cmo: drop @mrhaven_agent, migrate to per-account credentials

@mrhaven_agent suspended by X for inauthentic behavior (2026-04-03).
Account abandoned without appeal. API app was registered under that
account and is now revoked.

Changes:
- Remove mrhaven_agent from all config, scripts, and docs
- Add per-account credential routing (ACCOUNT_TOKEN_MAP) in executor
- Update daily-post.js to use X_SOVREN_ACCESS_TOKEN/SECRET
- Update GitHub Actions workflow to new secret names
- Simplify collector and hydrator to bearer-only auth
- Fix pre-existing test bug (missing seen parameter)
- Document Phase 7 decisions, rationale, trade-offs, and limitations
  in CMO-AUTOMATION-IMPLEMENTATION-PLAN.md

Pipeline now operates on 2 accounts only with scheduled root posts.
Automated reply/quote engagement disabled. New X Developer App under
@TheCesarCross required before API access resumes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ccross2

.github/workflows/daily-post.yml

@@ -36,10 +36,10 @@ jobs:
 
       - name: Post next queued item
         env:
-          TWITTER_API_KEY: ${{ secrets.TWITTER_API_KEY }}
-          TWITTER_API_SECRET: ${{ secrets.TWITTER_API_SECRET }}
-          TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
-          TWITTER_ACCESS_SECRET: ${{ secrets.TWITTER_ACCESS_SECRET }}
+          X_API_KEY: ${{ secrets.X_API_KEY }}
+          X_API_SECRET: ${{ secrets.X_API_SECRET }}
+          X_SOVREN_ACCESS_TOKEN: ${{ secrets.X_SOVREN_ACCESS_TOKEN }}
+          X_SOVREN_ACCESS_SECRET: ${{ secrets.X_SOVREN_ACCESS_SECRET }}
         run: |
           if [ "${{ inputs.dry_run }}" == "true" ]; then
             node scripts/daily-post.js --dry-run

CLAUDE.md

@@ -479,7 +479,7 @@ node scripts/daily-post.js --add "text" --category thesis   # Append new post
 
 **D4: Credentials via secrets.env, not dotenv**
 - **Decision:** Cron sources `~/.claude/secrets.env` directly. No dotenv package for credential loading.
-- **Rationale:** Twitter API credentials (`TWITTER_API_KEY`, `TWITTER_API_SECRET`, `TWITTER_ACCESS_TOKEN`, `TWITTER_ACCESS_SECRET`) are already available via direnv in interactive sessions and via secrets.env for cron. Adding dotenv would duplicate existing infrastructure.
+- **Rationale:** X API credentials (`X_API_KEY`, `X_API_SECRET`, `X_SOVREN_ACCESS_TOKEN`, `X_SOVREN_ACCESS_SECRET`) are already available via direnv in interactive sessions and via secrets.env for cron. Adding dotenv would duplicate existing infrastructure.
 
 ### Voice Rules (enforced by daily-post.js)
 
@@ -509,7 +509,7 @@ node scripts/daily-post.js --add "text" --category thesis   # Append new post
 ### Dependencies
 
 - `twitter-api-v2` (devDependency) — Twitter API v2 client
-- Environment: `TWITTER_API_KEY`, `TWITTER_API_SECRET`, `TWITTER_ACCESS_TOKEN`, `TWITTER_ACCESS_SECRET`
+- Environment: `X_API_KEY`, `X_API_SECRET`, `X_SOVREN_ACCESS_TOKEN`, `X_SOVREN_ACCESS_SECRET`
 
 ---
 

ops/cmo-automation/README.md

@@ -2,10 +2,9 @@ CMO Automation (X/Twitter)
 
 Purpose
 - Internal, data-driven replacement for outsourced engagement operations.
-- Covers three coordinated accounts:
-  - @TheCesarCross
-  - @sovren_software
-  - @mrhaven_agent
+- Covers two coordinated accounts:
+  - @TheCesarCross (founder)
+  - @sovren_software (brand)
 
 What this does today
 1) Collect snapshot data from X API (profile + timeline)
@@ -16,9 +15,10 @@ What this does today
 6) Build execution report from approved actions (dry-run default)
 
 Current mode
-- Quality-gated assisted automation with optional live execution.
-- Root posts can execute live.
-- Quote-style engagement is subject to X platform eligibility constraints and may fail with 403 when not in-thread/not mentioned.
+- Scheduled root posts only. No automated replies or quotes.
+- @mrhaven_agent was removed after X suspension for inauthentic behavior (2026-04-03).
+- API credentials are per-account (X_FOUNDER_* for @TheCesarCross, X_SOVREN_* for @sovren_software).
+- See reports/CMO-AUTOMATION-IMPLEMENTATION-PLAN.md Phase 7 for full decision log.
 
 Structure
 - config/cmo_accounts.yaml
@@ -37,8 +37,9 @@ Structure
 
 Quick start
 1) Export credentials (or source ~/.claude/secrets.env)
-   - Required: X_API_KEY, X_API_SECRET, X_BEARER_TOKEN, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET
-   - Script also maps from TWITTER_* variables.
+   - App credentials: X_API_KEY, X_API_SECRET, X_BEARER_TOKEN
+   - Per-account tokens: X_FOUNDER_ACCESS_TOKEN, X_FOUNDER_ACCESS_SECRET (for @TheCesarCross)
+   - Per-account tokens: X_SOVREN_ACCESS_TOKEN, X_SOVREN_ACCESS_SECRET (for @sovren_software)
 2) Run:
    - python3 scripts/collect_x_data.py
    - python3 scripts/analyze_x_cmo.py

ops/cmo-automation/config/cmo_accounts.yaml

@@ -13,14 +13,6 @@ accounts:
       root_posts_per_day: 1
       replies_per_day: 10
       quote_posts_per_week: 3
-  - handle: mrhaven_agent
-    role: product-agent
-    voice: guardian-utility
-    target_mix:
-      root_posts_per_day: 2
-      replies_per_day: 6
-      quote_posts_per_week: 2
-
 analysis:
   lookback_days: 21
   baseline_label: fiverr-period

ops/cmo-automation/config/operating_policy.json

@@ -25,12 +25,6 @@
       "mix_pct": {"root": 45, "reply": 40, "quote": 15},
       "daily_reply_cap": 10,
       "time_windows_est": ["10:00-11:00", "14:00-15:00", "19:00-20:00"]
-    },
-    "mrhaven_agent": {
-      "role": "product-agent",
-      "mix_pct": {"root": 60, "reply": 25, "quote": 15},
-      "daily_reply_cap": 6,
-      "time_windows_est": ["08:00-09:00", "13:00-14:00", "21:00-22:00"]
     }
   },
   "targeting": {

ops/cmo-automation/reports/CMO-AUTOMATION-IMPLEMENTATION-PLAN.md

@@ -176,3 +176,89 @@ Status
   ~/cDesign/sovren-website/ops/cmo-automation
 - Upgrade details, decision log, limitations, and remaining work:
   reports/CMO-QUALITY-UPGRADE-2026-04-02.md
+
+---
+
+## Phase 7 — Account Restructure and Credential Migration (2026-04-03)
+
+Context
+- @mrhaven_agent suspended by X on 2026-04-02 for "inauthentic behaviors."
+- Root causes: unverified bot-labeled account (no blue check, no delegated admin, 4 followers),
+  13 consecutive HTTP 403 failures from quote attempts to conversations the account was not
+  part of, coordinated API usage across 3 accounts sharing one developer app.
+- The X Developer App was registered under @mrhaven_agent. Suspension revoked all API
+  credentials (HTTP 401 on bearer-token read-only calls confirmed).
+- @TheCesarCross and @sovren_software survived due to blue check verification and delegated
+  admin access — protective factors @mrhaven_agent lacked.
+
+Decisions
+
+D1. Abandon @mrhaven_agent without appeal
+- Rationale: account carried bot-labeled baggage, only 4 followers, no organic social graph.
+  Appealing risks drawing further scrutiny to the coordinated account cluster.
+  Product updates flow through @sovren_software instead.
+- Trade-off: lose the handle and any residual SEO value. X Premium subscription requires
+  manual cancellation (X does not auto-cancel on suspension).
+- Expected benefit: clean break, no residual risk to surviving accounts.
+
+D2. Register new X Developer App under @TheCesarCross
+- Rationale: strongest account (verified, 974 followers, established). App owner gets
+  simplest auth flow for self-posting.
+- Trade-off: ties API infrastructure to the founder's personal account. If founder account
+  is ever restricted, API access is lost again.
+- Expected benefit: API app inherits the trust signals of the founder account.
+
+D3. Per-account access tokens with unified app credentials
+- Rationale: each account (@TheCesarCross, @sovren_software) gets its own OAuth access
+  token pair. App-level credentials (API key, API secret, bearer token) are shared.
+  This enables per-account credential routing in the execution layer.
+- Trade-off: more credentials to manage (7 vars vs 5). Scripts need account-to-token mapping.
+- Expected benefit: eliminates single-token-for-all-accounts pattern that contributed to
+  coordinated behavior detection. Each account's posting is independently authenticated.
+
+D4. Scheduled roots only — no automated replies or quotes
+- Rationale: the 13 consecutive 403 failures on quote attempts were the primary trigger
+  signal. Reply/quote automation on accounts without organic conversation participation
+  is inherently risky under X's authenticity rules.
+- Trade-off: reduced engagement volume and reach. No automated discovery of new audiences
+  through reply threads.
+- Expected benefit: eliminates the engagement pattern that caused the suspension. Root-post
+  scheduling is the safest automation mode under X's rules.
+
+Implemented changes
+- secrets.env: removed dead mrhaven_agent credentials, added 7-variable per-account structure
+  (X_API_KEY, X_API_SECRET, X_BEARER_TOKEN, X_FOUNDER_ACCESS_TOKEN, X_FOUNDER_ACCESS_SECRET,
+  X_SOVREN_ACCESS_TOKEN, X_SOVREN_ACCESS_SECRET). Values empty pending new app creation.
+- collect_x_data.py: removed mrhaven_agent from account list, simplified to bearer-only auth.
+- execute_approved_queue.py: added ACCOUNT_TOKEN_MAP for per-account credential routing,
+  set_account_tokens() called before each action execution.
+- hydrate_approved_queue.py: simplified to bearer-only auth, removed mrhaven_agent queries.
+- daily-post.js: updated to use X_SOVREN_ACCESS_TOKEN/SECRET for @sovren_software posting.
+- daily-post.yml: GitHub Actions secrets updated to new variable names.
+- cmo_accounts.yaml: removed mrhaven_agent entry.
+- operating_policy.json: removed mrhaven_agent account strategy.
+- CMO-ECOSYSTEM-MARKETING-BRIEF.md: removed mrhaven_agent messaging intent.
+- CLAUDE.md: updated credential references.
+- Tests: fixed pre-existing seen parameter bug, updated fixtures. 6/6 passing.
+
+Drawbacks and known limitations
+- API keys are empty until new X Developer App is created manually at developer.x.com.
+  All X API functionality (daily posts, data collection, CMO pipeline) is offline until then.
+- GitHub Actions secrets must also be updated manually in the sovren-software repo settings.
+- @sovren_software posting requires OAuth user tokens generated through the new app's auth
+  flow — this is a separate manual step from creating the app itself.
+- The hydration layer still produces templated replies with "Specific to [keyword salad]"
+  suffixes. This copy quality issue predates the restructure and needs a generator rewrite
+  before reply automation could safely resume.
+- No circuit breaker in execute_approved_queue.py — if reply automation is re-enabled in
+  the future, the script should abort after N consecutive failures to avoid triggering
+  platform detection.
+- X Premium subscription on @mrhaven_agent must be cancelled manually (via App Store,
+  Google Play, or X support depending on how it was purchased).
+
+Remaining work to fully complete this phase
+1. Create new X Developer App at developer.x.com under @TheCesarCross (Read+Write permissions)
+2. Fill 7 credential values in ~/.engram/envrc/secrets/secrets.env
+3. Update 4 GitHub Actions secrets in sovren-software repo settings
+4. Run direnv reload, then verify: x-cli -j user get TheCesarCross
+5. Cancel @mrhaven_agent X Premium subscription

ops/cmo-automation/reports/CMO-ECOSYSTEM-MARKETING-BRIEF.md

@@ -43,7 +43,6 @@ This brief aligns all outbound messaging with the mission, architecture, and roa
 
 ## Account-level messaging intent
 - @sovren_software: thesis, architecture, milestones, category narrative.
-- @mrhaven_agent: concrete proof posture, verifiable outcomes, grounded operational commentary.
 - @TheCesarCross: founder context, strategic synthesis, conviction with specificity.
 
 ## Hard editorial rules for generated copy

ops/cmo-automation/scripts/collect_x_data.py

@@ -11,23 +11,21 @@
 DATA = ROOT / "data"
 DATA.mkdir(parents=True, exist_ok=True)
 
-ACCOUNTS = ["TheCesarCross", "sovren_software", "mrhaven_agent"]
+ACCOUNTS = ["TheCesarCross", "sovren_software"]
 MAX_TIMELINE = int(os.getenv("CMO_TIMELINE_MAX", "20"))
 
 
 def load_credential_mapping() -> None:
-    # x-cli expects X_* variables. Existing environment may use TWITTER_*.
-    mapping = {
-        "X_API_KEY": os.getenv("X_API_KEY") or os.getenv("TWITTER_API_KEY"),
-        "X_API_SECRET": os.getenv("X_API_SECRET") or os.getenv("TWITTER_API_SECRET"),
-        "X_BEARER_TOKEN": os.getenv("X_BEARER_TOKEN") or os.getenv("TWITTER_BEARER_TOKEN"),
-        "X_ACCESS_TOKEN": os.getenv("X_ACCESS_TOKEN") or os.getenv("TWITTER_ACCESS_TOKEN"),
-        "X_ACCESS_TOKEN_SECRET": os.getenv("X_ACCESS_TOKEN_SECRET") or os.getenv("TWITTER_ACCESS_SECRET"),
-    }
-    missing = [k for k, v in mapping.items() if not v]
-    if missing:
-        raise SystemExit(f"Missing required credentials: {', '.join(missing)}")
-    os.environ.update(mapping)
+    """Load X API credentials. Data collection uses bearer token only (read-only)."""
+    bearer = os.getenv("X_BEARER_TOKEN")
+    if not bearer:
+        raise SystemExit("Missing required credential: X_BEARER_TOKEN")
+    os.environ["X_BEARER_TOKEN"] = bearer
+    # x-cli also needs app credentials for some endpoints
+    for key in ("X_API_KEY", "X_API_SECRET"):
+        val = os.getenv(key)
+        if val:
+            os.environ[key] = val
 
 
 def run_json(cmd: list[str], retries: int = 2):

ops/cmo-automation/scripts/execute_approved_queue.py

@@ -18,18 +18,32 @@ def load_json(path: Path):
     return json.loads(path.read_text())
 
 
+ACCOUNT_TOKEN_MAP = {
+    "TheCesarCross": ("X_FOUNDER_ACCESS_TOKEN", "X_FOUNDER_ACCESS_SECRET"),
+    "sovren_software": ("X_SOVREN_ACCESS_TOKEN", "X_SOVREN_ACCESS_SECRET"),
+}
+
+
 def load_credential_mapping() -> None:
-    mapping = {
-        "X_API_KEY": os.getenv("X_API_KEY") or os.getenv("TWITTER_API_KEY"),
-        "X_API_SECRET": os.getenv("X_API_SECRET") or os.getenv("TWITTER_API_SECRET"),
-        "X_BEARER_TOKEN": os.getenv("X_BEARER_TOKEN") or os.getenv("TWITTER_BEARER_TOKEN"),
-        "X_ACCESS_TOKEN": os.getenv("X_ACCESS_TOKEN") or os.getenv("TWITTER_ACCESS_TOKEN"),
-        "X_ACCESS_TOKEN_SECRET": os.getenv("X_ACCESS_TOKEN_SECRET") or os.getenv("TWITTER_ACCESS_SECRET"),
-    }
-    missing = [k for k, v in mapping.items() if not v]
-    if missing:
-        raise SystemExit(f"Missing required credentials: {', '.join(missing)}")
-    os.environ.update(mapping)
+    """Load X API app credentials. Per-account tokens are set before each action."""
+    for key in ("X_API_KEY", "X_API_SECRET", "X_BEARER_TOKEN"):
+        val = os.getenv(key)
+        if not val:
+            raise SystemExit(f"Missing required credential: {key}")
+        os.environ[key] = val
+    # Validate per-account tokens exist
+    for account, (tok, sec) in ACCOUNT_TOKEN_MAP.items():
+        if not os.getenv(tok) or not os.getenv(sec):
+            raise SystemExit(f"Missing access tokens for @{account}: {tok}, {sec}")
+
+
+def set_account_tokens(account: str) -> None:
+    """Set X_ACCESS_TOKEN/SECRET for the given account before x-cli execution."""
+    token_keys = ACCOUNT_TOKEN_MAP.get(account)
+    if not token_keys:
+        raise RuntimeError(f"No credentials configured for @{account}")
+    os.environ["X_ACCESS_TOKEN"] = os.getenv(token_keys[0], "")
+    os.environ["X_ACCESS_TOKEN_SECRET"] = os.getenv(token_keys[1], "")
 
 
 def flatten_approved_actions(review: dict) -> list[dict]:
@@ -91,6 +105,7 @@ def build_execution_plan(review: dict, live: bool = False) -> dict:
             "source": action,
         }
         if live and ready:
+            set_account_tokens(action.get("account", ""))
             row.update(run_live(action))
         elif live:
             row.update({"status": "blocked"})

ops/cmo-automation/scripts/hydrate_approved_queue.py

@@ -48,17 +48,15 @@ def load_json(path: Path):
 
 
 def load_credential_mapping() -> None:
-    mapping = {
-        "X_API_KEY": os.getenv("X_API_KEY") or os.getenv("TWITTER_API_KEY"),
-        "X_API_SECRET": os.getenv("X_API_SECRET") or os.getenv("TWITTER_API_SECRET"),
-        "X_BEARER_TOKEN": os.getenv("X_BEARER_TOKEN") or os.getenv("TWITTER_BEARER_TOKEN"),
-        "X_ACCESS_TOKEN": os.getenv("X_ACCESS_TOKEN") or os.getenv("TWITTER_ACCESS_TOKEN"),
-        "X_ACCESS_TOKEN_SECRET": os.getenv("X_ACCESS_TOKEN_SECRET") or os.getenv("TWITTER_ACCESS_SECRET"),
-    }
-    missing = [k for k, v in mapping.items() if not v]
-    if missing:
-        raise SystemExit(f"Missing required credentials: {', '.join(missing)}")
-    os.environ.update(mapping)
+    """Load X API credentials. Hydration uses bearer token for tweet lookups."""
+    bearer = os.getenv("X_BEARER_TOKEN")
+    if not bearer:
+        raise SystemExit("Missing required credential: X_BEARER_TOKEN")
+    os.environ["X_BEARER_TOKEN"] = bearer
+    for key in ("X_API_KEY", "X_API_SECRET"):
+        val = os.getenv(key)
+        if val:
+            os.environ[key] = val
 
 
 def run_json(cmd: list[str], retries: int = 2):
@@ -227,7 +225,6 @@ def default_resolver(target_user: str | None, account: str) -> dict | None:
     account_queries = {
         "TheCesarCross": "AI founders OR agentic workflow OR product distribution",
         "sovren_software": "AI automation OR workflow systems OR developer tools",
-        "mrhaven_agent": "agent memory OR orchestration OR evals",
     }
 
     if target_user: