Freewrite
A focused AI-infrastructure day — validating Z.ai’s privacy posture for enterprise use, preparing the MiniMax procurement memo for formal submission, and building out reference knowledge in GitHub Actions and Apprise notifications. The day also surfaced several active BOL incidents and pending approvals that carried over from yesterday.
Big Things Today
- Confirm MiniMax procurement memo approval status (recall email sent — check if it landed)
- Action NCB CLICK/CLICX production connection request (deadline: May 19)
Conversations
AI Tooling
Minimax / Z.ai Privacy Policy Data Training Concerns
Deep-dive into Z.ai’s Terms of Use and Privacy Policy + DPA for API Services. Key finding: API data is not stored and not used for training by default — the DPA is bundled directly in the Privacy Policy. Individual chat.z.ai users are subject to model training. US Entity List risk (Zhipu AI blacklisted by US) flagged for compliance review. → See minimax-security-privacy | minimax-token-procurement
ขออนุมัติซื้อ MINIMAX Token Plan สำหรับพัฒนา AI
Drafted and formatted formal Thai budget memo (บันทึกข้อความ) for MiniMax Ultra-Highspeed $1,500/year plan. Package: M2.7-highspeed, 30,000 calls/5hr. Submitted for management review. Email recall was attempted — need to verify receipt. → See minimax-token-procurement
API Key Limits for MiniMax Ultra High Speed Plan
Confirmed: no documented per-plan limit on number of API keys. Quota (30K req/5hr) is tied to the account/team, not individual keys — creating more keys does not increase quota; useful for environment segregation only. → See minimax-security-privacy
DevOps & Engineering
Multiple GitHub Repositories in One Workspace (GitHub Actions Guide)
Comprehensive GitHub Actions reference produced — covering CI, multi-job pipelines, secrets, matrix strategy, Docker build/push, cron schedules, conditional steps, reusable workflows, self-hosted runners, and a full real-world pipeline. Self-hosted runner pattern noted as most relevant for local DeepSeek/LiteLLM setup. → See github-actions-guide
Notification Infrastructure
Setting up LINE Messaging API Webhook (Apprise + LINE)
Quick lookup on Apprise LINE notification URL format. Requires Channel Access Token + LINE User ID (starts with ‘U’). URL: line://<access_token>/<user_id>. Multiple users: separate with /.
→ See django-apprise-notifications
Daily Operations
Today’s Schedule for Monday May 18
Email triage for May 18 surfaced: Instagram login alert (check if it was you), two active BOL incidents (BOLI-10504 CPX API AR data incomplete, BOLI-10506 MatchLink data not displaying), BAAC-ALM Liquidity Gap report needing review (from Puwadon), CBS Deposit layout update (from Surasak), Timesheet Jan–Mar 2026 (from Kaewchai/Benjamas), NCB CLICK/CLICX production connection request due May 19, and a Neuxnet/Huawei AI presentation invite (from Mina).
Open Tasks Surfaced
- Verify MiniMax memo email recall was successful — resubmit if needed
- Respond to NCB CLICK/CLICX production connection request (due today)
- Review BAAC-ALM Liquidity Gap report from Puwadon
- Review CBS Deposit layout update from Surasak
- Fill in Timesheet Jan–Feb 2026 (March is fillable)
- Check Instagram login alert — reset password if unauthorized
- Review Dell PowerEdge R660 CPU2 VCCFA PG voltage error follow-up
- Check BOLI-10504 and BOLI-10506 incident status
Insights Worth Developing
- Z.ai US Entity List risk — compliance implications for Thai enterprise use
- GitHub Actions self-hosted runner as local LLM CI trigger
- Apprise as unified notification layer across all BOL internal tools
- GSD + autonomous-dev as the gold standard for overnight autonomous coding
- Agentic sessions multiply API concurrency — Hermes capacity planning must account for this
Evening Conversations
Claude Code Automation
Evaluating Claude Code Automation Credibility
Evaluated Kevin Collins’ (Echofold / Manus Fellow) article on building an autonomous Claude Code pipeline. Verdict: technically accurate — hooks, --auto mode, settings.json, MCP server config, and Agent SDK details all check out against official Anthropic docs. Article published April 2026 and links only to real sources. Caveats: promotional framing for a €49 Echofold course; “zero human touch” claim is oversold for production. Most useful sections: Phase 3 (Hooks — PreToolUse/PostToolUse/Stop), Phase 9 (Agent SDK / session-per-ticket pattern).
→ See claude-code-autonomous-pipeline
CC-Autonomous — Best Autonomous Pipeline Pattern
Deep research into the canonical autonomous development pipeline. Conclusion: GSD + autonomous-dev harness is the strongest combination. GSD handles requirements → structured plan with persistent state files (PROJECT.md, REQUIREMENTS.md, ROADMAP.md, STATE.md). The autonomous-dev harness adds adversarial verification: a spec-blind reviewer agent independently tests the implementation without having seen how it was built — closest to a real independent QA reviewer. Four hard failure modes addressed: drift, context rot, missing verification gate, no recovery path. GitHub Actions pattern for triggering on requirements.md push documented. → See claude-code-autonomous-pipeline
Hermes Capacity Planning
API Rate Limits — Agentic Concurrency Per Session
Key clarification for Hermes capacity planning: Claude Code agentic sessions are NOT 1:1 with API concurrent requests. A single agentic task (e.g. “refactor my codebase”) spawns 2–5 parallel tool calls simultaneously. Implication: if Z.ai limit = 10 concurrent requests, Hermes realistically supports only 2–3 active users running agentic tasks simultaneously, not 10. Must re-calculate Hermes capacity based on 1 active session ≈ 2–5 concurrent API requests. → See hermes-agent-orchestration | claude-code-execution-methods
Vendor Security
MiniMax Privacy Policy Deep-Dive (MiniMax.io — Own Policy)
Analysed MiniMax’s own Open Platform Privacy Policy (2023 version). Critical finding: no clause stating data will not be used for model training. De-identified data may be used for commercial purposes (including training). All conversations sent to cloud servers; only personal information is filtered/deleted — non-personal content retention is ambiguous. Data stored in China (PRC). No public DPA for API customers. Sharply contrasts with Z.ai’s explicit API-no-storage guarantee. Procurement risk flag: the security clearance in the procurement effort was based on earlier research; this deeper reading of the actual MiniMax.io policy raises new concerns. → See minimax-security-privacy | minimax-token-procurement
Additional Open Tasks Surfaced (Evening)
- Re-calculate Hermes concurrent user capacity (1 session ≈ 2–5 API requests)
- Review GSD + autonomous-dev pattern for possible adoption in Hermes overnight builds
- Reassess MiniMax procurement security clearance — actual policy lacks explicit no-training guarantee
- Cross-check Kevin Collins article against current code.claude.com/docs before citing