Skip to main content

Stream-Aligned Teams

Stream-aligned teams work directly on the flow of change to deliver value to end users. They operate independently while consuming the infrastructure, tooling, and services provided by the platform teams.

Onboarding

The fastest way to get your team onto the platform is the Nomos Agent — your self-serve interface to the osinfra.io platform. Tell it what you need and it handles the rest, opening a pull request with every change. No local setup, no YAML to write by hand.

/agent → Nomos Agent

👋 Hi! I'm the Nomos Agent — your self-serve interface to the osinfra.io platform. Just tell me what your team needs.

Give me just a moment while I look you up…

✓ Identity validated · joe@osinfra.io

It looks like you're not part of any team yet — welcome! Would you like to join an existing team or onboard a new team from scratch?

Onboard a new team — st-fides

Based on your team key I'd suggest Fides as the display name — it appears in Google Cloud Platform, GitHub, and Datadog. Does that work?

✓ Stream-aligned team detected (st- prefix)

What email address should be the Datadog team admin?

joe@osinfra.io — and use my GitHub username as the team maintainer.

Here's what I'll create:

  • 📁 GCP folder hierarchy — Fides (Sandbox / Non-Production / Production)
  • 👥 Google Identity groups — admin, reader, writer
  • 🐙 GitHub parent team + 4 child teams (sandbox-approvers, non-production-approvers, production-approvers, repository-administrators)
  • 🐶 Datadog team — Fides

Ready to open the pull request on pt-logos?

The Nomos Agent

The Nomos Agent is the platform's self-serve interface for all teams. Describe what your team needs — identity structure, repositories, infrastructure, or configuration — and Nomos handles the platform internals, opening a reviewed pull request for every change. Nothing is applied directly.

How to invoke it

Clone the repo and run the Copilot CLI from within it — then type /agent and select Nomos Agent from the menu:

git clone https://github.com/osinfra-io/pt-techne-agents
cd pt-techne-agents
gh copilot
GitHub MCP — configuration required

The agent opens pull requests and reads repository state using the GitHub MCP server. It must be enabled with write toolsets — read-only MCP will allow the agent to inspect state but it will not be able to create branches or open pull requests.

The GitHub MCP server must be configured with a fine-grained Personal Access Token scoped to the osinfra-io organization with the following permissions:

PermissionAccess
ContentsRead and write
IssuesRead and write
Pull requestsRead and write
WorkflowsRead and write

Fine-grained PATs must be created through the GitHub web UI at github.com/settings/personal-access-tokens/new. Set the resource owner to the osinfra-io organization (not individual repositories) so the token can operate across all repos the agent needs to reach.

What happens after the PR merges

Logos runs OpenTofu on merge — the GCP folder hierarchy, identity groups, and GitHub structure are created automatically. Corpus and Pneuma are not triggered by a Logos merge; each deploys when its own PR merges to main or a platform engineer triggers workflow_dispatch. When Pneuma runs, namespace creation and Workload Identity bindings are applied automatically within the same pipeline — no additional trigger is needed. See Namespace Provisioning for the full pipeline flow.

Teams

🧭

Ethos

The lived moral character that customers experience — the trustworthiness, transparency, and integrity through which the business earns and keeps their confidence.

Learn more →