M MemberIntel KB

Activity Decisions

decision

ADR-0001: Entitlement service shape

ADR-0001 (Accepted, 2026-05-08): Entitlement service shape.

Status: Accepted
Date: 2026-05-08
Deciders: Seth (Lead Architect), Blair (CEO sign-off pending)

Context

Per SPEC §6 and §8.4, MemberIntel must enforce tier-based model routing
server-side as a single source of truth. The cost review (2026-05-08)
identified that “Haiku-only for Free” is an invariant that must not be
defeatable by an admin tool, debug surface, or internal job. The service
must mint a typed model handle so that callers cannot pick the model.

Decision

Single module at src/memberintel/entitlement/. Public function
check_and_consume(tier, operation) -> ModelHandle. The handle is an
opaque dataclass that carries the model id internally; callers cannot
read .model_id (CI guard rule enforces). The handle’s bound operation
must match the operation arg in llm.call or the call raises
HandleOperationMismatch.

At kickoff: in-process state only. monthly_cap is declared in the
TIERS table but check_and_consume does not decrement any counter.
Slice 1 swaps in a Redis hot path + Postgres usage_counters durable
table behind the same function signature — no caller change.

V1.5 trial-state fields (trial_started_at, trial_ends_at,
card_required_at) are reserved in the eventual usage_counters schema
so the V1.5 trial flow is additive, not a rewrite.

Consequences

Positive:

Single source of truth for tier-routing decisions.
Opaque handle prevents the “string-typed model” hole the cost review identified.
V1.5 trial state slot reserved early.

Negative / costs:

Slightly more friction for debugging (can’t print(handle.model_id) in app code).
Tests of evals must read .model_id; the eval suite is the trusted boundary documenting that.

Mitigations:

__repr__ deliberately omits _model_id so log lines don’t leak it.
The eval suite exercises the routing matrix explicitly.

Alternatives considered

String-typed model passed through layers — rejected because the cost review flagged this as the exact hole that lets Free leak to Sonnet.
Skip the handle, pass tier+operation everywhere — rejected because the tier-to-model mapping is then duplicated at every call site.

For: S Seth Shoultes A AI Engineer B Blair Williams S Santiago Perez Asis P Product Lead

Index

All pages

spec

MemberIntel V1 Specification

The V1 advisor-only spec for MemberPress operators: two-tier brain architecture, Free/Pro pricing model, and a data-flywheel moat built from product mechanics rather than pre-existing proprietary data.

S P B

MemberIntel V1.5 Specification

V1.5 extends MemberIntel with AI write-actions via the MemberPress MCP and a 5-minute 'Set up FOR ME' greenfield wizard backed by a 14-day Pro trial.

S P B

MemberIntel V2 Specification

V2 expands MemberIntel to BuddyBoss customers via a sister-company partnership — a low-engineering-risk cross-platform proof point since BB Memberships runs on MemberPress under the hood.

S P B

Architecture Overview & Tech Choices

Covers GCP vs Heroku vs DigitalOcean for hosting, then deep-dives per-tenant isolation strategy using shared-schema RLS as the V1 foundation.

S P B

Cross-Pollination & Brain Isolation

Details the three failure modes of the cross-pollination pipeline — re-identification, tenant leakage, and opt-out bypass — and the architectural mitigations for each, including k-anonymity floors, three-role isolation, and GCP project structure.

S P B

CI/CD & Code Flow

Defines the three separate promotion pipelines — code, Terraform, and database migrations — with GitHub Actions, Workload Identity Federation, manual prod gates, and the eval suite as a release-blocking check.

S B

Observability & Incident Response

Describes the three-destination telemetry model — Cloud Logging for debugging, BigQuery for business analytics, locked-down BigQuery for audit — plus domain-specific metrics, on-call structure, and pre-written runbooks for the five highest-stakes failure modes.

S S A

LLM Cost-Control Architecture

Defines the four-layer cost-control stack — rate limiting, entitlement service, per-call token budgets, and continuous spend monitoring — with Redis-backed quota counters, server-side model routing enforcement, and a global daily circuit breaker.

S P B

Auth & Identity Layer

Covers the three signup paths converging into a unified user model, per-license MP OAuth signing keys, customer-OAuth-only Stripe (no Connect), Argon2id passwords with server-side sessions, account merge prevention, and the V1.5 trial state machine.

S B

Data Sync Pipeline

Defines the three separate sync pipelines — MP (queue-based with per-customer concurrency controls), Stripe (webhooks for Pro, polling for Free), and site analysis (weekly-cached Claude calls) — with shared convergence layer and a platform-agnostic canonical schema designed for V2 expansion.

S S

Secrets Management

Defines five distinct secret categories with separate lifecycles, a layered KMS key hierarchy per environment, Secret Manager naming conventions with path-prefix IAM, 5-minute TTL caching, and the hard rule that no human ever reads a production secret.

S B

AI Eval Suite as Architecture

Treats the eval suite as versioned release-gate infrastructure rather than ad-hoc tests, with 150 structured scenarios across seven categories, a judge-model scoring layer, CI integration, a differentiation subset that proves advantage over baseline LLMs, and a production thumbs-down feedback loop.

S P B

Strategic Risk Landscape

Honestly assesses which SPEC risks the architecture handles well, which remain genuinely fragile (differentiation, content lead bottleneck), and names four risks the SPEC never flags — Anthropic dependency, ops time underbudget, per-customer brain as liability, and compliance as a moving target.

S B S

Synthesis

Phase-by-phase sequencing of all architectural commitments against the actual team ramp, surfacing five friction points where the phased plan and architectural reality diverge — content lead timing, Phase 2 scope calibration, differentiation eval ship date, privacy counsel engagement depth, and infra engineer hiring window.

S P B

Phased Plan

A 6-phase team ramp plan growing from 2 people in May to 7+ at launch, with hard milestone gates controlling when each new team member joins MemberIntel full-time.

S P B

Phased Plan — Rev 2

Rev 2 of the team ramp plan, updated after May architecture sessions: adds a dedicated brain-content lead recommendation, recalibrates Phase 2 milestone language for honesty, and moves the differentiation eval to a Phase 3 gate item.

S P B

decision

ADR-0001: Entitlement service shape

ADR-0001 (Accepted, 2026-05-08): Entitlement service shape.

S A B

ADR-0002: Model routing single source of truth

ADR-0002 (Accepted, 2026-05-08): Model routing single source of truth.

S A B

ADR-0003: pgvector for V1, tenant_id as partition key

ADR-0003 (Accepted (resolves SPEC Open Q9), 2026-05-08): pgvector for V1, tenant_id as partition key.

S A B

ADR-0004: GCP — Cloud Run + Cloud SQL + Secret Manager

ADR-0004 (Accepted (resolves SPEC Open Q8), 2026-05-08): GCP — Cloud Run + Cloud SQL + Secret Manager.

S A B

ADR-0005: Anthropic SDK direct, mitigation seam at llm.call

ADR-0005 (Accepted (with explicit accepted risk), 2026-05-08): Anthropic SDK direct, mitigation seam at llm.call.

S A B

ADR-0006: Hive Mind as Brain Seed Source

ADR-0006 (Accepted, 2026-05-12): Hive Mind as Brain Seed Source.

S A B

ADR-0007: Auth via JWT + Google OAuth + AI Foundation PKCE

ADR-0007 (Accepted, 2026-05-12): Auth via JWT + Google OAuth + AI Foundation PKCE.

S A B

ADR-0008: Voyage voyage-3-lite for Embeddings

ADR-0008 (Accepted, 2026-05-12): Voyage voyage-3-lite for Embeddings.

S A B

ADR-0009: CI/CD Pipeline — GitHub Actions with Workload Identity Federation

ADR-0009 (Accepted, 2026-05-14): CI/CD Pipeline — GitHub Actions with Workload Identity Federation.

S A B

ADR-0010: Observability — Cloud Logging + OpenTelemetry + BigQuery

ADR-0010 (Accepted, 2026-05-14): Observability — Cloud Logging + OpenTelemetry + BigQuery.

S A B

ADR-0011: Secrets Management — Secret Manager + KMS + Path-Prefixed Naming

ADR-0011 (Accepted, 2026-05-14): Secrets Management — Secret Manager + KMS + Path-Prefixed Naming.

S A B

ADR-0012: Stripe Integration — Customer-OAuth-Only in V1

ADR-0012 (Proposed (resolves SPEC Open Q4; Ally Roger sign-off pending per Phase 1 friction-points doc), 2026-05-14): Stripe Integration — Customer-OAuth-Only in V1.

S A B

ADR-0013: GCP Project Structure — Project-per-Environment + Shared Tooling

ADR-0013 (Proposed (V1 ships with single project; four-project structure targeted for V1.5), 2026-05-14): GCP Project Structure — Project-per-Environment + Shared Tooling.

S A B

ADR-0014: Cross-Pollination Security Boundary — Three-Roles Model

ADR-0014 (Proposed (pending privacy counsel review by Allen), 2026-05-14): Cross-Pollination Security Boundary — Three-Roles Model.

S A B

ADR-0015: Customer Brain — Four-Document Architecture (SOUL, BIBLE, HEARTBEAT, MEMORY)

ADR-0015 (Accepted (deployed 2026-05-15), 2026-05-15): Customer Brain — Four-Document Architecture (SOUL, BIBLE, HEARTBEAT, MEMORY).

S A B

ADR-0016: Brain Mutation via Anthropic Tool Calls (`update_customer_brain`)

ADR-0016 (Accepted (deployed 2026-05-15), 2026-05-15): Brain Mutation via Anthropic Tool Calls (`update_customer_brain`).

S A B

ADR-0017: MemberIntel Connect — WordPress Plugin as the Data-Sync Source

ADR-0017 (Accepted (V1 plugin shipped 2026-05-14; sync service deployed 2026-05-15), 2026-05-15): MemberIntel Connect — WordPress Plugin as the Data-Sync Source.

S A B

ADR-0018: Brain Memory Limits and Content Sanitization Policy

ADR-0018 (Accepted (deployed 2026-05-15), 2026-05-15): Brain Memory Limits and Content Sanitization Policy.

S A B

ADR-0025: Tier-to-model assignment — Haiku for Free, Sonnet for Pro

ADR-0025 (Proposed, 2026-06-01): Tier-to-model assignment — Haiku for Free, Sonnet for Pro.

S A B

reference

Elevator Pitch — What MemberIntel Is

Plain-language descriptions of MemberIntel for different audiences — a one-liner, an elevator paragraph, and riffs tuned to designers, engineers, friendly outsiders, and curious customers. Use when explaining the project to someone new in under a minute.

S B S

MemberIntel — One-Page Executive Summary

The whole product on one page — what it is, how it's priced, what V1/V1.5/V2 ship, where the moat is, and what's deliberately out of scope. Written for Blair and Santiago to read in two minutes; everything else in the KB is the long-form backup.

S B S

V1 Progress — May 15, 2026

What shipped in V1: site data sync, chat improvements, customer brain spec. What's next: per-customer brain implementation.

S

Phase 1-2 Friction Points

A companion one-pager surfacing seven decisions where the May architectural commitments conflict with the v1 phased plan. All 7 decisions resolved in the Blair × Seth working session on 2026-05-11 (see /meeting-2026-05-11-blair); resolution summary at the top of this page.

S P B

Friction-Points Prep for Blair

Strategic prep document for Blair before the friction-points working session: three decisions that need real deliberation (brain content lead hire, differentiation eval cadence, infra-leaning hire on V1.5 roadmap), four confirmation items, predictable team disagreements, what to watch for in the meeting, and the asymmetric May-12 deadline on item 1.

B S P

Open questions for Blair — 2026-05-20

One-sheet of everything currently waiting on a call from Blair as of 2026-05-20 — pricing first (launch packaging trio, Free-tier dial defaults, token budgets), then hiring, naming, architecture sign-offs (ADR-0006), privacy (Allen's late-May review), and operational items. Two hard near-term deadlines: May 22 for the Free-tier circuit-breaker rubric and ADR-0006 signature.

B S S

Decisions Due — Monday 2026-05-11 (prep doc — historical)

PREP doc for the 2026-05-11 meeting. The actual outcomes are at /meeting-2026-05-11-blair. References to 'Product Lead' below are historical — the role was retired in this session; Santiago absorbed the duties.

B S P

Meeting Log — Blair × Seth, 2026-05-11

Full decision log from the Blair × Seth working session on 2026-05-11: friction-points resolutions, team structure changes (Product Lead retired → Santiago expanded; Russ added as Lead Designer), free-tier LLM strategy (the 2026-05-11 decision pointed to a local Ollama-class model; superseded 2026-05-20 — Free now ships on Anthropic Haiku, see the addendum at the top of the page), GCP hosting confirmed, 14-day Pro trial for existing MP members, domain registrations, action items.

B S S

V1 Cost Discipline Review

AI Engineer persona's feasibility review of V1 unit economics: architecture as specified can hit $1.07 Free / $10.75 Pro targets if input-token ceilings are pinned, model routing is typed from the entitlement service, retrieval is pre-budgeted, and site analysis stays weekly-cached. The scariest finding is that Free breaks even AT the SPEC's floor conversion target — a Blair conversation about circuit-breaker authority, not an architecture fix.

S B P

Decision Rights Matrix

A binding contract defining who owns which decisions across engineering, product, compliance, and GTM — keeping Seth and Santiago unblocked as peers without escalating every disagreement to Blair. Updated 2026-05-11 to retire the dedicated Product Lead role (Santiago absorbed the duties) and add Russ as Lead Designer.

S P B

Quarterly Architecture Review Template

A 90-minute fixed-agenda template for quarterly architectural health reviews — covering differentiation gap, cost-per-cohort, reliability, cross-pollination health, compliance posture, and a standing 'one thing that worried me' round — starting Q4 2026 post-GA.

S B S

Cover Letter to Allen — Privacy Architecture Review

Cover letter from Seth and Santiago to Allen, MemberIntel's privacy counsel, introducing the privacy strategy memo and the late-May architecture review agenda. Sent ~5 business days before the session to give Allen context for the pre-read package.

S S B

Privacy Strategy for Counsel — Memo to Allen

Privacy strategy memo for Allen (Blair's privacy counsel) ahead of the late-May architecture review. Identifies the structural problem (the architecture treats member data as operator data throughout) and proposes seven preconditions before ToS drafting — four code-layer architectural preconditions and three policy items. Drafted 2026-05-12 through a Brandeis-counsel reasoning pass, McPhee-prose rewrite, panel review (Lessig + Sunstein + Rawls), and a Lessig/Rawls debate on permanent exclusion.

S B S

Privacy Counsel Architecture Review Agenda

A 4-hour late-May working agenda for outside privacy counsel to review MemberIntel's per-tenant isolation, cross-pollination boundary, secrets management, and data lifecycle decisions — grounding counsel's June ToS and Privacy Policy drafting in the actual architecture.

S P B

Design References

Living index of design artifacts for MemberIntel: the current Claude mockup, the Figma source-of-truth as it lands, and the visual-system conventions documented in docs/design/MemberIntel/CLAUDE.md.

R S B

Competitive Landscape

Feature-parity analysis of TripleWhale (Moby 2) and Northbeam against MemberIntel V1, with gap priorities for V1.5/V2 planning.

S B S

Seth's Phase 1 Deliverable Checklist

Seth's operational working checklist for May 2026 — organized week-by-week with ADR drafts, GCP scaffolding, schema design, RLS prototype, hiring pipeline, and cross-functional coordination tasks required to unlock Phase 2 on June 1.

S B

Phase 1 Deliverable Checklist (Santiago — formerly Product Lead)

Phase 1 operational working checklist for May 2026 — week-by-week milestones, PRD authoring, customer discovery, privacy counsel engagement, beta program scaffolding, cross-functional kickoffs, and the Phase 1 milestone gate criteria required to kick off Phase 2 on June 1. Originally authored for the Product Lead role; that role was retired 2026-05-11 and the checklist now belongs to Santiago (Product + Project Lead).

P S B

V1 Operational Runbooks

Pointer to the V1 product runbooks (deploy, auth, customer brain, incident response) that live in the memberintel repo — bus-factor coverage for whoever takes over V1 operations.

S A P

AI Engineer — Public Job Posting

External recruiting copy for the Senior AI Engineer hire — production LLM systems experience required, cost-discipline-as-engineering-surface posture, no LangChain. 30-min CEO screen → 60-90 min technical with Seth → paid week-long trial → offer in ~2-3 weeks.

A B S

role

Seth — Lead Architect JD

Seth Shoultes's Lead Architect role definition: end-to-end technical ownership of the brain, data pipeline, AI/ML architecture, engineering team, and vendor decisions for MemberIntel.

S B A

Blair — CEO JD

Blair Williams's CEO role definition for MemberIntel: product owner, final decision-maker on strategy, pricing, and architecture material choices, executive sponsor across the company.

B S P

Ronald — Backend / Platform Engineer JD

Ronald Reymundo's Backend / Platform Engineer role definition: MemberPress MCP integration, data sync, WordPress-side platform code, interim code-quality enforcement, and the V2 BuddyBoss integration surface. Reports to Seth Shoultes.

R S B

Sam — Brain Content Lead JD

Sam's Brain Content Lead role definition: authors the curated global brain, reviews cross-pollinated entries, operationalizes the voice/style guide, runs the content-side brain audits, and enforces sensitive-vertical exclusions. Reports to Santiago Perez Asis.

S S B

Senior AI Engineer JD

Senior AI Engineer role definition: owns the AI substrate end-to-end (inference pipeline, retrieval, prompt versioning, eval suite, cost discipline, feedback loop) under Seth's architectural direction. Reports to Seth Shoultes. Hire pending — target close mid-June 2026.

A S B

Product Lead JD (retired — folded into Santiago 2026-05-11)

RETIRED 2026-05-11. The dedicated Product Lead role was not backfilled after Cindy's departure; responsibilities folded into Santiago's expanded mandate. Retained as a historical reference for the duties Santiago now owns. See /santiago-jd for the current operational definition.

P B S

Santiago — Product + Project Lead JD

Santiago Perez Asis's role definition: Product + Project Lead for MemberIntel — PRD ownership, sprint cadence, dependency tracking, risk register, L10 scorecard, beta program design, support enablement, and cross-functional coordination. Reports to Blair.

S B S

Russell — Lead Designer JD

Lead Designer role definition: owns the visual system, end-to-end product UX, and design-to-engineering hand-off for MemberIntel. Reports to Blair Williams. Decided 2026-05-11 in the Blair × Seth working session — initially part-time / contract through Phase 1 with potential move to full-time as product surfaces solidify.

R S B

standup

Standup — 2026-06-09

One commit in the window: the automated standup bot posted the 2026-06-08 entry (`b94e0c2`).

S

Standup — 2026-06-08

Nothing shipped in the last 48 hours beyond the standup bot's own commits.

S

Weekly — week of 2026-06-07

# MemberIntel Weekly Digest — 2026-06-01 → 2026-06-07 One major feature shipped end-to-end in a single day, two security/compliance items closed, and a tooling

S

Standup — 2026-06-06

Only the standup bot committed today — automated housekeeping, nothing substantive shipped.

S

Standup — 2026-06-05

**Plugin-initiated one-click connect shipped end-to-end — spec through working zip — in a single day.** The spec ([#164](https://github.com/sethshoultes/memberi

S

Standup — 2026-06-04

One commit landed: the automated standup bot posted the 2026-06-03 entry (`ce208cf`).

S

Standup — 2026-06-03

**[#11](https://github.com/sethshoultes/memberpress-intel/pull/11) landed** — a new `.github/copilot-instructions.md` that teaches GitHub-native reviewers what

S

View all standups (28 total) →