Corrective Action: Sentinel Data Source Gap — Filesystem-Only Reads Produced Inaccurate Relationship Intelligence
Date: April 6, 2026 Category: Profile-Script Drift / Missing Tool Access Impact: Sentinel (Relationship Sentinel) reported critically inaccurate session gap data during
/daily-ops. Mead Lumber flagged as "68 days critical" when HubSpot showed activity 5 days ago. Caldwell Vineyard flagged as "26 days warning" when HubSpot showed activity 4 days ago. Chris identified the output as "woefully inaccurate." Relationship intelligence produced by the agent was unreliable for all 18 active clients. Resolution Time: Same session (script rebuild + agent definition fix + systemic prevention)
Incident
What Happened
During the April 6, 2026 /daily-ops execution, V spawned Sentinel for a proactive relationship monitoring check. Sentinel ran its session-gap-check.ts script and produced a portfolio-wide session gap report. Two clients were flagged with alarming gap durations:
- Mead Lumber: Reported as 68 days since last session (CRITICAL). HubSpot Company record showed
notes_last_updated5 days ago and recent Appointment activity. - Caldwell Vineyard: Reported as 26 days since last session (WARNING). HubSpot Company record showed activity 4 days ago.
Chris reviewed the output and identified it as "woefully inaccurate." The data was not just slightly off — it was directionally wrong, turning active relationships into apparent emergencies.
Root Cause
The session-gap-check.ts script (written March 1, 2026) calculated session gaps by reading only local filesystem session files at clients/{slug}/sessions/*.md. It parsed filenames for dates and computed days-since-last-session from those dates alone.
This was wrong for three compounding reasons:
1. Profile-script drift. Sentinel's AGENT.md profile was updated during the Mar 11 Ownership Standardization and the Apr 5 Delegation Contract work. The profile described HubSpot as a primary data source alongside session files. The script never evolved to match — it implemented only the filesystem half of the data model.
2. Missing tool access. Sentinel's agent definition (.claude/agents/sentinel.md) listed tools as Read, Grep, Glob, WebFetch, WebSearch — no Bash. Without Bash, even when spawned as a subagent, Sentinel could not execute its own script or the HubSpot CLI (node scripts/hubspot/api.js). The script existed but was unreachable through the agent's own tool permissions.
3. Incomplete data coverage. Local session files are an archive/fallback per the system's own access hierarchy (CLAUDE.md documents Upstash as primary, filesystem as fallback). Many client interactions — especially shorter check-ins, async updates, and HubSpot-tracked appointments — never produce local session files. The filesystem is structurally incomplete as a session gap data source.
Timeline
| Date | Event |
|---|---|
| Mar 1, 2026 | session-gap-check.ts written. Reads only clients/{slug}/sessions/*.md files. |
| Mar 11, 2026 | Agent Ownership Standardization. Sentinel profile updated with HubSpot data sources, health properties described. Script not updated. |
| Apr 5, 2026 | Delegation Contracts added to all agents. Sentinel's contract describes HubSpot Company health properties as primary intelligence source. Script still reads only filesystem. |
| Apr 6, 2026 | /daily-ops spawns Sentinel. Script runs, produces inaccurate output. Chris flags as "woefully inaccurate." |
| Apr 6, 2026 | Script rebuilt, agent tools fixed, systemic prevention added. |
Root Cause Analysis
Primary: Profile-Script Drift
When an agent profile evolves but its scripts do not, the agent's documented capabilities diverge from its actual capabilities. Sentinel's profile described a sophisticated multi-source intelligence model (HubSpot health properties, Appointment records, session files). The script implemented a single-source model (session files only). There was no verification step in the profile evolution process that checked whether existing scripts still matched the updated profile.
This is a systemic risk. Of the 71 agents in the system, 37 have associated scripts. Any profile update that changes data sources, outputs, or behavior expectations can silently invalidate existing scripts if no alignment check occurs.
Secondary: Tool Access Gap
The agent definition's tools: frontmatter controls what a spawned agent can do. Sentinel's tool list omitted Bash, which meant the agent could not:
- Run
node scripts/hubspot/api.jsto query HubSpot - Execute its own
session-gap-check.tsscript - Run any CLI-based data retrieval
This gap existed since the agent definition was created and was never caught because the script was typically run by V directly (who has Bash access), not by Sentinel as a spawned subagent.
Contributing: No Implementation Alignment Verification
The Delegation Contract template (added Apr 5) did not include an Implementation Alignment section. Contracts documented what an agent should do and what quality bar it should meet, but did not require verification that the agent's scripts actually implement the described behavior. The contract was a specification without a conformance check.
Fix Applied
1. Script Rebuild (agents/relationship-sentinel/session-gap-check.ts)
The script was rebuilt to use HubSpot Company health properties as the primary data source:
- Primary source: HubSpot batch-read of all client Company records. Properties queried:
vf_account_health_score,vf_engagement_trend,vf_risk_factors,notes_last_updated,vf_last_engagement_date. - Supplementary source: Local session files remain as additional context (most recent session topic, historical depth).
- Optional detail mode:
--detailflag triggers per-client Appointment lookups for clients with concerning gaps, providing specific recent interaction data. - Output: Combined assessment that weights HubSpot data over filesystem data, preventing the filesystem-only blind spot.
2. Agent Tool Access (/.claude/agents/sentinel.md)
Added Bash to Sentinel's tools list, enabling the agent to:
- Execute its own scripts when spawned as a subagent
- Run the HubSpot CLI for ad-hoc queries
- Operate independently without requiring V to run commands on its behalf
3. Implementation Alignment Section (Sentinel Delegation Contract)
Added an Implementation Alignment section to Sentinel's Delegation Contract in AGENT.md, documenting:
- Which scripts implement which contract responsibilities
- Which data sources each script uses
- Last verified date
Systemic Prevention
Addendum A: Script-Profile Alignment Audit
Added to the Structural Delegation 5P Plan (docs/plans/structural-delegation-5p-plan.md) as a new Step 2b in the Process section:
Step 2b — Script-Profile Alignment Audit. For every agent with associated scripts (
agents/{name}/*.tsor*.sh), verify that the script's data sources and behavior match the agent profile's described capabilities. Document alignment in the Delegation Contract's Implementation Alignment section.
Delegation Contract Template Update
The Delegation Contract template now includes an Implementation Alignment section as a standard component. Every agent with scripts must document:
- Script name and purpose
- Data sources the script actually uses
- Whether those data sources match the profile's described sources
- Last alignment verification date
Full Audit Results
Audited all 37 agents with associated scripts. Results:
| Status | Count | Details |
|---|---|---|
| Aligned | 17 | Script behavior matches profile description |
| No scripts | 34 | Profile-only agents (no drift risk) |
| Fixed this session | 1 | Sentinel (this incident) |
| Gaps remaining | 3 | See action items below |
Remaining Action Items
| Agent | Codename | Gap | Severity | Description |
|---|---|---|---|---|
| business-health | Pulse | Missing Projects/Deliverables data | HIGH | Profile describes portfolio health scoring across Projects and Deliverables. Script queries only Company-level properties. Missing the operational depth layer. |
| alert-manager | Klaxon | Missing upstream integrations | HIGH | Profile describes alert queue processing from multiple sources. Script reads only a local alert file. No HubSpot, no Google, no Upstash integration. |
| office-hours-intelligence | Quorum | Missing HubSpot write-back | MEDIUM | Profile describes writing engagement scores and question depth to HubSpot Contact properties. Script computes the intelligence but does not persist it. Analysis is ephemeral. |
These three agents require the same treatment applied to Sentinel: script rebuild to match profile, tool access verification, and Implementation Alignment documentation in their Delegation Contracts.
Lessons
Agent profiles are specifications. Scripts are implementations. Without alignment verification, they drift. This is the same pattern as code documentation that falls out of date — except here, the "documentation" (the agent profile) is what V and other leaders use to decide which agents to spawn and what to expect from them. When the profile says "queries HubSpot" and the script reads only the filesystem, the spawning leader has no reason to question the output. The trust is in the profile, and the profile lied.
Tool access is a capability gate, not a preference. An agent definition that describes HubSpot operations but lacks Bash in its tools list is structurally incapable of delivering on its own profile. This should be caught at definition time, not discovered when output is wrong.
The Delegation Contract template now prevents this class of error for new agents. The Implementation Alignment section forces the question: "Does the script actually do what the profile says?" For existing agents, the audit identified the backlog. The three remaining gaps are documented and prioritized.
Prevention Effectiveness
| Prevention Layer | What It Catches |
|---|---|
| Implementation Alignment section (Delegation Contract) | Future profile-script drift at contract creation time |
| Step 2b in Structural Delegation plan | Systematic audit during delegation work |
| Tool access review during profile updates | Missing Bash/CLI access when HubSpot data sources are described |
| This CAR in Critical Lessons | Direct awareness of the pattern for all agents and leaders |
Related Incidents
| Date | Incident | Relationship |
|---|---|---|
| Mar 10, 2026 | Paragon account data drift (portal hiding 60% of data) | Same pattern class. Data source assumptions were wrong. Portal assumed listings had correct listing_content_type; Sentinel assumed session files were complete. Both trusted a partial data source as authoritative. |
| Mar 12, 2026 | HubSpot Beginners Course integrity failure | Same pattern class. Profile described HubSpot integration; implementation used localStorage fallback. Silent failure masked by an alternative path. Sentinel's filesystem reads masked the HubSpot gap similarly. |
| Mar 8, 2026 | Calendar invitees reported as attendees | Same pattern class. Used available-but-incomplete data (calendar invites) instead of authoritative data (transcripts). Sentinel used available-but-incomplete data (session files) instead of authoritative data (HubSpot). |