Clearance
A portable PMO and work-management substrate for live technical systems
The governance model that keeps my agents from colliding and from self-promoting into dangerous work was worth extracting out of Nexus into something a stranger could run.
Clearance started as a question: the project-management substrate inside Nexus — the thing that gives discovered work a durable operating model with claims, blockers, decision threads, and verified close — was the most reusable idea in the whole platform, and it was welded to my private system. Clearance is that substrate extracted and rebuilt for anyone running a homelab, a research environment, or an agent fleet. It gives work projects and workstreams that stay visible, candidates you review before they become real backlog, claims and leases so two workers don’t collide, and a verified-close gate where “done” means there is evidence attached, not just a status flip.
The v1 core is an npm-workspaces monorepo of three @clearance/* packages: a Postgres schema built from numbered migrations off an empty database (work items with governance CHECK invariants, candidates, claims with one active lease per item via FOR UPDATE SKIP LOCKED, run packs, decision threads), an MCP server with read tools plus the mutating set, and a contracts package shipping generic ProjectManager / ProjectWorker / ProjectInvestigator role definitions and a ready-to-adapt worker-loop prompt. The governance model is the point: agents cannot self-grant the autonomous_safe tag — that requires an explicit operator grant — verified close validates evidence per type, and run packs never confer safety. Every governance failure returns a loud tool error.
The real validation was dogfooding it as a stranger would. A dogfood harness embeds the published packages and drives a full lifecycle against a throwaway database — fresh install, create candidate, promote, hit the self-promotion guardrail, operator grant, claim, verified close, block-with-child, digest — with zero private assumptions. That run surfaced two real gaps (a missing promotion tool and project-track CRUD), which became the next two work items and shipped. The functional v1 is complete, Apache 2.0, and the repo is staged to flip from private to public; the one intentional remnant is that the documented origin is still named, because the honest story of where it came from is part of the standard.