Governance framework for AI agent automation in Paperclip. Covers budget enforcement, runaway prevention, approval gates, agent safety rails, cost tracking, and autonomous operation boundaries. Use when configuring agent budgets, setting up approval workflows, defining agent boundaries, preventing runaway costs, or auditing agent behavior. Triggers on: "budget", "runaway", "governance", "approval gate", "agent safety", "cost control", "autonomous", "guardrails", "circuit breaker", "agent limit", or "spending cap".
Adapted from agency-agents specialized-automation-governor.md — tailored
for Paperclip's budget enforcement and Cloudflare API cost model.
Autonomy is a privilege, not a default. Every agent operates within explicit boundaries. When boundaries are exceeded, the agent stops and escalates.
| Role | Budget (cents) | USD | Rationale |
|---|---|---|---|
| CTO | 5,000 | $50 | Strategy, delegation, hiring decisions |
| App Dev Lead | 3,000 | $30 | Code generation, refactoring |
| QA Lead | 2,000 | $20 | Testing (mostly Haiku, lower cost) |
| DevOps Lead | 3,000 | $30 | CI/CD operations, deploy monitoring |
| AI/ML Lead | 3,000 | $30 | Model inference, RAG development |
| DBA Lead | 1,500 | $15 | Schema review, query optimization |
| Company total | 17,500 | $175 | Ceiling for all agents combined |
80% consumed → Agent focuses on critical tasks only
No new experiments, explorations, or nice-to-haves
Log warning to Paperclip audit
95% consumed → Agent completes current task, then pauses
Notification to board (you)
No new task checkout until next period
100% consumed → Agent auto-paused by Paperclip
Cannot checkout tasks, cannot run heartbeats
Board must approve budget increase or wait for reset
Paperclip tracks token usage per agent per task. Monitor via:
pnpm paperclipai agent list # See budget utilization
pnpm paperclipai cost-report # Detailed cost breakdown
In the Paperclip dashboard: Company → Agents → [agent] → Cost tab.
Actions requiring board (human) approval before execution:
{
"runtimeConfig": {
"governance": {
"requireApprovalFor": [
"production_deploy",
"destructive_migration",
"resource_creation",
"workflow_modification"
],
"autoApprove": [
"dev_deploy",
"staging_deploy",
"test_execution",
"code_review",
"branch_creation"
]
}
}
}
Retry limit: 3 attempts per task
After 3 failures → pause task, create escalation issue
Loop detection: If agent produces >10 commits on same task
→ Pause, notify board, likely stuck in fix-break-fix cycle
Cost spike: If single task burns >20% of monthly budget
→ Pause task, require board review before continuing
Time limit: Tasks open >48 hours without progress
→ Escalate to manager agent, reassign or break down
{
"heartbeat": {
"intervalSec": 600,
"maxConcurrentRuns": 1,
"cooldownSec": 10,
"wakeOnDemand": true
}
}
Rules:
intervalSec below 30 (spam risk, cost risk)maxConcurrentRuns: 1 prevents duplicate workcooldownSec: 10 prevents rapid re-triggeringwakeOnDemand: trueWhat agents CAN do autonomously:
What agents CANNOT do without approval:
What agents MUST NEVER do:
Every agent action is logged by Paperclip:
Query audit logs:
pnpm paperclipai audit --agent-id <id> --since 2026-03-01
wakeOnDemand: true prevents empty runsaxiom-cicd (deploy approval gates)