scripts/check_balances.py |
Hourly wallet or balance check. | balance-check.log |
*/10 * * * * |
scripts/poll_profile_channel.py |
Polls a profile Discord channel using a token embedded in the crontab. Rotate this secret and move it out of cron. | profile-channel.log |
*/5 * * * * |
/home/agent/scripts/poll_clawk_feed.py |
Cross-post/poll job for the Clawk feed. | clawk-crosspost.log |
*/5 * * * * |
scripts/poll_ideas_channel.py |
Polls the ideas channel. | ideas-channel.log |
0 * * * * |
/home/agent/scripts/crawl_clawk_graph.py |
Hourly Clawk graph crawl. | clawk-crawl.log |
30 3 * * * |
scripts/ingest_transcripts.py --after <3 days ago> |
Ingests recent transcripts into memory/knowledge storage. | transcript-digestion.log |
Sanitized crontab snapshot:
0 21 * * * cd /home/agent/projects/aegis-core && .venv/bin/python scripts/market_collect_news.py --days 3 >> /home/agent/logs/market-news.log 2>&1
0 2 * * * cd /home/agent/projects/aegis-core && PYTHONPATH=/home/agent/projects/aegis-core POSTGRES_HOST=localhost FALKORDB_HOST=localhost .venv/bin/python -c "from aegis.memory.consolidation import run_maintenance_consolidation; import asyncio; asyncio.run(run_maintenance_consolidation())" >> /home/agent/logs/memory-consolidation.log 2>&1
0 3 * * 0 cd /home/agent/projects/aegis-core && .venv/bin/python scripts/market_weekly_fundamentals.py >> /home/agent/logs/market-weekly.log 2>&1
0 */4 * * * python3 scripts/check_feed_health.py --no-alert >> /home/agent/logs/feed-health.log 2>&1
0 6 * * 6 cd /home/agent/projects/aegis-core && .venv/bin/python scripts/market_daily_update.py >> /home/agent/logs/market-daily.log 2>&1
0 * * * * cd /home/agent/projects/aegis-core && python3 scripts/check_balances.py >> /home/agent/logs/balance-check.log 2>&1
*/10 * * * * DISCORD_BOT_TOKEN=<redacted> python3 scripts/poll_profile_channel.py >> /home/agent/logs/profile-channel.log 2>&1
30 0,6,12,18 * * * cd /home/agent/projects/aegis-core && .venv/bin/python scripts/market_daily_update.py --screening-only >> /home/agent/logs/market-screening.log 2>&1
30 22 * * 1-5 cd /home/agent/projects/aegis-core && .venv/bin/python scripts/market_daily_update.py >> /home/agent/logs/market-daily.log 2>&1
*/5 * * * * python3 /home/agent/scripts/poll_clawk_feed.py >> /home/agent/logs/clawk-crosspost.log 2>&1
*/5 * * * * python3 scripts/poll_ideas_channel.py >> /home/agent/logs/ideas-channel.log 2>&1
0 * * * * python3 /home/agent/scripts/crawl_clawk_graph.py >> /home/agent/logs/clawk-crawl.log 2>&1
30 3 * * * cd /home/agent/projects/aegis-core && PYTHONPATH=/home/agent/projects/aegis-core POSTGRES_HOST=localhost FALKORDB_HOST=localhost .venv/bin/python scripts/ingest_transcripts.py --after $(date -d '3 days ago' +\%Y-\%m-\%d) >> /home/agent/logs/transcript-digestion.log 2>&1
User Systemd¶
No user-level systemd timers were present during this audit.
| Unit | State | What it does | Notes |
|---|---|---|---|
claude-gateway.service |
enabled, active | Local FastAPI gateway on 127.0.0.1:8787 for Claude Agent SDK jobs and queries. |
Uses bearer auth. Request payloads are stored under ~/.claude-gateway/requests, so treat that directory as sensitive. Permission modes include bypass options. |
claude-session-worker.service |
disabled, dead | WhatsApp-triggered Claude session worker. | Not currently running. |
aegis-market.service |
enabled, inactive/dead | Intended systemd wrapper for market automation. | The audit found market automation running from cron and older manual python -m aegis.market processes instead, not from this unit. |
Aegis Docker Scheduler¶
The active scheduler container is aegis-scheduler, built from /home/agent/projects/aegis-core. It runs APScheduler jobs from aegis/scheduler.py and module-specific setup_*_scheduler() functions.
Current tuning after the 2026-05-23 cleanup:
- Docker health checks use low-level Docker summaries and silently skip vanished Docker records that cannot be inspected.
- Anomaly detection ignores low resource usage, no longer watches cumulative network counters, requires 60 baseline samples, uses z-score thresholds of 3.0 warning and 5.0 critical, and applies absolute floors before alerting: CPU
25%, memory percent1%, memory usage1024 MB, PIDs100. It also requires a minimum rise over baseline: CPU10points, memory percent1point, memory usage256 MB, PIDs25. - Anomaly detection records episodic memory only when an alert is actually created.
Core scheduler jobs:
| Job | Schedule | Behavior |
|---|---|---|
health_check |
every 5 minutes | Checks PostgreSQL connectivity and updates scheduler state. |
docker_health_check |
every 5 minutes | Checks container health and applies the Docker monitor remediation policy. |
morning_status |
daily 06:00 UTC | Records a morning status event. |
evening_summary |
daily 22:00 UTC | Generates and records an evening digest. |
memory_cleanup |
daily 00:30 UTC | Deletes old low-importance episodic memory. |
Module jobs observed from the scheduler modules:
| Module | Schedule | Behavior |
|---|---|---|
| every 30 minutes | Records email-check events. Actual email fetch depends on MCP/tool availability. | |
| Monitor | every 15 minutes, every 4 hours, every 6 hours | Runs due website monitors, visual dashboard health checks, and scheduled monitor sweeps. |
| Anomaly | metrics every 1 minute, detection every 5 minutes, baselines every 6 hours, cleanup daily 03:00 | Collects container metrics, detects anomalies, refreshes baselines, and cleans old metrics. |
| Discord | task poll every 60 seconds, command poll every 30 seconds | Polls Discord task/command surfaces. selectolax is now installed in the scheduler image. |
| Proactive | 15 minutes to daily | Pattern learning, opportunity detection, suggestion delivery, feedback processing, meeting prep, draft work, queue cleanup. |
| Orchestration | health every 2 minutes, rebalance every 5 minutes, stale cleanup hourly, metrics every 15 minutes | Supervises agent orchestration and resource metrics. |
| Revenue | demand every 30 minutes, product generation every 2 hours, listing hourly, fulfillment/support every 15 minutes | Revenue automation. Treat the existing demand-signal volume as suspect until audited further. |
| Memory | critical sync every 30 minutes, knowledge sync every 4 hours, full sync daily 04:00, consolidation daily | Syncs episodic/semantic memory into graph and consolidated stores. This overlaps with the 02:00 host cron consolidation. |
| Scout | full scan at 00:15, 06:15, 12:15, 18:15 UTC; trend scan every 2 hours from 06:30 to 22:30 | Trend and opportunity scanning. |
| News | breaking every 30 minutes, full aggregation every 4 hours at :10, regional digest 08:00 and 18:00 |
News ingestion and digest jobs. |
| Acquisition | replies every 15 minutes, closing hourly at :45, learning every 6 hours at :30, cleanup daily 05:00 |
Customer reply and closing automation. Verify safeguards before enabling broader outreach; the audit found code paths capable of posting Reddit payment-link replies. |
Market automation note: older scheduler docs said market jobs register with the main scheduler. The current aegis/scheduler.py audit did not show market registration there; market work is currently represented by cron and the stale/manual market processes noted above.
Hermes Cron¶
Hermes has its own enabled cron jobs in the container data store.
| Job | Schedule | Delivery | State |
|---|---|---|---|
| Morning Email Check | 0 8 * * * |
Telegram | enabled, last run OK on 2026-05-23 |
| Daily Product Health Check | 30 8 * * * |
Discord | enabled |
| Daily Status Sync | 45 8 * * * |
Discord | enabled |
| Weekly Tokscale Cost Report | 0 9 * * 1 |
Telegram | enabled |
Claude and Claude Code Configuration¶
Claude has not been heavily used on this server recently, but the configuration is still broad and privileged.
| File | Current significance |
|---|---|
~/.claude/settings.json |
Default model is opus; skipDangerousModePermissionPrompt is enabled; plugins include glm-plan-usage, code-simplifier, and context7. |
~/.claude/settings.local.json |
Contains a broad allow list and at least one hardcoded auth secret. Rotate/move secrets out of this file. |
~/.claude.json |
Includes a clawk MCP entry. |
| MCP servers | Configured servers include Aegis, Anna's Archive, Discord, Docker, filesystem /home/agent, Git, GitHub, Ollama, Playwright, PostgreSQL, StackWiz, Telegram, Twitter, and Clawk. |
| Claude gateway | Active local gateway can run Claude Agent SDK jobs. Keep it bound to localhost, keep bearer auth strong, and treat stored request payloads as sensitive. |
Documentation Serving¶
aegis-docs runs squidfunk/mkdocs-material:latest with:
/home/agent/projects/aegis-corebind-mounted read-only at/docs- command
mkdocs serve --dev-addr=0.0.0.0:8000
Because it serves the source checkout directly, documentation edits in the repo should hot-reload on docs.aegisagent.ai. If the docs site stops updating, restart only aegis-docs rather than rebuilding the Aegis app containers.
Follow-Up Cleanup Candidates¶
| Priority | Candidate | Reason |
|---|---|---|
| High | Rotate the Discord token embedded in crontab and the hardcoded Claude local auth secret. | Secrets are stored in plaintext operational config. |
| High | Decide whether host cron or the Aegis scheduler owns memory consolidation. | There is likely duplicate consolidation work. |
| High | Review Acquisition scheduler safeguards before relying on it. | It has code paths for public/customer replies and payment links. |
| Medium | Clean up aegis-market.service or move market automation fully under systemd/cron. |
The unit is enabled but inactive, while market processes/jobs exist elsewhere. |
| Medium | Audit Revenue demand signals. | The database contains a suspiciously large demand-signal volume from Discord task sources. |
| Medium | Prune or repair Docker's ghost container summary records during a planned maintenance window. | The scheduler now ignores them, but Docker still reports vanished IDs in summaries. |