Job card
Name the trigger, owner, input, output, cadence, and success signal.
Guide 04 / SP-AGT-04
Turn repeated business work into review-only AI workflows with clear inputs, safe actions, least-privilege tool access, and proof before automation.
Use the worksheetBack to library
Mission outcome
Name the trigger, owner, input, output, cadence, and success signal.
Capture, clean, think, review, act — in that order.
Read/write permissions with reasons and approval gates.
Draft, organize, score, route, remind. Review before risk.
Run small samples, check evidence, then improve instructions.
Plain-English rule
The goal is not a bot that sounds smart. The goal is a repeatable operating loop a human can inspect: input in, draft or decision out, approval before anything irreversible.
Build order
Pick the repeated business task before choosing tools.
What useful file, summary, scorecard, or draft should exist?
Give the agent the smallest set of read/write permissions possible.
Run a sample, check records manually, fix instructions, then rerun.
Sample worksheet
Fill this out before connecting tools. If this card is vague, the automation will be vague too.
What should the operating role be called?
What problem does it reduce?
Manual run, daily review, weekly digest, or form submission?
What files, notes, exports, or approved sources does it read?
What exact draft, scorecard, report, or route should exist?
What must be reviewed before action?
Least-privilege table
Start with exports, local files, and review-only outputs. Add live connectors only when the workflow has proven value.
Safe first actions
These actions help the owner think faster without creating public or irreversible consequences.
Approval-required actions
These stay behind explicit human approval. The system may prepare the action, but it does not take the action.
Proof loop
An agent is not a magic robot. It is a helper with a job card: what it reads, what it makes, what it is allowed to do, and what a person must check.
AI may draft, organize, score, route, remind, and create local files. A human approves publish, send, contact, buy, deploy, delete, account changes, and private payment/tax/legal/KYC identity use.