StackPilot Guide 04

Safe AI Job-Card Pack

Blank job card, least-privilege access table, proof-loop checklist, builder brief, and one fictional filled sample.

01 — Safe AI Job Card

Agent name

Business outcome


What problem does this reduce?

Trigger


Manual run, daily review, weekly review, form submission, or approved file added?

Approved inputs


List only local/public/approved inputs.

Work product


What exact draft, scorecard, checklist, summary, or local file should exist?

Allowed actions


- Draft
- Organize
- Summarize
- Score
- Route
- Remind
- Create local files

Forbidden actions


- Send
- Publish
- Contact people
- Buy
- Create accounts
- Accept terms
- Deploy
- Delete
- Change records/settings
- Use private credentials
- Make compliance-sensitive claims

Human approval gate


Who reviews before action?

Success signal


How will you know the job helped?

Failure signal


What means the agent must stop and ask?

02 — Least-Privilege Access Table

| Tool/source | Read needed? | Write needed? | Why needed? | Approval gate | V1 decision |
|---|---:|---:|---|---|---|
| Local notes folder | Yes | Maybe local only | Source file | Human reviews output | Approved |
| Export CSV | Maybe | No | Review stale rows | Human reviews report | Use copy/export first |
| CRM/API | Maybe | No for V1 | Check data only if export fails | Explicit approval | Wait |
| Email/SMS | No for V1 | No | Drafts only | Human sends | Wait |
| Website/CMS | No for V1 | No | Not needed first | Human publishes | Wait |

Rule: if the agent can do the first version from local files, do that.

03 — Proof Loop Checklist

- [ ] Run on a tiny sample.
- [ ] Save the output locally.
- [ ] Check three records manually.
- [ ] Compare output to the job card.
- [ ] Mark false assumptions.
- [ ] Tighten instructions.
- [ ] Run again from a fresh chat/session.
- [ ] Confirm human approval gate is visible.
- [ ] Keep write/send/publish access off.

Do not expand access until the review-only loop works.

04 — Builder Brief Prompt

Paste this into Codex, OpenClaw-style agents, Claude Code, or Hermes when the job card is ready:

You are building a review-only AI workflow from an approved job card.

Project/folder:
[path]

Approved job card:
[paste job card]

Rules:
- Inspect the current files first.
- Build the smallest local artifact that supports the job card.
- Do not deploy, publish, send, buy, create accounts, accept terms, delete, change records, change account settings, or use private credentials.
- If a business rule, permission, edge case, or acceptance criterion is missing, stop and list what is missing.
- Run verification and report exact command output.

Output required:
- files changed
- how to run it
- verification result
- what still requires human approval

05 — Filled Sample: Pipeline Desk Clerk

Fictional example only. No private leads, CRM data, buyer data, emails, phone numbers, or proprietary system data.

Agent name


Pipeline Desk Clerk

Business outcome


Fewer inquiries forgotten after first contact.

Trigger


Manual weekday review of an approved local CSV export.

Approved inputs


- Fictional sample CSV
- Human-approved status labels
- Local notes only

Work product


Review-only follow-up gap report with: row ID, last signal, age, suggested next step, reason, and human approval checkbox.

Allowed actions


Read local file, group rows, draft owner notes, flag missing next step, save local report.

Forbidden actions


Send messages, change CRM status, contact people, create accounts, spend money, publish, delete, or use private credentials.

Human approval gate


Owner reviews report before any follow-up.

Proof loop


Run on five fictional rows; manually check all five before using on real approved exports.