Beatles Agent Server — Definitive Cookbook v2.2

Table of Contents

1. Document Information

Version History

Purpose

This document is the single source of truth for the Coreshare Beatles Agent Server. It serves two purposes:

1. Build cookbook — complete, step-by-step instructions to provision and configure the server from scratch.
2. Reference manual — day-to-day operational reference for anyone working with the server, its agents, or its integrations.

How to Keep This Document Up to Date

This is a living document. Bowie owns it. When anything on the server changes — new agents, updated endpoints, configuration changes, new permissions, known issues resolved — update this document. Upload a new version to SharePoint with the version number incremented and status set to Approved. Mark superseded versions as Superseded.

2. Executive Summary

The Beatles Agent Server is a production Microsoft Azure virtual machine (agents.coreshare.co.uk) running five specialist AI agents, each connected to Microsoft Teams via their own Azure Bot Service registration. The server is managed by Elvis, Coreshare's central orchestrator AI.

The five agents — named after members of The Beatles and David Bowie — are:

• George — Developer assistant for Keith Lunt (Lead Engineer)
• John — Second developer assistant (capacity/parallel work)
• Paul — Agile Scrum Project Manager for Peter Naylor and the delivery team
• Ringo — Test Manager for Ivy Cada and QA
• Bowie — Technical Documentation specialist for the whole team

Each agent has its own Azure Bot registration, OpenClaw gateway, Teams presence, ElevenLabs voice, dedicated mailbox, and private Qdrant knowledge collection. All agents share a common knowledge base of Coreshare technical documents, NHS knowledge articles, and meeting notes — accessed via the Elvis MCP server running on the same host.

The server reached production status on 24 March 2026 (Phase 1 complete). Phase 2 (NeMo Guardrails security hardening) is planned.

3. Server Specification

Software Stack

4. Architecture Overview

The server follows a hub-and-spoke model. All external traffic enters via nginx over HTTPS. Each agent has its own OpenClaw gateway running on a dedicated port. All agents share the Elvis MCP server for knowledge and integrations. Elvis (on a separate server) reads all agent knowledge collections but is invisible to the agents.

Port Map

5. Agent Roster

6. Agent Hierarchy & Knowledge Flow

Qdrant Collection Ownership

Phase 3 — Planned Workflow Handoffs (Not Yet Live)

Phase 3 will introduce inter-agent workflow handoffs orchestrated by Elvis. Direct agent-to-agent communication will not be used — Elvis acts as the trigger.

• Paul → Ringo: Requirements update triggers automatic test case creation
• Ringo → Bowie: Regression complete triggers test report generation
• George/John → Bowie: Feature complete triggers API documentation
• Any agent → Paul: Action items auto-logged to Asana

7. Build Guide — Step by Step

This section covers a complete build from scratch. Follow in order. Time estimate: approximately 2–3 hours for a fresh build; 30–45 minutes if restoring from backup.

7.1 VM Provisioning

7.2 Base OS Install

apt update && apt upgrade -y

apt install -y nginx certbot python3-certbot-nginx python3-pip python3-venv \
  git curl unzip docker.io

curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt install -y nodejs
node --version  # expect v22.x.x

npm install -g openclaw
openclaw --version  # expect 2026.3.13 or later

pip3 install --break-system-packages requests fastapi uvicorn playwright \
  beautifulsoup4 lxml msal azure-identity azure-keyvault-secrets

7.3 SSL Certificate

certbot --nginx -d agents.coreshare.co.uk

7.4 Create coreshare User

useradd -m -s /bin/bash coreshare

mkdir -p /opt/bots/{john,paul,ringo,bowie}
chown -R coreshare:coreshare /opt/bots

7.5 George Gateway Setup

su - coreshare
openclaw configure
# Follow wizard:
# - Channel: Microsoft Teams
# - App ID: <from Key Vault: msteams-george-app-id>
# - App Password: <from Key Vault: msteams-george-app-password>
# - Tenant ID: 9613d146-fa8b-4ff3-9665-e1fe69c5ec45
# - Gateway bind: loopback
# - dmPolicy: open
# - groupPolicy: open
exit

cat > /etc/systemd/system/openclaw-gateway.service << 'EOF'
[Unit]
Description=OpenClaw Gateway — George
After=network.target

[Service]
Type=simple
User=coreshare
WorkingDirectory=/home/coreshare
ExecStart=/usr/bin/openclaw gateway run
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

7.6 John, Paul, Ringo, Bowie Setup

These bots run as the coreshare user but with a separate HOME directory per bot, so each reads its own ~/.openclaw/openclaw.json. The HOME override in the systemd service file is the mechanism.

for BOT in john paul ringo bowie; do
  cp -r /home/coreshare/.openclaw /opt/bots/$BOT/
  chown -R coreshare:coreshare /opt/bots/$BOT
done

{
  "channels": {
    "msteams": {
      "enabled": true,
      "appId": "<from Key Vault: msteams-john-app-id>",
      "appPassword": "<from Key Vault: msteams-john-app-password>",
      "tenantId": "9613d146-fa8b-4ff3-9665-e1fe69c5ec45",
      "dmPolicy": "open",
      "groupPolicy": "open",
      "allowFrom": ["*"],
      "webhook": { "port": 3979 }
    }
  },
  "bindings": [
    { "type": "route", "agentId": "john", "match": { "channel": "msteams" } }
  ],
  "gateway": { "port": 18793, "bind": "loopback" }
}

{
  "version": 1,
  "profiles": {
    "anthropic:default": {
      "type": "api_key",
      "provider": "anthropic",
      "key": "<from Key Vault: anthropic-api-key>"
    },
    "openai:default": {
      "type": "api_key",
      "provider": "openai",
      "key": "<from Key Vault: openai-api-key>"
    }
  }
}

for BOT in john paul ringo bowie; do
  cat > /etc/systemd/system/openclaw-$BOT.service << EOF
[Unit]
Description=OpenClaw Gateway — $BOT
After=network.target

[Service]
Type=simple
User=coreshare
Environment=HOME=/opt/bots/$BOT
ExecStart=/usr/bin/openclaw gateway run
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF
done

systemctl daemon-reload
systemctl enable --now openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie

# Verify all five ports are listening
ss -tlnp | grep -E '3978|3979|3980|3981|3982'

# Verify all five services are active
systemctl is-active openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie

7.7 Nginx Routing Configuration

See Section 10 for the full nginx config. Quick install:

cat > /etc/nginx/sites-enabled/agents.coreshare.co.uk << 'EOF'
# <full config — see Section 10>
EOF
nginx -t && systemctl reload nginx

7.8 Qdrant Docker Setup

mkdir -p /var/lib/qdrant

docker run -d \
  --name qdrant \
  --restart always \
  -p 127.0.0.1:6333:6333 \
  -v /var/lib/qdrant:/qdrant/storage \
  qdrant/qdrant

# Verify
curl -s http://127.0.0.1:6333/collections | python3 -m json.tool

for COLLECTION in george_kb john_kb paul_kb ringo_kb bowie_kb elvis_kb documents nhs_knowledge_base meetings; do
  curl -s -X PUT http://127.0.0.1:6333/collections/$COLLECTION \
    -H 'Content-Type: application/json' \
    -d '{"vectors": {"size": 1536, "distance": "Cosine"}}'
  echo " → Created $COLLECTION"
done

7.9 Elvis MCP Server Setup

mkdir -p /opt/elvis-agent
# Copy application files from backup or repository
# Main entry point: /opt/elvis-agent/app/main.py
# Environment config: /opt/elvis-agent/.env

# /opt/elvis-agent/.env
ELVIS_API_KEY=<from Key Vault: elvis-api-key>
ANTHROPIC_API_KEY=<from Key Vault: anthropic-api-key>
OPENAI_API_KEY=<from Key Vault: openai-api-key>
GRAPH_CLIENT_ID=43aca163-6019-4e91-8aee-122f066c6a3f
GRAPH_CLIENT_SECRET=<from Key Vault: graph-client-secret>
GRAPH_TENANT_ID=9613d146-fa8b-4ff3-9665-e1fe69c5ec45
JIRA_TOKEN=<from Key Vault: jira-token>
ASANA_TOKEN=<from Key Vault: asana-token>
QDRANT_URL=http://127.0.0.1:6333

cat > /etc/systemd/system/elvis-mcp.service << 'EOF'
[Unit]
Description=Elvis MCP Server
After=network.target docker.service

[Service]
Type=simple
User=root
WorkingDirectory=/opt/elvis-agent
EnvironmentFile=/opt/elvis-agent/.env
ExecStart=/usr/bin/python3 -m uvicorn app.main:app --host 127.0.0.1 --port 8000
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now elvis-mcp

# Verify
curl -s http://127.0.0.1:8000/health

7.10 Azure Bot Endpoints

After the server is live, update each bot's messaging endpoint in Azure Portal → Bot Service → Configuration. See Section 8 for all endpoints.

8. Azure Bot Services

All five bots are registered in Azure under Resource Group: Elvis-Managed, Tenant: 9613d146-fa8b-4ff3-9665-e1fe69c5ec45. All are Single Tenant type.

How to Update a Messaging Endpoint

1. Azure Portal → search "Bot Services" → find the bot (e.g. CoreshareGeorge)
2. Settings → Configuration
3. Update the Messaging Endpoint field
4. Click Apply
5. Test in Teams — send a message to the bot. It should respond within a few seconds.

Enabling Teams Channel on a Bot

1. Azure Portal → Bot Services → [Bot] → Channels
2. Click "Microsoft Teams" → Enable → Save
3. Bot must also be installed in Teams as an app package (see Section 16)

9. Systemd Services

Service Summary

Full Service File — George (/etc/systemd/system/openclaw-gateway.service)

[Unit]
Description=OpenClaw Gateway — George
After=network.target

[Service]
Type=simple
User=coreshare
WorkingDirectory=/home/coreshare
ExecStart=/usr/bin/openclaw gateway run
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

Full Service File — John/Paul/Ringo/Bowie (pattern)

Replace BOTNAME with john, paul, ringo, or bowie:

[Unit]
Description=OpenClaw Gateway — BOTNAME
After=network.target

[Service]
Type=simple
User=coreshare
Environment=HOME=/opt/bots/BOTNAME
ExecStart=/usr/bin/openclaw gateway run
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

Common Commands

# Start/stop/restart individual services
systemctl start openclaw-gateway
systemctl stop openclaw-john
systemctl restart openclaw-paul

# Restart all five
systemctl restart openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie

# Check all statuses
systemctl status openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie

# Check if active (returns 'active' or 'inactive')
systemctl is-active openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie

# View logs (last 50 lines)
journalctl -u openclaw-john --no-pager -n 50

# Follow logs in real time
journalctl -u openclaw-bowie -f

# Reload after editing service files
systemctl daemon-reload

10. Nginx Configuration

File location: /etc/nginx/sites-enabled/agents.coreshare.co.uk

SSL is managed by Certbot and auto-inserted into this file.

server {
    server_name agents.coreshare.co.uk;

    # ── George ──────────────────────────────────────────────────
    location /api/messages {
        proxy_pass http://127.0.0.1:3978;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
    }

    # ── John ─────────────────────────────────────────────────────
    location /api/messages-john {
        proxy_pass http://127.0.0.1:3979/api/messages;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
    }

    # ── Paul ─────────────────────────────────────────────────────
    location /api/messages-paul {
        proxy_pass http://127.0.0.1:3980/api/messages;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
    }

    # ── Ringo ────────────────────────────────────────────────────
    location /api/messages-ringo {
        proxy_pass http://127.0.0.1:3981/api/messages;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
    }

    # ── Bowie ────────────────────────────────────────────────────
    location /api/messages-bowie {
        proxy_pass http://127.0.0.1:3982/api/messages;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
    }

    # ── SSL (managed by Certbot) ─────────────────────────────────
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/agents.coreshare.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/agents.coreshare.co.uk/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

# HTTP → HTTPS redirect
server {
    listen 80;
    server_name agents.coreshare.co.uk;
    return 301 https://$host$request_uri;
}

Key Notes

• George's location block (/api/messages) proxies to port 3978 without appending /api/messages — George's OpenClaw listens on the default path.
• All other bots (/api/messages-john etc.) rewrite to /api/messages on their respective ports — proxy_pass http://127.0.0.1:3979/api/messages.
• proxy_read_timeout 300s is important — Claude Sonnet can take up to 60s on complex tasks. Default nginx timeout of 60s would kill long responses.

# Test and reload nginx
nginx -t && systemctl reload nginx

11. Model Routing Policy

Agent-Specific Exceptions

openclaw.json Model Configuration

{
  "model": {
    "primary": "anthropic/claude-haiku-4-5",
    "fallbacks": ["openai/gpt-4o-mini"]
  }
}

For Bowie, override with "primary": "anthropic/claude-sonnet-4-6".

Rationale

• Tony tracks costs closely. Haiku keeps routine operations cheap.
• Sonnet is the right tool for real engineering and documentation work.
• Opus cost is not justified for standard Coreshare operations — it's a last resort for genuinely exceptional tasks.
• GPT-4o-mini provides resilience if Anthropic has an outage.

12. ElevenLabs Voice Configuration

Each agent has a dedicated ElevenLabs voice. Voice is used when a user sends /voice in a Teams message, triggering audio response alongside the text reply.

Voice Assignments

Configuration in openclaw.json

{
  "talk": {
    "apiKey": "<from Key Vault: elevenlabs-api-key>",
    "voiceId": "JBFqnCBsd6RMkjVDRZzb",
    "provider": "elevenlabs"
  }
}

Set the voiceId per agent using the IDs from the table above.

How /voice Works in Teams

1. User sends a message starting with /voice (e.g. /voice explain the architecture)
2. OpenClaw generates a text response from the AI model
3. OpenClaw sends the text to ElevenLabs using the configured voice ID
4. ElevenLabs returns an audio file
5. The audio is sent to the Teams conversation as an attachment alongside the text

13. Qdrant Knowledge Base

Infrastructure

Collections

Ingestion

Ingestion scripts live at /opt/elvis-agent/scripts/. Documents are embedded using OpenAI text-embedding-3-small before insertion. Run manually or via cron as needed.

# Verify all collections exist
curl -s http://127.0.0.1:6333/collections | python3 -m json.tool | grep '"name"'

# Check vector count in a collection
curl -s http://127.0.0.1:6333/collections/documents | python3 -m json.tool | grep vectors_count

14. Elvis MCP Server

The Elvis MCP (Model Context Protocol) server is a FastAPI application running at http://127.0.0.1:8000 on the agents server. It provides all agents with access to shared Coreshare data — documents, email, calendar, Jira, Asana, and SharePoint.

Authentication: All requests require the header X-API-Key: <elvis-api-key> (from Key Vault secret elvis-api-key).

API Endpoints

Service Health Check

curl -s http://127.0.0.1:8000/health | python3 -m json.tool

# Expected:
{
  "status": "healthy",
  "qdrant": "ok",
  "graph": "ok",
  "version": "1.0.0"
}

15. Agent Mailboxes

Each agent has a dedicated mailbox on the Coreshare Microsoft 365 tenant.

Exchange Group Access

Agents access mailboxes via the Elvis MCP server, which uses the Graph API with application-level Mail.ReadWrite permission.

How to Grant Mailbox Access to a New Agent

1. Create the mailbox in Microsoft 365 Admin Center → Users → Active users → Add a user (or shared mailbox)
2. Add the user/mailbox to the Exchange security group: ElvisMailAccess@coreshare.onmicrosoft.com
3. Grant the Elvis AI Agent app (43aca163-6019-4e91-8aee-122f066c6a3f) Mail.ReadWrite permission if not already granted
4. Allow Exchange provisioning to propagate — this can take 24–48 hours
5. Test with: GET /email/pmo/inbox via Elvis MCP

16. Teams App Packages

Each agent requires a Teams app package (ZIP) installed by a Teams admin. Packages are stored at /root/.openclaw/workspace/teams-packages/ on the Elvis server (and backed up daily).

Package Contents

manifest.json Requirements

• id — unique GUID for the Teams app (different from Azure Bot App ID)
• bots[0].botId — Azure Bot App ID (e.g. 2cdf05bc-8bdc-4f92-8a2d-9043ba14e9d8 for George)
• bots[0].scopes — include ["personal", "team", "groupChat"]
• RSC permissions in authorization.permissions.resourceSpecific:

"authorization": {
  "permissions": {
    "resourceSpecific": [
      { "name": "ChannelMessage.Read.Group", "type": "Application" },
      { "name": "ChannelMessage.Send.Group", "type": "Application" },
      { "name": "Member.Read.Group", "type": "Application" },
      { "name": "Owner.Read.Group", "type": "Application" },
      { "name": "ChannelSettings.Read.Group", "type": "Application" },
      { "name": "TeamMember.Read.Group", "type": "Application" },
      { "name": "TeamSettings.Read.Group", "type": "Application" },
      { "name": "ChatMessage.Read.Chat", "type": "Application" }
    ]
  }
}

How to Install a Teams App Package

1. Microsoft Teams → Apps (left sidebar) → Manage your apps
2. Click "Upload an app" → "Upload a customised app"
3. Select the ZIP file for the agent
4. Click Add
5. The bot now appears in Teams. DM it to start a conversation.

How to Update a Teams App Package

1. Teams Admin Center (admin.teams.microsoft.com) → Teams apps → Manage apps
2. Find the app by name (e.g. "CoreshareGeorge")
3. Select → Update → upload the new ZIP
4. Or: Users can update from Teams → Apps → Manage your apps → find the app → Update

How to Build a New App Package

cd /root/.openclaw/workspace/teams-packages/george/
# Edit manifest.json as needed
zip -r george-teams-app.zip manifest.json color.png outline.png

Installing Bots for Users via Teams Admin Centre

Uploading a custom Teams app makes it available in the tenant, but it is not installed for anyone by default. The Teams Admin Centre will show the app as "Available to everyone" but "Installed for no one". Users cannot chat to the bot until an admin explicitly installs it for them.

Procedure — Install a Bot for Users

17. Security

SOUL.md Guardrails (Phase 1 — Active)

All five agents have a Security & Guardrails section in their SOUL.md. These are enforced at the agent instruction level (not technically — see Phase 2 for technical enforcement).

Phase 2 — NeMo Guardrails (Planned, Not Yet Live)

Phase 2 will introduce a NeMo Guardrails technical proxy layer wrapping the Elvis MCP server. This provides:

• Colang rules for jailbreak detection, PII leakage, and data separation enforcement
• Audit logging of all agent interactions
• Technical rejection of policy violations (not just instruction-level)

Infrastructure Security

Credential Rules

18. Key Vault Secrets

Key Vault: coreshare-keyvault.vault.azure.net

Access URL: Azure Portal → Key Vaults → coreshare-keyvault → Secrets

19. Graph API Permissions

Application: Elvis AI Agent
Client ID: 43aca163-6019-4e91-8aee-122f066c6a3f
Tenant: 9613d146-fa8b-4ff3-9665-e1fe69c5ec45
Type: Application permissions (not delegated) — all with admin consent

20. SharePoint Libraries

Bowie manages four document libraries on the CSA SharePoint site. Each library is client-scoped. All are flat (no folders) — classification is done via metadata columns.

Metadata Columns (All Libraries)

Site IDs

21. Backup & Recovery

Backup Schedule

What's Backed Up

Restore Procedure

scp /path/to/backups/*.tar.gz coreshare@100.82.115.55:/tmp/elvis-backups/

cd /tmp/elvis-backups/

# OpenClaw configs (George + all bots)
tar -xzf openclaw-full-YYYY-MM-DD.tar.gz -C /

# nginx
tar -xzf nginx-YYYY-MM-DD.tar.gz -C /

# systemd service files
tar -xzf systemd-YYYY-MM-DD.tar.gz -C /

# Elvis MCP
tar -xzf elvis-agent-YYYY-MM-DD.tar.gz -C /

# Qdrant data
tar -xzf qdrant-YYYY-MM-DD.tar.gz -C /

# Teams packages
tar -xzf teams-packages-YYYY-MM-DD.tar.gz -C /

docker run -d --name qdrant --restart always \
  -p 127.0.0.1:6333:6333 \
  -v /var/lib/qdrant:/qdrant/storage qdrant/qdrant

systemctl daemon-reload
systemctl enable --now openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie elvis-mcp

nginx -t && systemctl reload nginx

# Health check
ss -tlnp | grep -E '3978|3979|3980|3981|3982'
curl -s http://127.0.0.1:8000/health

22. Operational Runbook

22.1 Daily Health Check

# All five bot ports listening?
ss -tlnp | grep -E '3978|3979|3980|3981|3982'
# Expect: 5 lines, one per port

# All five services active?
systemctl is-active openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie
# Expect: active x5

# nginx OK?
nginx -t

# Elvis MCP healthy?
curl -s http://127.0.0.1:8000/health | python3 -m json.tool

# Qdrant healthy?
curl -s http://127.0.0.1:6333/collections | python3 -m json.tool | grep '"name"'

# SSL cert expiry (should be 60+ days)
certbot certificates

22.2 Restart Procedures

# Restart a single bot
systemctl restart openclaw-john

# Restart all bots
systemctl restart openclaw-gateway openclaw-john openclaw-paul openclaw-ringo openclaw-bowie

# Restart nginx
systemctl reload nginx  # graceful (preferred)
systemctl restart nginx  # hard restart (use if reload fails)

# Restart Elvis MCP
systemctl restart elvis-mcp

# Restart Qdrant
docker restart qdrant

22.3 View Logs

# Last 50 lines for a specific bot
journalctl -u openclaw-bowie --no-pager -n 50

# Follow logs in real time
journalctl -u openclaw-george -f

# nginx access log
tail -f /var/log/nginx/access.log

# nginx error log
tail -f /var/log/nginx/error.log

# Elvis MCP logs
journalctl -u elvis-mcp --no-pager -n 50

22.4 Common Issues and Fixes

22.5 Checking Service Restart Counts

# How many times has a service restarted? (high number = crashing loop)
systemctl show openclaw-gateway --property=NRestarts
systemctl show openclaw-john --property=NRestarts

# Get full service details
systemctl status openclaw-bowie

22.6 Mutual Cover & Resilience

This section documents the agreed mutual cover procedures for the Coreshare AI agent network. Any Beatles agent can cover for Elvis, and Elvis or any Beatles agent can cover for a downed Beatles agent. Tony confirmed this procedure on 24 March 2026.

If Elvis Goes Down

Elvis is the central orchestrator running on elvis.coreshare.co.uk. If Elvis goes offline, any of the five Beatles agents can restart him.

How to request a restart: Tony, Peter, Keith, or Sai can message any available Beatles bot in Teams — for example:

• "Elvis is down, please restart him"
• "Elvis isn't responding, can you bring him back up?"
• "Elvis is offline — restart needed"

The receiving Beatles agent will restart Elvis via its systemd service. Elvis now runs under /etc/systemd/system/elvis-mcp.service on elvis.coreshare.co.uk — the same pattern as the Beatles agents on the agents server.

# Restart Elvis MCP server via systemd (correct method)
ssh root@elvis.coreshare.co.uk "systemctl restart elvis-mcp"

# Verify it's back up
ssh root@elvis.coreshare.co.uk "systemctl is-active elvis-mcp && curl -s http://127.0.0.1:8000/health"

If a Beatles Agent Goes Down

If one of the Beatles agents becomes unresponsive or its service crashes, it can be restarted via Elvis or any other Beatles agent. The command targets the Beatles Agent Server at Tailscale IP 100.82.115.55:

ssh root@100.82.115.55 "systemctl restart openclaw-<name>"

Replace <name> with the agent's lowercase name:

Chain of Cover

When an agent is unavailable or capacity is high, cover follows these lines:

Who Can Request Restarts

Restart requests are only actioned from authorised team members. Each person has a preferred entry point into the agent network:

23. Pending / Known Issues