Garage 30
The studio's own week runs on a leashed agent fleet: triage done before 7am, promises tracked automatically, zero autonomous external actions.
Done by 7am
Morning triage
Inbox cleared and replies drafted daily by a 06:45 background run
Every 30 min
Working-day cover
Dispatcher sweep sorts new items into handled, needs-me, or blocked
0
Autonomous external actions
Sending, publishing, paying, and deleting always end with a human
The starting point
Garage 30 is a one-person studio with a day job attached and three kids under two at home. The constraint was never ideas or skills; it was attention. Promises slipped, follow-ups sat, and every context switch charged a re-explaining tax. So we set the brief we'd set for any client: get the repeatable week running without supervision, without ever letting software act on the outside world by itself.
What we built
Three parts working as one system. A persistent memory that every agent reads and writes, so nothing gets re-explained. An interactive assistant for the judgment work: triage, drafting, strategy. And a fleet of scheduled background workers, each defined as a job rather than a persona: inbox clearing at 06:45, a commitment sweep at 07:00, a dispatcher every 30 minutes through the working day, a weekly ads-analysis loop, and a Friday self-review where the system reads its own logs and proposes what to fix next.
The technical detail
- Runtime: Claude Code running headless on schedules via macOS launchd. Per-job lockfiles, watchdog timeouts, logs per run.
- Jobs: each worker is a markdown spec with YAML frontmatter (schedule, permission level, timeout) and the job prompt as the body. Version-controlled like any other code.
- Memory: a local Python MCP server over SQLite with vector embeddings for semantic search. Every agent mounts the same server, which is what makes the memory shared rather than per-tool.
- Permissions: per-job settings profiles define each worker's leash, and a pre-execution hook blocks any tool above its level. Sending, publishing, paying, and deleting are never autonomous at any level.
- Credentials: macOS Keychain behind a domain-scoped resolver script. Workers can only read secrets in their own domain's namespace.
- Tool scoping: each work domain carries its own MCP config, so a worker loads only the servers its job needs.
- Accountability: every run ends with a check-in and evidence written to a shared ledger. A menu-bar readout over that ledger refreshes every minute; silence is never treated as success.
- Self-repair: failures trigger a repair process that investigates and proposes a tested fix on a git branch. Merging is always a human decision, and a fix that later fails becomes a diagnostic, never an auto-revert.
What it changed
Mornings arrive triaged. Commitments get cross-checked against what actually happened, which is how a proposal that had quietly sat unsent for six weeks got caught. Something still breaks most weeks; the difference is that the system notices, logs it, and proposes its own fix for review. The full story, including the trust rules that make it safe to run, is in the write-up. The hands-on version, for owners who want to run their own, is the training.
Claude Code / MCP / SQLite / launchd / Keychain