ContextQMD
Back to Paperclip

CEO Agent Creation and Hiring Governance Plan (V1.1)

doc/plans/2026-02-19-ceo-agent-creation-and-hiring.md

2026.428.010.6 KB
Original Source

CEO Agent Creation and Hiring Governance Plan (V1.1)

Status: Proposed
Date: 2026-02-19
Owner: Product + Server + UI + Skills

1. Goal

Enable a CEO agent to create new agents directly, with lightweight but explicit governance:

  • Company-level toggle: new hires require board approval (default ON).
  • Agent-level permission: can_create_agents (default ON for CEO, OFF for everyone else).
  • Clear hire workflow with draft/limbo state until approval.
  • Config reflection so hiring agents can inspect available adapter configuration and compare existing agent configs (including self).
  • Approval collaboration flow with comments, revision requests, and audit trail.

2. Current State (Repo Reality)

  • Agent creation is board-only at POST /api/companies/:companyId/agents (server/src/routes/agents.ts).
  • Approvals support pending/approved/rejected/cancelled and hire_agent + approve_ceo_strategy (packages/shared/src/constants.ts, server/src/services/approvals.ts).
  • hire_agent approval currently creates the agent only on approval; there is no pre-created limbo agent.
  • There is no agent permissions system today.
  • There is no company setting for "new hires require board approval".
  • Approvals have no comment thread or revision-request state.
  • Inbox and Approvals UIs support approve/reject only; no approval detail route exists in app routes.
  • Agent adapter configuration is free-form JSON; no runtime reflection endpoint exists for machine-readable or text discovery.

3. Product Decisions

3.1 Company setting

Add company setting:

  • requireBoardApprovalForNewAgents: boolean
  • Default: true
  • Editable only in company advanced settings (not onboarding/company creation flow UI)

3.2 Agent permissions

Introduce lightweight permission model with one explicit permission now:

  • can_create_agents: boolean

Defaults:

  • CEO: true
  • Everyone else: false

Authority:

  • Board can edit permissions for any agent.
  • CEO can edit permissions for agents in same company.

No broader RBAC system in this phase.

3.3 Limbo state for hires

Introduce dedicated non-operational status:

  • pending_approval

Meaning:

  • Agent record exists in org tree and can be reviewed.
  • Agent cannot run, receive assignments, create keys, or be resumed to active states until approved.

4. Data Model Changes

4.1 companies

Add column:

  • require_board_approval_for_new_agents boolean not null default true

Sync required:

  • packages/db/src/schema/companies.ts
  • packages/shared/src/types/company.ts
  • packages/shared/src/validators/company.ts
  • UI company API type usage and company advanced settings form

4.2 agents

Add columns:

  • permissions jsonb not null default {}
  • status value expansion to include pending_approval

Sync required:

  • packages/db/src/schema/agents.ts
  • packages/shared/src/constants.ts (AGENT_STATUSES)
  • packages/shared/src/types/agent.ts
  • packages/shared/src/validators/agent.ts
  • status badges, filters, and lifecycle controls in UI

4.3 approvals

Keep approval as central governance record; extend workflow support:

  • add status revision_requested
  • ensure payload for hire approvals contains:
    • agentId
    • requestedByAgentId
    • requestedConfigurationSnapshot

4.4 New approval_comments table

Add discussion thread for approvals:

  • id, company_id, approval_id, author_agent_id, author_user_id, body, timestamps

Purpose:

  • review comments
  • revision requests
  • rationale for approve/reject
  • permanent audit trail

5. API and AuthZ Plan

5.1 Permission helpers

Add server-side authz helpers:

  • assertCanCreateAgents(req, companyId)
  • assertCanManageAgentPermissions(req, companyId)

Rules:

  • Board always passes.
  • Agent passes can_create_agents check if self permission true and same company.
  • Permission management by CEO or board.

5.2 Hire creation flow

Add route:

  • POST /api/companies/:companyId/agent-hires

Behavior:

  • Requires can_create_agents (or board).
  • Creates agent row first.
  • If company setting requires approval:
    • create agent with status=pending_approval
    • create approvals(type=hire_agent,status=pending,payload.agentId=...)
    • return both agent + approval
  • If setting disabled:
    • create agent as idle
    • no approval record required

Board may continue using direct create route, but this route becomes canonical for CEO/agent-led hiring.

5.3 Approval workflow endpoints

Add/extend:

  • GET /api/approvals/:id
  • POST /api/approvals/:id/request-revision
  • POST /api/approvals/:id/resubmit
  • GET /api/approvals/:id/comments
  • POST /api/approvals/:id/comments

Update existing approve/reject semantics:

  • approve of hire transitions linked agent pending_approval -> idle
  • reject keeps linked agent in non-active state (pending_approval or terminated/purged later)

5.4 Agent permission management endpoints

Add:

  • PATCH /api/agents/:id/permissions

Supports initial key only:

  • { "canCreateAgents": boolean }

5.5 Read config endpoints (protected)

Add permission-gated config-read endpoints:

  • GET /api/companies/:companyId/agent-configurations
  • GET /api/agents/:id/configuration

Access:

  • board
  • CEO
  • any agent with can_create_agents

Security:

  • redact obvious secret values from adapter config (env, API keys, tokens, JWT-looking values)
  • include redaction marker in response

5.6 Reflection endpoints for adapter configuration

Add plain-text reflection routes:

  • GET /llms/agent-configuration.txt
  • GET /llms/agent-configuration/:adapterType.txt

Index file includes:

  • installed adapter list for this Paperclip instance
  • per-adapter doc URLs
  • brief "how to hire" API sequence links

Per-adapter file includes:

  • required/optional config keys
  • defaults
  • field descriptions
  • safety notes
  • example payloads

Auth:

  • same gate as config-read endpoints (board/CEO/can_create_agents).

6. Adapter Protocol Extension

Extend ServerAdapterModule contract to expose config docs:

  • agentConfigurationDoc (string) or getAgentConfigurationDoc()

Implement in:

  • packages/adapters/claude-local
  • packages/adapters/codex-local
  • server/src/adapters/registry.ts

This is required so reflection is generated from installed adapters, not hardcoded.

7. UI Plan

7.1 Company advanced settings

In Companies UI, add advanced settings panel/modal with:

  • toggle: "Require board approval for new agent hires" (default on)

Not shown in onboarding flow.

7.2 Agent permissions UI

In Agent Detail (board/CEO context):

  • permissions section
  • toggle for "Can create new agents"

7.3 Hire UX

Add "Hire Agent" flow (for CEO/authorized agents):

  • choose role/name/title/reportsTo
  • compose initial prompt/capabilities
  • inspect adapter reflection docs
  • inspect existing related agent configurations
  • submit hire

State messaging:

  • if approval required: show "Pending board approval"
  • if not required: show active-ready state

7.4 Approvals UX

Add approval detail page and expand inbox integration:

  • /approvals/:approvalId
  • threaded comments
  • revision request action
  • approve/reject with decision note
  • activity timeline (created, revisions, decisions)

7.5 Disapproved agent cleanup

Provide board-only destructive action in approval detail:

  • "Delete disapproved agent"
  • explicit confirmation dialog
  • preserves approval + comment history (audit)

8. New Skill: paperclip-create-agent

Create new skill directory:

  • skills/paperclip-create-agent/SKILL.md
  • skills/paperclip-create-agent/references/api-reference.md

Skill responsibilities:

  • Discover available adapter configuration via /llms/agent-configuration*.txt
  • Read existing agent configurations (including self and related roles)
  • Propose best-fit config for current environment
  • Draft high-quality initial prompt for new agent
  • Set manager/reporting line
  • Execute hire API flow
  • Handle revision loop with board comments

Also update skills/paperclip/SKILL.md to reference this skill for hiring workflows.

9. Enforcement and Invariants

New/updated invariants:

  • pending_approval agents cannot:
    • be invoked/woken
    • be assigned issues
    • create or use API keys
    • transition to active lifecycle states except through hire approval
  • approval transitions:
    • pending -> revision_requested | approved | rejected | cancelled
    • revision_requested -> pending | rejected | cancelled
  • every mutation writes activity_log records.

10. Implementation Phases

Phase 1: Contracts and migration

  • DB schema updates (companies, agents, approvals status expansion, approval_comments)
  • shared constants/types/validators updates
  • migration generation and typecheck

Phase 2: Server authz + hire flow

  • permission resolver and authz guards
  • agent-hires route
  • limbo status enforcement in heartbeat/issue/key flows
  • approval revision/comment endpoints

Phase 3: Reflection and config-read APIs

  • adapter protocol docs support
  • /llms/agent-configuration*.txt routes
  • protected config-read endpoints with redaction

Phase 4: UI and skilling

  • company advanced setting UI
  • permission controls
  • approval detail + comments/revision flow in inbox/approvals
  • disapproved agent delete flow
  • paperclip-create-agent skill + docs updates

11. Test Plan

Server tests:

  • permission gate tests for hire/config-read/permission-update endpoints
  • hire creation behavior with company setting on/off
  • approval transitions including revision cycle
  • pending_approval enforcement across wakeup/invoke/assignment/keys
  • config redaction tests

UI tests:

  • advanced setting toggle persistence
  • approval detail comment/revision interactions
  • hire flow states (pending vs immediate)

Repo verification before merge:

  • pnpm -r typecheck
  • pnpm test:run
  • pnpm build

12. Risks and Mitigations

  • Risk: leaking secrets through agent config reads.
    • Mitigation: strict redaction pass + allowlist/denylist tests.
  • Risk: status explosion complexity.
    • Mitigation: single added status (pending_approval) with explicit transition guards.
  • Risk: approval flow regressions.
    • Mitigation: centralize transition logic in approval service and back it with tests.

13. Open Decisions (Default Recommendation)

  1. Should board direct-create bypass approval setting? Recommendation: yes, board is explicit governance override.

  2. Should non-authorized agents still see basic agent metadata? Recommendation: yes (name/role/status), but configuration fields stay restricted.

  3. On rejection, should limbo agent remain pending_approval or move to terminated? Recommendation: move to terminated on final reject; keep optional hard delete action for cleanup.